Create an Agile-Friendly Project Gating and Governance Approach

  • Buy Link or Shortcode: {j2store}162|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $33,499 Average $ Saved
  • member rating average days saved: 57 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
  • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

Our Advice

Critical Insight

Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

Impact and Result

  • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
  • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
  • Define a revised set of project gating artifacts that support Agile delivery methods.
  • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

  • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

  • Gates 3 and 3A Checklists

3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

  • Agilometer

4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

  • Agile Project Status Report

5. Project Burndown Chart – A tool to let you monitor project burndown over time.

Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

  • Project Burndown Chart

6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

  • Traditional to Agile Gating Artifact Mapping
[infographic]

Further reading

Create an Agile-Friendly Project Gating and Governance Approach

Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

Table of Contents

Analyst Perspective

Executive Summary

Phase 1: Establish Your Gating and Governance Purpose

Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

Phase 3: Complete Your Agile Gating Framework

Where Do I Go Next?

Bibliography

Facilitator Slides

Analyst Perspective

Make your gating and governance process Agile friendly by following a “trust but verify” approach

Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
Principal Research Director,
Application Delivery and Management
Info-Tech Research Group

Executive Summary

Your Challenge
  • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
  • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
Common Obstacles
  • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
  • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
  • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
Info-Tech’s Approach
  • Begin by understanding the fundamental purpose of project gating and governance.
  • Next, understand the major differences between Agile and Waterfall delivery methods.
  • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
Info-Tech Insight

Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
Phase Steps

1.1 Understand How We Gate and Govern Projects

1.2 Compare Traditional to Agile Delivery

1.3 Realize What Traditional Gating Looks Like and Why

2.1 Understand How Agile Manages Risk and Ensures Value Delivery

2.2 Introducing Info-Tech’s Agile Gating Framework

2.3 Create Your Agilometer

2.4 Create an Agile-Friendly Project Status Report

2.5 Select Your Agile Health Check Tool

3.1 Map Your Traditional Gating Artifacts to Agile Delivery

3.2 Determine Your Now, Next, Later Roadmap for Implementation

Phase Outcomes
  1. Your gating/governance purpose statement
  2. A fundamental understanding of the difference between traditional and Agile delivery methods.
  1. An understanding of Info-Tech’s Agile Gating Framework
  2. Your Gates 3 and 3A checklists
  3. Your Agilometer tool
  4. Your Agile project status report template
  5. Your Agile health check tool
  1. Artifact map for your Agile gating framework
  2. Roadmap for Agile gating implementation

Key Deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

Agilometer Tool

Create your customized Agilometer tool to determine project support and oversight needs.
Sample of the 'Agilometer Tool' deliverable.

Gates 3 and 3A Checklists

Create your customized checklists for projects at Gates 3 and 3A.
Sample of the 'Gates 3 and 3A Checklists' deliverable.

Agile-Friendly Project Status Report

Create your Agile-friendly project status report to monitor progress.
Sample of the 'Agile-Friendly Project Status Report' deliverable.

Artifact Mapping Tool

Map your traditional gating artifacts to their Agile replacements.
Sample of the 'Artifact Mapping Tool' deliverable.

Create an Agile-Friendly Project Gating and Governance Approach

Phase 1

Establish your gating and governance purpose

Phase 1

1.1 Understand How We Gate and Govern Projects

1.2 Compare Traditional to Agile Delivery

1.3 Realize What Traditional Gating Looks Like And Why

Phase 2

2.1 Understand How Agile Manages Risk and Ensures Value Delivery

2.2 Introducing Info-Tech’s Agile Gating Framework

2.3 Create Your Agilometer

2.4 Create Your Agile-Friendly Project Status Report

2.5 Select Your Agile Health Check Tool

Phase 3

3.1 Map Your Traditional Gating Artifacts to Agile Delivery

3.2 Determine Your Now, Next, Later Roadmap for Implementation

This phase will walk you through the following activities:

  • Understand why gating and governance are so important to your organization.
  • Compare and contrast traditional to Agile delivery.
  • Identify what form traditional gating takes in your organization.

This phase involves the following participants:

  • PMO/Gating Body
  • Delivery Managers
  • Delivery Teams
  • Other Interested Parties

Agile gating–related facts and figures

73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

Moving to an Agile-friendly gating approach has many benefits:
  • Faster response to change
  • Improved productivity
  • Higher team morale
  • Better product quality
  • Faster releases
(Journal of Product Innovation Management)

Traditional gating approaches can undermine an Agile project

  • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
  • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
  • The same can be said for other common phase-gate requirements including:
    • Imposing a formal (and onerous) change control process on project requirements.
    • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
    • Asking the project to produce a detailed project plan.
(DZone)
Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

Before reworking your gating approach, you need to consider two important questions

Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

  1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
  2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

Effectively Acquire Infrastructure Services

  • Buy Link or Shortcode: {j2store}467|cart{/j2store}
  • member rating overall impact: 9.6/10 Overall Impact
  • member rating average dollars saved: $26,627 Average $ Saved
  • member rating average days saved: 12 Average Days Saved
  • Parent Category Name: Data Center & Facilities Optimization
  • Parent Category Link: /data-center-and-facilities-optimization
  • Most organizations are good at procuring IT products, but few are truly good at acquiring infrastructure services.
  • The lack of expertise in acquiring services is problematic – not only is the acquisition process for services more complex, but it also often has high stakes with large deal sizes, long-term contracts, and high switching costs.

Our Advice

Critical Insight

  • Don’t treat infrastructure service acquisitions lightly. Not only are failure rates high, but the stakes are high as well.
  • Make sure your RFP strategy aligns with your deal value. Large deals, characterized by high monthly spend, high criticality to the organization, and high switching costs, warrant a more thorough and lengthy planning period and RFP process.
  • Word your RFP carefully and do your due diligence when reviewing SLAs. Make sure your RFP will help you understand what the vendor’s standard offerings are and don’t treat your service level agreements like an open negotiation. The vendor’s standard offerings will be your most reliable options.

Impact and Result

  • Follow this blueprint to avoid common pitfalls and navigate the tricky business of acquiring infrastructure services.
  • This blueprint will provide step-by-step guidance from assessing your acquisition goals to transitioning your service. Make sure you do the due diligence required to acquire the best service for your needs.

Effectively Acquire Infrastructure Services Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should follow the blueprint to effectively acquire infrastructure services, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop the procurement strategy and process

Kick off an acquisition by establishing acquisition goals, validating the decision to acquire a service, and structuring an acquisition approach. There are several RFP approaches and strategies – evaluate the options and develop one that aligns with the nature of the acquisition.

  • Effectively Acquire Infrastructure Services – Phase 1: Develop the Procurement Strategy and Process

2. Assess requirements and build the RFP

A solid RFP is critical to the success of this project. Assess the current and future requirements, examine the characteristics of an effective RFP, and develop an RFP.

  • Effectively Acquire Infrastructure Services – Phase 2: Assess Requirements and Build the RFP
  • Infrastructure Service RFP Template

3. Manage vendor questions and select the vendor

Manage the activities surrounding vendor questions and score the RFP responses to select the best-fit solution.

  • Effectively Acquire Infrastructure Services – Phase 3: Manage Vendor Questions and Select the Vendor
  • Vendor Question Organizer Template
  • Infrastructure Outsourcing RFP Scoring Tool

4. Manage the contract, transition, and vendor

Perform due diligence in reviewing the SLAs and contract before signing. Plan to transition the service into the environment and manage the vendor on an ongoing basis for a successful partnership.

  • Effectively Acquire Infrastructure Services – Phase 4: Manage the Contract, Transition, and Vendor
  • Service Acquisition Planning and Tracking Tool
  • Vendor Management Template
[infographic]

Workshop: Effectively Acquire Infrastructure Services

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Develop the Procurement Strategy and Process

The Purpose

Establish procurement goals and success metrics.

Develop a projected acquisition timeline.

Establish the RFP approach and strategy.

Key Benefits Achieved

Defined acquisition approach and timeline.

Activities

1.1 Establish your acquisition goals.

1.2 Establish your success metrics.

1.3 Develop a projected acquisition timeline.

1.4 Establish your RFP process and refine your RFP timeline.

Outputs

Acquisition goals

Success metrics

Acquisition timeline

RFP strategy and approach

2 Gather Service Requirements

The Purpose

Gather requirements for services to build into the RFP.

Key Benefits Achieved

Gathered requirements.

Activities

2.1 Assess the current state.

2.2 Evaluate service requirements and targets.

2.3 Assess the gap and validate the service acquisition.

2.4 Define requirements to input into the RFP.

Outputs

Current State Assessment

Service requirements

Validation of services being acquired and key processes that may need to change

Requirements to input into the RFP

3 Develop the RFP

The Purpose

Build the RFP.

Key Benefits Achieved

RFP development.

Activities

3.1 Build the RFP requirement section.

3.2 Develop the rest of the RFP.

Outputs

Service requirements input into the RFP

Completed RFP

4 Review RFP Responses and Select a Vendor (Off-Site)

The Purpose

Review RFP responses to select the best solution for the acquisition.

Key Benefits Achieved

Vendor selected.

Activities

4.1 Manage vendor questions regarding the RFP.

4.2 Review RFP responses and shortlist the vendors.

4.3 Conduct additional due diligence on the vendors.

4.4 Select a vendor.

Outputs

Managed RFP activities

Imperceptive scoring of RFP responses and ranking of vendors

Additional due diligence and further questions for the vendor

Selected vendor

Take Control of Cloud Costs on Microsoft Azure

  • Buy Link or Shortcode: {j2store}426|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $125,999 Average $ Saved
  • member rating average days saved: 50 Average Days Saved
  • Parent Category Name: Cloud Strategy
  • Parent Category Link: /cloud-strategy
  • Traditional IT budgeting and procurement processes don't work for public cloud services.
  • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
  • Without centralized control or oversight, organizations can quickly end up with massive Azure bills that exceed their IT salary cost.

Our Advice

Critical Insight

  • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
  • Often there are no consequences for overarchitecting or overspending on Azure.
  • Many organizations lack sufficient visibility into their Azure spend, making it impossible to establish accountability and controls.

Impact and Result

  • Define roles and responsibilities.
  • Establish visibility.
  • Develop processes, procedures, and policies.

Take Control of Cloud Costs on Microsoft Azure Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build a cost accountability framework

Assess your current state, define your cost allocation model, and define roles and responsibilities.

  • Cloud Cost Management Worksheet
  • Cloud Cost Management Capability Assessment
  • Cloud Cost Management Policy
  • Cloud Cost Glossary of Terms

2. Establish visibility

Define dashboards and reports, and document account structure and tagging requirements.

  • Service Cost Cheat Sheet for Azure

3. Define processes and procedures

Establish governance for tagging and cost control, define process for right-sizing, and define process for purchasing commitment discounts.

  • Right-Sizing Workflow (Visio)
  • Right-Sizing Workflow (PDF)
  • Commitment Purchasing Workflow (Visio)
  • Commitment Purchasing Workflow (PDF)

4. Build an implementation plan

Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

  • Cloud Cost Management Task List
[infographic]

Workshop: Take Control of Cloud Costs on Microsoft Azure

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Build a Cost Accountability Framework

The Purpose

Establish clear lines of accountability and document roles & responsibilities to effectively manage cloud costs.

Key Benefits Achieved

Understanding of key areas to focus on to improve cloud cost management capabilities.

Activities

1.1 Assess current state

1.2 Determine cloud cost model

1.3 Define roles & responsibilities

Outputs

Cloud cost management capability assessment

Cloud cost model

Roles & responsibilities

2 Establish Visibility

The Purpose

Establish visibility into cloud costs and drivers of those costs.

Key Benefits Achieved

Better understanding of what is driving costs and how to keep them in check.

Activities

2.1 Develop architectural patterns

2.2 Define dashboards and reports

2.3 Define account structure

2.4 Document tagging requirements

Outputs

Architectural patterns; service cost cheat sheet

Dashboards and reports

Account structure

Tagging scheme

3 Define Processes & Procedures

The Purpose

Develop processes, procedures, and policies to control cloud costs.

Key Benefits Achieved

Improved capability of reducing costs.

Documented processes & procedures for continuous improvement.

Activities

3.1 Establish governance for tagging

3.2 Establish governance for costs

3.3 Define right-sizing process

3.4 Define purchasing process

3.5 Define notification and alerts

Outputs

Tagging policy

Cost control policy

Right-sizing process

Commitment purchasing process

Notifications and alerts

4 Build an Implementation Plan

The Purpose

Document next steps to implement & improve cloud cost management program.

Key Benefits Achieved

Concrete roadmap to stand up and/or improve the cloud cost management program.

Activities

4.1 Document process interaction changes

4.2 Define cloud cost program KPIs

4.3 Build implementation roadmap

4.4 Build communication plan

Outputs

Changes to process interactions

Cloud cost program KPIs

Implementation roadmap

Communication plan

CIO Priorities 2023

  • Buy Link or Shortcode: {j2store}84|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $10,000 Average $ Saved
  • member rating average days saved: 9 Average Days Saved
  • Parent Category Name: IT Strategy
  • Parent Category Link: /it-strategy

CIOs are facing these challenges in 2023:

  • Trying to understand the implications of external trends.
  • Determining what capabilities are most important to support the organization.
  • Understanding how to help the organization pursue new opportunities.
  • Preparing to mitigate new sources of organizational risk.

Our Advice

Critical Insight

  • While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full context awareness. It's up to them to assess their gaps, consider the present scenario, and then make their next move.
  • Each priority carries new opportunities for organizations that pursue them.
  • There are also different risks to mitigate as each priority is explored.

Impact and Result

  • Inform your IT strategy for the year ahead.
  • Identify which capabilities you need to improve.
  • Add initiatives that support your priorities to your roadmap.

CIO Priorities 2023 Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. CIO Priorities 2023 Report – Read about the priorities on IT leaders' agenda.

Understand the five priorities that will help navigate the opportunities and risks of the year ahead.

  • CIO Priorities 2023 Report

Infographic

 

Further reading

CIO Priorities 2023

Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

Analyst Perspective

Take a full view of the board and use all your pieces to win.

In our Tech Trends 2023 report, we called on CIOs to think of themselves as chess grandmasters. To view strategy as playing both sides of the board, simultaneously attacking the opponent's king while defending your own. In our CIO Priorities 2023 report, we'll continue with that metaphor as we reflect on IT's capability to respond to trends.

If the trends report is a study of the board state that CIOs are playing with, the priorities report is about what move they should make next. We must consider all the pieces we have at our disposal and determine which ones we can afford to use to seize on opportunity. Other pieces are best used by staying put to defend their position.

In examining the different capabilities that CIOs will require to succeed in the year ahead, it's apparent that a siloed view of IT isn't going to work. Just like a chess player in a competitive match would never limit themselves to only using their knights or their rooks, a CIO's responsibility is to deploy each of their pieces to win the day. While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full awareness of the board state.

It's up to them to assess their gaps, consider the present scenario, and then make their next move.

This is a picture of Brian Jackson

Brian Jackson
Principal Research Director, Research – CIO
Info-Tech Research Group

CIO Priorities 2023 is informed by Info-Tech's primary research data of surveys and benchmarks

Info-Tech's Tech Trends 2023 report and State of Hybrid Work in IT: A Trend Report inform the externalities faced by organizations in the year ahead. They imply opportunities and risks that organizations face. Leadership must determine if they will respond and how to do so. CIOs then determine how to support those responses by creating or improving their IT capabilities. The priorities are the initiatives that will deliver the most value across the capabilities that are most in demand. The CIO Priorities 2023 report draws on data from several different Info-Tech surveys and diagnostic benchmarks.

2023 Tech Trends and Priorities Survey; N=813 (partial), n=521 (completed)
Info-Tech's Trends and Priorities 2023 Survey was conducted between August 9 and September 9, 2022. We received 813 total responses with 521 completed surveys. More than 90% of respondents work in IT departments. More than 84% of respondents are at a manager level of seniority or higher.

2023 The State of Hybrid Work in IT Survey; N=518
The State of Hybrid Work in IT Survey was conducted between July 11 and July 29 and received 518 responses. Nine in ten respondents were at a manager level of seniority or higher.

Every organization will have its own custom list of priorities based on its internal context. Organizational goals, IT maturity level, and effectiveness of capabilities are some of the important factors to consider. To provide CIOs with a starting point for their list of priorities for 2023, we used aggregate data collected in our diagnostic benchmark tools between August 1, 2021, and October 31, 2022.

Info-Tech's CEO-CIO Alignment Program is intended to be completed by CIOs and their supervisors (CEO or other executive position [CxO]) and will provide the average maturity level and budget expectations (N=107). The IT Management and Governance Diagnostic will provide the average capability effectiveness and importance ranking to CIOs (N=271). The CIO Business Vision Diagnostic will provide stakeholder satisfaction feedback (N=259).

The 2023 CIO priorities are based on that data, internal collaboration sessions at Info-Tech, and external interviews with CIOs and subject matter experts.

Build IT alignment

Assess your IT processes

Determine stakeholder satisfaction

Most IT departments should aim to drive outcomes that deliver better efficiency and cost savings

Slightly more than half of CIOs using Info-Tech's CEO-CIO Alignment Program rated themselves at a Support level of maturity in 2022. That aligns with IT professionals' view of their organizations from our Tech Trends and Priorities Survey, where organizations are rated at the Support level on average. At this level, IT departments can provide reliable infrastructure and support a responsive IT service desk that reasonably satisfies stakeholders.

In the future, CIOs aspire to attain the Transform level of maturity. Nearly half of CIOs select this future state in our diagnostic, indicating a desire to deliver reliable innovation and lead the organization to become a technology-driven firm. However, we see that fewer CxOs aspire for that level of maturity from IT. CxOs are more likely than CIOs to say that IT should aim for the Optimize level of maturity. At this level, IT will help other departments become more efficient and lower costs across the organization.

Whether a CIO is aiming for the top of the maturity scale in the future or not, IT maturity is achieved one step at a time. Aiming for outcomes at the Optimize level will be a realistic goal for most CIOs in 2023 and will satisfy many stakeholders.

Current and future state of IT maturity

This image depicts a table showing the Current and future states of IT maturity.

Trends indicate a need to focus on leadership and change management

Trends imply new opportunities and risks that an organization must decide on. Organizational leadership determines if action will be taken to respond to the new external context based on its importance compared to current internal context. To support their organizations, IT must use its capabilities to deliver on initiatives. But if a capability's effectiveness is poor, it could hamper the effort.

To determine what capabilities IT departments may need to improve or create to support their organizations in 2023, we conducted an analysis of our trends data. Using the opportunities and risks implied by the Tech Trends 2023 report and the State of Hybrid Work in IT: A Trend Report, we've determined the top capabilities IT will need to respond. Capabilities are defined by Info-Tech's IT Management and Governance Framework.

Tier 1: The Most Important Capabilities In 2023

Enterprise Application Selection & Implementation

Manage the selection and implementation of enterprise applications, off-the-shelf software, and software as a service to ensure that IT provides the business with the most appropriate applications at an acceptable cost.

Effectiveness: 6.5; Importance: 8.8

Leadership, Culture, and Values

Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance.

Effectiveness: 6.9; Importance: 9

Data Architecture

Manage the business' databases, including the technology, the governance processes, and the people that manage them. Establish the principles, policies, and guidelines relevant to the effective use of data within the organization.

Effectiveness: 6.3; Importance: 8.8

Organizational Change Management

Implement or optimize the organization's capabilities for managing the impact of new business processes, new IT systems, and changes in organizational structure or culture.

Effectiveness: 6.1; Importance: 8.8

External Compliance

Ensure that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual requirements.

Effectiveness: 7.4; Importance: 8.8

Info-Tech's Management and Diagnostic Benchmark

Tier 2: Other Important Capabilities In 2023

Ten more capabilities surfaced as important compared to others but not as important as the capabilities in tier 1.

Asset Management

Track IT assets through their lifecycle to make sure that they deliver value at optimal cost, remain operational, and are accounted for and physically protected. Ensure that the assets are reliable and available as needed.

Effectiveness: 6.4; Importance: 8.5

Business Intelligence and Reporting

Develop a set of capabilities, including people, processes, and technology, to enable the transformation of raw data into meaningful and useful information for the purpose of business analysis.

Effectiveness: 6.3; Importance: 8.8

Business Value

Secure optimal value from IT-enabled initiatives, services, and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits.

Effectiveness: 6.5; Importance: 8.7

Cost and Budget Management

Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability for the cost and business value of IT solutions and services.

Effectiveness: 6.5; Importance: 8.8

Data Quality

Put policies, processes, and capabilities in place to ensure that appropriate targets for data quality are set and achieved to match the needs of the business.

Effectiveness: 6.4; Importance: 8.9

Enterprise Architecture

Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise's business processes, information systems, and infrastructure.

Effectiveness: 6.8; Importance: 8.8

IT Organizational Design

Set up the structure of IT's people, processes, and technology as well as roles and responsibilities to ensure that it's best meeting the needs of the business.

Effectiveness: 6.8; Importance: 8.8

Performance Measurement

Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations and provide transparency for performance and conformance.

Effectiveness: 6; Importance: 8.4

Stakeholder Relations

Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes.

Effectiveness: 6.7; Importance: 9.2

Vendor Management

Manage IT-related services provided by all suppliers, including selecting suppliers, managing relationships and contracts, and reviewing and monitoring supplier performance.

Effectiveness: 6.6; Importance: 8.4

Defining the CIO Priorities for 2023

Understand the CIO priorities by analyzing both how CIOs respond to trends in general and how a specific CIO responded in the context of their organization.

This is an image of the four analyses: 1: Implications; 2: Opportunities and risks; 3: Case examples; 4: Priorities to action.

The Five CIO Priorities for 2023

Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

  1. Adjust IT operations to manage for inflation
    • Business Value
    • Vendor Management
    • Cost and Budget Management
  2. Prepare your data pipeline to train AI
    • Business Intelligence and Reporting
    • Data Quality
    • Data Architecture
  3. Go all in on zero-trust security
    • Asset Management
    • Stakeholder Relations
    • External Compliance
  4. Engage employees in the digital age
    • Leadership, Culture, and Values
    • Organizational Change Management
    • Enterprise Architecture
  5. Shape the IT organization to improve customer experience
    • Enterprise Application Selection & Implementation
    • Performance Measurement
    • IT Organizational Design

Adjust IT operations to manage for inflation

Priority 01

  • APO06 Cost and Budget Management
  • APo10 Vendor Management
  • EDM02 Business Value

Recognize the relative impact of higher inflation on IT's spending power and adjust accordingly.

Inflation takes a bite out of the budget

Two-thirds of IT professionals are expecting their budgets to increase in 2023, according to our survey. But not every increase is keeping up with the pace of inflation. The International Monetary Fund forecasts that global inflation rose to 8.8% in 2022. It projects it will decline to 6.5% in 2023 and 4.1% by 2024 (IMF, 2022).

CIOs must account for the impact of inflation on their IT budgets and realize that what looks like an increase on paper is effectively a flat budget or worse. Applied to our survey takers, an IT budget increase of more than 6.5% would be required to keep pace with inflation in 2023. Only 40% of survey takers are expecting that level of increase. For the 27% expecting an increase between 1-5%, they are facing an effective decrease in budget after the impact of inflation. Those expecting no change in budget or a decrease will be even worse off.

Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

Global inflation estimates by year

2022 8.8%
2023 6.5%
2024 4.1%

International Monetary Fund, 2022

CIOs are more optimistic about budgets than their supervisors

Data from Info-Tech's CEO-CIO Alignment Diagnostic benchmark also shows that CIOs and their supervisors are planning for increases to the budget. This diagnostic is designed for a CIO to use with their direct supervisor, whether it's the CEO or otherwise (CxO). Results show that on average, CIOs are more optimistic than their supervisors that they will receive budget increases and headcount increases in the years ahead.

While 14% of CxOs estimated the IT budget would see no change or a decrease in the next three to five years, only 3% of CIOs said the same. A larger discrepancy is seen in headcount, where nearly one-quarter of CXOs estimated no change or decrease in the years ahead, versus only 10% of CIOs estimating the same.

When we account for the impact of inflation in 2023, this misalignment between CIOs and their supervisors increases. When adjusting for inflation, we need to view the responses projecting an increase of between 1-5% as an effective decrease. With the inflation adjustment, 26% of CXOs are predicting IT budgets to stay flat or see a decrease compared to only 10% of CIOs.

CIOs should consider how inflation has affected their projected spending power over the past year and take into account projected inflation rates over the next couple of years. Given that the past decade has seen inflation rates between 2-3%, the higher rates projected will have more of an impact on organizational budgets than usual.

Expect headcount to stay flat or decline over 3-5 years

CIO: 10%; CXO: 24%

IT budget expectations to stay flat or decrease before inflation

CIO: 13.6 %; CXO: 3.2%

IT budget expectations to stay flat or decrease adjusted for inflation

CIO: 25.8%; CXO: 9.7%

Info-Tech's CEO-CIO Alignment Program

Opportunities

Appoint a "cloud economist"

Organizations that migrated from on-premises data centers to infrastructure as a service shifted their capital expenditures on server racks to operational expenditures on paying the monthly service bill. Managing that monthly bill so that it is in line with desired performance levels now becomes crucial. The expected benefit of the cloud is that an organization can turn the dial up to meet higher demand and turn it down when demand slows. In practice this is sometimes more difficult to execute than anticipated. Some IT departments realize their cloud-based data flows aren't always connected to the revenue-generating activity seen in the business. As a result, a "cloud economist" is needed to closely monitor cloud usage and adjust it to financial expectations. Especially during any recessionary period, IT departments will want to avoid a "bill shock" incident.

Partner with technology providers

Keep your friends close and your vendors closer. Look for opportunities to create leverage with your strategic vendors to unlock new opportunities. Identify if a vendor you work with is not entrenched in your industry and offer them the credibility of working with you in exchange for a favorable contract. Offering up your logo for a website listing clients or giving your own time to speak in a customer session at a conference can go a long way to building up some goodwill with your vendors. That's goodwill you'll need when you ask for a new multi-year contract on your software license without annual increases built into the structure.

Demonstrate IT projects improve efficiency

An IT department that operates at the Optimize level of Info-Tech's maturity scale can deliver outcomes that lower costs for other departments. IT can defend its own budget if it's able to demonstrate that its initiatives will automate or augment business activities in a way that improves margins. The argument becomes even more compelling if IT can demonstrate it is supporting a revenue-generating initiative or customer-facing experience. CIOs will need to find business champions to vouch for the important contributions IT is making to their area.

Risks

Imposition of non-financial reporting requirements

In some jurisdictions, the largest companies will be required to start collecting information on carbon emissions emitted as a result of business activities by the end of next year. Smaller sized organizations will be next on the list to determine how to meet new requirements issued by various regulators. Risks of failure include facing fines or being shunned by investors. CIOs will need to support their financial reporting teams in collecting the new required data accurately. This will incur new costs as well.

Rising asset costs

Acquiring IT equipment is becoming more expensive due to overall inflation and specific pressures around semiconductor supply chains. As a result, more CIOs are extending their device refresh policies to last another year or two. Still, demands for new devices to support new hybrid work models could put pressure on budgets as IT teams are asked to modernize conferencing rooms. For organizations adopting mixed reality headsets, cutting-edge capabilities will come at a premium. Operating costs of devices may also increase as inflation increases costs of the electricity and bandwidth they depend on.

CASE STUDY
Leverage your influence in vendor negotiations

Denise Cornish, Associate VP of IT and Deputy COO,
Western University of Health Sciences

Since taking on the lead IT role at Western University in 2020, Denise Cornish has approached vendor management like an auditable activity. She evaluates the value she gets from each vendor relationship and creates a list of critical vendors that she relies upon to deliver core business services. "The trick is to send a message to the vendor that they also need us as a customer that's willing to act as a reference," she says. Cornish has managed to renegotiate a contract with her ERP vendor, locking in a multi-year contract with a very small escalator in exchange for presenting as a customer at conferences. She's also working with them on developing a new integration to another piece of software popular in the education space.

Western University even negotiated a partnership approach with Apple for a program run with its College of Osteopathic Medicine of the Pacific (COMP) called the Digital Doctor Bag. The partnership saw Apple agree to pre-package a customer application developed by Western that delivered the curriculum to students and facilitated communications across students and faculty. Apple recognized Western as an Apple Distinguished School, a program that recognizes innovative schools that use Apple products.

"I like when negotiations are difficult.
I don't necessarily expect a zero-sum game. We each need to get something out of this and having the conversation and really digging into what's in it for you and what's in it for me, I enjoy that. So usually when I negotiate a vendor contract, it's rare that it doesn't work out."

CASE STUDY
Control cloud costs with a simplified approach

Jim Love, CIO, IT World Canada

As an online publisher and a digital marketing platform for technology products and services companies, IT World Canada (ITWC) has observed that there are differences in how small and large companies adopt the cloud as their computing infrastructure. For smaller companies, even though adoption is accelerating, there may still be some reluctance to fully embrace cloud platforms and services. While larger companies often have a multi-cloud approach, this might not be practical for smaller IT shops that may struggle to master the skills necessary to effectively manage one cloud platform. While Love acknowledges that the cloud is the future of corporate computing, he also notes that not all applications or workloads may be well suited to run in the cloud. As well, moving data into the cloud is cheap but moving it back out can be more expensive. That is why it is critical to understand your applications and the data you're working with to control costs and have a successful cloud implementation.

"Standardization is the friend of IT. So, if you can standardize on one platform, you're going to do better in terms of costs."

From priorities to action

Go deeper on pursuing your priorities by improving the associated capabilities.

Improve Cost and Budget Management

Take control of your cloud costs by providing central financial oversight on the infrastructure-as-a-service provider your organization uses. Create visibility into your operational costs and define policies to control them. Right-size the use of cloud services to stay within organizational budget expectations.

Take Control of Cloud Costs on AWS

Take Control of Cloud Costs on Microsoft Azure

Improve Business Value

Reduce the funds allocated to ongoing support and impose tougher discipline around change requests to lighten your maintenance burden and make room for investment in net-new initiatives to support the business.

Free up funds for new initiatives

Improve Vendor Management

Lay the foundation for a vendor management process with long-term benefits. Position yourself as a valuable client with your strategic vendors and leverage your position to improve your contract terms.

Elevate Your Vendor Management Initiative

Prepare your data pipeline to train AI

Priority 02

  • ITRG06 BUSINESS INTELLIGENCE AND REPORTING
  • ITRG07 DATA ARCHITECTURE
  • ITRG08 DATA QUALITY

Keep pace as the market adopts AI capabilities, and be ready to create competitive advantage.

Today's innovation is tomorrow's expectation

During 2022, some compelling examples of generative-AI-based products took the world by storm. Images from AI-generating bots Midjourney and Stable Diffusion went viral, flooding social media and artistic communities with images generated from text prompts. Exchanges with OpenAI's ChatGPT bot also caught attention, as the bot was able to do everything from write poetry, to provide directions on a cooking recipe and then create a shopping list for it, to generate working code in a variety of languages. The foundation models are trained with AI techniques that include generative adversarial networks, transformers, and variational autoencoders. The end result is an algorithm that can produce content that's meaningful to people based on some simple direction. The industry is only beginning to come to grips with how this sort of capability will disrupt the enterprise.

Slightly more than one-third of IT professionals say their organization has already invested in AI or machine learning. It's the sixth-most popular technology to have already invested in after cloud computing (82%), application programming interfaces (64%), workforce management solutions (44%), data lakes (36%), and next-gen cybersecurity (36%). It's ahead of 12 other technologies that IT is already invested in.

When we asked what technologies organizations planned to invest in for next year, AI rocketed up the list to second place, as it's selected by 44% of IT professionals. It falls behind only cloud computing. This jump up the list makes AI the fastest growing technology for new investment from organizations.

Many AI capabilities seem cutting edge now, but organizations are prioritizing it as a technology investment. In a couple of years, access to foundational models that produce images, text, or code will become easy to access with a commercial license and an API integration. AI will become embedded in off-the-shelf software and drive many new features that will quickly become commonplace.

To stay even with the competition and meet customer expectations, organizations will have to work to at least adopt these AI-enhanced products and services. For those that want to create a competitive advantage, they will have to build a data pipeline that is capable of training their own custom AI models based on their unique data sets.

Which of the following technology categories has your organization already invested in?

A bar graph is depicted the percentage of organizations which already had invested in the following Categories: Cloud Computing; Application Programming; Next-Gen Cybersecurity; Workforce Management Solutions; Data Lake/Lakehouse; Artificial Intelligence or Machine Learning.

Which of those same technologies does your organization plan to invest in by the end of 2023?

A bar graph is depicted the percentage of organizations which plan to invest in the following categories by the end of 2023: No-Code / Low-Code Platforms; Next-Gen Cybersecurity; Application Programming Interfaces (APIs); Data Lake / Lakehouse; Artificial Intelligence (AI) or Machine Learning; Cloud Computing

Tech Trends 2023 Survey

Data quality and governance will be critical to customize generative AI

Data collection and analysis are on the minds of both CIOs and their supervisors. When asked what technologies the business should adopt in the next three to five years, big data (analytics) ranked as most critical to adopt among CIOs and their supervisors. Big data (collection) ranked fourth out of 11 options.

Organizations that want to drive a competitive advantage from generative AI will need to train these large, versatile models on their own data sets. But at the same time, IT organizations are struggling to provide clean data. The second-most critical gap for IT organizations on average is data quality, behind only organizational change management. Organizations know that data quality is important to support analytics goals, as algorithms can suffer in their integrity if they don't have reliable data to work with. As they say, garbage in, garbage out.

Another challenge to overcome is the gap seen in IT governance, the sixth largest gap on average. Using data toward training custom generative models will hold new compliance and ethical implications for IT departments to contend with. How user data can be leveraged is already the subject of privacy legislation in many different jurisdictions, and new AI legislation is being developed in various places around the world that could create further demands. In some cases, users are reacting negatively to AI-generated content.

Biggest capability gaps between rated importance and effectiveness

This is a Bar graph showing the capability gaps between rated importance and effectiveness.

IT Management and Governance Diagnostic

Most critical technologies to adopt rated by CIOs and their supervisors

This is a Bar graph showing the most critical technologies to adopt as rated by CIO's and their supervisors

CEO-CIO Alignment Program

Opportunities

Enterprise content discovery

Many organizations still cobble together knowledgebases in SharePoint or some other shared corporate drive, full of resources that no one quite knows how to find. A generative AI chatbot holds potential to be trained on an organization's content and produce content based on an employee's queries. Trained properly, it could point employees to the right resource they need to answer their question or just provide the answer directly.

Supply chain forecasts

After Hurricane Ian shut down a Walmart distribution hub, the retailer used AI to simulate the effects on its supply chain. It rerouted deliveries from other hubs based on the predictions and planned for how to respond to demand for goods and services after the storm. Such forecasts would typically take a team of analysts days to compose, but thanks to AI, Walmart had it done in a matter of hours (The Economist, 2022).

Reduce the costs of AI projects

New generative AI models of sufficient scale offer advantages over previous AI models in their versatility. Just as ChatGPT can write poetry or dialogue for a play or perhaps a section of a research report (not this one, this human author promises), large models can be deployed for multiple use cases in the enterprise. One AI researcher says this could reduce the costs of an AI project by 20-30% (The Economist, 2022).

Risks

Impending AI regulation

Multiple jurisdictions around the world are pursuing new legislation that imposes requirements on organizations that use AI, including the US, Europe, and Canada. Some uses of AI will be banned outright, such as the real-time use of facial recognition in public spaces, while in other situations people can opt out of using AI and work with a human instead. Regulations will take the risk of the possible outcomes created by AI into consideration, and organizations will often be required to disclose when and how AI is used to reach decisions (Science | Business, 2022). Questions around whether creators can prevent their content from being used for training AI are being raised, with some efforts already underway to collect a list of those who want to opt out. Organizations that adopt a generative AI model today may find it needs to be amended for copyright reasons in the future.

Bias in the algorithms

Organizations using a large AI model trained by a third party to complete their tasks or as a foundation to further customize it with their own data will have to contend with the inherent bias of the algorithm. This can lead to unintended negative experiences for users, as it did for MIT Technology Review journalist Melissa Heikkilä when she uploaded her images to AI avatar app Lensa, only to have it render a collection of sexualized portraits. Heikkilä contends that her Asian heritage overly influenced the algorithm to associate her with video-game characters, anime, and adult content (MIT Technology Review, 2022).

Convincing nonsense

Many of the generative AI bots released so far often create very good responses to user queries but sometimes create nonsense that at first glance might seem to be accurate. One example is Meta's Galactica bot – intended to streamline scientific research discovery and aid in text generation – which was taken down only three days after being made available. Scientists found that it generated fake research that sounded convincing or failed to do math correctly (Spiceworks, 2022).

CASE STUDY
How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices

Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

At the Toronto Raptors practice facility, the OVO Athletic Centre, a new 120-foot custom LG video screen towers over the court. The video board is used to playback game clips so coaches can use them to teach players, but it also displays analytics from algorithmic models that are custom-made for each player. Data on shot-making or defensive deflections are just a couple examples of what might inform the players.

Vice President of Digital Technology Christian Magsisi leads a functional Digital Labs technical group at MLSE. The in-house team builds the specific data models that support the Raptors in their ongoing efforts to improve. The analytics are fed by Noah Analytics, which uses cognitive vision to provide real-time feedback on shot accuracy. SportsVU is a motion capture system that represents how players are positioned on the court, with detail down to which way they are facing and whether their arms are up or down. The third-party vendors provide the solutions to generate the analytics, but it's up to MLSE's internal team to shape them to be actionable for players during a practice.

"All the way from making sure that a specific player is achieving the results that they're looking for and showing that through data, or finding opportunities for the coaching staff. This is the manifestation of it in real life. Our ultimate goal with the coaches was to be able to take what was on emails or in a report and sometimes even in text message and actually implement it into practice."

Read the full story on Spiceworks Insights.

How MLSE enhances the Toronto Raptors' competitiveness with data-driven practices (cont.)

Humza Teherany, Chief Technology Officer, MLSE

MLSE's Digital Labs team architects its data insights pipeline on top of cloud services. Amazon Web Services Rekognition provides cognitive vision analysis from video and Amazon Kinesis provides the video processing capabilities. Beyond the court, MLSE uses data to enhance the fan experience, explains CTO Humza Teherany. It begins with having meaningful business goals about where technology can provide the most value. He starts by engaging the leadership of the organization and considering the "art of the possible" when it comes to using technology to unlock their goals.

Humza Teherany (left) and Christian Magsisi lead MLSE's digital efforts for the pro sports teams owned by the group, including the Toronto Raptors, Toronto Maple Leafs, and Toronto Argonauts. (Photo by Brian Jackson).

Read the full story on Spiceworks Insights.

"Our first goal in the entire buildup of the Digital Labs organization has been to support MLSE and all of our teams. We like to do things first. We leverage our own technology to make things better for our fans and for our teams to complete and find incremental advantages where possible."
Humza Teherany,
Chief Technology Officer, MLSE

From priorities to action

Go deeper on pursuing your priorities by improving the associated capabilities.

Improve Data Quality

The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

Prepare for Cognitive Service Management

Improve Business Intelligence and Reporting

Explore the enterprise chatbots that are available to not only assist with customer interactions but also help your employees find the resources they need to do their jobs and retrieve data in real time.

Explore the best chatbots software

Improve Data Architecture

Understand if you are ready to embark on the AI journey and what business use cases are appropriate for AI. Plan around the organization's maturity in people, tools, and operations for delivering the correct data, model development, and model deployment and managing the models in the operational areas.

Create an Architecture for AI

Go all in on zero-trust security

Priority 03

  • BAI09 ASSET MANAGEMENT
  • APO08 STAKEHOLDER RELATIONS
  • MEA03 EXTERNAL COMPLIANCE

Adopt zero-trust architecture as the new security paradigm across your IT stack and from an organizational risk management perspective.

Putting faith in zero trust

The push toward a zero-trust security framework is becoming necessary for organizations for several different reasons over the past couple of years. As the pandemic forced workers away from offices and into their homes, perimeter-based approaches to security were challenged by much wider network footprints and the need to identify users external to the firewall. Supply-chain security became more of a concern with notable attacks affecting many thousands of firms, some with severe consequences. Finally, the regulatory pressure to implement zero trust is rising following President Joe Biden's 2021 Executive Order on Improving the Nation's Cybersecurity. It directs federal agencies to implement zero trust. That will impact any company doing business with the federal government, and it's likely that zero trust will propagate through other government agencies in the years ahead. Zero-trust architecture can also help maintain compliance around privacy-focused regulations concerned about personal data (CSO Online, 2022).

IT professionals are modestly confident that they can meet new government legislation regarding cybersecurity requirements. When asked to rank their confidence on a scale of one to five, the most common answer was 3 out of 5 (38.5%). The next most common answer was 4 out of 5 (33.3%).

Zero-trust barriers:
Talent shortage and lack of leadership involvement

Out of a list of challenges, IT professionals are most concerned with talent shortages leading to capacity constraints in cybersecurity. Fifty-four per cent say they are concerned or very concerned with this issue. Implementing a new zero-trust framework for security will be difficult if capacity only allows for security teams to respond to incidents.

The next most pressing concern is that cyber risks are not on the radar of executive leaders or the board of directors, with 46% of IT pros saying they are concerned or very concerned. Since zero-trust requires that organizations take an enterprise risk management approach to cybersecurity and involve top decision makers, this reveals another area where organizations may fall short of achieving a zero-trust environment.

How confident are you that your organization is prepared to meet current and future government legislation regarding cybersecurity requirements? A circle graph is shown with 68.6% colored dark green, and the words: AVG 3.43 written inside the graph.
a bar graph showing the confidence % for numbers 1-5
54%

of IT professionals are concerned with talent shortages leading to capacity constraints in cybersecurity.

46%

of IT professionals are concerned that cyber risks are not on the radar of executive leaders or the board of directors.

Zero trust mitigates risk while removing friction

A zero-trust approach to security requires organizations to view cybersecurity risk as part of its overall risk framework. Both CIOs and their supervisors agree that IT-related risks are a pain point. When asked to rate the severity of pain points, 58% of CIOs rated IT-related business risk incidents as a minor pain or major pain. Their supervisors were more concerned, with 61% rating it similarly. Enterprises can mitigate this pain point by involving top levels of leadership in cybersecurity planning.

Organizations can be wary about implementing new security measures out of concern it will put barriers between employees and what they need to work. Through a zero-trust approach that focuses on identity verification, friction can be avoided. Overall, IT organizations did well to provide security without friction for stakeholders over the past 18 months. Results from Info-Tech's CIO Business Vision Diagnostic shows that stakeholders almost all agree friction due to security practices are acceptable. The one area that stands to be improved is remote/mobile device access, where 78.3% of stakeholders view the friction as acceptable.

A zero-trust approach treats user identity the same regardless of device and whether it is inside or outside of the corporate network. This can remove friction when workers are looking to connect remotely from a mobile device.

IT-related business risk incidents viewed as a pain point

CXO 61%
CIO 58%

Business stakeholders rate security friction levels as acceptable

A bar graph is depicted with the following dataset: Regulatory Compliance: 93.80%; Office/Desktop Computing:	86.50%;Data Access/Integrity: 86.10%; Remote/Mobile Device Access:	78.30%;

CIO Business Vision Diagnostic, N=259

Opportunities

Move to identity-driven access control

Today's approach to access control on the network is to allow every device to exchange data with every other device. User endpoints and servers talk to each other directly without any central governance. In a zero-trust environment, a centralized zero-trust network access broker provides one-to-one connectivity. This allows servers to rest offline until needed by a user with the right access permissions. Users verify their identity more often as they move throughout the network. The user can access the resources and data they need with minimal friction while protecting servers from unauthorized access. Log files are generated for analysis to raise alerts about when an authorized identity has been compromised.

Protect data with just-in-time authentication

Many organizations put process in place to make sure data at rest is encrypted, but often when users copy that data to their own devices, it becomes unencrypted, allowing attackers opportunities to exfiltrate sensitive data from user endpoints. Moving to a zero-trust environment where each data access is brokered by a central broker allows for encryption to be preserved. Parties accessing a document must exchange keys to gain access, locking out unauthorized users that don't have both sets of keys to decrypt the data (MIT Lincoln Laboratory, 2022).

Harness free and open-source tools to deploy zero trust

IT teams may not be seeing a budget infusion to invest in a new approach to security. By making use of the many free and open-source tools available, they can bootstrap their strategy into reality. Here's a list to get started:

PingCastle Wrangle your Active Directory and find all the domains that you've long since forgotten about and manage the situation appropriately. Also builds a spoke-and-hub map of your Active Directory.

OpenZiti Create an overlay network to enable programmable networking that supports zero trust.

Snyk Developers can automatically find and fix vulnerabilities before they commit their code. This vendor offers a free tier but users that scale up will need to pay.

sigstore Open-source users and maintainers can use this solution to verify the code they are running is the code the developer intended. Works by stitching together free services to facilitate software signing, verify against a transparent ledger, and provide auditable logs.

Microsoft's SBOM generation tool A software bill of materials is a requirement in President Biden's Executive Order, intended to provide organizations with more transparency into their software components by providing a comprehensive list. Microsoft's tool will work with Windows, Linux, and Mac and auto-detect a longlist of software components, and it generates a list organized into four sections that will help organizations comprehend their software footprint.

Risks

Organizational culture change to accommodate zero trust

Zero trust requires that top decision makers get involved in cybersecurity by treating it as an equal consideration of overall enterprise risk. Not all boards will have the cybersecurity expertise required, and some executives may not prioritize cybersecurity despite the warnings. Organizations that don't appoint a chief information security officer (CISO) role to drive the cybersecurity agenda from the top will be at risk of cybersecurity remaining an afterthought.

Talent shortage

No matter what industry you're in or what type of organization you run, you need cybersecurity. The demand for talent is very high and organizations are finding it difficult to hire in this area. Without the talent needed to mature cybersecurity approaches to a zero-trust model, the focus will remain on foundational principles of patch management to eliminate vulnerabilities and intrusion prevention. Smaller organizations may want to consider a "virtual CISO" that helps shape the organizational strategy on a part-time basis.

Social engineering

Many enterprise security postures remain vulnerable to an attack that commandeers an employee's identity to infiltrate the network. Hosted single sign-on models provide low friction and continuity of identity across applications but also offer a single point of failure that hackers can exploit. Phishing scams that are designed to trick an employee into providing their credentials to a fake website or to just click on a link that delivers a malware payload are the most common inroads that criminals take into the corporate network. Being aware of how user behavior influences security is crucial.

CASE STUDY
Engage the entire organization with cybersecurity awareness

Serge Suponitskiy, CIO, Brosnan Risk Consultants

Brosnan provides private security services to high-profile clients and is staffed by security experts with professional backgrounds in intelligence services and major law enforcement agencies. Safe to say that security is taken seriously in this culture and CIO Serge Suponitskiy makes sure that extends to all back-office staff that support the firm's activities. He's aware that people are often the weakest link in a cybersecurity posture and are prone to being fooled by a phishing email or even a fraudulent phone call. So cybersecurity training is an ongoing activity that takes many forms. He sends out a weekly cybersecurity bulletin that features a threat report and a story about the "scam of the week." He also uses KnowBe4, a tool that simulates phishing attacks and trains employees in security awareness. Suponitskiy advises reaching out to Marketing or HR for help with engaging employees and finding the right learning opportunities.

"What is financially the best solution to protect yourself? It's to train your employees. … You can buy all of the tools and it's expensive. Some of the prices are going up for no reason. Some by 20%, some by 50%, it's ridiculous. So, the best way is to keep training, to keep educating, and to reimagine the training. It's not just sending this video that no one clicks on or posting a poster no one looks at. … Given the fact we're moving into this recession world, and everyone is questioning why we need to spend more, it's time to reimagine the training approach."

CASE STUDY
Focus on micro-segmentation as the foundation of zero trust

David Senf, National Cybersecurity Strategist, Bell

As a cybersecurity analyst and advisor that works with Bell's clients, David Senf sees zero-trust security as an opportunity for organizations to put a strong set of mitigating controls in place to defend against the thorny challenge of reducing vulnerabilities in their software supply chain. With major breaches being linked to widely used software in the past couple of years, security teams might find it effective to focus on a different layer of security to prevent certain breaches. With security policy being enforced at a narrow point/perimeter, attacks are in essence blocked from exploiting application vulnerabilities (e.g. you can't exploit what you can see). Organizations must still ensure there is a solid vulnerability management program in place, but surrounding applications with other controls is critical. One aspect of zero trust, micro-segmentation, which is an approach to network management, can limit the damage caused by a breach. The solutions help to map out and protect the different connections between applications that could otherwise be abused for discovery or lateral movement. Senf advises that knowing your inventory of software and the interdependencies between applications is the first step on a zero-trust journey, before putting protection and detection in place.

"Next year will be a year of a lot more ZTNA, zero-trust network access, being deployed. So, I think that will give organizations more of an understanding of what zero trust is as well, from a really basic perspective. If I can just limit what applications you can see and no one can even see that application, it's undiscoverable because I've got that ZTNA solution in place. … I would see that as a leading area of deployment and coming to understand what zero trust is in 2023."

From priorities to action

Go deeper on pursuing your priorities by improving the associated capabilities.

Improve Asset Management

Enable reduced friction in the remote user experience by underpinning it with a hardware asset management program. Creating an inventory of devices and effectively tracking them will aid in maintaining compliance, result in stronger policy enforcement, and reduce the harm of a lost or stolen device.

Implement Hardware Asset Management

Improve Stakeholder Relations

Communicate the transition from a perimeter-based security approach to an "Always Verify" approach with a clear roadmap toward implementation. Map key protect surfaces to business goals to demonstrate the importance of zero-trust security in helping the organization succeed. Help the organization's top leadership build awareness of cybersecurity risk.

Build a Zero Trust Roadmap

Improve External Compliance

Manage the challenge of meeting new government requirements to implement zero-trust security and other data protection and cybersecurity regulations with a compliance program. Create a control environment that aligns multiple compliance regimes, and be prepared for IT audits.

Build a Security Compliance Program

Engage employees in the digital age

Priority 04

  • ITRG02 LEADERSHIP, CULTURE, AND VALUES
  • BAI05 ORGANIZATIONAL CHANGE MANAGEMENT
  • APO03 ENTERPRISE ARCHITECTURE

Lead a strong culture through digital means to succeed in engaging the hybrid workforce.

The new deal for employers in a hybrid work world

Necessity is the mother of innovation.

The pandemic's disruption for non-essential workers looks to have a long-lasting, if not permanent, effect on the relationship between employer and employee. The new bargain for almost all organizations is a hybrid work reality, with employees splitting time between the office and working remotely, if not working remotely full-time. IT is in a unique position in the organization as it must not only contend with the shift to this new deal with its own employees but facilitate it for the entire organization.

With 90% of organizations embracing some form of hybrid work, IT leaders have an opportunity to shift from coping with the new work reality to finding opportunities to improve productivity. Organizations that embrace a hybrid model for their IT departments see a more effective IT department. Organizations that offered no remote work for IT rated their IT effectiveness on average 6.2 out of 10, while organizations with at least 10% of IT roles in a hybrid model saw significantly higher effectiveness. At minimum, organizations with between 50%-70% of IT roles in a hybrid model rated their effectiveness at 6.9 out of 10.

IT achieved this increase in effectiveness during a disruptive time that often saw IT take on a heavier burden. Remote work required IT to support more users and be involved in facilitating more work processes. Thriving through this challenging time is a win that's worth sharing with the rest of the organization.

90% of organizations are embracing some form of hybrid work.

IT's effectiveness compared to % working hybrid or remotely

A bar graph is shown which compares the effectiveness of IT work with hybrid and full remote work, compared to No Remote Work for IT.

High effectiveness doesn't mean high engagement

Despite IT's success with hybrid work, CIOs are more concerned about their staff sufficiency, skill, and engagement than their supervisors. Among clients using our CEO-CIO Alignment Diagnostic, 49% of CIOs considered this issue a major pain point compared to only 32% of CXOs. While IT staff are more effective than ever, even while carrying more of a burden in the digital age, CIOs are still looking to improve staff engagement.

Info-Tech's State of Hybrid Work Survey illuminates further details about where IT leaders are concerned for their employee engagement. About four in ten IT leaders say they are concerned for employee wellbeing, and almost the same amount say they are concerned they are not able to see signs that employees are demotivated (N=518).

Boosting IT employees' engagement levels to match their effectiveness will require IT leaders to harness all the tools at their disposal. Communicating culture and effectively managing organizational change in the digital age is a real test of leadership.

Staff sufficiency, skill, and engagement issues as a major pain point

CXO 32%
CIO 49%

CEO-CIO Alignment Diagnostic

Opportunities

Drive effectiveness with a hybrid environment

IT leaders concerned about the erosion of culture and connectedness due to hybrid work can mitigate those effects with increased and improved communication. Among highly effective IT departments, 55% of IT leaders made themselves highly available through instant messaging chat. Another 54% of highly effective leaders increased team meetings (State of Hybrid Work Survey, n=213). The ability to adapt to the team's needs and use a number of tactics to respond is the most important factor. The greater the number of tactics used to overcome communication barriers, the more effective the IT department (State of Hybrid Work Survey, N=518).

Modernize the office conference room

A hybrid work approach emphasizes the importance of not only the technology in the office conference room but the process around how meetings are conducted. Creating an equal footing for all participants regardless of how they join is the goal. In pursuit of that, 63% of organizations say they have made changes or upgrades to their conference room technology (n=496). The conferencing experience can influence employee engagement and work culture and enhance collaboration. IT should determine if the business case exists for upgrades and work to decrease the pain of using legacy solutions where possible (State of Hybrid Work in IT: A Trend Report).

Understand the organizational value chain

Map out the value chain from the customer perspective and then determine the organizational capabilities involved in delivering on that experience. It is a useful tool for helping IT staff understand how they're connected to the customer experience and organizational mission. It's crucial to identify opportunities to resolve pain points and create more efficiency throughout the organization.

Risks

Talent rejects the working model

Many employees that experienced hybrid work over the past couple of years are finding it's a positive development for work/life balance and aren't interested in a full-time return to the office. Organizations that insist on returning all employees to the office all the time may find that employees choose to leave the organization. Similarly, it could be hard to hire IT talent in a competitive market if the position is required to be onsite every day. Most organizations are providing flexible options to employees and finding ways to manage work in the new digital age.

Wasted expense on facilities

Organizations may choose to keep their physical office only to later realize that no one is going to work there. While providing an office space can help foster positive culture through valuable face time, it has to be used intentionally. Managers should plan for specific days that their teams will meet in the office and make sure that work activities take advantage of everyone being in the same place at the same time. Asking everyone to come in so that they can be on a videoconference meeting in their cubicle isn't the point.

Isolated employees and teams

Studies on a remote work environment show it has an impact on how many connections each employee maintains within the company. Employees still interact well within their own teams but have fewer interactions across departments. Overall, workers are likely to collaborate just as often as they did when working in the office but with fewer other individuals at the company. Keep the isolating effect of remote work in mind and foster collaboration and networking opportunities across different departments (BBC News, 2022).

CASE STUDY
Equal support of in-office and remote work

Roberto Eberhardt, CIO, Ontario Legislative Assembly

Working in the legislature of the Ontario provincial government, CIO Roberto Eberhardt's staff went from a fully onsite model to a fully remote model at the outset of the pandemic. Today he's navigating his path to a hybrid model that's somewhere in the middle. His approach is to allow his business colleagues to determine the work model that's needed but to support a technology environment that allows employees to work from home or in the office equally. Every new process that's introduced must meet that paradigm, ensuring it will work in a hybrid environment. For his IT staff, he sees a culture of accountability and commitment to metrics to drive performance measurement as key to the success of this new reality.

"While it's good in a way, the challenge for us is it became a little more complex because you have to account for all those things in the office environment and in the remote work approach. Everything you do now, you have to say OK well how is this going to work in this world and how will it work in the other world?"

Creating purpose for IT through strategy

Mike Russell, Virginia Community College System

At the Virginia Community College System (VCCS), CIO Mike Russell's IT team supports an organization that governs and delivers services to all community colleges in the state. Russell sees his IT team's purpose as being driven by the organization's mission to ensure success throughout the entire student journey, from enrolment to becoming employed after graduation. That customer-focused mindset starts from the top-level leadership, the chancellor, and the state governor. The VCCS maintains a six-year business plan that informs IT's strategic plan and aligns IT with the mission, and both plans are living documents that get refreshed every two years. Updating the plans provides opportunities for the chancellor to engage the organization and remind everyone of the purpose of their work.

"The outcome isn't the degree. The outcome we're trying to measure is the job. Did you get the job that you wanted? Whether it's being re-employed or first-time employment, did you get what you were after?"

From priorities to action

Go deeper on pursuing your priorities by improving the associated capabilities.

Improve Leadership, Culture, and Values

Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

Prepare People Leaders for the Hybrid Work Environment

Improve Organizational Change Management

Assign accountability for managing the changes that the organization is experiencing in the digital age. Make a people-centric approach that takes human behavior into account and plans to address different needs in different ways. Be proactive about change.

Master Organizational Change Management Practices

Improve Enterprise Architecture

Develop a foundation for aligning IT's activities with business value by creating a right-sized enterprise architecture approach that isn't heavy on bureaucracy. Drive IT's purpose by illustrating how their work contributes to the overall mission and the customer experience.

Create a Right-Sized Enterprise Architecture Governance Framework

Shape the IT organization to improve customer experience

PRIORITY 05

  • BAI03 ENTERPRISE APPLICATION SELECTION & IMPLEMENTATION
  • MEA01 PERFORMANCE MEASUREMENT
  • ITRG01 IT ORGANIZATIONAL DESIGN

Tightly align the IT organization with the organization's value chain from a customer perspective.

IT's value is defined by faster, better, bigger

The pandemic motivated organizations to accelerate their digital transformation efforts, digitalizing more of their tasks and organizing the company's value chain around satisfying the customer experience. Now we see organizations taking their foot off the gas pedal of digitalization and shifting their focus to extracting the value from their investments. They want to execute on the digital transformation in their operations and realize the vision they set out to achieve.

In our Trends Report we compared the emphasis organizations are putting on digitalization to last year. Overall, we see that most organizations shifted fewer of their processes to digital in the past year.

We also asked organizations what motivated their push toward automation. The most common drivers are to improve efficiency, with almost seven out of ten organizations looking to increase staff on high-level tasks by automating repetitive tasks, 67% also wanting to increase productivity without increasing headcount, and 59% wanting to reduce errors being made by people. In addition, more than half of organizations pursued automation to improve customer satisfaction.

What best describes your main motivation to pursue automation, above other considerations?

A bar graph is depicted showing the following dataset: Increase staff focus on high-level tasks by automating repetitive tasks:	69%; Increase productivity of existing staff to avoid increasing headcount:	67%; Reduce errors made by people:	59%; Improve customer satisfaction:	52%; Achieve cost savings through reduction in headcount:	35%; Increase revenue by enabling higher volume of work:	30%

Tech Trends 2023 Survey

To what extent did your organization shift its processes from being manually completed to digitally completed during past year?

A bar graph is depicted showing the extent to which organizations shifted processes from manual to digital during the past year for 2022 and 2023, from Tech Trends 2023 Survey

With the shift in focus from implementing new applications to support digital transformation to operating in the new environment, IT must shift its own focus to help realize the value from these systems. At the same time, IT must reorganize itself around the new value chain that's defined by a customer perspective.

IT struggles to deliver business value or support innovation

Many current IT departments are structured around legacy processes that hinder their ability to deliver business value. CIOs are trying to grapple with the misalignment between the modern business structure and keep up with the demands for innovation and agility.

Almost nine in ten CIOs say that business frustration with IT's failure to deliver value is a pain point. Their supervisors have a slightly more favorable opinion, with 76% agreeing that it is a pain point.

Similarly, nine in ten CIOs say that IT limits affecting business innovation and agility is a pain point, while 81% of their supervisors say the same.

Supervisors say that IT should "ensure benefits delivery" as the most important process (CEO-CIO Alignment Program). This underlines the need to achieve alignment, optimize service delivery, and facilitate innovation. The pain points identified here will need to be resolved to make this possible.

IT departments will need to contend with a tight labor market and economic volatility in the year ahead. If this drives down resource capacity, it will be even more critical to tightly align with the organization.

Views business frustration with IT failure to deliver value as a pain point

CXO 76%
CIO 88%

Views IT limits affecting business innovation and agility as a pain point

CXO 81%
CIO

90%

CEO-CIO Alignment Program

Opportunities

Define IT's value by its contributions to enterprise value

Communicate the performance of IT to stakeholders by attributing positive changes in enterprise value to IT initiatives. For example, if a digital channel helped increase sales in one area, then IT can claim some portion of that revenue. If optimization of another process resulted in cost savings, then IT can claim that as a contribution toward the bottom line. CIOs should develop their handle on how KPIs influence revenues and costs. Keeping tabs on normalized year-over-year revenue comparisons can help demonstrate that IT contributions are making an impact on driving profitability.

Go with buy versus build if it's a commodity service

Most back-office functions common to operating a company can be provided by cloud-based applications accessed through a web browser. There's no value in having IT spend time maintaining on-premises applications that require hosting and ongoing maintenance. Organizations that are still accruing technical debt and are unable to modernize will increasingly find it is negatively impacting employee experience, as users expect their working experience to be similar to their experience with consumer applications. In addition, IT will continue to have capacity challenges as resources will be consumed by maintenance. As they seek to outsource some applications, IT will need to consider the geopolitical risk of certain jurisdictions in selecting a provider.

Redefine how employee performance is tracked

The concept of "clocking in" for a shift and spending eight hours a day on the job doesn't help guide IT toward its objectives or create any higher sense of purpose. Leaders must work to create a true sense of accountability by reaching consensus on what key performance indicators are important and tasking staff to improve them. Metrics should clearly link back to business outcomes and IT should understand the role they play in delivering a good customer experience.

Risks

Lack of talent available to drive transformation

CIOs are finding it difficult to hire the talent needed to create the capacity they need as digital demands of their organizations increase. This could slow the pace of change as new positions created in IT go unfilled. CIOs may need to consider reskilling and rebalancing workloads of existing staff in the short term and tap outsourcing providers to help make up shortfalls.

Resistance to change

New processes may have been given the official rubber stamp, but that doesn't mean staff are adhering to them. Organizations that reorganize themselves must take steps to audit their processes to ensure they're executed the way they intend. Some employees may feel they are being made obsolete or pushed out of their jobs and become disengaged.

Short-term increased costs

Restructuring the organization can come with the need for new tools and more training. It may be necessary to operate with redundant staff for the transitional period. Some additional expenses might be incurred for a brief period as the new structure is being put in place.

Emphasize the value of IT in driving revenue

Salman Ali, CIO, McDonald's Germany

As the new CIO to McDonald's Germany, Salman Ali came on board with an early mandate to reorganize the IT department. The challenge is to merge two organizations together: one that delivers core technology services of infrastructure, security, service desk, and compliance and one that delivers customer-facing technology such as in-store touchscreen kiosks and the mobile app for food delivery. He is looking to organize this new-look department around the technology in the hands of both McDonald's staff and its customers. In conversations with his stakeholders, Ali emphasizes the value that IT is driving rather than discussing the costs that go into it. For example, there was a huge cost in integrating third-party meal delivery apps into the point-of-sales system, but the seamless experience it delivers to customers looking to place an order helps to drive a large volume of sales. He plans to reorganize his department around this value-driven approach. The organization model will be executed with clear accountability in place and key performance indicators to measure success.

"Technology is no longer just an enabler. It's now a strategic business function. When they talk about digital, they are really talking about what's in the customers' hands and what do they use to interact with the business directly? Digital transformation has given technology a new front seat that's really driving the business."

CASE STUDY
Overhauling the "heartbeat" of the organization

Ernest Solomon, Former CIO, LAWPRO

LAWPRO is a provider of professional liability insurance and title insurance in Canada. The firm is moving its back-office applications from a build approach to a buy approach and focusing its build efforts on customer-facing systems tied to revenue generation. CIO Ernest Solomon says his team has been developing on a legacy platform for two decades, but it's time to modernize. The firm is replacing its legacy platform and moving to a cloud-based system to address technical debt and improve the experience for staff and customers. The claims and policy management platform, the "heartbeat" of the organization, is moving to a software-as-a-service model. At the same time, the firm's customer-facing Title Plus application is being moved to a cloud-native, serverless architecture. Solomon doesn't see the need for IT to spend time building services for the back office, as that doesn't align with the mission of the organization. Instead, he focuses his build efforts on creating a competitive advantage.

"We're redefining the customer experience, which is how do we move the needle in a positive direction for all the lawyers that interact with us? How do we generate that value-based proposition and improve their interactions with our organization?"

From priorities to action

Go deeper on pursuing your priorities by improving the associated capabilities.

Improve Enterprise Application Selection & Implementation

Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.

Embrace Business-Managed Applications

Improve Performance Measurement

Drive the most important IT process in the eyes of supervisors by defining business value and linking IT spend to it. Make benefits realization part of your IT governance.

Maximize Business Value From IT Through Benefits Realization

Improve IT Organizational Design

Showcase IT's value to the business by aligning IT spending and staffing to business functions. Provide transparency into business consumption of IT and compare your spending to your peers'.

IT Spend & Staffing Benchmarking

The Five Priorities

Engage cross-functional leadership to seize opportunity while protecting the organization from volatility.

  1. Adjust IT operations to manage for inflation
  2. Prepare your data pipeline to train AI
  3. Go all in on zero-trust security
  4. Engage employees in the digital age
  5. Shape the IT organization to improve customer experience

Expert Contributors

In order of appearance

Denise Cornish, Associate VP of IT and Deputy COO, Western University of Health Sciences

Jim Love, CIO, IT World Canada

Christian Magsisi, Vice President of Venue and Digital Technology, MLSE

Humza Teherany, Chief Technology Officer, MLSE

Serge Suponitskiy, CIO, Brosnan Risk Consultants

David Senf, National Cybersecurity Strategist, Bell

Roberto Eberhardt, CIO, Ontario Legislative Assembly

Mike Russell, Virginia Community College System

Salman Ali, CIO, McDonald's Germany

Ernest Solomon, Former CIO, LAWPRO

Bibliography

Anderson, Brad, and Seth Patton. "In a Hybrid World, Your Tech Defines Employee Experience." Harvard Business Review, 18 Feb. 2022. Accessed 12 Dec. 2022.
"Artificial Intelligence Is Permeating Business at Last." The Economist, 6 Dec. 2022. Accessed 12 Dec. 2022.
Badlani, Danesh Kumar, and Adrian Diglio. "Microsoft Open Sources Its Software Bill
of Materials (SBOM) Generation Tool." Engineering@Microsoft, 12 July 2022. Accessed
12 Dec. 2022.
Birch, Martin. "Council Post: Equipping Employees To Succeed In Digital Transformation." Forbes, 9 Aug. 2022. Accessed 7 Dec. 2022.
Bishop, Katie. "Is Remote Work Worse for Wellbeing than People Think?" BBC News,
17 June 2022. Accessed 7 Dec. 2022.
Carlson, Brian. "Top 5 Priorities, Challenges For CIOs To Recession-Proof Their Business." The Customer Data Platform Resource, 19 July 2022. Accessed 7 Dec. 2022.
"CIO Priorities: 2020 vs 2023." IT PRO, 23 Sept. 2022. Accessed 2 Nov. 2022.
cyberinsiders. "Frictionless Zero Trust Security - How Minimizing Friction Can Lower Risks and Boost ROI." Cybersecurity Insiders, 9 Sept. 2021. Accessed 7 Dec. 2022.
Garg, Sampak P. "Top 5 Regulatory Reasons for Implementing Zero Trust."
CSO Online, 27 Oct. 2022. Accessed 7 Dec. 2022.
Heikkilä, Melissa. "The Viral AI Avatar App Lensa Undressed Me—without My Consent." MIT Technology Review, 12 Dec. 2022. Accessed 12 Dec. 2022.
Jackson, Brian. "How the Toronto Raptors Operate as the NBA's Most Data-Driven Team." Spiceworks, 1 Dec. 2022. Accessed 12 Dec. 2022.
Kiss, Michelle. "How the Digital Age Has Transformed Employee Engagement." Spiceworks,16 Dec. 2021. Accessed 7 Dec. 2022.
Matthews, David. "EU Hopes to Build Aligned Guidelines on Artificial Intelligence with US." Science|Business, 22 Nov. 2022. Accessed 12 Dec. 2022.
Maxim, Merritt. "New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities." Forrester, 23 Aug. 2022. Accessed 7 Dec. 2022.
Miller, Michael J. "Gartner Surveys Show Changing CEO and Board Concerns Are Driving a Different CIO Agenda for 2023." PCMag, 20 Oct. 2022. Accessed 2 Nov. 2022.
MIT Lincoln Laboratory. "Overview of Zero Trust Architectures." YouTube,
2 March 2022. Accessed 7 Dec. 2022.
MIT Technology Review Insights. "CIO Vision 2025: Bridging the Gap between BI and AI." MIT Technology Review, 20 Sept. 2022. Accessed 1 Nov. 2022.
Paramita, Ghosh. "Data Architecture Trends in 2022." DATAVERSITY, 22 Feb. 2022. Accessed 7 Dec. 2022.
Rosenbush, Steven. "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate - WSJ." The Wall Street Journal, 17 Oct. 2022. Accessed 2 Nov. 2022.
Sacolick, Isaac. "What's in the Budget? 7 Investments for CIOs to Prioritize." StarCIO,
22 Aug. 2022. Accessed 2 Nov. 2022.
Singh, Yuvika. "Digital Culture-A Hurdle or A Catalyst in Employee Engagement." International Journal of Management Studies, vol. 6, Jan. 2019, pp. 54–60. ResearchGate, https://doi.org/10.18843/ijms/v6i1(8)/08.
"Talent War Set to Become Top Priority for CIOs in 2023, Study Reveals." CEO.digital,
8 Sept. 2022. Accessed 7 Dec. 2022.
Tanaka, Rodney. "WesternU COMP and COMP-Northwest Named Apple Distinguished School." WesternU News. 10 Feb. 2022. Accessed 12 Dec. 2022.
Wadhwani, Sumeet. "Meta's New Large Language Model Galactica Pulled Down Three Days After Launch." Spiceworks, 22 Nov. 2022. Accessed 12 Dec. 2022.
"World Economic Outlook." International Monetary Fund (IMF), 11 Oct. 2022. Accessed
14 Dec. 2022.

Choose Your Mobile Platform and Tools

  • Buy Link or Shortcode: {j2store}281|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Mobile Development
  • Parent Category Link: /mobile-development
  • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
  • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
  • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness their value of these trends.

Our Advice

Critical Insight

  • Mobile applications can stress the stability, reliability, and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
  • High costs of entry may restrict what built-in features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain built-in feature needs.
  • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

Impact and Result

  • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
  • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
  • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

Choose Your Mobile Platform and Tools Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Choose Your Mobile Platform and Tools Storyboard

This blueprint helps you develop an approach to understand the mobile experience your stakeholders want your users to have and select the appropriate platform and delivery tools to meet these expectations.

  • Choose Your Mobile Platform and Tools Storyboard

2. Mobile Application Delivery Communication Template – Clearly communicate the goal and approach of your mobile application implementation in a language your audience understands.

This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

  • Mobile Application Delivery Communication Template

Infographic

Workshop: Choose Your Mobile Platform and Tools

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Choose Your Platform and Delivery Solution

The Purpose

Choose the right mobile platform.

Shortlist your mobile delivery solution and desired features and services.

Key Benefits Achieved

A chosen mobile platform that meets user and enterprise needs.

Candidate mobile delivery solutions that meet your delivery needs and capacity of your teams.

Activities

1.1 Select your platform approach.

1.2 Shortlist your mobile delivery solution.

1.3 Build your feature and service lists.

Outputs

Desired mobile platform approach.

Shortlisted mobile delivery solutions.

Desired list of vendor features and services.

2 Create Your Roadmap

The Purpose

Design the mobile application minimal viable product (MVP).

Create your mobile roadmap.

Key Benefits Achieved

An achievable and valuable mobile application that is scalable for future growth.

Clear intent of business outcome delivery and completing mobile delivery activities.

Activities

2.1 Define your MVP release.

2.2 Build your roadmap.

Outputs

MVP design.

Mobile delivery roadmap.

3 Set the Mobile Context

The Purpose

Understand your user’s environment needs, behaviors, and challenges.

Define stakeholder expectations and ensure alignment with the holistic business strategy.

Identify your mobile application opportunities.

Key Benefits Achieved

Thorough understanding of your mobile user and opportunities where mobile applications can help.

Level set stakeholder expectations and establish targeted objectives.

Prioritized list of mobile opportunities.

Activities

3.1 Generate user personas with empathy maps.

3.2 Build your mobile application canvas.

3.3 Build your mobile backlog.

Outputs

User personas.

Mobile objectives and metrics.

Mobile opportunity backlog.

4 Identify Your Technical Needs

The Purpose

Define the mobile experience you want to deliver and the features to enable it.

Understand the state of your current system to support mobile.

Identify your definition of mobile application quality.

List the concerns with mobile delivery.

Key Benefits Achieved

Clear understanding of the desired mobile experience.

Potential issues and risks with enabling mobile on top of existing systems.

Grounded understanding of mobile application quality.

Holistic readiness assessment to proceed with mobile delivery.

Activities

4.1 Discuss your mobile needs.

4.2 Conduct a technical assessment.

4.3 Define mobile application quality.

4.4 Verify your decision to deliver mobile applications.

Outputs

List of mobile features to enable the desired mobile experience.

System current assessment.

Mobile application quality definition.

Verification to proceed with mobile delivery.

Further reading

Choose Your Mobile Platform and Tools

Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

EXECUTIVE BRIEF

Analyst Perspective

Mobile is the way of working.

Workers require access to enterprise products, data, and services anywhere at anytime on any device. Give them the device-specific features, offline access, desktop-like interfaces, and automation capabilities they need to be productive.

To be successful, you need to instill a collaborative business-IT partnership. Only through this partnership will you be able to select the right mobile platform and tools to balance desired outcomes with enterprise security, performance, integration, quality, and other delivery capacity concerns.

This is a picture of Andrew Kum-Seun Senior Research Analyst, Application Delivery and Application Management Info-Tech Research Group

Andrew Kum-Seun
Senior Research Analyst,
Application Delivery and Application Management
Info-Tech Research Group

Executive Summary

Your Challenge

  • Organizations see the value of mobile applications in improving productivity and reach of day-to-day business and IT operations. This motivates leaders to begin the planning of their first application.
  • However, organizations often lack the critical foundational knowledge and skills to deliver and maintain high quality and valuable applications that meet business and user priorities and technical requirements.
  • Mobile technologies and trends are continually evolving and maturing. It is hard to predict which trends will make a significant impact and to prepare current mobile investments to harness the value of these trends.

Common Obstacles

  • Mobile applications can stress the stability, reliability and overall quality of your enterprise systems and services. They will also increase your security risks because of the exposure of your enterprise technology assets to unsecured networks and devices.
  • High costs of entry may restrict what native features your users can have in their mobile experience. Workarounds may not be sufficient to offset the costs of certain native feature needs.
  • Many operating models do not enable or encourage the collaboration required to fully understand user needs and behaviors and evaluate mobile opportunities and underlying operational systems from multiple perspectives.

Info-Tech's Approach

  • Establish the right expectations. Understand your mobile users by learning their needs, challenges, and behaviors. Discuss the current state of your systems and your high priority non-functional requirements to determine what to expect from your mobile applications.
  • Choose the right mobile platform approach and shortlist your mobile delivery solutions. Obtain a thorough view of the business and technical complexities of your mobile opportunities, including current mobile delivery capabilities and system compatibilities.
  • Create your mobile roadmap. Describe the gradual rollout of your mobile technologies through minimal valuable products (MVPs).

Insight Summary

Overarching Info-Tech Insight

Treat your mobile applications as digital products. Digital products are continuously modernized to ensure they are fit-for-purpose, secured, accessible, and immersive. A successful mobile experience involves more than just the software and supporting system. It involves good training and onboarding, efficient delivery turnaround, and a clear and rational vision and strategy.

Phase 1: Set the Mobile Context

  • Build applications your users need and desire – Design the right mobile application that enables your users to address their frustrations and productivity challenges.
  • Maximize return on your technology investments – Build your mobile applications with existing web APIs, infrastructure, and services as much as possible.
  • Prioritize mobile security, performance and integration requirements – Understand the unique security, performance, and integration influences has on your desired mobile user experience. Find the right balance of functional and non-functional requirements through business and IT collaboration.

Phase 2: Define Your Mobile Approach

  • Start with a mobile web platform - Minimize disruptions to your existing delivery process and technical stack by building against common web standards. Select a hybrid platform or cross-platform if you need device hardware access or have complicated non-functional requirements.
  • Focus your mobile solution decision on vendor support and functional complexity – Verify that your solution is not only compatible with the architecture, data, and policies of existing business systems, but satisfies IT's concerns with access to restricted technology and data, and with IT's ability to manage and operate your applications.
  • Anticipate changes, defects & failures in your roadmap - Quickly shift your mobile roadmaps according to user feedback, delivery challenges, value, and stability.

Mobile is how the business works today

Mobile adoption continues to grow in part due to the need to be a mobile workforce, and the shift in customer behaviors. This reality pushed the industry to transform business processes and technologies to better support the mobile way of working.

Mobile Builds Interests
61%
Mobile devices drove 61% of visits to U.S. websites
Source: Perficient, 2021

Mobile Maintains Engagement
54%
Mobile devices generated 54.4% of global website traffic in Q4 2021.
Source: Statista, 2022

Mobile Drives Productivity
82%
According to 82% of IT executives, smartphones are highly important to employee productivity
Source: Samsung and Oxford Economics, 2022

Mobile applications enable and drive your digital business strategy

Organizations know the criticality of mobile applications in meeting key business and digital transformation goals, and they are making significant investments. Over half (58%) of organizations say their main strategy for driving application adoption is enabling mobile access to critical enterprise systems (Enterprise CIO, 2016). The strategic positioning and planning of mobile applications are key for success.

Mobile Can Motivate, Support and Drive Progress in Key Activities Underpinning Digital Transformation Goals

Goal: Enhance Customer Experience

  • A shift from paper to digital communications
  • Seamless, omni-channel client experiences across devices
  • Create Digital interactive documents with sections that customers can customize to better understand their communications

Goal: Increase Workflow Throughput & Efficiency

  • Digitized processes and use of data to improve process efficiency
  • Modern IT platforms
  • Automation through robotic process automation (RPA) where possible
  • Use of AI and machine learning for intelligent automation

Source: Broadridge, 2022

To learn more, visit Info-Tech's Define Your Digital Business Strategy blueprint.

Well developed mobile applications bring unique opportunities to drive more value

Role

Opportunities With Mobile Applications

Expected Value

Stationary Worker

Design flowcharts and diagrams, while abandoning paper and desktop applications in favor of easy-to-use, drawing tablet applications.

Multitask by checking the application to verify information given by a vendor during their presentation or pitch.

  • Reduce materials cost to complete administrative responsibilities.
  • Digitally and automatically store and archive frequently used documents.

Roaming Worker
(Engineer)

Replace physical copies of service and repair manuals with digital copies, and access them with mobile applications.

Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.

  • Readily access and update corporate data anywhere at anytime.
  • Expand employee responsibilities with minimal skills impact.

Roaming Worker
(Nurse)

Log patient information according to HIPAA standards and complete diagnostics live to propose medication for a patient.

Receive messages from senior staff about patients and scheduling while on-call.

  • Quickly and accurately complete tasks and update patient data at site.
  • Be readily accessible to address urgent issues.

Info-Tech Insight

If you build it, they may not come. Design and build the applications your user wants and needs, and ensure users are properly onboarded and trained. Learn how your applications are leveraged, capture feedback from the user and system dashboards, and plan for enhancements, fixes, and modernizations.

Workers expect IT to deliver against their high mobile expectations

Workers want sophisticated mobile applications like what they see their peers and competitors use.

Why is IT considering building their own applications?

  • Complex and Unique Workflows: Canned templates and shells are viewed as incompatible to the workflows required to complete worker responsibilities outside the office, with the same level of access to corporate data as on premise.
  • Supporting Bring Your Own Device (BYOD): Developing your own mobile applications around your security protocols and standards can help mitigate the risks with personal devices that are already in your workforce.
  • Long-Term Architecture Misalignment: Outsourcing mobile development risks the mobile application misaligned with your quality standards or incompatible with other enterprise and third-party systems.

Continuously meeting aggressive user expectations will not be easy

Value Quickly Wears Off
39.9% of users uninstall an application because it is not in use.
40%
Source: n=2,000, CleverTap, 2021

Low Tolerance to Waiting
Keeping a user waiting for 3 seconds is enough to dissatisfy 43% of users.
43%
Source: AppSamurai, 2018

Quick Fixes Are Paramount
44% of defects are found by users
44%
Source: Perfecto Mobile, 2014

Mobile emphasizes the importance of good security, performance, and integration

Today's mobile workers are looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile devices, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

Accept change as the norm

IT is challenged with keeping up with disruptive technologies, such as mobile, which are arriving and changing faster and faster.

What is the issue? Mobile priorities, concepts, and technologies do not remain static. For example, current Google's Pixels benefit from at least three versions of Android updates and at least three years of monthly security patches after their release (NextPit, 2022). Keeping up to date with anything mobile is difficult if you do not have the right delivery and product management practices in place.

What is the impact on IT? Those who fail to prepare for changing requirements and technologies will quickly run into maintainability, extensibility, and flexibility issues. Mobile applications will quickly become stale and misaligned with the maturity of other enterprise infrastructure and applications.

Continuously look at the trends, vendor roadmaps, and your user's feedback to envision where your mobile applications should be. Learning from your past attempts gives you insights on the opportunities and impacts changes will have on your people, process, and technology.

How do I address this issue? A well-defined mobile vision and roadmap ensures your initiatives are aligned with your holistic business and technology strategies, the right problem is being solved, and resources are available to deliver high priority changes.

To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

Address the difficulties in managing enterprise mobile technologies

Adaptability During Development

Teams must be ready to alter their mobile approach when new insights and issues arise during and after the delivery of your mobile application and its updates.

High Cybersecurity Standards

Cybersecurity should be a top priority given the high security exposure of mobiles and the sensitive data mobile applications need to operate. Role-based access, back-up systems, advanced scanning, and protection software and encryption should all be implemented.

Integration with Other Systems

Your application will likely be integrated with other systems to expand service offerings and optimize performance and user experience. Your enterprise integration strategy ensures all systems connect against a common pattern with compatible technologies.

Finding the Right Mobile Developers

Enterprise mobile delivery requires a broad skillset to build valuable applications against extensive non-functional requirements in complex and integration environments. The right resources are even harder to find when native applications are preferred over web-based ones.

Source: Radoslaw Szeja, Netguru, 2022.

Build and manage the right experience by treating mobile as digital products

Digital products are continuously modernized to ensure they are fit-for-purpose, secured, insightful, accessible, and interoperable. A good experience involves more than just technology.

First, deliver the experience end users want and expect by designing the application against digital application principles.

Business Value

Continuous modernization

  • Fit for purpose
  • User-centric
  • Adaptable
  • Accessible
  • Private and secured
  • Informative and insightful
  • Seamless application connection
  • Relationship and network building

To learn more, visit Info-Tech's Modernize Your Applications blueprint.

Then, deliver a long-lasting experience by supporting your applications with key governance and management capabilities.

  • Product Strategy and Roadmap
  • External Relationships
  • User Adoption and Organizational Change Management
  • Funding
  • Knowledge Management
  • Stakeholder Management
  • Product Governance
  • Maintenance & Enhancement
  • User Support
  • Managing and Governing Data
  • Requirements Analysis and Design
  • Research & Development

To learn more, visit Info-Tech's Make the Case for Product Delivery blueprint.

Choose Your Mobile Platform and Tools

Maximize the value of your mobile investments by prioritizing technology decisions on user experience, business priorities, and system quality.

WORKFLOW

1. Capture Your User Personas and Journey workflow: Trigger: Step 1; Step 2; Step 3; Step 4; Outcome
2. Select Your Platform Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.
3. Shortlist Your Solutions A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

Strategic Perspective
Business and Product Strategies

1. End-User Perspective

End User Needs

  • Productivity
  • Innovation
  • Transformation

Native User Experience

  • Anytime, Anywhere
  • Visually Pleasing & Fulfilling
  • Personalized & Insightful
  • Hands-Off & Automated
  • Integrated Ecosystem

2. Platform Perspective

Technical Requirements

Security

Performance

Integration

Mobile Platform

3. Solution Perspective

Vendor Support

Services

Stack Mgmt.

Quality & Risk

Mobile Delivery Solutions

Make user experience (UX) the standard

User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

For a mobile application to be meaningful, the functions, aesthetics and content must be:

  • Usable
    • Users can intuitively navigate through your mobile application and complete their desired tasks.
  • Desirable
    • The application elements are used to evoke positive emotions and appreciation.
  • Accessible
    • Users can easily use your mobile application, including those with disabilities.
  • Valuable
    • Users find the content useful, and it fulfills a need.

Enable a greater experience with UX-driven thinking

Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

Source: Marky Roden, Xomino, 2018

Define the mobile experience your end users want

  • Anytime, Anywhere
    • The user can access, update and analyze data and corporate products and services whenever they want, in all networks, and on any device.
  • Hands-Off and Automated
    • The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.
  • Personalized and Insightful
    • Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware, or predicted actions.
  • Integrated Ecosystem
    • The application supports a seamless experience across various third-party and enterprise applications and services the user needs.
  • Visually Pleasing and Fulfilling
    • The UI is intuitive and aesthetically gratifying, with little security and performance trade-offs to use the full breadth of its functions and services.

Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

Mobile value is dependent on the platform you choose

What is a platform?

"A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely-coupled API architecture, whether the supporting system is managed and supported by your organization or by third-party providers.

Web

Mobile web applications are deployed and executed within the mobile web browser. They are often developed with a combination of web and scripting languages, such as HTML, CSS, and JavaScript. Web often takes two forms on mobile:

  • Progressive Web Applications (PWA)
  • Mobile Web Sites

Hybrid

Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container. It uses the device's browser runtime engine to support more sophisticated designs and features than to the web approach.

Cross-Platform

Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. The solution compiles the code into device-specific builds for native deployment.

Native

Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

Start mobile development on a mobile web platform

Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first. Then consider a cross-platform application if you require device access or need to meet specific non-functional requirements.

Why choose a mobile web platform?

Pros

The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g. geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

Cons

Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices. This requires resources with specific skillsets and different tools to support development and testing.

Other Notable Benefits with Web Languages

  • Modern browsers in most mobile devices can execute and render many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
  • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

Select your mobile platform

Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

When does a platform makes sense to use?

Web

  • Desire to maximize current web technologies investments (people, process, and technologies).
  • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
  • Limited budget to acquire mobile development resources.
  • Access to device hardware is not a high priority.

Hybrid / Cross-Platform

  • The need to quickly spin up native-like applications for multiple platforms and devices.
  • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
  • Vendor support is needed for the entire mobile delivery process.

Native

  • Developers are experts in the target programming language and with the device's hardware.
  • Strong need for high performance, security, and device-specific access and customizations.
  • Application use cases require significant computing resources.

Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

Understand the common attributes of a mobile delivery solution

  • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
  • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g. AngularJS, Java) or a vendor-defined one.
  • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with third-party tools and systems to deliver and manage high quality and valuable mobile applications.
  • Emulators – Ability to virtualize an application's execution on a target platform and device.
  • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

What are mobile delivery solutions?

A mobile delivery solution provides the tools, resources, and support to enable or build your mobile application. It can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Solutions can be barebone software development kits (SDKs), or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

  • Mobile application management
  • Testing and publishing to app stores
  • Content management
  • Cloud hosting
  • Application performance management

Info-Tech Insight

Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need to acquire new tools.

Select your mobile delivery solutions

  1. Set the scope of your framework.
  • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Optimize your software delivery process

    Mobile brings new delivery and management challenges that are often difficult for organizations that are tied to legacy systems, hindered by rigid and slow delivery lifecycles, and are unable to adopt leading-edge technologies. Many of these challenges stem from the fact that mobile is a significant shift from desktop development:

    • Mobile devices and operating systems are heavily fragmented, especially in the Android space.
    • Test coverage is significantly expanded to include physical environments and multiple network connections.
    • Mobile devices do not have the same performance capabilities and memory storage as their desktop counterparts.
    • The user interface must be strategically designed to accommodate the limited screen size.
    • Mobile applications are highly susceptible to security breaches.
    • Mobile users often expect quick turnaround time on fixes and enhancements due to continuously changing technology, business priorities, and user needs.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    How should the process change?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      1. The activeness of users on the applications, the number of returning users, and the happiness of the users.
      2. Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      1. The business value that the user directly or indirectly receives with the mobile application.
      2. Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      1. The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      2. Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end-user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Grow your mobile delivery practice

    Level 1: Mobile Delivery Foundations

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    Level 2: Scaled Mobile Delivery

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Level 3: Leading-Edge Mobile Delivery

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    Awareness Education & Discovery Evaluation Selection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Selection Decision Model 5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternate Solutions & Conduct Market Education 3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application Portfolio Narrow the Field to Four Top Contenders 4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Pitch your mobile delivery approach with Info-Tech's template

    Communicate the justification of your approach to mobile applications with Info-Tech's Mobile Application Delivery Communication Template:

    • Level set your mobile application goals and objectives by weighing end user expectations with technical requirements.
    • Define the high priority opportunities for mobile applications.
    • Educate decision makers of the limitations and challenges of delivering specific mobile experiences with the various mobile platform options.
    • Describe your framework to select the right mobile platform and delivery tools.
    • Lay out your mobile delivery roadmap and initiatives.

    INFO-TECH DELIVERABLE

    This is a screenshot from Info-Tech's Mobile Application Delivery Communication Template

    Info-Tech's methodology for mobile platform and delivery solution selection

    1. Set the Mobile Context

    2. Define Your Mobile Approach

    Phase Steps

    Step 1.1 Build Your Mobile Backlog

    Step 1.2 Identify Your Technical Needs

    Step 1.3 Define Your Non-Functional Requirements

    Step 2.1 Choose Your Platform Approach

    Step 2.2 Shortlist Your Mobile Delivery Solution

    Step 2.3 Create a Roadmap for Mobile Delivery

    Phase Outcomes

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Understand the case and motivators for mobile applications.

    Call #2: Discuss the end user and desired mobile experience.

    Call #5: Discuss the desired mobile platform.

    Call #8: Discuss your mobile MVP.

    Call #3: Review technical complexities and non-functional requirements.

    Call #6: Shortlist mobile delivery solutions and desired features.

    Call #9: Review your mobile delivery roadmap.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 9 calls over the course of 2 to 3 months.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Module 1 Module 2 Module 3 Module 4 Post-Workshop
    Activities Set the Mobile Context Identify Your Technical Needs Choose Your Platform & Delivery Solution Create Your Roadmap Next Steps andWrap-Up (offsite)

    1.1 Generate user personas with empathy maps

    1.2 Build your mobile application canvas

    1.3 Build your mobile backlog

    2.1 Discuss your mobile needs

    2.2 Conduct a technical assessment

    2.3 Define mobile application quality

    2.4 Verify your decision to deliver mobile applications

    3.1 Select your platform approach

    3.2 Shortlist your mobile delivery solution

    3.3 Build your feature and service lists

    4.1 Define your MVP release

    4.2 Build your roadmap

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Verification to proceed with mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap
    • Completed workshop output deliverable
    • Next steps

    Phase 1

    Set the Mobile Context

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following steps:

    • Step 1.1 – Build Your Mobile Backlog
    • Step 1.2 – Identify Your Technical Needs
    • Step 1.3 – Define Your Non-Functional Requirements

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 1.1

    Build Your Mobile Backlog

    Activities

    1.1.1 Generate user personas with empathy maps

    1.1.2 Build your mobile application canvas

    1.1.3 Build your mobile backlog

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog

    Users expect your organization to support their mobile way of working

    Today, users expect sophisticated and personalized features, immersive interactions, and cross-platform capabilities from their mobile applications and be able to access information and services anytime, anywhere and on any device. These demands are pushing organizations to become more user-driven, placing greater importance on user experience (UX) with enterprise-grade technologies.

    How has technologies evolved to easily enable mobile capabilities?

    • Desktop-Like Features
      • Native-like features, such as geolocation and local caching, are supported through web language or third-party plugins and extensions.
    • Extendable & Scalable
      • Plug-and-play architecture is designed to allow software delivery teams to explore new use cases and mobile capabilities with out-of-the-box connectors and/or customizable REST APIs.
    • Low Barrier to Entry
      • Low- and no-code development tools, full-stack solutions, and plug-and-play architectures allow non-technical users to easily build and implement applications without direct IT involvement.
    • Templates & Shells
      • Vendors provide UI templates and application shells that contain pre-built native features and multiple aesthetic layouts in a publishing-friendly and configurable way.
    • Personalized Content
      • Content can be uniquely tailored to a user's preference or be automatically generated based on the user's profile or activity history.
    • Hands-Off Operations
      • Many mobile solutions operate in a as-a-service model where the underlying and integrated technologies are managed by the vendor and abstracted away.

    Make user experience (UX) the standard

    User experience (UX) focuses on a user's emotions, beliefs, and physical and psychological responses that occur before, during, or after interacting with a service or product.

    For a mobile application to be a meaningful experience, the functions, aesthetics and content must be:

    • Usable
      • Users can intuitively navigate through your mobile application and complete their desired tasks.
    • Desirable
      • The application elements are used to evoke positive emotions and appreciation.
    • Accessible
      • Users can easily use your mobile application, including those with disabilities.
    • Valuable
      • Users find the content useful, and it fulfills a need.

    Enable a greater experience with UX-driven thinking

    Designing for a high-quality experience requires more than just focusing on the UI. It also requires the merging of multiple business, technical, and social disciplines in order to create an immersive, practical, and receptive application. The image on the right explains the disciplines involved in UX. This is critical for ensuring users have a strong desire to use the mobile application, it is adequately supported technically, and it supports business objectives.

    To learn more, visit Info-Tech's Implement and Mature Your User Experience Design Practice blueprint.

    A Venn diagram is depicted, demonstrating the inputs that lead to an interactive design, with interactive elements, usability, and accessibility. This work by Mark Roden is licensed under a Creative Commons Attribution 3.0 Unported License.

    Source: Marky Roden, Xomino, 2018

    UX-driven mobile apps bring together a compelling UI with valuable functionality

    Info-Tech Insight

    Organizations often over-rotate on the UI. Receptive and satisfying applications require more than just pretty pictures, bold colors, and flashy animations. UX-driven mobile applications require the seamless merging of enticing design elements and valuable functions that are specifically tailored to the behaviors of the users. Take a deep look at how each design element and function is used and perceived by the user, and how your application can sufficiently support user needs.

    UI-Function Balance to Achieve Highly Satisfying Mobile Applications

    An application's UI and function both contribute to UX, but they do so in different ways.

    • The UI generates the visual, audio, and vocal cues to draw the attention of users to key areas of the application while stimulating the user's emotions.
    • Functions give users the means to satisfy their needs effortlessly.

    Finding the right balance of UI and function is dependent on the organization's understanding of user emotions, needs, and tendencies. However, these factors are often left out of an application's design. Having the right UX competencies is key in assuring user behaviors are appropriately accommodated early in the delivery process.

    To learn more, visit Info-Tech's Modernize Your Corporate Website to Drive Business Value blueprint.

    Focus your efforts on all items that drive high user experience and satisfaction

    UX-driven mobile applications involve all interaction points and system components working together to create an immersive experience while being actively supported by delivery and operations teams. Many organizations commonly focus on visual and content design to improve the experience, but this is only a small fraction of the total UX design. Look beyond the surface to effectively enhance your application's overall UX.

    Typical Focus of Mobile UX

    Aesthetics
    What Are the Colors & Fonts?

    Relevance & Modern
    Will Users Receive Up to Date Content and Trending Features?

    UI Design
    Where Are the Interaction Points?

    Content Layout
    How Is Content Organized?

    Critical Areas of Mobile UX That Are Often Ignored

    Web Infrastructure
    How Will Your Application Be Operationally Supported?

    Human Behavior
    What Do the Users Feel About Your Application?

    Coding Language
    What Is the Best Language to Use?

    Cross-Platform Compatibility
    How Does It Work in a Browser Versus Each Mobile Platform?

    Application Quality
    How are Functional and Non-Functional Needs Balanced?

    Adoption & Retention
    How Do I Promote Adoption and Maintain User Engagement?

    Application Support
    How Will My Requests and Issues Be Handled?

    Use personas to envision who will be using your mobile application

    What Are Personas?

    Personas are detailed descriptions of the targeted audience of your mobile application. It represents a type of user in a particular scenario. Effective personas:

    • Express and focus on the major needs and expectations of the most important user groups.
    • Give a clear picture of the typical user's behavior.
    • Aid in uncovering critical features and functionalities.
    • Describe real people with backgrounds, goals, and values.

    Why Are Personas Important to UX?

    They are important because they help:

    • Focus the development of mobile application features on the immediate needs of the intended audience.
    • Detail the level of customization needed to ensure content is valuable to and resonates with the user.
    • Describe how users may behave when certain audio and visual stimulus are triggered from the mobile application.
    • Outline the special design considerations required to meet user accessibility needs.

    Key Elements of a Persona:

    • Professional and Technical Skills and Experiences (e.g., knowledge of mobile applications, area of expertise)
    • Persona Group (e.g., executives)
    • Technological Environment of User (e.g., devices, browsers, network connection)
    • Demographics (e.g., nationality, age, language spoken)
    • Typical Behaviors and Tendencies (e.g., goes to different website when cannot find information in 20 seconds)
    • Purpose of Using the Mobile Application (e.g., search for information, submit registration form)

    Create empathy maps to gain a deeper understanding of stakeholder personas

    Empathy mapping draws out the characteristics, motivations, and mannerisms of a potential end user.

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Source: XPLANE, 2017

    Empathy mapping focuses on identifying the problems, ambitions, and frustrations they are looking to resolve and describes their motivations for wanting to resolve them. This analysis helps your teams:

    • Better understand the reason behind the struggles, frustrations and motivators through a user's perspective.
    • Verify the accuracy of assertions made about the user.
    • Pinpoint the specific problem the mobile application will be designed to solve and the constraints to its successful adoption and on-going use.
    • Read more about empathy mapping and download the empathy map PDF template here.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    1.1.1 Generate user personas with empathy maps

    1-3 hours

    1. Download the Empathy Map Canvas and draw the map on a whiteboard or project it on the screen.
    2. Choose an end user to be the focus of your empathy map. Using sticky notes, fill out the sections of the empathy map in the following order:
      1. Start by filling out the goals section. State who the subject of the empathy map will be and what activity or task you would like them to do.
        1. Focus on activities and tasks that may benefit from mobile.
      2. Next, complete the outer sections in clockwise order (see, say, do, hear). The purpose of this is to think in terms of what the subject of your empathy map is observing, sensing, and experiencing.
        1. Indicate the mobile devices and OS users will likely use and the environments they will likely be in (e.g., places with poor connections)
        2. Discuss accessibility needs and how user prefer to consume content.
      3. Last, complete the inner circle of the empathy map (pains and gains). Since you spent the last step of the exercise thinking about the external influences on your stakeholder, you can think about how those stimuli affect their emotions.
    3. Document your end user persona into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential mobile application users
    • User personas
    Materials Participants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.1 cont'd

    This image contains an image of an empathy map from XPLANE, 2017. it includes the following list: 1. Who are we empathizing with; 2. What do they need to DO; 3. What do they SEE; 4. What do they SAY?; 5. What do they DO; 6. What do they HEAR; 7. What do they THINK and FEEL.

    Download the Empathy Map Canvas

    Many business priorities are driving mobile

    Mobile Applications

    • Product Roadmap
      • Upcoming enterprise technology releases and updates offer mobile capabilities to expand its access to a broader userbase.
    • Cost Optimization
      • Maximizing business value in processes and technologies through disciplined and strategic cost and spending reduction practices with mobile applications.
    • Competitive Differentiation
      • Developing and optimizing your organization's distinct products and services quickly with mobile applications.
    • Digital Transformation
      • Transitioning processes, data and systems to a digital environment to broaden access to enterprise data and services anywhere at anytime.
    • Operational Efficiency
      • Improving software delivery and business process throughput by increasing worker productivity with mobile applications.
    • Other Business Priorities
      • New corporate products and services, business model changes, application rationalization and other priorities may require modernization, innovation and a mobile way of working.

    Focus on the mobile business and end user problem, not the solution

    People are naturally solution-focused. The onus isn't on them to express their needs in the form of a problem statement!

    When refining your mobile problem statement, attempt to answer the following four questions:

    • Who is impacted?
    • What is the (user or organizational) challenge that needs to be addressed?
    • Where does it happen?
    • Why does it matter?

    There are many ways of writing problem statements, a clear approach follows the format:

    • "Our (who) has the problem that (what) when (where). Our solution should (why)."
    • Example: "Our system analysts has the problem that new tickets take too long to update when working on user requests. Our approach should enable the analyst to focus on working with customers and not on administration."

    Adapted from: "Design Problem Statements – What and How to Frame Them"

    How to write a vision statement

    It's ok to dream a little!

    When thinking about a vision statement, think about:

    • Who is it for?
    • What does the customer need?
    • What can we do for them?
    • And why is this special?

    There are different statement templates available to help form your vision statements. Some include:

    1. For [our target customer], who [customer's need], the [product] is a [product category or description] that [unique benefits and selling points]. Unlike [competitors or current methods], our product [main differentiators]. (Crossing the Chasm)
    2. "We believe (in) a [noun: world, time, state, etc.] where [persona] can [verb: do, make, offer, etc.], for/by/with [benefit/goal].
    3. To [verb: empower, unlock, enable, create, etc.] [persona] to [benefit, goal, future state].
    4. Our vision is to [verb: build, design, provide], the [goal, future state], to [verb: help, enable, make it easier to...] [persona]."

    (Numbers 2-4 from: How to define a product vision)

    Info-Tech Best Practice

    A vision shouldn't be so far out that it doesn't feel real and so short term that it gets bogged down in minutiae and implementation details. Finding that right balance will take some trial and error and will be different depending on your organization.

    Ensure mobile supports ongoing value delivery and stakeholder expectations

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Set realistic mobile goals

    Mobile applications enables the exploration of new and different ways to improve worker productivity and deliver business value. However, the realities of mobile applications may limit your ability to meet some of your objectives:

    • On the day of installation, the average retention rate for public-facing applications was 25.3%. By day 30, the retention rate drops to 5.7%. (Source: Statista, 2020)
    • 63% of 3,335 most popular Android mobile applications on the Google Play Store contained open-source components with known security vulnerabilities and other pervasive security concerns including exposing sensitive data (Source: Synopsys, 2021)
    • 62% of users would delete the application because of performance issues, such as crashes, freezes and other errors (Source: Intersog, 2021).

    These realities are not guaranteed to occur or impede your ability to deliver valuable mobile applications, but they can lead to unachievable expectations. Ensure your stakeholders are not oversold on advertised benefits and hold you accountable for unrealistic objectives. Recognize that the organization must also change how it works and operates to see the full benefit and adoption of mobile applications and overcome the known and unknown challenges and hurdles that often come with mobile delivery.

    Benchmarks present enticing opportunities, but should be used to set reasonable expectations

    66%
    Improve Market Reach
    66% of the global population uses a mobile device
    Source: DataReportal, 2021

    20%
    Connected Workers are More Productive
    Nearly 20 percent of mobile professionals estimate they miss more than three hours of working time a week not being able to get connected to the internet
    Source: iPass, 2017

    80%
    Increase Brand Recognition
    80% of smartphone users are more likely to purchase from companies whose mobile sites of apps help them easily find answers to their questions
    Source: Google, 2018

    Gauge the value with the right metrics

    Metrics are a powerful way to drive behavior change in your organization. But metrics are highly prone to creating unexpected outcomes so they must be used with great care. Use metrics judiciously to avoid gaming or ambivalent behavior, productivity loss, and unintended consequences.

    To learn more, visit Info-Tech's Select and Use SDLC Metrics Effectively blueprint.

    What should I measure?

    1. Mobile Application Engagement, Retention and User Satisfaction
      • The activeness of users on the applications, the number of returning users, and the happiness of the users.
      • Example: Number of tasks completed, number of active and returning users, session length and intervals, user satisfaction
    2. Value Driven from Mobile Applications
      • The business value that the user directly or indirectly receives with the mobile application.
      • Example: Mobile application revenue, business operational costs, worker productivity, business reputation and image
    3. Delivery Throughput and Quality
      • The health and quality of your mobile applications throughout their lifespan and the speed to deliver working applications that meet stakeholder expectations.
      • Example: Frequency of release, lead time, request turnaround, escaped defects, test coverage.

    Use Info-Tech's diagnostic to evaluate the reception of your mobile applications

    Info-Tech's Application Portfolio Assessment (APA) Diagnostic is a canned end user satisfaction survey used to evaluate your application portfolio health to support data-driven decisions.

    This image contains a screenshot from Info-Tech's Application Portfolio Assessment (APA) Diagnostic

    USE THE PROGRAM DIAGNOSTIC TO:

    • Assess the importance and satisfaction of enterprise applications.
    • Solicit feedback from your end users on applications being used.
    • Understand the strengths and weaknesses of your current applications.
    • Perform a high-level application rationalization initiative.

    INTEGRATE DIAGNOSTIC RESULTS TO:

    • Target which applications to analyze in greater detail.
    • Expand on the initial application rationalization results with a more comprehensive and business-value-focused criteria.

    Use a canvas to define key elements of your mobile initiative

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    The problem or need mobile applications are addressing

    Vision, unique value proposition, elevator pitch, or positioning statement

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    List of business objectives or goals for the mobile application initiative.

    List of business capabilities, processes and application systems related to this initiative.

    Personas/Customers/Users

    Stakeholders

    List of groups who consume the mobile application

    List of key resources, stakeholders, and teams needed to support the process, systems and services

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    1.1.2 Build your mobile application canvas

    1-3 hours

    1. Complete the following fields to build your mobile application canvas:
      • Mobile application initiative name
      • Mobile application owner
      • Parent initiative name
      • Problem that mobile applications are intending to solve and your vision. See the outcome from the previous exercise.
      • Mobile application business goals and metrics.
      • Capabilities, processes and application systems involved
      • Primary customers/users (For additional help with your product personas, download and complete to Deliver on Your Digital Product Vision.)
    2. Stakeholders
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Business strategy
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.1.2 cont'd

    Mobile Application Initiative Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    Problem Statement

    Vision

    [Problem Statement]

    [Vision]

    Business Goals & Metrics

    Capabilities, Processes & Application Systems

    [Business Goal 1, Metric]
    [Business Goal 2, Metric]
    [Business Goal 3, Metric]

    [Business Capability]
    [Business Process]
    [Application System]

    Personas/Customers/Users

    Stakeholders

    [User 1]
    [User 2]
    [User 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Create your mobile backlog

    Your backlog gives you a holistic understanding of the demand for mobile applications across your organization.

    Opportunities
    Trends
    MVP

    External Sources

    Internal Sources

    • Market Trends Analysis
    • Competitive Analysis
    • Regulations & Industry Standards
    • Customer & Reputation Analysis
    • Application Rationalization
    • Capability & Value Stream Analysis
    • Business Requests & Incidents
    • Discovery & Mining Capabilities

    A mobile application minimum viable product (MVP) focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to maximize learning, evaluate value and acceptance, and inform the development of a full-fledged mobile delivery practice.

    Find your mobile opportunities

    Modern mobile technologies enable users to access, analyze and change data anywhere with native device features, which opens the door to enhanced processes and new value sources.

    Examples of Mobile Opportunities:

    • Mobile Payment
      • Cost alternative to credit card transaction fees.
      • Loyalty systems are updated upon payment without need of a physical card.
      • Quicker completion of transactions.
    • Inventory Management
      • Update inventory database when shipments arrive or deliveries are made.
      • Inform retailers and consumers of current stock on website.
      • Alert staff of expired or outdated products.
    • Quick and Small Data Transfer
      • Embed tags into posters to transfer URIs, which sends users to sites containing product or location information.
      • Replace entry tags, fobs, or smart cards at doors.
      • Exchange contact details.
    • Location Sensitive Information
      • Proactively send promotions and other information (e.g. coupons, event details) to users within a defined area.
      • Inform employees of nearby prospective clients.
    • Supply Chain Management
      • Track the movement and location of goods and delivery trucks.
      • Direct drivers to the most optimal route.
      • Location-sensitive billing apps such as train and bus ticket purchases.
    • Education and Learning
      • Educate users about real-world objects and places with augmented books and by pushing relevant learning materials.
      • Visualize theories and other text with dynamic 3D objects.
    • Augmented Reality (AR)
      • Provide information about the user's surroundings and the objects in the environment through the mobile device.
      • Interactive and immersive experiences with the inclusion of virtual reality.
    • Architecture and Planning
      • Visualize historic buildings or the layout of structural projects and development plans.
      • Develop a digital tour with location-based audio initiated with location-based services or a camera.
    • Navigation
      • Provide directions to users to navigate and provide contextual travelling instructions.
      • Push traffic notifications and route changes to travelling users.
    • Tracking User Movement
      • Predict the future location of users based on historic information and traffic modelling.
      • Proactively push information to users before they reach their destination.

    1.1.3 Build your mobile backlog

    1-3 hours

    1. As a group, discuss the use and value mobile already has within your organization for each persona.
      1. What are some of the apps being used?
      2. What enterprise systems and applications are already exposed to the web and accessible by mobile devices?
      3. How critical is mobile to business operations, marketing campaigns, etc.?
    2. Discuss how mobile can bring additional business value to other areas of your organization for each persona.
      1. Can mobile enhance your customer reach? Do your customers care that your services are offered through mobile?
      2. Are employees asking for better access to enterprise systems in order to improve their productivity?
    3. Write your mobile opportunities in the following form: As a [end user persona], I want to [process or capability to enable with mobile applications], so that [organizational benefit]. Prioritize each opportunity against feasibility, desirability, and viability.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • Problem and vision statements
    • Mobile objectives and metrics
    • Mobile application canvas
    • Mobile opportunities backlog
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Manage your mobile backlog

    Your backlog stores and organizes your mobile opportunities at various stages of readiness. It must be continuously refined to address new requests, maintenance and changing priorities.

    3 – IDEAS
    Composed of raw, vague, and potentially large ideas that have yet to go through any formal valuation.

    2 – QUALIFIED
    Researched and qualified opportunities awaiting refinement.

    1 READY
    Discrete, refined opportunities that are ready to be placed in your team's delivery plans.

    Adapted from Essential Scrum

    A well-formed backlog can be thought of as a DEEP backlog

    • Detailed Appropriately: opportunities are broken down and refined as necessary
    • Emergent: The backlog grows and evolves over time as opportunities are added and removed.
    • Estimated: The effort an opportunity requires is estimated at each tier.
    • Prioritized: The opportunity's value and priority are determined at each tier.

    (Source Perforce, 2018)

    See our Deliver on Your Digital Product Vision for more information on backlog practices.

    Step 1.2

    Identify Your Technical Needs

    Activities

    1.2.1 Discuss your mobile needs

    1.2.2 Conduct a technical assessment

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • List of mobile features to enable the desired mobile experience
    • System current assessment

    Describe your desired mobile experiences with journey maps

    A journey map tells the story of the user's experience with an existing or prospective product or service, starting with a trigger, through the process of engagement, to create an outcome. Journey maps can focus on a particular part of the user's or the entire experience with your organization's products or services. All types of maps capture key interactions and motivations of the user in chronological order.

    Why are journey maps an important for mobile application delivery?

    Everyone has their own preferred method for completing their tasks on mobile devices – often, what differentiates one persona from another has to do with how users privately behave. Understand that the activities performed outside of IT's purview develop context for your persona's pain points and position IT to meet their needs with the appropriate solution.

    To learn more, visit Info-Tech's Use Experience Design to Drive Empathy with the Business blueprint.

    Two charts are depicted, the first shows the path from Trigger, through steps 1-4, to the outcome, and the Activities and Touchpoints for each. The second chart shows the Expectation analysis, showing which steps are must-haves, nice-to-haves, and hidden-needs.

    Pinpoint specific mobile needs in your journey map

    Realize that mobile applications may not precisely fit with your personas workflow or align to their expectations due to device and system limitations and restrictions. Flag the mobile opportunities that require significant modifications to underlying systems.

    Consider these workflow scenarios that can influence your persona's desire for mobile:

    Workflow Scenarios Ask Yourself The Key Questions Technology Constraints or Restrictions to Consider Examples of Mobile Opportunities

    Data View – Data is queried, prepared and presented to make informed decisions, but it cannot be edited.

    Where is the data located and can it be easily gathered and prepared?

    Is the data sensitive and can it be locally stored?

    What is the level of detail in my view?

    Multi-factor authentication required.

    Highly sensitive data requires encryption in transit and at rest.

    Minor calculations and preparation needed before data view.

    Generate a status report.

    View social media channels.

    View contact information.

    Data Collection – Data is inputted directly into the application and updates back-end system or integrated 3rd party services.

    Do I need special permission to add, delete and overwrite data?

    How much data can I edit?

    Is the data automatically gathered?

    Bandwidth restrictions.

    Multi-factor authentication required.

    Native device access required (e.g., camera).

    Multiple types and formats of gathered data.

    Manual and automatic data gathering

    Book appointments with clients.

    Update inventory.

    Tracking movement of company assets.

    Data Analysis & Modification – Data is evaluated, manipulated and transformed through the application, back-end system or 3rd party service.

    How complex are my calculations?

    Can computations be offloaded?

    What resources are needed to complete the analysis?

    Memory and processing limitations on device.

    Inability to configure device and enterprise hardware to support system resource demand.

    Scope and precision of analysis and modifications.

    Evaluate and propose trends.

    Gauge user sentiment.

    Propose next steps and directions.

    Define the mobile experience your end users want

    Anytime, Anywhere
    The user can access, update and analyze data, and corporate products and services whenever they want, in all networks, and on any device.

    Hands-Off & Automated
    The application can perform various workflows and tasks without the user's involvement and notify the user when specific triggers are hit.

    Personalized & Insightful
    Content presentation and subject are tailored for the user based on specific inputs from the user, device hardware or predicted actions.

    Integrated Ecosystem
    The application supports a seamless experience across various 3rd party and enterprise applications and services the user needs.

    Visually Pleasing & Fulfilling
    The UI is intuitive and aesthetically gratifying with little security and performance trade-offs to use the full breadth of its functions and services.

    Each mobile platform has its own take on the mobile native experience. The choice ultimately depends on whether the costs and effort are worth the anticipated value.

    1.2.1 Discover your mobile needs

    1-3 hours

    1. Define the workflow of a high priority opportunity in your mobile backlog. This workflow can be pertaining to an existing mobile application or a workflow that can benefit with a mobile application.
      1. Indicate the trigger that will initiate the opportunity and the desired outcome.
      2. Break down the persona's desired outcome into small pieces of value that are realized in each workflow step.
    2. Identify activities and touchpoints the persona will need to complete to finish each step in the workflow. Indicate the technology used to complete the activity or to facilitate the touchpoint.
    3. Indicate which activities and touchpoints can be satisfied, complimented or enhanced with mobile.

    Input

    Output
    • User personas
    • Mobile application canvas
    • Desired mobile experience
    • List of mobile features
    • Journey map
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.1 cont'd

    Workflow

    Trigger

    Conduct initial analysis

    Get planning help

    Complete and submit RFP

    Design and implement solution

    Implement changes

    Activities, Channels, and Touchpoints

    Need is recognized in CIO council meeting

    See if we have a sufficient solution internally

    Seek planning help (various channels)

    *Meet with IT shared services business analyst

    Select the appropriate vendor

    Follow action plan

    Compliance rqmt triggered by new law

    See if we have a sufficient solution internally

    *Hold in-person initial meeting with IT shared services

    *Review and approve rqmts (email)

    Seek miscellaneous support

    Implement project and manage change

    Research potential solutions in the marketplace

    Excess budget identified for utilization

    Pick a "favorite" solution

    *Negotiate and sign statement of work (email)

    Prime organization for the change

    Create action plan

    If solution is unsatisfactory, plan remediation

    Current Technology

    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • ERP
    • IT asset management
    • Internet browser for research
    • Virtual environment to demonstrate solutions
    • Email
    • Vendor assessment and procurement solution
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Meeting transcripts and recordings
    • PDF documents and reader
    • Digital signature
    • Email
    • Video conferencing
    • Phone
    • Vendor assessment and procurement solution
    • Project management solution
    • Team collaboration solution
    • Email
    • Video conferencing
    • Phone
    • Project management solution
    • Team collaboration solution
    • Vendor's solution

    Legend:

    Bold – Touchpoint

    * – Activities or Touchpoints That Can Benefit with Mobile

    1.2.1 cont'd

    1-3 hours

    1. Analyze persona expectations. Identify the persona's must-haves, then nice-to-haves, and then hidden needs to effectively complete the workflow.
      1. Must-haves. The necessary outcomes, qualities, and features of the workflow step.
      2. Nice-to-haves. Desired outcomes, qualities, or features that your persona is able to articulate or express.
      3. Hidden needs. Outcomes, qualities, or features that your persona is not aware they have a desire for; benefits that they are pleasantly surprised to receive. These will usually be unknown for your first-iteration journey map.
    2. Indicate which persona expectations can be satisfied with mobile. Discuss what would the desired mobile experience be.
    3. Discuss feedback and experiences your team has heard from the personas they engage with regularly.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    1.2.1 cont'd

    Example

    This image contains an example workflow for determining mobile needs.

    1.2.1 cont'd

    Template:

    Workflow

    TriggerStep 1Step 2Step 3Step 4

    Desired Outcome

    Journey Map

    Activities & Touch-points

    <>

    <>

    <>

    <>

    <>

    <>

    Must-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Nice-to-Haves

    <>

    <>

    <>

    <>

    <>

    <>

    Hidden Needs

    <>

    <>

    <>

    <>

    <>

    <>

    Emotional Journey

    <>

    <>

    <>

    <>

    <>

    <>

    If you need more than four steps in the workflow, duplicate this slide.

    Understand how mobile fits with your current system

    Evaluate the risks and impacts of your desired mobile features by looking at your enterprise system architecture from top to bottom. Is your mobile vision and needs compatible with your existing business capabilities and technologies?

    An architecture is usually represented by one or more architecture views that together provide a coherent description of the application system, including demonstrating the full impact mobile will have. A single, comprehensive model is often too complex to be understood and communicated in its most detailed form, and a model too high level hides the underlying complexity of an application's structure and deployment (The Open Group, TOGAF 8.1.1 - Developing Architecture Views). Obtain a complete understanding of your architecture by assessing it through multiple levels of views to reveal different sets of concerns:

    Application Architecture Views

    1. Use Case View
    • How does your business operate, and how will users interact with your mobile applications?
  • . Process View
    • What is the user workflow impacted by mobile, and how will it change?
  • Component View
    • How are my existing applications structured? What are its various components? How will mobile expand the costs of the existing technical debt?
  • Data View
    • What is the relationship of the data and information consumed, analyzed, and transmitted? Will mobile jeopardize the quality and reliability of the data?
  • Deployment View
    • In what environment are your mobile application components deployed? How will the existing systems operate with your mobile applications?
  • System View
    • How does your mobile application communicate with other internal and external systems? How will dependencies change with mobile?
  • See our Enhance Your Solution Architecture for more information.

    Ask key questions in your current system assessment

    • How do the various components of your system communicate with each other (e.g., web APIs, middleware, and point to point)?
    • What information is exchanged during the conversation?
    • How does the data flow from one component to the next? Is the data read-only or can application and users edit and modify it?
    • What are the access points to your mid- and back-tier systems (e.g., user access through web interface, corporate networks and third-party application access through APIs)?
    • Who has access to your enterprise systems?
    • Which components are managed and operated by third-party providers? What is your level of control?
    • What are the security protocols currently enforced in your system?
    • How often are your databases updated? Is it real-time or periodic extract, transfer, and load (ETL)?
    • What are the business rules?
    • Is your mobile stack dependent on other systems?
    • Is a mobile middleware, web server, or API gateway needed to help facilitate the integration between devices and your back-end support?

    1.2.2 Conduct a technical assessment

    1-3 hours

    1. Evaluate your current systems that will support the journey map of your mobile opportunities based on two categories: system quality and system management. Use the tables on the following slides and modify the questions if needed.
    2. Discuss if the current state of your system will impede your ability to succeed with mobile. Use this discussion to verify the decision to continue with mobile applications in your current state.
    3. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Journey map
    • Understanding of current system
    • Assessment of current system
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.2.2 cont'd

    Current State System Quality Assessment

    Factors Definitions Survey Responses
    Fit-for-Purpose System functionalities, services and integrations are designed and implemented for the purpose of satisfying the end users' needs and technology compatibilities. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Response Rate The system completes computation and processing requests within acceptable timeframes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Data Quality The system delivers consumable, accurate, and trustworthy data. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Usability The system provides functionalities, services and integrations that are rewarding, engaging, intuitive, and emotionally satisfying. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Reliability The system is resilient or quickly recovers from issues and defects. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Accessible The system is available on demand and on the end user's preferred interface and device. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Secured End-user activity and data is protected from unauthorized access. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Adaptable The system can be quickly tailored to meet changing end-user and technology needs with reusable and customizable components. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    1.2.2 cont'd

    Current State System Management Assessment

    Factors Definitions Survey Responses
    Documentation The system is documented, accurate, and shared in the organization. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Measurement The system is continuously measured against clearly defined metrics tied to business value. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Compliance The system is compliant with regulations and industry standards. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Continuous Improvement The system is routinely rationalized and enhanced. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Architecture There is a shared overview of how the process supports business value delivery and its dependencies with technologies and other processes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Ownership & Accountability The process has a clearly defined owner who is accountable for its risks and roadmap. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Support Resources are available to address adoption and execution challenges. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)
    Organizational Change Management Communication, onboarding, and other change management capabilities are available to facilitate technology and related role and process changes. 1 (Very Poor) – 2 – 3 (Fair) – 4 – 5 (Excellent)

    Step 1.3

    Define Your Non-Functional Requirements

    Activities

    1.3.1 Define mobile application quality

    1.3.2 Verify your decision to deliver mobile applications

    Set the Mobile Context

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams

    Outcomes of this step

    • Mobile application quality definition
    • Readiness for mobile delivery

    Build a strong foundation of mobile application quality

    Functionality and aesthetics often take front seats in mobile application delivery. Applications are then frequently modified and changed, not because they are functionally deficient or visually displeasing, but because they are difficult to maintain or scale, too slow, vulnerable or compromised. Implementing clear quality principles (i.e., non-functional requirements) and strong quality assurance practices throughout delivery are critical to minimize the potential work of future maintenance and to avoid, mitigate and manage IT risks.

    What is Mobile Application Quality?

    • Quality requirements (i.e., non-functional requirements) are properties of a system or product that dictate how it should behave at runtime and how it should be designed, implemented, and maintained.
    • These requirements should be involved in decision making around architecture, UI and functional design changes.
    • Functionality should not dictate the level of security, availability, or performance of a product, thereby risking system quality. Functionality and quality are viewed orthogonally, and trade-offs are discussed when one impacts the other.
    • Quality attributes should never be achieved in isolation as one attribute can have a negative or positive impact on another (e.g. security and availability).

    Why is Mobile Quality Assurance Critical?

    • Quality assurance (QA) is a necessity for the validation and verification of mobile delivery, whether you are delivering applications in an Agile or Waterfall fashion. Effective QA practices implemented across the software development lifecycle (SDLC) are vital, as all layers of the mobile stack need to readily able to adjust to suddenly evolving and changing business and user needs and technologies without risking system stability and breaking business standards and expectations.
    • However, investments in QA optimizations are often afterthoughts. QA is commonly viewed as a lower priority compared to other delivery capabilities (e.g., design and coding) and is typically the first item cut when delivery is under pressure.

    See our Build a Software Quality Assurance Program for more information.

    Mobile emphasizes the importance of good security, performance and integration

    Today's mobile workforce is looking for new ways to get more work done quickly. They want access to enterprise solutions and data directly on their mobile device, which can reside on multiple legacy systems and in the cloud and third-party infrastructure. This presents significant performance, integration, and security risks.

    Cloud Solutions: Can I use my existing APIs?. Solutions in Corporate Networks: Do my legacy systems have the capacity to support mobile?; How do I integrate solutions and data from multiple sources into a single view?; Third Party Solutions: Will I have a significant performance bottleneck?; Single View on Mobile Devices: How is corporate data stored on the device?; What new technology dependencies must I account for in my architecture and operational support capabilities?

    Mobile risks opening and widening existing security gaps

    New mobile technologies and the continued expansion of the enterprise environment increase the number of entry points attackers to your corporate data and networks. The ever-growing volume, velocity, and variety of new threats puts significant pressure on mobile delivery teams who are responsible for implementing mobile security measures and maintaining alignment to your security policies and those of app stores.

    Mobile attacks can come from various vectors:

    Attack Surface: Mobile Device

    Attack Surface: Network

    Attack Surface: Data Center

    Browser:
    Phishing
    Buffer Overflow
    Data Caching

    System:
    No Passcode
    Jailbroken and Rooted OS
    No/Weak Encryption
    OS Data Caching

    Phone:
    SMSishing
    Radio Frequency Attacks

    Apps:
    Configuration Manipulation
    Runtime Injection
    Improper SSL Validation

    • Packet Sniffing
    • Session Hijacking
    • Man-in-the-Middle (circumvent password verification systems)
    • Fake SSL Certificate
    • Rogue Access Points

    Web Server:
    Cross-Site Scripting (XSS)
    Brute Force Attacks
    Server Misconfigurations

    Database:
    SQL Injection
    Data Dumping

    Understand the top web security risks and vulnerabilities seen in the industry

    Recognize mobile applications are exposed to the same risks and vulnerabilities as web applications. Learn of OWASP's top 10 web security risks.

    • Broken Access Control
      • Failures typically lead to unauthorized information disclosure, modification, or destruction of all data or performing a business function outside the user's limits.
    • Cryptographic Failures
      • Improper and incorrect protection of data in transit and at rest, especially proprietary and confidential data and those that fall under privacy laws.
    • Injection
      • Execution of malicious code and injection of hostile or unfiltered data on the mobile device via the mobile application.
    • Insecure Design
      • Missing or ineffective security controls in the application design. An insecure design cannot be fixed by a perfect implementation,. Needed security controls were never created to defend against specific attacks.
    • Security Misconfiguration
      • The security settings in the application are not securely set or configured, including poor security hardening and inadequate system upgrading practices.
    • Vulnerable and Outdated Components
      • System components are vulnerable because they are unsupported, out of date, untested or not hardened against current security concerns.
    • Identification and Authentication Failures
      • Improper or poor protection against authentication-related attacks, particularly to the user's identity, authentication and session management.
    • Software and Data Integrity Failures
      • Failures related to code and infrastructure that does not protect against integrity violations, such as an application relying upon plugins, libraries, or modules from untrusted sources, repositories, and content delivery networks
    • Security Logging and Monitoring Failures
      • Insufficient logging, detection, monitoring, and active response that hinders the ability to detect, escalate, and respond to active breaches.
    • Server-Side Request Forgery (SSRF)
      • SSRF flaws occur whenever a web application is fetching a remote resource without validating the user-supplied URL.

    Good mobile application performance drives satisfaction and value delivery

    Underperforming mobile applications can cause your users to be unproductive. Your mobile applications should always aim to satisfy the productivity requirements of your end users.

    Users quickly notice applications that are slow and difficult to use. Providing a seamless experience for the user is now heavily dependent on how well your application performs. Optimizing your mobile application's processing efficiency can help your users perform their jobs properly in various environment conditions.

    Productive Users Need
    Performant Mobile Applications

    Persona

    Mobile Application Use Case

    Optimized Mobile Application

    Stationary Worker

    • Design flowcharts and diagrams, while abandoning paper and desktop apps in favor of easy-to-use, drawing tablet applications.
    • Multitask by checking the application to verify information given by a vendor during their presentation or pitch.
    • Flowcharts and diagrams are updated in real time for team members to view and edit
    • Compare vendors under assessment with a quick look-up app feature

    Roaming Worker (Engineer)

    • Replace physical copies of service and repair manuals physically stored with digital copies and access them with mobile applications.
    • Scan or input product bar code to determine whether a replacement part is available or needs to be ordered.
    • Worker is capable of interacting with other features of the mobile web app while product bar code is being verified

    Enhance the performance of the entire mobile stack

    Due to frequently changing mobile hardware, users' high performance expectations and mobile network constraints, mobile delivery teams must focus on the entire mobile stack for optimizing performance.

    Fine tune your enterprise mobile applications using optimization techniques to improve performance across the full mobile stack.

    This image contains a bar graph ranking the importance of the following datapoints: Minimize render blocking resources; Configure the mobile application viewport; Determine the right image file format ; Determine above-the-fold content; Minimize browser reflow; Adopt UI techniques to improve perceived latency; Resource minification; Data compression; Asynchronous programming; Resource HTTP caching; Minimize network roundtrips for first time to render.

    Info-Tech Insight

    Some user performance expectations can be managed with clever UI design (e.g., spinning pinwheels to indicate loading in progress and directing user focus to quick loading content) and operational choices (e.g. graceful degradation and progressive enhancements).

    Create an API-centric integration strategy

    Mobile delivery teams are tasked to keep up with the changing needs of end users and accommodate the evolution of trending mobile features. Ensuring scalable APIs is critical in quickly releasing changes and ensuring availability of corporate services and resources.

    As your portfolio of mobile applications grows, and device platforms and browsers diversify, it will become increasingly complex to provide all the data and service capabilities your mobile apps need to operate. It is important that your APIs are available, reliable, reusable, and secure for multiple uses and platforms.

    Take an API-centric approach to retain control of your mobile development and ensure reliability.

    APIs are the underlying layer of your mobile applications, enabling remote access of company data and services to end users. Focusing design and development efforts on the maintainability, reliability and scalability of your APIs enables your delivery teams to:

    • Reuse tried-and-tested APIs to deliver, test and harden applications and systems quicker by standardizing on the use and structure of REST APIs.
    • Ensure a consistent experience and performance across different applications using the same API.
    • Uniformly apply security and access control to remain compliant to security protocols, industry standards and regulations.
    • Provide reliable integration points when leveraging third-party APIs and services.

    See our Build Effective Enterprise Integration on the Back of Business Process for more information.

    Guide your integration strategy with principles

    Craft your principles around good API management and integration practices

    Expose Enterprise Data And Functionality in API-Friendly Formats
    Convert complex on-premises application services into developer-friendly RESTful APIs

    Protect Information Assets Exposed Via APIs to Prevent Misuse
    Ensure that enterprise systems are protected against message-level attack and hijack

    Authorize Secure, Seamless Access for Valid Identities
    Deploy strong access control, identity federation and social login functionality

    Optimize System Performance and Manage the API Lifecycle
    Maintain the availability of backend systems for APIs, applications and end users

    Engage, Onboard, Educate and Manage Developers
    Give developers the resources they need to create applications that deliver real value

    Source: 5 Pillars of API Management, Broadcom, 2021

    Clarify your definition of mobile quality

    Quality does not mean the same thing to everyone

    Do not expect a universal definition of mobile quality. Each department, person and industry standard will have a different interpretation of quality, and they will perform certain activities and enforce policies that meet those interpretations. Misunderstanding of what is defined as a high quality mobile application within business and IT teams can lead to further confusion behind governance, testing priorities and compliance.

    Each interpretation of quality can lead to endless testing, guardrails and constraints, or lack thereof. Be clear on the priority of each interpretation and the degree of effort needed to ensure they are met.

    For example:

    Mobile Application Owner
    What does an accessible mobile application mean?

    Persona: Customer
    I can access it on mobile phones, tablets and the web browser

    Persona: Developer
    I have access to each layer of the mobile stack including the code & data

    Persona: Operations
    The mobile application is accessible 24/7 with 95% uptime

    Example: A School Board's Quality Definition

    Quality Attribute Definitions
    Usability The product is an intuitive solution. Usability is the ease with which the user accomplishes a desired task in the application system and the degree of user support the system provides. Limited training and documentation are required.
    Performance Usability and performance are closely related. A solution that is slow is not usable. The application system is able to meet timing requirements, which is dependent on stable infrastructure to support it regardless of where the application is hosted. Baseline performance metrics are defined and changes must result in improvements. Performance is validated against peak loads.
    Availability The application system is present, accessible, and ready to carry out its tasks when needed. The application is accessible from multiple devices and platforms, is available 24x7x365, and teams communicate planned downtimes and unplanned outages. IT must serve teachers international student's parents, and other users who access the application outside normal business hours. The application should never be down when it should be up. Teams must not put undue burden on end users accessing the systems. Reasonable access requirements are published.
    Security Applications handle both private and personal data, and must be able to segregate data based on permissions to protect privacy. The application system is able to protect data and information from unauthorized access. Users want it to be secure but seamless. Vendors need to understand and implement the District School Board's security requirements into their products. Teams ensure access is authorized, maintain data integrity, and enforce privacy.
    Reusability Reusability is the capability for components and subsystems to be suitable for use in other applications and in other scenarios. This attribute minimizes the duplication of components and implementation time. Teams ensure a modular design that is flexible and usable in other applications.
    Interoperability The degree to which two or more systems can usefully exchange meaningful information via interfaces in a particular context.

    Scalability

    There are two kinds of scalability:

    • Horizontal scalability (scaling out): Adding more resources to logical units, such as adding another server to a cluster of servers.
    • Vertical scalability (scaling up): Adding more resources to a physical unit, such as adding more memory to a single computer.

    Ease of maintenance and enhancements are critical. Additional care is given to custom code because of the inherent difficulty to make it scale and update.

    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.
    Cost Efficiency The application system is executed and maintained in such a way that each area of cost is reduced to what is critically needed. Cost efficiency is critical (e.g. printers cost per page, TCO, software what does downtime cost us), and everyone must understand the financial impact of their decisions.
    Self-Service End users are empowered to make configurations, troubleshoot and make changes to their application without the involvement of IT. The appropriate controls are in place to manage the access to unauthorized access to corporate systems.
    Modifiability The capability to manage the risks and costs of change, considering what can be changed, the likelihood of change, and when and who makes the change. Teams minimize the barriers to change, and get business buy in to keep systems current and valuable.
    Testability The ease with which software are made to demonstrate its faults through (typically execution-based) testing. It cannot be assumed that the vendor has already tested the system against District School Board's requirements. Testability applies to all applications, operating systems, and databases.
    Supportability The ability of the system to provide information helpful for identifying and resolving issues when it fails to work correctly. Supportability applies to all applications and systems within the District School Board's portfolio, whether that be custom developed applications or vendor provided solutions. Resource investments are made to better support the system.

    1.3.1 Define mobile application quality

    1-3 hours

    1. List 5 quality attributes that your organization sees as important for a successful mobile application.
    2. List the core personas that will support mobile delivery and that will consume the mobile application. Start with development, operations and support, and end user.
    3. Describe each quality attributes from the perspective of each persona by asking, "What does quality mean to you?".
    4. Review each description from each persona to come to an acceptable definition.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • User personas
    • Mobile application canvas
    • Journey map
    • Mobile application quality definition
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.1 cont'd

    Example: Info-Tech Guided Implementation with a Legal and Professional Services Organization

    Quality AttributeDeveloperOperations & Support TeamEnd Users

    Usability

    • Architecture and frameworks are aligned with industry best practices
    • Regular feedback through analytics and user feedback
    • Faster development and less technical debt
    • Pride in the product
    • Satisfaction that the product is serving its purpose and is actually being used by the user
    • Increased update of product use and feedback for future lifecycle
    • Standardization and positive perception of IT processes
    • Simpler to train users to adopt products and changes
    • Trust in system and ability to promote the product in a positive light
    • Trusted list of applications
    • Intuitive (easy to use, no training required)
    • Encourage collaboration and sharing ideas between end users and delivery teams
    • The information presented is correct and accurate
    • Users understand where the data came from and the algorithms behind it
    • Users learn features quickly and retain their knowledge longer, which directly correlates to decreased training costs and time
    • High uptake in use of the product
    • Seamless experience, use less energy to work with product

    Security

    • Secure by design approach
    • Testing across all layers of the application stack
    • Security analysis of our source code
    • Good approach to security requirement definition, secure access to databases, using latest libraries and using semantics in code
    • Standardized & clear practices for development
    • Making data access granular (not all or none)
    • Secure mission critical procedures which will reduce operational cost, improve compliance and mitigate risks
    • Auditable artifacts on security implementation
    • Good data classification, managed secure access, system backups and privacy protocols
    • Confidence of protection of user data
    • Encryption of sensitive data
    Availability
    • Good access to the code
    • Good access to the data
    • Good access to APIs and other integration technologies
    • Automatic alerts when something goes wrong
    • Self-repairing/recovering
    • SLAs and uptimes
    • Code documentation
    • Proactive support from the infrastructure team
    • System availability dashboard
    • Access on any end user device, including mobile and desktop
    • 24/7 uptime
    • Rapid response to reported defects or bugs
    • Business continuity

    1.3.2 Verify your decision to deliver mobile applications

    1-3 hours

    1. Review the various end user, business and technical expectations for mobile its achievability given the current state of your system and non-functional requirements.
    2. Complete the list of questions on the following slide as an indication for your readiness for mobile delivery.

    Input

    Output
    • Mobile application canvas
    • Assessment to proceed with mobile
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    1.3.2 cont'd

    Skill Sets
    Software delivery teams have skills in creating mobile applications that stakeholders are expecting in value and quality. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Architects look for ways to reuse existing technical asset and design for future growth and maturity in mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Resources can be committed to implement and manage a mobile platform. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Software delivery teams and resources are adaptable and flexible to requirements and system changes. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Delivery Process
    My software delivery process can accommodate last minute and sudden changes in mobile delivery tasks. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business and IT requirements for the mobile are clarified through collaboration between business and IT representatives. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile will help us fill the gaps and standardize our software delivery process process. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My testing practices can be adapted to verify and validate the mobile functional and non-functional requirements. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Technical Stack
    My mid-tier and back-end support has the capacity to accommodate additional traffic from mobile. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have access to my web infrastructure and integration technologies, and I am capable of making configurations. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    My security approaches and capabilities can be enhanced address specific mobile application risks and vulnerabilities. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    I have a sound and robust integration strategy involving web APIs that gives me the flexibility to support mobile applications. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    Phase 2

    Define Your Mobile Approach

    Choose Your Mobile Platform and Tools

    This phase will walk you through the following activities:

    • Step 2.1 – Choose Your Platform Approach
    • Step 2.2 – Shortlist Your Mobile Delivery Solution
    • Step 2.3 – Create a Roadmap for Mobile Delivery

    This phase involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Step 2.1

    Choose Your Platform Approach

    Activities

    2.1.1 Select your platform approach

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Desired mobile platform approach

    Mobile value is dependent on the platform you choose

    What is a platform?

    "A platform is a set of software and a surrounding ecosystem of resources that helps you to grow your business. A platform enables growth through connection: its value comes not only from its own features, but from its ability to connect external tools, teams, data, and processes." (Source: Emilie Nøss Wangen, 2021) In the mobile context, applications in a platform execute and communicate through a loosely coupled API architecture whether the supporting system is managed and supported by your organization or by 3rd party providers.

    Web

    The mobile web often takes on one of the following two approaches:

    • Responsive websites – Content, UI and other website elements automatically adjusts itself according to the device, creating a seamless experience regardless of the device.
    • Progressive web applications (PWAs) – PWAs uses the browser's APIs and features to offer native-like experiences.

    Mobile web applications are often developed with a combination of HTML, CSS, and JavaScript languages.

    Hybrid

    Hybrid applications are developed with web technologies but are deployed as native applications. The code is wrapped using a framework so that it runs locally within a native container, and it uses the device's browser runtime engine to support more sophisticated designs and features compared to the web approach. Hybrid mobile solutions allows teams to code once and deploy to multiple platforms.

    Some notable examples:

    • Gmail
    • Instagram

    Cross-Platform

    Cross-platform applications are developed within a distinct programming or scripting environment that uses its own scripting language (often like web languages) and APIs. Then the solution will compile the code into device-specific builds for native deployment.

    Some notable examples:

    • Facebook
    • Skype
    • Slack

    Native

    Native applications are developed and deployed to specific devices and OSs using platform-specific software development kits (SDKs) provided by the operating system vendors. The programming language and framework are dictated by the targeted device, such as Java for Android.

    With this platform, developers have direct access to local device features allowing customized operations. This enables the use of local resources, such as memory and runtime engines, which will achieve a higher performance than hybrid and cross-platform applications.

    Each platform offers unique pros and cons depending on your mobile needs

    WebHybridCross-PlatformNative

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    Pros

    Cons

    • Modern browsers support the popular of web languages (HTML, CSS, and JavaScript).
    • Ubiquitous across multiple form factors and devices.
    • Mobile can be easily integrated into traditional web development processes and technical stacks.
    • Installations are not required, and updates are immediate.
    • Sensitive data can be wiped from memory after app is closed.
    • Limited access to local device hardware and software.
    • Local caching is available for limited offline capabilities, but the scope of tasks that can be completed in this scenario is restricted.
    • The browser's runtime engine is limited in computing power.
    • Not all browsers fully support the latest versions of HTML, CSS, or JavaScript.
    • Web languages can be used to develop a complete application.
    • Code can be reused for multiple platforms, including web.
    • Access to commonly-used native features that are not available through the web platform.
    • Quick delivery and maintenance updates compared to native and cross-platform platforms.
    • Consistent internet access is needed due to its reliance heavily reliance on web technologies to operate.
    • Limited ability to support complex workflows and features.
    • Sluggish performance compared to cross-platform and native applications.
    • Certain features may not operate the same across all platforms given the code once, deploy everywhere approach.
    • More cost-effective to develop than using native development approaches to gain similar features. Platform-specific developers are not needed.
    • Common codebase to develop applications on different applications.
    • Enables more complex application functionalities and technical customizations compared to hybrid applications.
    • Code is not portable across cross-platform delivery solutions.
    • The framework is tied to the vendor solution which presents the risk of vendor lock-in.
    • Deployment is dependent on an app store and the delivery solution may not guarantee the application's acceptance into the application store.
    • Significant training and onboarding may be needed using the cross-platform framework.
    • Tight integration with the device's hardware enables high performance and greater use of hardware features.
    • Computationally-intensive and complex tasks can be completed on the device.
    • Available offline access.
    • Apps are available through easy-to-access app stores.
    • Requires additional investments, such as app stores, app-specific support, versioning, and platform-specific extensions.
    • Developers skilled in a device-specific language are difficult to acquire and costly to train.
    • Testing is required every time a new device or OS is introduced.
    • Higher development and maintenance costs are tradeoffs for native device features.

    Start mobile development on a mobile web platform

    Start with what you have: begin with a mobile web platform to minimize impacts to your existing delivery skill sets and technical stack while addressing business needs. Resort to a hybrid first and then consider a cross-platform application if you require device access or the need to meet specific non-functional requirements.

    Why choose a mobile web platform?

    Pros

    The latest versions of the most popular web languages (HTML5, CSS3, JavaScript) abstract away from the granular, physical components of the application, simplifying the development process. HTML5 offer some mobile features (e.g., geolocation, accelerometer) that can meet your desired experience without the need for native development skills. Native look-and-feel, high performance, and full device access are just a few tradeoffs of going with web languages.

    Cons

    Native mobile platforms depend on device-specific code which follows specific frameworks and leverages unique programming libraries, such as Objective C for iOS and Java for Android. Each language requires a high level of expertise in the coding structure and hardware of specific devices requiring resources with specific skillsets and different tools to support development and testing.

    Other Notable Benefits with Web Languages

    • Modern browsers in most mobile devices are capable of executing and rendering many mobile features developed in web languages, allowing for greater portability and sophistication of code across multiple devices. However, this flexibility comes at the cost of performance since the browser's runtime engine will not perform as well as a native engine.
    • Web languages are well known by developers, minimizing skills and resourcing impacts. Consequently, changes can be quickly accommodated and updated uniformly across all end users.

    Do you need a native platform?

    Consider web workarounds if you choose a web platform but require some native experiences.

    The web platform does not give you direct access or sophisticated customizations to local device hardware and services, underlying code and integrations. You may run into the situation where you need some native experiences, but the value of these features may not offset the costs to undertake a native, hybrid or cross-platform application. When developing hybrid and cross-platform applications with a mobile delivery solution, only the APIs of the commonly used device features are available. Note that some vendors may not offer a particular native feature across all devices, inhibiting your ability to achieve feature parity or exploiting device features only available in certain devices. Workarounds are then needed.

    Consider the following workarounds to address the required native experiences on the web platform:

    Native Function Description Web Workaround Impact
    Camera Takes pictures or records videos through the device's camera. Create an upload form in the web with HTML5. Break in workflow leading to poor user experience (UX).
    Geolocation Detects the geographical location of the device. Available through HTML5. Not Applicable.
    Calendar Stores the user's calendar in local memory. Integrate with calendaring system or manually upload contacts. Costly integration initiative. Poor user experience.
    Contacts Stores contact information in local memory. Integrate app with contact system or manually upload contacts. Costly integration initiative. Poor user experience.
    Near Field Communication (NFC) Communication between devices by touching them together or bringing them into proximity. Manual transfer of data. A lot of time is consumed transferring simple information.
    Native Computation Computational power and resources needed to complete tasks on the device. Resource-intensive requests are completed by back-end systems and results sent back to user. Slower application performance given network constraints.

    Info-Tech Insight

    In many cases, workarounds are available when evaluating the gaps between web and native applications. For example, not having application-level access to the camera does not negate the user option to upload a picture taken by the camera through a web form. Tradeoffs like this will come down to assessing the importance of each platform gap for your organization and whether a workaround is good enough as a native-like experience.

    Architect and configure your entire mobile stack with a plan

    • Assess your existing technology stack that will support your mobile platform. Determine if it has the capacity to handle mobile traffic and the necessary integration between devices and enterprise and 3rd party systems are robust and reliable. Reach out to your IT teams and vendors if you are missing key mobile components, such as:
    • The acquisition and provisioning of physical or virtual mobile web servers and middleware from existing vendors.
    • Cloud services [e.g., Mobile Back-end as a Service (mBaaS)] that assists in the mobilization of back-end data sources with API SDKs, orchestration of data from multiple sources, transformation of legacy APIs to mobile formats, and satisfaction of other security, integration and performance needs.
    • Configure the services of your web server or middleware to facilitate the translation, transformation, and transfer of data between your mobile front-end and back-end. If your plan involves scripts, maintenance and other ongoing costs will likely increase.
    • Leverage the APIs or adapters provided by your vendors or device manufacturers to integrate your mobile front-end and back-end support to your web server or middleware. If you are reusing a web server, the back-end integration should already be in place. Remember, APIs implement business rules to maintain the integrity of data exchange within your mobile stack.
    • See Appendix A for examples of reference architectures of mobile platforms.

    See our Enhance Your Solution Architecture for more information.

    Do Not Forget Your Security and Performance Requirements

    Security: New threats from mobile put organizations into a difficult situation beyond simply responding to them in a timely matter. Be careful not to take the benefits of security out of the mobile context. You need to make security a first-order citizen during the scoping, design, and optimization of your systems supporting mobile. It must also be balanced with other functional and non-functional requirements with the right roles taking accountability for these decisions.

    See our Strengthen the SSDLC for Enterprise Mobile Applications for more information.

    Performance: Within a distributed mobile environment, performance has a risk of diminishing due to limited device capacity, network hopping, lack of server scalability, API bottlenecks, and other device, network and infrastructure issues. Mobile web APIs suffer from the same pain points as traditional web browsing and unplanned API call management in an application will lead to slow performance.

    See our Develop Enterprise Mobile Applications With Realistic and Relevant Performance for more information.

    Enterprise platform selection requires a shift in perspective

    Your mobile platform selection must consider both user and enterprise (i.e., non-functional) needs. Use a two-step process for your analysis:

    Begin Platform Selection with a User-Centric Approach

    Organizations appealing to end users place emphasis on the user experience: the look and appeal of the user interface, and the satisfaction, ease of use, and value of its functionalities. In this approach, IT concerns and needs are not high priorities, but many functions are completed locally or isolated from mission critical corporate networks and sensitive data. Some needs include:

    • Performance: quick execution of tasks and calculations made on the device or offloaded to web servers or the cloud.
    • User Interface: cross-platform compatibility and feature-rich design and functionality. The right native experience is critical to the user adoption and satisfaction.
    • Device Access: use of local device hardware and software to complete app use cases, such as camera, calendar, and contact lists.

    Refine Platform Selection with an Enterprise-Centric Approach

    From the enterprise perspective, emphasis is on security, system performance, integration, reuse and other non-functional requirements as the primary motivations in the selection of a mobile platform. User experience is still a contributing factor because of the mobile application's need to drive value but its priority is not exclusive. Some drivers include:

    • Openness: agreed-upon industry standards and technologies that can be applied to serve enterprise needs which support business processes.
    • Integration: increase the reuse of legacy investments and existing applications and services with integration capabilities.
    • Flexibility: support for multiple data types from applications such as JSON format for mobile.
    • Capacity: maximize the utilization of your software delivery resources beyond the initial iteration of the mobile application.

    Info-Tech Insight

    Selecting a mobile platform should not solely be made on business requirements. Key technical stakeholders should be at the table in this discussion to provide insight on the implementation and ongoing costs and benefits of each platform. Both business and technical requirements should be considered when deciding on a final platform.

    Select your mobile platform

    Drive your mobile platform selection against user-centric needs (e.g. device access, aesthetics) and enterprise-centric needs (e.g. security, system performance).

    When does a platform makes sense to use?

    Web

    • Desire to maximize current web technologies investments (people, process, and technologies).
    • Use cases do not require significant computational resources on the device or are tightly constrained by non-functional requirements.
    • Limited budget to acquire mobile development resources.
    • Access to device hardware is not a high priority.

    Hybrid / Cross-Platform

    • The need to quickly spin up native-like applications for multiple platforms and devices.
    • Desire to leverage existing web development skills, but also a need for device access and meeting specific non-functional requirements.
    • Vendor support is needed for the entire mobile delivery process.

    Native

    • Developers are experts in the target programming language and with the device's hardware.
    • Strong need for high performance, security and device-specific access and customizations.
    • Application use cases requiring significant computing resources.

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform.

    2.1.1 Select your platform approach

    1-3 hours

    1. Review your mobile objectives, end user needs and non-functional requirements.
    2. Determine which mobile platform is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: user-centric and enterprise-centric needs.
    3. Calculate an average score for user-centric and one for enterprise-centric. Then, map them on the matrix to indicate possible platform options. Consider all options around the plotted point.
    4. Further discuss which platforms should be the preferred choice.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Desired mobile experience
    • List of desired mobile features
    • Current state assessments
    • Mobile platform approach
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.1.1 cont'd

    User-Centric Needs: Functional Requirements

    Factors Definitions Survey Responses
    Device Hardware Access The scope of access to native device hardware features. Basic features include those that are available through current web languages (e.g., geolocation) whereas comprehensive features are those that are device-specific. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Hardware The degree of changes to the execution of local device hardware to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Device Software Access The scope of access to software on the user's device, such as calendars and contact. 1 (Basic) – 2 – 3 (Moderate) – 4 – 5 (Comprehensive)
    Customized Execution of Device Software The degree of changes to the execution of local device software to satisfy functional needs. 1 (Use as Is) – 2 – 3 (Configure) – 4 – 5 (Customize)
    Use Case Complexity Workflow tasks and decisions are simple and straightforward. Complex computation is not needed to acquire the desired outcome. 1 (Strongly Agree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Disagree)
    Computational Resources The resources needed on the device to complete desired functional needs. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Use Case Ambiguity The mobile use case and technical requirements are well understood and documented. Changes to the mobile application is likely. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Mobile Application Access Enterprise systems and data are accessible to the broader organization through the mobile application. This factor does not necessarily mean that anyone can access it untracked. You may still need to identify yourself or log in, etc. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Scope of Adoption & Impact The extent to which the mobile application is leveraged in the organization. 1 (Enterprise) – 2 – 3 (Department) – 4 – 5 (Team)
    Installable The need to locally install the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Targeted Devices & Platforms Mobile applications are developed for a defined set of mobile platform versions and types and device. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Output Audience The mobile application transforms an input into a valuable output for high-priority internal or external stakeholders. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    User-Centric Needs: Native User Experience Factors

    Factors Definitions Survey Responses
    Immersive Experience The need to bridge physical world with the virtual and digital environment, such as geofencing and NFC. 1 (Internally Delivered) – 2 – 3 (3rd Party Supported) – 4 – 5 (Business Implemented)
    Timeliness of Content and Updates The speed of which the mobile application (and supporting system) responds with requested information, data and updates from enterprise systems and 3rd party services. 1 (Reasonable Delayed Response) – 2 – 3 (Partially Outsourced) – 4 – 5 (Fully Outsourced)
    Application Performance The speed of which the mobile application completes tasks is critical to its success. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Network Accessibility The needed ability to access and use the mobile application in various network conditions. 1 (Only Available When Online) – 2 – 3 (Partially Available When Online) – 4 – 5 (Available Online)
    Integrated Ecosystem The approach to integrate the mobile application with enterprise or 3rd party systems and services. 1 (Out-of-the-Box Connectors) – 2 – 3 (Configurable Connectors) – 4 – 5 (Customized Connectors)
    Desire to Have a Native Look-and-Feel The aesthetics and UI features (e.g., heavy animations) that are only available through native and cross-platform applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    User Tolerance to Change The degree of willingness and ableness for a user to change their way of working to maximize the value of the mobile application. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Mission Criticality The business could not execute its main strategy if the mobile application was removed. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Value The mobile application directly adds business value to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Industry Differentiation The mobile application provides a distinctive competitive advantage or is unique to your organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)

    2.1.1 cont'd

    Enterprise-Centric Needs: Non-Functional Requirements

    Factors Definitions Survey Responses
    Legacy Compatibility The need to integrate and operate with legacy systems. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Code Portability The need to enable the "code once and deploy everywhere" approach. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Vendor & Technology Lock-In The tolerance to lock into a vendor mobile delivery solution or technology framework. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Data Sensitivity The data used by the mobile application does not fall into the category of sensitive data – meaning nothing financial, medical, or personal identity (GDPR and worldwide equivalents). The disclosure, modification, or destruction of this data would cause limited harm to the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Data Policies Policies of the mobile application's data are mandated by internal departmental standards (e.g. naming standards, backup standards, data type consistency). Policies only mandated in this way usually have limited use in a production capacity. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Security Risks Mobile applications are connected to private data sources and its intended use will be significant if underlying data is breached. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    Business Continuity & System Integrity Risks The mobile application in question does not have much significance relative to the running of mission critical processes in the organization. 1 (Strongly Disagree) – 2 – 3 (Neutral) – 4 – 5 (Strongly Agree)
    System Openness Openness of enterprise systems to enable mobile applications from the user interface to the business logic and backend integrations and database. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Mobile Device Management The organization's policy for the use of mobile devices to access and leverage enterprise data and services. 1 (Bring-Your-Own-Device) – 2 – 3 (Hybrid) – 4 – 5 (Corporate Devices)

    2.1.1 cont'd

    Enterprise-Centric Needs: Delivery Capacity

    Factors Definitions Survey Responses
    Ease of Mobile Delivery The desire to have out-of-the-box and packaged tools to expedite mobile application delivery using web technologies. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Competency The capability for internal staff to and learn how to implement and administer mobile delivery tools and deliver valuable, high-quality applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Ease of Deployment The desire to have the mobile applications delivered by the team or person without specialized resources from outside the team. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Approach The capability to successfully deliver mobile applications given budgetary and costing, resourcing, and supporting services constraints. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Maintenance & Operational Support The capability of the resources to responsibly maintain and operate mobile applications, including defect fixes and the addition and extension of modules to base implementations of the digital product. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Domain Knowledge Support The availability and accessibility of subject and domain experts to guide facilitate mobile application implementation and adoption. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Delivery Urgency The desire to have the mobile application delivered quickly. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Reusable Components The desire to reuse UI elements and application components. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)

    2.1.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric Needs 4.25 3
    Functional Requirements 4.5 2.25
    Native User Experience Factors 4 1.75
    Enterprise-Centric Needs 4 2
    Non-Functional Requirements 3.75 3.25
    Delivery Capacity 4.25 2.75
    Possible Mobile Platform Cross-Platform Native PWA Hybrid

    Nine datapoints are arranged on a graph where the x axis s labeled: User Centric Needs; and the Y axis is labeled: Enterprise-centric needs. The datapoints are, in order from left to right, top to bottom: Hybrid; Cross- Platform; Native; Web; Hybrid or Cross- Platform; Cros-s Platform; Web; Web; Hybrid or Cross- Platform. Two yellow circles are overlaid, one containing the phrase: Remote Support - over the box containing Progressive Web Applications (PWA) or Hybrid; and a yellow circle containing the phrase Inventory MGMT, partly covering the box containing Native; and the box containing Cross-Platform.

    Build a scalable and manageable platform

    Long-term mobile success depends on the efficiency and reliability of the underlying operational platform. This platform must support the computational and performance demands in a changing business environment, whether it is composed of off-the-self or custom-developed solutions, or a single vendor or best-of-breed.

    • Application
      • The UI design and content language is standardized and consistently applied
      • All mobile configurations and components are automatically versioned
      • Controlled administration and tooling access, automation capabilities, and update delivery
      • Holistic portfolio management
    • Data
      • Automated data management to preserve data quality (e.g. removal of duplications)
      • Defined single source of truth
      • Adherence to data governance, and privacy and security policies
      • Good content management practices, governance and architecture
    • Infrastructure
      • Containers and sandboxes are available for development and testing
      • Self-healing and self-service environments
      • Automatic system scaling and load balancing
      • Comply to budgetary and licensing constraints
    • Integration
      • Backend database and system updates are efficient
      • Loosely coupled architecture to minimize system regressions and delivery effort
      • Application, system and data monitoring

    Step 2.2

    Shortlist Your Mobile Delivery Solution

    Activities

    2.2.1 Shortlist your mobile delivery solution

    2.2.2 Build your feature and service lists

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services

    Ask yourself: should I build or buy?

    Build Buy

    Multi-Source Best-of-Breed

    Vendor Add-Ons & Integrations

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Enhance an existing vendor's offerings by using their system add-ons either as upgrades, new add-ons or integrations.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • Introduces tool sprawl.
    • Requires resources to understand tools and how they integrate.
    • Some of the tools necessary may not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Multi-Source Custom

    Single Source

    Integrate systems built in-house with technologies developed by external organizations.

    Buy an application/system from one vendor only.

    Pros

    • Flexibility in choice of tools.
    • In some cases, cost may be lower.
    • Easier to enhance with in-house teams.

    Cons

    • May introduce tool sprawl.
    • Requires resources to have strong technical skills
    • Some of the tools necessary may
    • not be compatible with each other.

    Pros

    • Reduces tool sprawl.
    • Supports consistent tool stack.
    • Vendor support can make enhancement easier.
    • Total cost of ownership may be lower.

    Cons

    • Vendor Lock-In.
    • The processes to enhance may require tweaking to fit tool capability.

    Weigh the pros and cons of mobile enablement versus development

    Mobile Enablement

    Mobile Development

    Description Mobile interfaces that heavily rely on enterprise or 3rd party systems to operate. Mobile does not expand the functionality of the system but complements it with enhanced access, input and consumption capabilities. Mobile applications that are custom built or configured in a way that can operate as a standalone entity, whether they are locally deployed to a user's device or virtually hosted.
    Mobile Platform Mobile web, locally installed mobile application provided by vendor Mobile web, hybrid, cross-platform, native
    Typical Audience Internal staff, trusted users Internal and external users, general public
    Examples of Tooling Flavors Enterprise applications, point solutions, robotic & process automation Mobile enterprise application platform, web development, low and no code development, software development kits (SDKs)
    Technical Skills Required Little to no mobile delivery experience and skillsets are needed, but teams must be familiar with the supporting system to understand how a mobile interface can improve the value of the system. Have good UX-driven and quality-first practices in the mobile context. In-depth coding, networking, system and UX design, data management and security skills are needed for complex designs, functions, and architectures.
    Architecture & Integration Architecture is standardized by the vendor or enterprise with UI elements that are often minimally configurable. Extensions and integrations must be done through the system rather than the mobile interface. Much of application stack and integration approach can be customized to meet the specific functional and non-functional needs. It should still leverage web and design standards and investments currently used.
    Functional Scope Functionality is limited to the what the underlying system allows the interface to do. This often is constrained to commodity web application features (e.g., reporting) or tied to minor configurations to the vendor-provided point solution Functionality is only constrained by the platform and the targeted mobile devices whether it is performance, integration, access or security related. Teams should consider feature and content parity across all products within the organization portfolio.
    Delivery Pipeline End-to-end delivery and automated pipeline is provided by the vendor to ensure parity across all interfaces. Many vendors provide cloud-based services for hosting. Otherwise, it is directly tied to the SDLC of the supporting system. End-to-end delivery and automated pipeline is directly tied to enterprise SDLC practices or through the vendor. Some vendors provide cloud-based services for hosting. Updates are manually or automatically (through a vendor) published to app stores and can be automatically pushed to corporate users through mobile application management capabilities.
    Standards & Guardrails Quality standards and technology governance are managed by the vendor or IT with limited capabilities to tailor them to be mobile specific. Quality standards and technology governance are managed by the mobile delivery teams. The degree of customizations to these standards and guardrails is dependent on the chosen platform and delivery team competencies.

    Understand the common attributes of a mobile delivery solution

    • Source Code Management – Built-in or having the ability to integrate with code management solutions for branching, merging, and versioning. Debugging and coding assistance capabilities may be available.
    • Single Code Base – Capable of programming in a standard coding and scripting language for deployment into several platforms and devices. This code base is aligned to a common industry framework (e.g., AngularJS, Java) or a vendor-defined one.
    • Out-of-the-Box Connectors & Plug-ins – Pre-built APIs enhance the solution's capabilities with 3rd party tools and systems to deliver and manage high quality and valuable mobile applications.
    • Emulators – Ability to virtualize an application's execution on a target platform and device.
    • Support for Native Features – Supports plug-ins and APIs for access to device-specific features.

    What are mobile delivery solutions?

    A mobile delivery solution gives you the tools, resources and support to enable or build your mobile application. They can provide pre-built applications, vendor supported components to allow some configurations, or resources for full stack customizations. Some solutions can be barebone software development kits (SDKs) or comprehensive suites offering features to support the entire software delivery lifecycle, such as:

    • Mobile application management
    • Testing and publishing to app stores
    • Content management
    • Cloud hosting
    • Application performance management

    Info-Tech Insight

    Mobile enablement and development capabilities are already embedded in many common productivity tools and enterprise applications, such as Microsoft PowerApps and ERP modules. They can serve as a starting point in the initial rollout of new management and governance practices without the need of acquiring new tools.

    Select your mobile delivery solutions

    1. Set the scope of your framework.
    • The initial context of this framework is based on the mobile functions needed to support your desired mobile experience and on the current state of your enterprise and 3rd party systems.
  • Define the decision factors for your solution selection.
    • Review the decision factors that will influence the selection of your mobile delivery solution for each mobile opportunity:
    • Stack Management – Who will be hosting and supporting your mobile application stack?
    • Workflows Complexity & Native Experience – How complex is your desired mobile experience and how will native device features be leveraged?
  • Select your solution type.
    • Mobile delivery solutions are broadly defined in the following groups:
    • Commercial-Off-The-Shelf (COTS) – Pre-built mobile applications requiring little to no configurations or implementation effort.
    • Vendor Hosted Mobile Platform – Back-end and mid-tier infrastructure and operational support are managed by a vendor.
    • Cross-Platform Development – Frameworks that transform a single code base into platform-specific builds.
    • Hybrid Development – Tools that wrap a single code base into a locally deployable build.
    • Custom Web Development – Environment enabling full stack development for mobile web applications.
    • Custom Native Development – Environment enabling full stack development for mobile native applications.
  • A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions

    Explore the various solution options

    Vendor Hosted Mobile Platform

    • Cloud Services (Mobile Backend-as-a-Service) (Amazon Amplify, Kinvey, Back4App, Google Firebase, Apache Usergrid)
    • Low Code Mobile Platforms (Outsystems, Mendix, Zoho Creator, IBM Mobile Foundation, Pega Mobile, HCL Volt MX, Appery)
    • Mobile Development via Enterprise Application (SalesForce Heroku, Oracle Application Accelerator MAX, SAP Mobile Development Kit, NetSuite Mobile)
    • Mobile Development via Business Process Automation (PowerApps, Appian, Nintex, Quickbase)

    Cross-Platform Development SDKs

    React Native, NativeScript, Xamarin Forms, .NET MAUI, Flutter, Kotlin Multiplatform Mobile, jQuery Mobile, Telerik, Temenos Quantum

    Custom Native Development Solutions

    • Native Development Languages and Environments (Swift, Java, Objective-C, Kotlin, Xcode, NetBeans, Android Studio, AppCode, Microsoft Visual Studio, Eclipse, DriodScript, Compose, Atom)
    • Mobile Application Utilities (Unity, MonoGame, Blender, 3ds Max Design, Maya, Unreal Engine, Amazon Lumberyard, Oculus)

    Commercial-Off-the-Shelf Solutions

    • No Code Mobile Platforms (Swiftic, Betty Blocks, BuildFire, Appy Pie, Plant an App, Microsoft Power Apps, AppSheet, Wix, Quixy)
    • Mobile Application Point Solutions and Enablement via Enterprise Applications

    Hybrid Development SDKs

    Cordova Project, Sencha Touch, Electron, Ionic, Capacitor, Monaca, Voltbuilder

    Custom Web Development Solutions

    Web Development Frameworks (React, Angular, Vue, Express, Django, Rails, Spring, Ember, Backbone, Bulma, Bootstrap, Tailwind CSS, Blade)

    Get the most out of your solutions by understanding their core components

    While most of the heavy lifting is handled by the vendor or framework, understanding how the mobile application is built and operates can identify where further fine-tuning is needed to increase its value and quality.

    Platform Runtime

    Automatic provisioning, configurations, and tuning of organizational and 3rd party infrastructure for high availability, performance, security and stability. This can include cloud management and non-production environments.

    Extensions

    • Mobile delivery solutions can be extended to allow:
    • Custom development of back-end code
    • Customizable integrations and hooks where needed
    • Integrations with CI/CD pipelines and administrative services
    • Integrations with existing databases and authentication services

    Platform Services

    The various services needed to support mobile delivery and enable continuous delivery, such as:

    • Configuration & Change Management – Verifies, validates, and monitors builds, deployments and changes across all components.
    • Code Generator – Transforms UI and data models into native application components that are ready to be deployed.
    • Deployment Services – Deploys application components consistently across all target environments and app stores.
    • Application Services – Manages the mobile application at runtime, including executing scheduled tasks and instrumentation.

    Application Architecture

    Fundamentally, mobile application architecture is no different than any other application architecture so much of your design standards still applies. The trick is tuning it to best meet your mobile functional and non-functional needs.

    This image contains an example of mobile application architecture.

    Source: "HCL Volt MX", HCL.

    Build your shortlist decision criteria

    The decision on which type of mobile delivery solution to use is dependent on several key questions?

    Who is the Mobile Delivery Team?

    • Is it a worker, business or IT?
    • What skills and knowledge does this person have?
    • Who is supporting mobile delivery and management?
    • Are other skills and tools needed to support, extend or mature mobile delivery adoption?

    What are the Use Cases?

    • What is the value and priority of the use cases?
    • What native features do we need?
    • Who is the audience of the output and who is impacted?
    • What systems, data and services do I need access?
    • Is it best to build it or buy it?
    • What are the quality standards?
    • How strategic is the use case?

    How Complex is the System?

    • Is the mobile application a standalone or integrated with enterprise systems?
    • What is the system's state and architecture?
    • What 3rd party services do we need integrated?
    • Are integrations out-of-the-box or custom?
    • Is the data standardized and who can edit its definition?
    • Is the system monolithic or loosely coupled?

    How Much Can We Tolerate?

    • Risks: What are the business and technical risks involved?
    • Costs: How much can we invest in implementation, training and operations?
    • Change: What organizational changes am I expecting to make? Will these changes be accepted and adopted?

    2.2.1 Shortlist your mobile delivery solution

    1-3 hours

    1. Determine which mobile delivery solutions is appropriate for each mobile opportunity or use case by answering the following questions on the following slides against two factors: complexity of mobile workflows and native features and management of the mobile stack.
      1. Take the average of the enterprise-centric and user-centric scores from step 2.1 for your complexity of mobile workflows and native features scores.
    2. Calculate an average score for the management of the mobile stack. Then, map them on the matrix to indicate possible solution options alongside your user-centric scores. Consider all options around the plotted point.
    3. Further discuss which solution should be the preferred choice and compare those options with your selected platform approach.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Current state assessment
    • Mobile platform approach
    • Shortlist of mobile delivery solution
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.2.1 cont'd

    Stack Management

    Factors Definitions Survey Responses
    Cost of Delayed Delivery The expected cost if a vendor solution or update is delayed. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Vendor Negotiation Organization's ability to negotiate favorable terms from vendors. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Controllable Delivery Timeline Organization's desire to control when solutions and updates are delivered. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Solution Hosting The desired approach to host the mobile application. 1 (Fully Outsourced) – 2 – 3 (Partially Outsourced) – 4 – 5 (Internally Hosted)
    Vendor Lock-In The tolerance to be locked into a specific technology stack or vendor ecosystem. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Operational Cost Target The primary target of the mobile application's operational budget. 1 (External Resources) – 2 – 3 (Hybrid) – 4 – 5 (Internal Resources)
    Platform Management The desired approach to manage the mobile delivery solution, platform or underlying technology. 1 (Decentralized) – 2 – 3 (Federated) – 4 – 5 (Centralized)
    Skill & Competency of Mobile Delivery Team The ability of the team to create and manage valuable and high-quality mobile applications. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Current Investment in Enterprise Technologies The need to maximize the ROI of current enterprise technologies or integrate with legacy technologies. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Ease of Extensibility Need to have out-of-the-box connectors and plug-ins to extend the mobile delivery solution beyond its base implementation. 1 (High) – 2 – 3 (Moderate) – 4 – 5 (Low)
    Holistic Application Strategy Organizational priorities on the types of applications the portfolio should be comprised. 1 (Buy) – 2 – 3 (Hybrid) – 4 – 5 (Build)
    Control of Delivery Pipeline The desire to control the software delivery pipeline from design to development, testing, publishing and support. 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)
    Specific Quality Requirements Software and mobile delivery is constrained to your unique quality standards (e.g., security, performance, availability) 1 (Low) – 2 – 3 (Moderate) – 4 – 5 (High)

    2.2.1 cont'd

    Example:

    Score Factors (Average) Mobile Opportunity 1: Inventory Management Mobile Opportunity 2: Remote Support
    User-Centric & Enterprise Centric Needs (From Step 2.1) 4.125 2.5
    Stack Management 2 2.5
    Desired Mobile Delivery Solution Vendor-Hosted Mobile Platform

    Commercial-Off-the-Shelf Solution

    Hybrid Development Solution

    A quadrant analysis is depicted. the top data is labeled Complex Mobile Features; the right side is labeled Organization-Managed Stack; the bottom is labeled Simple Mobile Features; and the left side is labeled Vendor-Managed Stack. The quadrants are labeled the following, in order from left to right, top to bottom. Vendor- Hosted Mobile Platform; Custom Native Development Solutions; Commercial-Off-the-Shelf Solutions; Custom Web Development Solutions. In the middle of the graph are the following, in order from top to bottom: Cross-Platform Development Solutions; Hybrid Development Solutions.

    Consider the following in your solution selection and implementation

    • Vendor lock in – Each solution has its own approach, frameworks, and data schemas to convert designs and logic into an executable build that is stable in the targeted environment. Consequently, moving application artifacts (e.g., code and designs) from one solution or environment to another may not be easily accomplished without significant modifications or the use of application modernization or migration services.
    • Conflicting priorities and viewpoints of good delivery practices – Mobile delivery solutions are very particular on how they generate applications from designs and configurations. The solution's approach may not accommodate your interpretation of high-quality code (e.g., scalability, maintainability, extensibility, security). Technical experts should be reviewing and refactoring the generated code.
    • Incompatibility with enterprise applications and systems – The true benefit of mobile delivery solutions is their ability to connect your mobile application to enterprise and 3rd party technologies and services. This capability often requires enterprise technologies and services to be architected in a way that is compatible with your delivery solution while ensuring data, security protocols and other standards and policies are consistently enforced.
    • Integration with current application development and management tools – Mobile delivery solutions should be extensions from your existing application development and management tools that provides the versioning, testing, monitoring, and deployment capabilities to sustain a valuable application portfolio. Without this integration, IT will be unable to:
      • Root cause issues found on IT dashboards or reported to help desk.
      • Rollback defective applications to a previous stable state.
      • Obtain a complete application portfolio inventory.
      • Execute comprehensive testing for high-risk applications.
      • Trace artifacts throughout the development lifecycle.
      • Generate reports of the status of releases.

    Enhance your SDLC to support mobile delivery

    What is the SDLC?

    The software development lifecycle (SDLC) is a process that ensures valuable software products are efficiently delivered to customers. It contains a repeatable set of activities needed to intake and analyze requirements to design, build, test, deploy, and maintain software products.

    How will mobile delivery influence my SDLC?

    • Cross-functional collaboration – Bringing business and IT together at the most opportune times to clarify user needs and business priorities, and set realistic expectations given technology and capacity constraints. The appropriate tactics and techniques are used to improve decision making and delivery effectiveness according to the type of work.
    • Iterative delivery – Frequent delivery of progressive changes minimizes the risk of low-quality features by containing and simplifying scope, and enables responsive turnarounds of fixes, enhancements, and priority changes.
    • Feedback loops –Mobile application owners constantly review, update and refine their backlog of mobile features and changes to reflect user feedback and system performance metrics. Delivery teams proactively prepare the application for future scaling based on lessons and feedback learned from earlier releases.

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    Example: Low- & No-Code Mobile Delivery Pipeline

    Low Code

    Data Modeling & Configuration

    No Code

    Visual Interface with Complex Data Models

    Data Modeling & Configuration

    Visual Interfaces with Simple Data Models

    GUI Designer with Customizable Components & Entities

    UI Definition & Design

    GUI Designer with Canned Templates

    Visual Workflow and Custom Scripting

    Business Logic Rules and Workflow Specification

    Visual Workflow and Natural Language Scripting

    Out-of-the-Box Plugins & Custom Integrations

    Integration of External Services (via 3rd Party APIs)

    Out-of-the-Box Plugins

    Automated and Manual Build & Packaging

    Build & Package

    Automated Build & Packaging

    Automated & Manual Testing

    Test

    Automated Testing

    One-Click Push or IT Push to App Store

    Publish to App Store

    One-Click Push to App Store

    Use Info-Tech's research to address your delivery gaps

    Mobile success requires more than a set of good tools.

    Overcome the Common Challenges Faced with Building Mobile Applications

    Common Challenges with Digital Applications

    Suggested Solutions

    • Time & Resource Constraints
    • Buy-In From Internal Stakeholders
    • Rapidly Changing Requirements
    • Legacy Systems
    • Low-Priority for Internal Tools
    • Insufficient Data Access

    Source: DronaHQ, 2021

    Learn the differentiators of mobile delivery solutions

    • Native Program Languages – Supports languages other than web (Java, Ruby, C/C++/C#, Objective-C).
    • IDE Integration – Available plug-ins for popular development suites and editors.
    • Debugging Tools – Finding and eliminating bugs (breakpoints, single stepping, variable inspection, etc.).
    • Application Packaging via IDE – Digitally sign applications through the IDE for it to be packaged and published in app stores.
    • Automated Testing Tools – Native or integration with automated functional and unit testing tools.
    • Low- and No- Code Designer – Tools for designing graphical user interfaces and features and managing data with drag-and-drop functionalities.
    • Publishing and Deployment Capabilities – Automated deployment to mobile device management (MDM) systems, mobile application management (MAM) systems, mobile application stores, and web servers.
    • Third-Party and Open-Source Integration – Integration with proprietary and open-source third-party modules, development tools, and systems.
    • Developer Marketplace – Out-of-the-box plug-ins, templates, and integration are available through a marketplace.
    • Mobile Application Support Capabilities – Ability to gather, manage, and address application issues and defects.
    • API Gateway, Monitoring, and Management – Services that enable the creation, publishing, maintenance, monitoring, and securing of APIs through a common interface.
    • Mobile Analytics and Monitoring – View the adoption, usage, and performance of deployed mobile applications through graphical dashboards.
    • Mobile Content Management – Publish and manage mobile content through a centralized system.
    • Mobile Application Security – Supports the securing of application access and usage, data encryption, and testing of security controls.

    Define your mobile delivery vendor selection criteria

    Focus on the key vendor attributes and capabilities that enable mobile delivery scaling and growth in your organization

    Considerations in Mobile Delivery Vendor Selection
    Platform Features & Capabilities Price to Implement & Operate Platform
    Types of Mobile Applications That Can Be Developed Ease of IT Administration & Management
    User Community & Marketplace Size Security, Privacy & Access Control Capabilities
    SME in Industry Verticals & Business Functions Vendor Product Roadmap & Corporate Strategy
    Pre-Built Designs, Templates & Application Shells Scope of Device- and OS-Specific Compatibilities
    Regulatory & Industry Compliance Integration & Technology Partners
    Importing Artifacts From and Exporting to Other Solutions Platform Architecture & Underlying Technology
    End-to-End Support for the Entire Mobile SDLC Relevance to Current Mobile Trends & Practices

    Build your features list

    Incorporate different perspectives when defining the list of mandatory and desired features of your target solution.

    Appendix B contains a list of features for low- and no-code solutions that can be used as a starting point.

    Visit Info-Tech's Implement a Proactive and Consistent Vendor Selection Process blueprint.

    Mobile Developer

    • Visual, drag-and-drop models to define data models, business logic, and user interfaces.
    • One-click deployment.
    • Self-healing capabilities.
    • Vendor-managed infrastructure.
    • Active community and marketplace.
    • Pre-built templates and libraries.
    • Optical character recognition and natural language processing.
    • Knowledgebase and document management.
    • Business value, operational costs, and other KPI monitoring.
    • Business workflow automation.

    Mobile IT Professional

    • Audit and change logs.
    • Theme and template builder.
    • Template management.
    • Role-based access.
    • Regulatory compliance.
    • Consistent design and user experience across applications.
    • Application and system performance monitoring.
    • Versioning and code management.
    • Automatic application and system refactoring and recovery.
    • Exception and error handling.
    • Scalability (e.g. load balancing) and infrastructure management.
    • Real-time debugging.
    • Testing capabilities.
    • Security management.
    • Application integration management.

    2.2.2 Build your feature and service lists

    1-3 hours

    Review the key outcomes in the previous exercises to help inform the features and vendor support you require to support your mobile delivery needs:

    End user personas and desired mobile experience

    Objectives and expectations

    Desired mobile features and platform

    Mobile delivery solutions

    Brainstorm a list of features and functionalities you require from your ideal solution vendors. Prioritize these features and functionalities. See our Implement a Proactive and Consistent Vendor Selection Process blueprint for more information on vendor procurement.

    Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Download the Mobile Application Delivery Communication Template

    Input

    Output
    • Shortlist of mobile solutions
    • Quality definitions
    • Mobile objectives and metrics
    • List of desired features and services of mobile delivery solution vendors
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Hit a home run with your stakeholders

    Use a data-driven approach to select the right tooling vendor for your needs – fast.

    AwarenessEducation & DiscoveryEvaluationSelection

    Negotiation & Configuration

    1.1 Proactively Lead Technology Optimization & Prioritization2.1 Understand Marketplace Capabilities & Trends3.1 Gather & Prioritize Requirements & Establish Key Success Metrics4.1 Create a Weighted Selection Decision Model5.1 Initiate Price Negotiation with Top Two Venders
    1.2 Scope & Define the Selection Process for Each Selection Request Action2.2 Discover Alternate Solutions & Conduct Market Education3.2 Conduct a Data Driven Comparison of Vendor Features & Capabilities4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities with Top 2-4 Vendors5.2 Negotiate Contract Terms & Product Configuration

    1.3 Conduct an Accelerated Business Needs Assessment

    2.3 Evaluate Enterprise Architecture & Application PortfolioNarrow the Field to Four Top Contenders4.3 Validate Key Issues with Deep Technical Assessments, Trial Configuration & Reference Checks5.3 Finalize Budget Approval & Project
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation2.4 Validate the Business Case5.4 Invest in Training & Onboarding Assistance

    Investing time improving your software selection methodology has big returns.

    Info-Tech Insight

    Not all software selection projects are created equal – some are very small, some span the entire enterprise. To ensure that IT is using the right framework, understand the cost and complexity profile of the application you're looking to select. Info-Tech's Rapid Application Selection Framework approach is best for commodity and mid-tier enterprise applications; selecting complex applications is better handled by the methodology in Info-Tech's Implement a Proactive and Consistent Vendor Selection Process.

    Step 2.3

    Create a Roadmap for Mobile Delivery

    Activities

    2.3.1 Define your MVP release

    2.3.2 Build your roadmap

    Define Your Mobile Approach

    This step involves the following participants:

    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    Outcomes of this step

    • MVP design
    • Mobile delivery roadmap

    Achieve mobile success with MVPs

    By delivering mobile capabilities in small iterations, teams recognize value sooner and reduce accumulated risk. Both benefits are realized as the iteration enters validation testing and release.

    This image depicts a graph of the learn-build-measure cycle over time, adapted from Managing the Development of Large Software Systems, Dr. Winston W. Royce, 1970

    An MVP focuses on a small set of functions, involves minimal possible effort to deliver a working and valuable solution, and is designed to satisfy a specific user group. Its purpose is to:

    • Maximize learning.
    • Evaluate the value and acceptance of mobile applications.
    • Inform the building of a mobile delivery practice.

    The build-measure-learn loop suggests mobile delivery teams should perpetually take an idea and develop, test, and validate it with the mobile development solution, then expand on the MVP using the lessons learned and evolving ideas. In this sense the MVP is just the first iteration in the loop.

    Leverage a canvas to detail your MVP

    Use the release canvas to organize and align the organization around your MVP!

    This is an example of a release canvas which can be used to detail your MVP.

    2.3.1 Define your MVP release

    1-3 hours

    1. Create a list of high priority use cases slated for mobile application delivery. Brainstorm the various supporting activities required to implement your use cases including the shortlisting of mobile delivery tools.
    2. Prioritize these use cases based on business priority (from your canvas). Size the effort of these use cases through collaboration.
    3. Define your MVPs using a release canvas as shown on the following slide.
    4. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • High priority mobile opportunities
    • Mobile platform approach
    • Shortlist of mobile solutions
    • List of potential MVPs
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.1 cont'd

    MVP Name

    Owner:
    Parent Initiative:
    Updated:

    NAME
    LINK
    October 05, 2022

    MVP Theme/Goals

    [Theme / Goal]

    Use Cases

    Value

    Costs

    [Use Case 1]
    [Use Case 2]
    [Use Case 3]

    [Business Value 1]
    [Business Value 2]
    [Business Value 3]

    [Cost Item 1]
    [Cost Item 2]
    [Cost Item 3]

    Impacted Personas

    Impacted Workflows

    Stakeholders

    [Persona 1]
    [Persona 2]
    [Persona 3]

    [Workflow 1]
    [Workflow 2]
    [Workflow 3]

    [Stakeholder 1]
    [Stakeholder 2]
    [Stakeholder 3]

    Build your mobile roadmap

    It's more than a set of colorful boxes. It's the map to align everyone to where you are going

    Your mobile roadmap

    • Lays out a strategy for your mobile application, platform and practice implementation and scaling.
    • Is a statement of intent for your mobile adoption.
    • Communicates direction for the implementation and use of mobile delivery tools, mobile applications and supporting technologies.
    • Directly connects to the organization's goals

    However, it is not:

    • Representative of a hard commitment.
    • A simple combination of your current product roadmaps

    Roadmap your MVPs against your milestones and release dates

    This is an image of an example of a roadmap for your MVPS, with milestones across Jan 2022, Feb 2022, Mar 2022, Apr 2022. under milestones, are the following points: Points in the timeline when an established set of artifacts is complete (feature-based), or to check status at a particular point in time (time-based); Typically assigned a date and used to show progress; Plays an important role when sequencing different types of artifacts. Under Release Dates are the following points: Releases mark the actual delivery of a set of artifacts packaged together in a new version of processes and applications or new mobile application and delivery capabilities. ; Release dates, firm or not, allow stakeholders to anticipate when this is coming.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Understand what is communicated in your roadmap

    WHY is the work being done?

    Explains the overarching goal of work being done to a specific audience.

    WHO is doing the work?

    Categorizes the different groups delivering the work on the product.

    WHAT is the work being done?

    Explains the artifacts, or items of work, that will be delivered.

    WHEN is the work being done?

    Explains when the work will be delivered within your timeline.

    To learn more, visit Info-Tech's Deliver on Your Digital Product Vision blueprint.

    Pay attention to organizational changes

    Be prepared to answer:

    "How will mobile change the way I do my job?"

    • Plan how workers will incorporate mobile applications into their way of working and maximize the features it offers.
    • Address the human concerns regarding the transition to a digital world involving modern and mobile technologies and automation.
    • Accept changes, challenges and failures with open arms and instill tactics to quickly address them.
    • Build and strengthen business-IT trust, empowerment, and collaborative culture by adopting the right practices throughout the mobile delivery process.
    • Ensure continuous management and leadership support for business empowerment, operational changes, and shifts in role definitions to best support mobile delivery.
    • Establish a committee to manage the growth, adoption, and delivery of mobile as part of a grandeur digital application portfolio and address conflicts among business units and IT.

    Anticipate and prepare for changes and issues

    Verify and validate the flexibility and adaptability of your mobile applications, strategy and roadmap against various scenarios

    • Scenarios
      • Application Stores Rejecting the Application
      • Security Incidents & Risks
      • Low User Adoption, Retention & Satisfaction
      • Incompatibility with User's Device & Other Systems
      • Device & OS Patches & Updates
      • Changes in Industry Standards & Regulations

    Use the "Now, Next, Later" roadmap

    Use this when deadlines and delivery dates are not strict. This is best suited for brainstorming a product plan when dependency mapping is not required.

    Now

    What are you going to do now?

    Next

    What are you going to do very soon?

    Later

    What are you going to do in the future?

    This is a roadmap showing various points in the following categories: Now; Next; Later

    Adapted From: "Tips for Agile product roadmaps & product roadmap examples," Scrum.org, 2017

    2.3.2 Build your roadmap

    1-3 hours

    1. Identify the business outcomes your mobile application delivery and MVP is expected to deliver.
    2. Build your strategic roadmap by grouping each business outcome by how soon you need to deliver it:
      1. Now: Let's achieve this ASAP.
      2. Next: Sometime very soon, let's achieve these things.
      3. Later: Much further off in the distance, let's consider these things.
    3. Identify what the critical steps are for the organization to embrace mobile application delivery and deliver your MVP.
    4. Build your tactical roadmap by grouping each critical step by how soon you need to address it:
      1. Now: Let's do this ASAP.
      2. Next: Sometime very soon, let's do these things.
      3. Later: Much further off in the distance, let's consider these things.
    5. Document your findings and discussions into Info-Tech's Mobile Application Delivery Communication Template.

    Input

    Output
    • List of potential MVPs
    • Mobile roadmap
    MaterialsParticipants
    • Whiteboard/Flip Charts
    • Mobile Application Delivery Communication Template
    • Applications Manager
    • Product and Platform Owners
    • Software Delivery Teams
    • Business and IT Leaders

    2.3.2 cont'd

    Example: Tactical Roadmap

    Milestone 1

    • Modify the business processes of the MVP to best leverage mobile technologies. Streamline the business processes by removing the steps that do not directly support value delivery.
    • Develop UI templates using the material design framework and the organization's design standards. Ensure it is supported on mobile devices through the mobile browser and satisfy accessibility design standards.
    • Verify and validate current security controls against latest security risks using the W3C as a starting point. Install the latest security patches to maintain compliance.
    • Acquire the Ionic SDK and upskill delivery teams.

    Milestone 2

    • Update the current web framework and third-party libraries with the latest version and align web infrastructure to latest W3C guidelines.
    • Verify and validate functionality and stability of APIs with third-party applications. Begin transition to REST APIs where possible.
    • Make minor changes to the existing data architecture to better support the data volume, velocity, variety, and veracity the system will process and deliver.
    • Update the master data management with latest changes. Keep changes to a minimum.
    • Develop and deliver the first iteration of the MVP with Ionic.

    Milestone 3

    • Standardize the initial mobile delivery practice.
    • Continuously monitor the system and proactively address business continuity, system stability and performance, and security risks.
    • Deliver a hands-on and facilitated training session to end users.
    • Develop intuitive user manuals that are easily accessible on SharePoint.
    • Consult end users for their views and perspectives of suggested business model and technology changes.
    • Regularly survey end users and the media to gauge industry sentiment toward the organization.

    Pitch your roadmap initiatives

    There are multiple audiences for your pitch, and each audience requires a different level of detail when addressed. Depending on the outcomes expected from each audience, a suitable approach must be chosen. The format and information presented will vary significantly from group to group.

    Audience

    Key Contents

    Outcome

    Outcome

    • Costs or benefits estimates

    Sign off on cost and benefit projections

    Executives and decision makers

    • Business value and financial benefits
    • Notable business risks and impacts
    • Business rationale and strategic roadmap

    Revisions, edits, and approval

    IT teams

    • Notable technical and IT risks
    • IT rationale and tactical roadmap
    • Proposed resourcing and skills capacity

    Clarity of vision and direction and readiness for delivery

    Business workers

    • Business rationale
    • Proposed business operations changes
    • Application roadmap

    Verification on proposed changes and feedback

    Continuously measure the benefits and value realized in your mobile applications

    Success hinges on your team's ability to deliver business value. Well-developed mobile applications instill stakeholder confidence in ongoing business value delivery and stakeholder buy-in, provided proper expectations are set and met.

    Business value defines the success criteria of an organization, and it is interpreted from four perspectives:

    • Profit Generation – The revenue generated from a business capability with mobile applications.
    • Cost Reduction – The cost reduction when performing business capabilities with mobile applications.
    • Service Enablement – The productivity and efficiency gains of internal business operations with mobile applications.
    • Customer and Market Reach – Metrics measuring the improved reach and insights of the business in existing or new markets.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    Business Value Matrix

    This image contains a quadrant analysis with the following labels: Left - Improved Capabilities; Top - Outward; Right - Financial Benefit; Bottom - Inward. the quadrants are labeled the following, in order from left to right, top to bottom. Customer and Market Reach; Profit Generation; Service Enhancement; Cost Reduction

    Grow your mobile delivery practice

    We are Here
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    You understand the opportunities and impacts mobile has on your business operations and its disruptive nature on your enterprise systems. Your software delivery lifecycle was optimized to incorporate the specific practices and requirements needed for mobile. A mobile platform was selected based on stakeholder needs that are weighed against current skillsets, high priority non-functional requirements, the available capacity and scalability of your stack, and alignment to your current delivery process.

    New features and mobile use cases are regularly emerging in the industry. Ensuring your mobile platform and delivery process can easily scale to incorporate constantly changing mobile features and technologies is key. This can help minimize the impact these changes will have on your mobile stack and the resulting experience.

    Achieving this state requires three competencies: mobile security, performance optimization, and integration practices.

    Many of today's mobile trends involve, in one form or another, hardware components on the mobile device (e.g., NFC receivers, GPS, cameras). You understand the scope of native features available on your end user's mobile device and the required steps and capabilities to enable and leverage them.

    Grow your mobile delivery practice (cont'd)

    Ask yourself the following questions:
    Level 1: Mobile Delivery Foundations Level 2: Scaled Mobile Delivery Level 3: Leading-Edge Mobile Delivery

    Checkpoint questions shown at the end of step 1.2 of this blueprint

    You should be at this point upon the successful delivery of your first mobile application.

    Security

    • Your mobile stack (application, data, and infrastructure) is updated to incorporate the security risks mobile apps will have on your systems and business operations.
    • Leading edge encryption, authentication management (e.g., multi-factor), and access control systems are used to bolster existing mobile security infrastructure.
    • Network traffic to and from mobile application is monitored and analyzed.

    Performance Optimization

    • Performance enhancements are made with the entire mobile stack in mind.
    • Mobile performance is monitored and assessed with both proactive (data flow) and retroactive (instrumentation) approaches.
    • Development and testing practices and technologies accommodate the performance differences between mobile and desktop applications.

    API Development

    • Existing web APIs are compatible with mobile applications, or a gateway / middleware is used to facilitate communication with backend and third-party services.
    • APIs are secured to prevent unauthorized access and misuse.
    • Web APIs are documented and standardized for reuse in multiple mobile applications.
    • Implementing APIs of native features in native and/or cross-platform and/or hybrid platforms is well understood.
    • All leading-edge mobile features are mapped to and support business requirements and objectives.
    • The new mobile use cases are well understood and account for the various scenarios/environments a user may encounter with the leading-edge mobile features.
    • The relevant non-mobile devices, readers, sensors, and other dependent systems are shortlisted and acquired to enable and support your new mobile capabilities.
    • Delivery teams are prepared to accommodate the various security, performance, and integration risks associated with implementing leading-edge mobile features. Practices and mechanisms are established to minimize the impact to business operations.
    • Metrics are used to measure the success of your leading-edge mobile features implementation by comparing its performance and acceptance against past projects.
    • Business stakeholders and development teams are up to date with the latest mobile technologies and delivery techniques.

    Summary of Accomplishment

    Choose Your Mobile Platform and Tools

    • User personas
    • Mobile objectives and metrics
    • Mobile opportunity backlog
    • List of mobile features to enable the desired mobile experience
    • System current assessment
    • Mobile application quality definition
    • Readiness for mobile delivery
    • Desired mobile platform approach
    • Shortlisted mobile delivery solutions
    • Desired list of vendor features and services
    • MVP design
    • Mobile delivery roadmap

    If you would like additional support, have our analysts guide you through other phases as part of Info-Tech workshop.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    This is a picture of Chaim Yudkowsky, Chief Information Officer for The American Israel Public Affairs Committee

    Chaim Yudkowsky
    Chief Information Officer
    The American Israel Public Affairs Committee

    Chaim Yudkowsky is currently Chief information Officer for American Israel Public Affairs Committee (AIPAC), the DC headquartered not-for-profit focused on lobbying for a strong US-Israel relationship. In that role, Chaim is responsible for all traditional IT functions including oversight of IT strategy, vendor relationships, and cybersecurity program. In addition, Chaim also has primary responsibility for all physical security technology and strategy for US offices and event technology for the many AIPAC events.

    Bibliography

    "5 Pillars of API Management". Broadcom, 2021. Web.

    Bourne, James. "Apperian research shows more firms pushing larger numbers of enterprise apps". Enterprise CIO, 17 Feb 2016. Web.

    Ceci, L. "Mobile app user retention rate worldwide 2020, by vertical". Statista, 6 Apr 2022. Web.

    Clement, J. "Share of global mobile website traffic 2015-2021". Statista, 18 Feb 2022. Web

    DeVos, Jordan. "Design Problem Statements – What They Are and How to Frame Them." Toptal, n.d. Web.

    Enge, Eric. "Mobile vs. Desktop Usage in 2020". Perficient, 23 March 2021. Web.

    Engels, Antoine. "How many Android updates does Samsung, Xiaomi or OnePlus offer?" NextPit, Mar 2022. Web.

    "Fast-tracking digital transformation through next-gen technologies". Broadridge, 2022. Web.

    Gayatri. "The Pulse of Digital Transformation 2021 – Survey Results." DronaHQ, 2021. Web.

    Gray, Dave. "Updated Empathy Map Canvas." The XPLANE Collection, 15 July 2017. Web.

    "HCL Volt MX". HCL, n.d. Web.

    "iPass Mobile Professional Report 2017". iPass, 2017. Web.

    Karlsson, Johan. "Backlog Grooming: Must-Know Tips for High-Value Products." Perforce, 2019. Web.

    Karnes, KC. "Why Users Uninstall Apps: 28% of People Feel Spammed [Survey]". CleverTap, 27 July 2021. Web.

    Kemp, Simon. "Digital 2021: Global Overview Report". DataReportal, 27 Jan 2021. Web.

    Kleinberg, Sara. "Consumers are always shopping and eager for your help". Google, Aug 2018. Web.

    MaLavolta, Ivano. "Anatomy of an HTML 5 mobile web app". University of L'Aquila, 16 Apr 2012. Web.

    "Maximizing Mobile Value: To BYOD or not to BYOD?" Samsung and Oxford Economics, 2022. Web.

    "Mobile App Performance Metrics For Crash-Free Apps." AppSamurai, 27 June 2018. Web.

    "Mobile Application Development Statistics: 5 Facts". Intersog, 23 Nov 2021. Web.

    Moore, Geoffrey A. "Crossing the Chasm, 3rd Edition: Marketing and Selling Disruptive Products to Mainstream Customers." Harper Business, 3rd edition, 2014. Book.

    "OWASP Top Ten". OWASP, 2021. Web.

    "Personas". Usability.gov, n.d. Web.

    Roden, Marky. "PSC Tech Talk: UX Design – Not just making things pretty". Xomino, 18 Mar 2018. Web.

    Royce, Dr. Winston W. "Managing the Development of Large Software Systems." USC Student Computing Facility, 1970. Web.

    Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012. Book.

    Sahay, Apurvanand et al. "Supporting the understanding and comparison of low-code development platforms." Universit`a degli Studi dell'Aquila, 2020. Web.

    Schuurman, Robbin. "Tips for Agile product roadmaps & product roadmap examples." Scrum.org, 2017. Web.

    Strunk, Christian. "How to define a product vision (with examples)." Christian Strunk. n.d. Web.

    Szeja, Radoslaw. "14 Biggest Challenges in Mobile App Development in 2022". Netguru, 4 Jan 2022. Web.

    "Synopsys Research Reveals Significant Security Concerns in Popular Mobile Apps Amid Pandemic". Synopsys, 25 Mar 2021. Web.

    "TOGAF 8.1.1 Online, Part IV: Resource Base, Developing Architecture Views." The Open Group, n.d. Web.

    Wangen, Emilie Nøss. "What Is a Software Platform & How Is It Different From a Product?" HubSpot, 2021. Web.

    "Mobile App Retention Rate: What's a Good Retention Rate?" Localytics, July 2021. Web.

    "Why Mobile Apps Fail: Failure to Launch". Perfecto Mobile, 26 Jan 2014. Web.

    Appendix A

    Sample Reference Frameworks

    Reference Framework: Web Platform

    Most of the operations of the applications on a web platform are executed in the mid-tier or back-end servers. End users interact with the platform through the presentation layer, developed with web languages, in the browser.

    This is an image of the Reference Framework: Web Platform

    Reference Framework: Mobile Web Application

    Many mobile web applications are composed of JavaScript (the muscle of the app), HTML5 (the backbone of the app), and CSS (the aesthetics of the app). The user will make a request to the web server which will interact with the application to provide a response. Since each device has unique attributes, consider a device detection service to help adjust content for each type of device.

    this is an image of the Reference Framework: Mobile Web Application

    Source: MaLavolta, Ivono, 2012.

    Web Platform: Anatomy of a Web Server

    Web Server Services

    • Mediation Services: Perform transformation of data/messages.
    • Boundary Services: Provide interface protocol and data/message conversion capabilities.
    • Event Distribution: Provides for the enterprise-wide adoption of content and topic-based publish/subscribe event distribution.
    • Transport Services: Facilitate data transmission across the middleware/server.
    • Service Directory: Manages multiple service identifiers and locations.

    This image shows the relationships of the various web server services listed above

    Reference Framework: Hybrid Platform

    Unlike the mobile web platform, most of an application's operations on the hybrid platform is on the device within a native container. The container leverages the device browser's runtime engine and is based on the framework of the mobile delivery solution.

    This is an image of the Reference Framework: Hybrid Platform

    Reference Framework: Native Platform

    Applications on a native platform are installed locally on the device giving it access to native device hardware and software. The programming language depends on the operating system's or device's SDK.

    This is an image of the Reference Framework: Native Platform

    Appendix B

    List of Low- and No- Code Software Delivery Solution Features

    Supplementary List of Features

    Graphical user interface

    • Drag-and-drop designer - This feature enhances the user experience by permitting to drag all the items involved in making an app including actions, responses, connections, etc.
    • Point and click approach - This is similar to the drag-and-drop feature except it involves pointing on the item and clicking on the interface rather than dragging and dropping the item.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user can use when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user can use when developing an application.
    • Forms - This feature helps in creating a better user interface and user experience when developing applications. A form includes dashboards, custom forms, surveys, checklists, etc. which could be useful to enhance the usability of the application being developed.
    • Progress tracking - This features helps collaborators to combine their work and track the development progress of the application.
    • Advanced Reporting - This features enables the user to obtain a graphical reporting of the application usage. The graphical reporting includes graphs, tables, charts, etc.
    • Built-in workflows - This feature helps to concentrate the most common reusable workflows when creating applications.
    • Configurable workflows - Besides built-in workflows, the user should be able to customize workflows according to their needs.

    Interoperability support

    • Interoperability with external services - This feature is one of the most important features to incorporate different services and platforms including that of Microsoft, Google, etc. It also includes the interoperability possibilities among different low-code platforms.
    • Connection with data sources - This features connects the application with data sources such as Microsoft Excel, Access and other relational databases such as Microsoft SQL, Azure and other non-relational databases such as MongoDB.

    Security Support

    • Application security - This feature enables the security mechanism of an application which involves confidentiality, integrity and availability of an application, if and when required.
    • Platform security - The security and roles management is a key part in developing an application so that the confidentiality, integrity and authentication (CIA) can be ensured at the platform level.

    Collaborative development support

    • Off-line collaboration - Different developers can collaborate on the specification of the same application. They work off-line locally and then they commit to a remote server their changes, which need to be properly merged.
    • On-line collaboration - Different developers collaborate concurrently on the specification of the same application. Conflicts are managed at run-time.

    Reusability support

    • Built-in workflows - This feature helps to concentrate the most common reusable workflows in creating an application.
    • Pre-built forms/reports - This is off-the-shelf and most common reusable editable forms or reports that a user might want to employ when developing an application.
    • Pre-built dashboards - This is off-the-shelf and most common dashboards that a user might want to employ when developing an application.

    Scalability

    • Scalability on number of users - This features enables the application to scale-up with respect to the number of active users that are using that application at the same time.
    • Scalability on data traffic - This features enables the application to scale-up with respect to the volume of data traffic that are allowed by that application in a particular time.
    • Scalability on data storage - This features enables the application to scale-up with respect to the data storage capacity of that application.

    Business logic specification mechanisms

    • Business rules engine - This feature helps in executing one or more business rules that help in managing data according to user's requirements.
    • Graphical workflow editor - This feature helps to specify one or more business rules in a graphical manner.
    • AI enabled business logic - This is an important feature which uses Artificial Intelligence in learning the behavior of an attributes and replicate those behaviors according to learning mechanisms.

    Application build mechanisms

    • Code generation - According to this feature, the source code of the modeled application is generated and subsequently deployed before its execution.
    • Models at run-time - The model of the specified application is interpreted and used at run-time during the execution of the modeled application without performing any code generation phase.

    Deployment support

    • Deployment on cloud - This features enables an application to be deployed online in a cloud infrastructure when the application is ready to deployed and used.
    • Deployment on local infrastructures - This features enables an application to be deployed locally on the user organization's infrastructure when the application is ready to be deployed and used.

    Kinds of supported applications

    • Event monitoring - This kind of applications involves the process of collecting data, analyzing the event that can be caused by the data, and signaling any events occurring on the data to the user.
    • Process automation - This kind of applications focuses on automating complex processes, such as workflows, which can take place with minimal human intervention.
    • Approval process control - This kind of applications consists of processes of creating and managing work approvals depending on the authorization of the user. For example, payment tasks should be managed by the approval of authorized personnel only.
    • Escalation management - This kind of applications are in the domain of customer service and focuses on the management of user viewpoints that filter out aspects that are not under the user competences.
    • Inventory management - This kind of applications is for monitoring the inflow and outflow of goods and manages the right amount of goods to be stored.
    • Quality management - This kind of applications is for managing the quality of software projects, e.g., by focusing on planning, assurance, control and improvements of quality factors.
    • Workflow management - This kind of applications is defined as sequences of tasks to be performed and monitored during their execution, e.g., to check the performance and correctness of the overall workflow.

    Source: Sahay, Apurvanand et al., 2020

    Create a Customized Big Data Architecture and Implementation Plan

    • Buy Link or Shortcode: {j2store}388|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Big data architecture is different from traditional data for several key reasons, including:
      • Big data architecture starts with the data itself, taking a bottom-up approach. Decisions about data influence decisions about components that use data.
      • Big data introduces new data sources such as social media content and streaming data.
      • The enterprise data warehouse (EDW) becomes a source for big data.
      • Master data management (MDM) is used as an index to content in big data about the people, places, and things the organization cares about.
      • The variety of big data and unstructured data requires a new type of persistence.
    • Many data architects have no experience with big data and feel overwhelmed by the number of options available to them (including vendor options, storage options, etc.). They often have little to no comfort with new big data management technologies.
    • If organizations do not architect for big data, there are a couple of main risks:
      • The existing data architecture is unable to handle big data, which will eventually result in a failure that could compromise the entire data environment.
      • Solutions will be selected in an ad hoc manner, which can cause incompatibility issues down the road.

    Our Advice

    Critical Insight

    • Before beginning to make technology decisions regarding the big data architecture, make sure a strategy is in place to document architecture principles and guidelines, the organization’s big data business pattern, and high-level functional and quality of service requirements.
    • The big data business pattern can be used to determine what data sources should be used in your architecture, which will then dictate the data integration capabilities required. By documenting current technologies, and determining what technologies are required, you can uncover gaps to be addressed in an implementation plan.
    • Once you have identified and filled technology gaps, perform an architectural walkthrough to pull decisions and gaps together and provide a fuller picture. After the architectural walkthrough, fill in any uncovered gaps. A proof-of-technology project can be started as soon as you have evaluation copies (or OSS) products and at least one person who understands the technology.

    Impact and Result

    • Save time and energy trying to fix incompatibilities between technology and data.
    • Allow the Data Architect to respond to big data requests from the business more quickly.
    • Provide the organization with valuable insights through the analytics and visualization technologies that are integrated with the other building blocks.

    Create a Customized Big Data Architecture and Implementation Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recognize the importance of big data architecture

    Big data is centered on the volume, variety, velocity, veracity, and value of data. Achieve a data architecture that can support big data.

    • Storyboard: Create a Customized Big Data Architecture and Implementation Plan

    2. Define architectural principles and guidelines while taking into consideration maturity

    Understand the importance of a big data architecture strategy. Assess big data maturity to assist with creation of your architectural principles.

    • Big Data Maturity Assessment Tool
    • Big Data Architecture Principles & Guidelines Template

    3. Build the big data architecture

    Come to accurate big data architecture decisions.

    • Big Data Architecture Decision Making Tool

    4. Determine common services needs

    What are common services?

    5. Plan a big data architecture implementation

    Gain business satisfaction with big data requests. Determine what steps need to be taken to achieve your big data architecture.

    • Big Data Architecture Initiative Definition Tool
    • Big Data Architecture Initiative Planning Tool

    Infographic

    Workshop: Create a Customized Big Data Architecture and Implementation Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Recognize the Importance of Big Data Architecture

    The Purpose

    Set expectations for the workshop.

    Recognize the importance of doing big data architecture when dealing with big data.

    Key Benefits Achieved

    Big data defined.

    Understanding of why big data architecture is necessary.

    Activities

    1.1 Define the corporate strategy.

    1.2 Define big data and what it means to the organization.

    1.3 Understand why doing big data architecture is necessary.

    1.4 Examine Info-Tech’s Big Data Reference Architecture.

    Outputs

    Defined Corporate Strategy

    Defined Big Data

    Reference Architecture

    2 Design a Big Data Architecture Strategy

    The Purpose

    Identification of architectural principles and guidelines to assist with decisions.

    Identification of big data business pattern to choose required data sources.

    Definition of high-level functional and quality of service requirements to adhere architecture to.

    Key Benefits Achieved

    Key Architectural Principles and Guidelines defined.

    Big data business pattern determined.

    High-level requirements documented.

    Activities

    2.1 Discuss how maturity will influence architectural principles.

    2.2 Determine which solution type is best suited to the organization.

    2.3 Define the business pattern driving big data.

    2.4 Define high-level requirements.

    Outputs

    Architectural Principles & Guidelines

    Big Data Business Pattern

    High-Level Functional and Quality of Service Requirements Exercise

    3 Build a Big Data Architecture

    The Purpose

    Establishment of existing and required data sources to uncover any gaps.

    Identification of necessary data integration requirements to uncover gaps.

    Determination of the best suited data persistence model to the organization’s needs.

    Key Benefits Achieved

    Defined gaps for Data Sources

    Defined gaps for Data Integration capabilities

    Optimal Data Persistence technology determined

    Activities

    3.1 Establish required data sources.

    3.2 Determine data integration requirements.

    3.3 Learn which data persistence model is best suited.

    3.4 Discuss analytics requirements.

    Outputs

    Data Sources Exercise

    Data Integration Exercise

    Data Persistence Decision Making Tool

    4 Plan a Big Data Architecture Implementation

    The Purpose

    Identification of common service needs and how they differ for big data.

    Performance of an architectural walkthrough to test decisions made.

    Group gaps to form initiatives to develop an Initiative Roadmap.

    Key Benefits Achieved

    Common service needs identified.

    Architectural walkthrough completed.

    Initiative Roadmap completed.

    Activities

    4.1 Identify common service needs.

    4.2 Conduct an architectural walkthrough.

    4.3 Group gaps together into initiatives.

    4.4 Document initiatives on an initiative roadmap.

    Outputs

    Architectural Walkthrough

    Initiative Roadmap

    Present Security to Executive Stakeholders

    • Buy Link or Shortcode: {j2store}262|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders find it challenging to convey the necessary information to obtain support for security objectives.
    • Changes to the threat landscape and shifts in organizational goals exacerbate the issue, as they impact security leaders' ability to prioritize topics to be communicated.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.

    Our Advice

    Critical Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.

    Impact and Result

    • Developing a thorough understanding of the security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Present Security to Executive Stakeholders Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Present Security to Executive Stakeholders – A step-by-step guide to communicating security effectively to obtain support from decision makers.

    Use this as a guideline to assist you in presenting security to executive stakeholders.

    • Present Security to Executive Stakeholders Storyboard

    2. Security Presentation Templates – A set of security presentation templates to assist you in communicating security to executive stakeholders.

    The security presentation templates are a set of customizable templates for various types of security presentation including:

    • Present Security to Executive Stakeholders Templates

    Infographic

    Further reading

    Present Security to Executive Stakeholders

    Learn how to communicate security effectively to obtain support from decision makers.

    Analyst Perspective

    Build and deliver an effective security communication to your executive stakeholders.

    Ahmad Jowhar

    As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected.

    However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging.

    Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives.

    Ahmad Jowhar
    Research Specialist, Security & Privacy

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • Many security leaders struggle to decide what to present and how to present security to executive stakeholders.
    • Constant changes in the security threat landscape impacts a security leader’s ability to prioritize topics to be communicated.
    • There is a disconnect between security leaders and executive stakeholders on what information is important to present.
    • Security leaders struggle to communicate the importance of security to a non-technical audience.
    • Developing a thorough understanding of security communication goals.
    • Understanding the importance of leveraging highly relevant and understandable data.
    • Developing and delivering presentations that will keep your audience engaged and build trust with your executive stakeholders.

    Info-Tech Insight

    Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Your challenge

    As a security leader, you need to communicate security effectively to executive stakeholders in order to obtain support for your security objectives.

    • When it comes to presenting security to executive stakeholders, many security leaders find it challenging to convey the necessary information in order to obtain support for security objectives.
    • This is attributed to various factors, such as an increase in the threat landscape, changes to industry regulations and standards, and new organizational goals that security has to align with.
    • Furthermore, with the limited time to communicate with executive stakeholders, both in frequency and duration, identifying the most important information to address can be challenging.

    76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.

    62% find it difficult to balance the risk of too much detail and need-to-know information.

    41% find it challenging to communicate effectively with a mixed technical and non-technical audience.

    Source: Deloitte, 2022

    Common obstacles

    There is a disconnect between security leaders and executive stakeholders when it comes to the security posture of the organization:

    • Executive stakeholders are not confident that their security leaders are doing enough to mitigate security risks.
    • The issue has been amplified, with security threats constantly increasing across all industries.
    • However, security leaders don’t feel that they are in a position to make themselves heard.
    • The lack of organizational security awareness and support from cross-functional departments has made it difficult to achieve security objectives (e.g. education, investments).
    • Defining an approach to remove that disconnect with executive stakeholders is of utmost importance for security leaders, in order to improve their organization’s security posture.

    9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.

    77% of organizations have seen an increase in the number of attacks in 2021.

    56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.

    Source: EY, 2021
    The image contains a screenshot of an Info-Tech Thoughtmodel titled: Presenting Security to Executive Stakeholders.

    Info-Tech’s methodology for presenting security to executive stakeholders

    1. Identify communication goals

    2. Collect information to support goals

    3. Develop communication

    4. Deliver communication

    Phase steps

    1. Identify drivers for communicating to executives
    2. Define your goals for communicating to executives
    1. Identify data to collect
    2. Plan how to retrieve data
    1. Plan communication
    2. Build a compelling communication document
    1. Deliver a captivating presentation
    2. Obtain/verify goals

    Phase outcomes

    A defined list of drivers and goals to help you develop your security presentations

    A list of data sources to include in your communication

    A completed communication template

    A solidified understanding of how to effectively communicate security to your stakeholders

    Develop a structured process for communicating security to your stakeholders

    Security presentations are not a one-way street
    The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.

    Identifying your goals is the foundation of an effective presentation
    Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.

    Harness the power of data
    Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.

    Take your audience on a journey
    Developing a storytelling approach will help engage with your audience.

    Win your audience by building a rapport
    Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.

    Tactical insight
    Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.

    Tactical insight
    Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.

    Project deliverables

    This blueprint is accompanied by a supporting deliverable which includes five security presentation templates.

    Report on Security Initiatives
    Template showing how to inform executive stakeholders of security initiatives.

    Report on Security Initiatives.

    Security Metrics
    Template showing how to inform executive stakeholders of current security metrics that would help drive future initiatives.

    Security Metrics.

    Security Incident Response & Recovery
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Incident Response & Recovery

    Security Funding Request
    Template showing how to inform executive stakeholders of security incidents, their impact, and the response plan.

    Security Funding Request

    Key template:

    Security and Risk Update

    Template showing how to inform executive stakeholders of proactive security and risk initiatives.

    Blueprint benefits

    IT/InfoSec benefits

    Business benefits

    • Reduce effort and time spent preparing cybersecurity presentations for executive stakeholders by having templates to use.
    • Enable security leaders to better prepare what to present and how to present it to their executive stakeholders, as well as driving the required outcomes from those presentations.
    • Establish a best practice for communicating security and IT to executive stakeholders.
    • Gain increased awareness of cybersecurity and the impact executive stakeholders can have on improving an organization’s security posture.
    • Understand how security’s alignment with the business will enable the strategic growth of the organization.
    • Gain a better understanding of how security and IT objectives are developed and justified.

    Measure the value of this blueprint

    Phase

    Measured Value (Yearly)

    Phase 1: Identify communication goals

    Cost to define drivers and goals for communicating security to executives:

    16 FTE hours @ $233K* =$1,940

    Phase 2: Collect information to support goals

    Cost to collect and synthesize necessary data to support communication goals:

    16 FTE hours @ $233K = $1,940

    Phase 3: Develop communication

    Cost to develop communication material that will contextualize information being shown:

    16 FTE hours @ $233K = $1,940

    Phase 4: Deliver communication

    Potential Savings:

    Total estimated effort = $5,820

    Our blueprint will help you save $5,820 and over 40 FTE hours

    * The financial figure depicts the annual salary of a CISO in 2022

    Source: Chief Information Security Officer Salary.” Salary.com, 2022

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Phase 1

    Identify communication goals

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding the different drivers for communicating security to executive stakeholders
    • Identifying different communication goals

    This phase involves the following participants:

    • Security leader

    1.1. Identify drivers for communicating to executive stakeholders

    As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.

    However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.

    39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.

    Source: EY, 2021.

    Info-Tech Insight

    Not all security presentations are the same. Keep your communication strategy and processes agile.

    Know your drivers for security presentations

    By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.

    • These meetings, which are usually held once per quarter, provide you with less than one hour of presentation time.
    • Hence, it is crucial to know why you need to present security and whether these drivers are similar across the other presentations.

    Understanding drivers will also help you understand how to present security to executive stakeholders.

    • These drivers will shape the structure of your presentation and help determine your approach to communicating your goals.
    • For example, financial-based presentations that are driven by budget requests might create a sense of urgency or assurance about investment in a security initiative.

    Identify your communication drivers, which can stem from various initiatives and programs, including:

    • Results from internal or external audit reports.
    • Upcoming budget meetings.
    • Briefing newly elected executive stakeholders on security.

    When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.

    Examples of drivers for security presentations

    Audit
    Upcoming internal or external audits might require updates on the organization’s compliance

    Organizational restructuring
    Restructuring within an organization could require security updates

    Merger & Acquisition
    An M&A would trigger presentations on organization’s current and future security posture

    Cyber incident
    A cyberattack would require an immediate presentation on its impact and the incident response plan

    Ad hoc
    Provide security information requested by stakeholders

    1.2. Define your goals for communicating to executives

    After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.

    • Communication drivers are mainly triggers for why you want to present security.
    • Communication goals are the potential outcomes you are hoping to obtain from the presentation.
    • Your communication goals would help identify what data and metrics to include in your presentation, the structure of your communication deck, and how you deliver your communication to executive stakeholders.

    Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.

    • As a group, brainstorm the security goals that align with your business goals for the coming year.
      • Aim to have at least two business goals that align with each security goal.
    • Identify what benefits and value the executive stakeholders will gain from the security goal being presented.
      • E.g. Increased security awareness, updates on organization's security posture.
    • Identify what the ask is for this presentation.
      • E.g. Approval for increasing budget to support security initiatives, executive support to implement internal security programs.

    Info-Tech Insight

    There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.

    Examples of security presentation goals

    Educate
    Educate the board on security trends and/or latest risks in the industry

    Update
    Provide updates on security initiatives, relevant security metrics, and compliance posture

    Inform
    Provide an incident response plan due to a security incident or deliver updates on current threats and risks

    Investment
    Request funding for security investments or financial updates on past security initiatives

    Ad hoc
    Provide security information requested by stakeholders

    Phase 2

    Collect information to support goals

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Understanding what types of data to include in your security presentations
    • Defining where and how to retrieve data

    This phase involves the following participants:

    • Security leader
    • Network/security analyst

    2.1 Identify data to collect

    After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.

    • Leveraging data and analytics will assist in providing quantitative-based communication, which will result in a more meaningful and effective presentation.
    • The data presented will showcase the visibility of an organization’s security posture along with potential risks and figures on how to mitigate those risks.
    • Providing analysis of the quantitative data presented will also showcase further insights on the figures, allow the audience to better understand the data, and show its relevance to the communication goals.

    Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:

    • Work with your security team to identify the main type of data applicable to the communication goals.
      • E.g. Financial data would be meaningful to use when communicating a budget presentation.
    • Identify supporting data linked to the main data defined.
      • E.g. If a financial investment is made to implement a security initiative, then metrics on improvements to the security posture will be relevant.
    • Show how both the main and supporting data align with the communication goals.
      • E.g. Improvement in security posture would increase alignment with regulation standards, which would result in additional contracts being awarded and increased revenue.

    Info-Tech Insight

    Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.

    Examples of data to present

    Educate
    Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries

    Update
    Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives

    Inform
    Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact

    Investment
    Capital and operating expenditure for investment; ROI on past and future security initiatives

    Ad hoc
    Number of security initiatives that went over budget; phishing test campaign results

    2.2 Plan how to retrieve the data

    Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.

    • Most of the data leveraged for security presentations are structured data, which are highly organized data that are often stored in a relational and easily searchable database.
      • This includes security log reports or expenditures for ongoing and future security investments.
    • Retrieving the data, however, would require collaboration and cooperation from different team members.
    • You would need to work with the security team and other appropriate stakeholders to identify where the data is stored and who the data owner is.

    Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation

    • This could include using queries to retrieve the relevant information needed (e.g. SQL, Microsoft Excel).
    • Verify the accuracy and relevance of the data with other stakeholders to ensure it is the most appropriate data to be presented to the executive stakeholders.

    Info-Tech Insight

    Using a data-driven approach to help support your objectives is key to engaging with your audience.

    Plan where to retrieve the data

    Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.

    Examples of where to retrieve your data

    Data Source

    Data

    Data Owner

    Communication Goal

    Audit & Compliance Reports

    Percentage of controls completed to be certified with ISO 27001; Number of security threats & risks identified.

    Audit Manager;

    Compliance Manager;

    Security Leader

    Ad hoc, Educate, Inform

    Identity & Access Management (IAM) Applications

    Number of privileged accounts/department; Percentage of user accounts with MFA applied

    Network/Security Analyst

    Ad hoc, Inform, Update

    Security Information & Event Management (SIEM)

    Number of attacks detected and blocked before & after implementing endpoint security; Percentage of firewall rules that triggered a false positive

    Network/Security Analyst

    Ad hoc, Inform, Update

    Vulnerability Management Applications

    Percentage of critical vulnerabilities patched; Number of endpoints encrypted

    Network/Security Analyst

    Ad hoc, Inform, Update

    Financial & Accounting Software

    Capital & operating expenditure for future security investments; Return on investment (ROI) on past and current security investments

    Financial and/or Accounting Manager

    Ad hoc, Educate, Investments

    Phase 3

    Develop communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a communication strategy for presenting security
    • Identifying security templates that are applicable to your presentation

    This phase involves the following participants:

    • Security leader

    3.1 Plan communication: Know who your audience is

    • When preparing your communication, it's important to understand who your target audience is and to conduct background research on them.
    • This will help develop your communication style and ensure your presentation caters to the expected audience in the room.

    Examples of two profiles in a boardroom

    Formal board of directors

    The executive team

    • In the private sector, this will include an appointed board of shareholders and subcommittees external to the organization.
    • In the public sector, this can include councils, commissions, or the executive team itself.
    • In government, this can include mayors, ministers, and governors.
    • The board’s overall responsibility is governance.
    • This audience will include your boss and your peers internal to the organization.
    • This category is primarily involved in the day-to-day operations of the organization and is responsible for carrying out the strategic direction set by the board.
    • The executive team’s overall responsibility is operations.

    3.1.1 Know what your audience cares about

    • Understanding what your executive stakeholders value will equip you with the right information to include in your presentations.
    • Ensure you conduct background research on your audience to assist you in knowing what their potential interests are.
    • Your background research could include:
      • Researching the audience’s professional background through LinkedIn.
      • Reviewing their comments from past executive meetings.
      • Researching current security trends that align with organizational goals.
    • Once the values and risks have been identified, you can document them in notes and share the notes with subject matter experts to verify if these values and risks should be shared in the coming meetings.

    A board’s purpose can include the following:

    • Sustaining and expanding the organization’s purpose and ability to execute in a competitive market.
    • Determining and funding the organization’s future and direction.
    • Protecting and increasing shareholder value.
    • Protecting the company’s exposure to risks.

    Examples of potential values and risks

    • Business impact
    • Financial impact
    • Security and incidents

    Info-Tech Insight
    Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.

    Understand your audience’s concerns

    • Along with knowing what your audience values and cares about, understanding their main concerns will allow you to address those items or align them with your communication.
    • By treating your executive stakeholders as your project sponsors, you would build a level of trust and confidence with your peers as the first step to tackling their concerns.
    • These concerns can be derived from past stakeholder meetings, recent trends in the industry, or strategic business alignments.
    • After capturing their concerns, you’ll be equipped with the necessary understanding on what material to include and prioritize during your presentations.

    Examples of potential concerns for each profile of executive stakeholders

    Formal board of directors

    The executive team

    • Business impact (What is the impact of IT in solving business challenges?)
    • Investments (How will it impact organization’s finances and efficiency?)
    • Cybersecurity and risk (What are the top cybersecurity risks, and how is IT mitigating those risks to the business?)
    • Business alignment (How do IT priorities align to the business strategy and goals?)
    • IT operational efficiency (How is IT set up for success with foundational elements of IT’s operational strategy?)
    • Innovation & transformation priorities (How is IT enabling the organization’s competitive advantage and supporting transformation efforts as a strategic business partner?)

    Build your presentation to tackle their main concerns

    Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.

    Checklist:

    • Research your target audience (their backgrounds, board composition, dynamics, executive team vs. external group).
    • Include value and risk language in your presentation to appeal to your audience.
    • Ensure your content focuses on one or more of the board’s main concerns with security (e.g. business impact, investments, or risk).
    • Include information about what is in it for them and the organization.
    • Research your board’s composition and skillsets to determine their level of technical knowledge and expertise. This helps craft your presentation with the right amount of technology vs. business-facing information.

    Info-Tech Insight
    The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.

    3.1.2 Take your audience through a security journey

    • Once you have defined your intended target and their potential concerns, developing the communication through a storytelling approach will be the next step to help build a compelling presentation.
    • You need to help your executive stakeholders make sense of the information being conveyed and allow them to understand the importance of cybersecurity.
    • Taking your audience through a story will allow them to see the value of the information being presented and better resonate with its message.
    • You can derive insights for your storytelling presentation by doing the following:
      • Provide a business case scenario on the topic you are presenting.
      • Identify and communicate the business problem up front and answer the three questions (why, what, how).
      • Quantify the problems in terms of business impact (money, risk, value).

    Info-Tech Insight
    Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.

    Identify the purpose of your presentation

    You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.

    Examples of communication goals

    To inform or educate

    To reach a decision

    • In this presentation type, it is easy for IT leaders to overwhelm a board with excessive or irrelevant information.
    • Focus your content on the business problem and the solution proposed.
    • Refrain from too much detail about the technology – focus on business impact and risk mitigated. Ask for feedback if applicable.
    • In this presentation type, there is a clear ask and an action required from the board of directors.
    • Be clear about what this decision is. Once again, don’t lead with the technology solution: Start with the business problem you are solving, and only talk about technology as the solution if time permits.
    • Ensure you know who votes and how to garner their support.

    Info-Tech Insight
    Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.

    Gather the right information to include in your boardroom presentation

    Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.

    Typical IT boardroom presentations include:

    • Communicating the value of ongoing business technology initiatives.
    • Requesting funds or approval for a business initiative that IT is spearheading.
    • Security incident response/Risk/DRP.
    • Developing a business program or an investment update for an ongoing program.
    • Business technology strategy highlights and impacts.
    • Digital transformation initiatives (value, ROI, risk).

    Info-Tech Insight
    You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.

    Info-Tech Insight
    Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.

    Structure your presentation to tell a logical story

    To build a strong story for your presentation, ensure you answer these three questions:

    WHY

    Why is this a business issue, or why should the executive stakeholders care?

    WHAT

    What is the impact of solving the problem and driving value for the company?

    HOW

    How will we leverage our resources (technology, finances) to solve the problem?

    Examples:

    Scenario 1: The company has experienced a security incident.

    Intent: To inform/educate the board about the security incident.

    WHY

    The data breach has resulted in a loss of customer confidence, negative brand impact, and a reduction in revenue of 30%.

    WHAT

    Financial, legal, and reputational risks identified, and mitigation strategies implemented. IT is working with the PR team on communications. Incident management playbook executed.

    HOW

    An analysis of vulnerabilities was conducted and steps to address are in effect. Recovery steps are 90% completed. Incident management program reviewed for future incidents.

    Scenario 2: Security is recommending investments based on strategic priorities.

    Intent: To reach a decision with the board – approve investment proposal.

    WHY

    The new security strategy outlines two key initiatives to improve an organization’s security culture and overall risk posture.

    WHAT

    Security proposed an investment to implement a security training & phishing test campaign, which will assist in reducing data breach risks.

    HOW

    Use 5% of security’s budget to implement security training and phishing test campaigns.

    Time plays a key role in delivering an effective presentation

    What you include in your story will often depend on how much time you have available to deliver the message.

    Consider the following:

    • Presenting to executive stakeholders often means you have a short window of time to deliver your message. The average executive stakeholder presentation is 15 minutes, and this could be cut short due to other unexpected factors.
    • If your presentation is too long, you risk overwhelming or losing your audience. You must factor in the time constraints when building your board presentation.
    • Your executive stakeholders have a wealth of experience and knowledge, which means they could jump to conclusions quickly based on their own experiences. Ensure you give them plenty of background information in advance. Provide your presentation material, a brief, or any other supporting documentation before the meeting to show you are well prepared.
    • Be prepared to have deep conversations about the topic, but respect that the executive stakeholders might not be interested in hearing the tactical information. Build an elevator pitch, a one-pager, back-up slides that support your ask and the story, and be prepared to answer questions within your allotted presentation time to dive deeper.

    Navigating through Q&A

    Use the Q&A portion to build credibility with the board.

    • It is always better to say, “I’m not certain about the answer but will follow up,” than to provide false or inaccurate information on the spot.
    • When asked challenging or irrelevant questions, ensure you have an approach to deflect them. Questions can often be out of scope or difficult to answer in a group. Find what works for you to successfully navigate through these questions:
      • “Let’s work with the sub-committee to find you an answer.”
      • “Let’s take that offline to address in more detail.”
      • “I have some follow-up material I can provide you to discuss that further after our meeting.”
    • And ensure you follow up! Make sure to follow through on your promise to provide information or answers after the meeting. This helps build trust and credibility with the board.

    Info-Tech Insight
    The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.

    Storytelling checklist

    Checklist:

    • Tailor your presentation based on how much time you have.
    • Find out ahead of time how much time you have.
    • Identify if your presentation is to inform/educate or reach a decision.
    • Identify and communicate the business problem up front and answer the three questions (why, what, how).
    • Express the problem in terms of business impact (risk, value, money).
    • Prepare and send pre-meeting collateral to the members of the board and executive team.
    • Include no more than 5-6 slides for your presentation.
    • Factor in Q&A time at the end of your presentation window.
    • Articulate what you want them to think and what you want them to take away – put it right up front and remind them at the end.
    • Have an elevator speech handy – one or two sentences and a one-pager version of your story.
    • Consider how you will build your relationship with the members outside the boardroom.

    3.1.3 Build a compelling communication document

    Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.

    A good slide design increases the likelihood that the audience will read the content carefully.

    • Bad slide structure (flow) = Audience loses focus
      • You can have great content on a slide, but if a busy audience gets confused, they’ll just close the file or lose focus. Structure encompasses horizontal and vertical logic.
    • Good visual design = Audience might read more
      • Readers will probably skim the slides first. If the slides look ugly, they will already have a negative impression. If the slides are visually appealing, they will be more inclined to read carefully. They may even use some slides to show others.
    • Good content + Good structure + Visual appeal = Good presentation
      • A presentation is like a house. Good content is the foundation of the house. Good structure keeps the house strong. Visual appeal differentiates houses.

    Slide design best practices

    Leverage these slide design best practices to assist you in developing eye-catching presentations.

    • Easy to read: Assume reader is tight on time. If a slide looks overwhelming, the reader will close the document.
    • Concise and clear: Fewer words = more skim-able.
    • Memorable: Use graphics and visuals or pithy quotes whenever you can do so appropriately.
    • Horizontal logic: Good horizontal logic will have slide titles that cascade into a story with no holes or gaps.
    • Vertical logic: People usually read from left to right, top to bottom, or in a Z pattern. Make sure your slide has an intuitive flow of content.
    • Aesthetics: People like looking at visually appealing slides, but make sure your attempts to create visual appeal do not detract from the content.

    Your presentation must have a logical flow

    Horizontal logic

    Vertical logic

    • Horizontal logic should tell a story.
    • When slide titles are read in a cascading manner, they will tell a logical and smooth story.
    • Title & tagline = thesis (best insight).
    • Vertical logic should be intuitive.
    • Each step must support the title.
    • The content you intend to include within each slide is directly applicable to the slide title.
    • One main point per slide.

    Vertical logic should be intuitive

    The image contains a screenshot example of a bad design layout for a slide. The image contains a screenshot example of a good design layout for a slide.

    The audience is unsure where to look and in what order.

    The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right.

    Horizontal and vertical logic checklists

    Horizontal logic

    Vertical logic

    • List your slide titles in order and read through them.
    • Good horizontal logic should feel like a story. Incomplete horizontal logic will make you pause or frown.
    • After a self-test, get someone else to do the same exercise with you observing them.
    • Note at which points they pause or frown. Discuss how those points can be improved.
    • Now consider each slide title proposed and the content within it.
    • Identify if there is a disconnect in title vs. content.
    • If there is a disconnect, consider changing the title of the slide to appropriately reflect the content within it, or consider changing the content if the slide title is an intended path in the story.

    Make it easy to read

    The image contains a screenshot that demonstrates an uneasy to read slide. The image contains a screenshot that demonstrates an easy to read slide.
    • Unnecessary coloring makes it hard on the eyes
    • Margins for title at top is too small
    • Content is not skim-able (best to break up the slide)

    Increase skim-ability:

    • Emphasize the subheadings
    • Bold important words

    Make it easier on the eyes:

    • Declutter and add sections
    • Have more white space

    Be concise and clear

    1. Write your thoughts down
      • This gets your content documented.
      • Don’t worry about clarity or concision yet.
    2. Edit for clarity
      • Make sure the key message is very clear.
      • Find your thesis statement.
    3. Edit for concision
      • Remove unnecessary words.
      • Use the active voice, not passive voice (see below for examples).

    Passive voice

    Active voice

    “There are three things to look out for” (8 words)

    “Network security was compromised by hackers” (6 words)

    “Look for these three things” (5 words)

    “Hackers compromised network security” (4 words)

    Be memorable

    The image contains a screenshot of an example that demonstrates a bad example of how to be memorable. The image contains a screenshot of an example that demonstrates a good example of how to be memorable.

    Easy to read, but hard to remember the stats.

    The visuals make it easier to see the size of the problem and make it much more memorable.

    Remember to:

    • Have some kind of visual (e.g. graphs, icons, tables).
    • Divide the content into sections.
    • Have a bit of color on the page.

    Aesthetics

    The image contains a screenshot of an example of bad aesthetics. The image contains a screenshot of an example of good aesthetics.

    This draft slide is just content from the outline document on a slide with no design applied yet.

    • Have some kind of visual (e.g. graphs, icons, tables) as long as it’s appropriate.
    • Divide the content into sections.
    • Have a bit of color on the page.
    • Bold or italicize important text.

    Why use visuals?

    How graphics affect us

    Cognitively

    • Engage our imagination
    • Stimulate the brain
    • Heighten creative thinking
    • Enhance or affect emotions

    Emotionally

    • Enhance comprehension
    • Increase recollection
    • Elevate communication
    • Improve retention

    Visual clues

    • Help decode text
    • Attract attention
    • Increase memory

    Persuasion

    • 43% more effective than text alone
    Source: Management Information Systems Research Center

    Presentation format

    Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.

    • Is there a standard presentation template?
    • Is a hard-copy handout required?
    • Is there a deadline for draft submission?
    • Is there a deadline for final submission?
    • Will the presentation be circulated ahead of time?
    • Do you know what technology you will be using?
    • Have you done a dry run in the meeting room?
    • Do you know the meeting organizer?

    Checklist to build compelling visuals in your presentation

    Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.

    Checklist:

    • Do the visuals grab the audience’s attention?
    • Will the visuals mislead the audience/confuse them?
    • Do the visuals facilitate data comparison or highlight trends and differences in a more effective manner than words?
    • Do the visuals present information simply, cleanly, and accurately?
    • Do the visuals display the information/data in a concentrated way?
    • Do the visuals illustrate messages and themes from the accompanying text?

    3.2 Security communication templates

    Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck.

    These presentation templates highlight different security topics depending on your communication drivers, goals, and available data.

    Info-Tech has created five security templates to assist you in building a compelling presentation.

    These templates provide support for presentations on the following five topics:

    • Security Initiatives
    • Security & Risk Update
    • Security Metrics
    • Security Incident Response & Recovery
    • Security Funding Request

    Each template provides instructions on how to use it and tips on ensuring the right information is being presented.

    All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking.

    The image contains screenshots of the Security Presentation Templates.

    Download the Security Presentation Templates

    Security template example

    It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.

    Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.

    The image contains a screenshot of the Executive Summary slide. The image contains a screenshot of the Security Goals & Objectives slide.

    The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies.

    This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted.

    Security template example (continued)

    The image contains a screenshot example of the Top Threats & Risks. The image contains a screenshot example of the Top Threats & Risks.

    This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks.

    This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks.

    Security template example (continued)

    The image contains a screenshot example of the slide, Risk Analysis. The image contains a screenshot example of the slide, Risk Mitigation Strategies & Roadmap.

    This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders.

    The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project.

    Phase 4

    Deliver communication

    Phase 1Phase 2Phase 3Phase 4

    1.1 Identify drivers for communicating to executives

    1.2 Define your goals for communicating to executives

    2.1 Identify data to collect

    2.2 Plan how to retrieve data

    3.1 Plan communication

    3.2 Build a compelling communication document

    4.1 Deliver a captivating presentation

    4.2 Obtain/verify support for security goals

    This phase will walk you through the following activities:

    • Identifying a strategy to deliver compelling presentations
    • Ensuring you follow best practices for communicating and obtaining your security goals

    This phase involves the following participants:

    • Security leader

    4.1 Deliver a captivating presentation

    You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.

    Follow these tips to assist you in developing an engaging presentation:

    • Start strong: Give your audience confidence that this will be a good investment of their time. Establish a clear direction for what’s going to be covered and what the desired outcome is.
    • Use your time wisely: Odds are, your audience is busy, and they have many other things on their minds. Be prepared to cover your content in the time allotted and leave sufficient time for discussion and questions.
    • Be flexible while presenting: Do not expect that your presentation will follow the path you have laid out. Anticipate jumping around and spending more or less time than you had planned on a given slide.

    Keep your audience engaged with these steps

    • Be ready with supporting data. Don’t make the mistake of not knowing your content intimately. Be prepared to answer questions on any part of it. Senior executives are experts at finding holes in your data.
    • Know your audience. Who are you presenting to? What are their specific expectations? Are there sensitive topics to be avoided? You can’t be too prepared when it comes to understanding your audience.
    • Keep it simple. Don’t assume that your audience wants to learn the details of your content. Most just want to understand the bottom line, the impact on them, and how they can help. More is not always better.
    • Focus on solving issues. Your audience members have many of their own problems and issues to worry about. If you show them how you can help make their lives easier, you’ll win them over.

    Info-Tech Insight
    Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.

    Be honest and straightforward with your communication

    • Be prepared. Being properly prepared means not only that your update will deliver the value that you expect, but also that you will have confidence and the flexibility you require when you’re taken off track.
    • Don’t sugarcoat it. These are smart, driven people that you are presenting to. It is neither beneficial nor wise to try to fool them. Be open and transparent about problems and issues. Ask for help.
    • No surprises. An executive stakeholder presentation is not the time or the place for a surprise. Issues seen as unexpected or contentious should always be dealt with prior to the meeting with those most impacted.

    Hone presentation skills before meeting with the executive stakeholders

    Know your environment

    Be professional but not boring

    Connect with your audience

    • Your organization has standards for how people are expected to dress at work. Make sure that your attire meets this standard – don’t be underdressed.
    • Think about your audience – would they appreciate you starting with a joke, or do they want you to get to the point as quickly as possible?
    • State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
    • Present with lots of energy, smile, and use hand gestures to support your speech.
    • Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention on you.
    • Never read from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

    Checklist for presentation logistics

    Optimize the timing of your presentation:

    • Less is more: Long presentations are detrimental to your cause – they lead to your main points being diluted. Keep your presentation short and concise.
    • Keep information relevant: Only present information that is important to your audience. This includes the information that they are expecting to see and information that connects to the business.
    • Expect delays: Your audience will likely have questions. While it is important to answer each question fully, it will take away from the precious time given to you for your presentation. Expect that you will not get through all the information you have to present.

    Script your presentation:

    • Use a script to stay on track: Script your presentation before the meeting. A script will help you present your information in a concise and structured manner.
    • Develop a second script: Create a script that is about half the length of the first script but still contains the most important points. This will help you prepare for any delays that may arise during the presentation.
    • Prepare for questions: Consider questions that may be asked and script clear and concise answers to each.
    • Practice, practice, practice: Practice your presentation until you no longer need the script in front of you.

    Checklist for presentation logistics (continued)

    Other considerations:

    • After the introduction of your presentation, clearly state the objective – don’t keep people guessing and consequently lose focus on your message.
    • After the presentation is over, document important information that came up. Write it down or you may forget it soon after.
    • Rather than create a long presentation deck full of detailed slides that you plan to skip over during the presentation, create a second, compact deck that contains only the slides you plan to present. Send out the longer deck after the presentation.

    Checklist for delivering a captivating presentation

    Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.

    Checklist:

    • Start with a story or something memorable to break the ice.
    • Go in with the end state in mind (focus on the outcome/end goal and work back from there) – What’s your call to action?
    • Content must compliment your end goal, filter out any content that doesn’t compliment the end goal.
    • Be prepared to have less time to speak. Be prepared with shorter versions of your presentation.
    • Include an appendix with supporting data, but don’t be data heavy in your presentation. Integrate the data into a story. The story should be your focus.

    Checklist for delivering a captivating presentation (continued)

    • Be deliberate in what you want to show your audience.
    • Ensure you have clean slides so the audience can focus on what you’re saying.
    • Practice delivering your content multiple times alone and in front of team members or your Info-Tech counselor, who can provide feedback.
    • How will you handle being derailed? Be prepared with a way to get back on track if you are derailed.
    • Ask for feedback.
    • Record yourself presenting.

    4.2 Obtain and verify support on security goals

    Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.

    • This is your opportunity to open the floor for questions and clarify any information that was conveyed to your audience.
    • Leverage your appendix and other supporting documents to justify your goals.
    • Different approaches to obtaining and verifying your goals could include:
      • Acknowledgment from the audience that information communicated aligns with the business’s goals.
      • Approval of funding requests for security initiatives.
      • Written and verbal support for implementation of security initiatives.
      • Identifying next steps for information to communicate at the next executive stakeholder meeting.

    Info-Tech Insight
    Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.

    Checklist for obtaining and verify support on security goals

    Follow this checklist to assist you in obtaining and verifying your communication goals.

    Checklist:

    • Be clear about follow-up and next steps if applicable.
    • Present before you present: Meet with your executive stakeholders before the meeting to review and discuss your presentation and other supporting material and ensure you have executive/CEO buy-in.
    • “Be humble, but don’t crumble” – demonstrate to the executive stakeholders that you are an expert while admitting you don’t know everything. However, don’t be afraid to provide your POV and defend it if need be. Strike the right balance to ensure the board has confidence in you while building a strong relationship.
    • Prioritize a discussion over a formal presentation. Create an environment where they feel like they are part of the solution.

    Summary of Accomplishment

    Problem Solved

    A better understanding of security communication drivers and goals

    • Understanding the difference between communication drivers and goals
    • Identifying your drivers and goals for security presentation

    A developed a plan for how and where to retrieve data for communication

    • Insights on what type of data can be leveraged to support your communication goals
    • Understanding who you can collaborate with and potential data sources to retrieve data from

    A solidified communication plan with security templates to assist in better presenting to your audience

    • A guideline on how to prepare security presentations to executive stakeholders
    • A list of security templates that can be customized and used for various security presentations

    A defined guideline on how to deliver a captivating presentation to achieve your desired objectives

    • Clear message on best practices for delivering security presentations to executive stakeholders
    • Understanding how to verify your communication goals have been obtained

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Build an Information Security Strategy
    This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.

    Build a Security Metrics Program to Drive Maturity
    This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.

    Bibliography

    Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
    Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
    Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
    Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
    Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
    Carnegie Endowment for International Peace. Web.
    “Chief Information Security Officer Salary.” Salary.com, 2022. Web.
    “CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
    “Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
    “Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
    Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
    Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
    “Global Board Risk Survey.” EY. Web.
    “Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
    “How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
    Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
    Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
    McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
    Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
    Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
    Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
    O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.

    Bibliography

    “Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
    Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
    “Reporting Cybersecurity Risk to the Board of Directors.” Web.
    “Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
    Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
    “The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
    “Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
    Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
    Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
    “Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.

    Research Contributors

    • Fred Donatucci, New-Indy Containerboard, VP, Information Technology
    • Christian Rasmussen, St John Ambulance, Chief Information Officer
    • Stephen Rondeau, ZimVie, SVP, Chief Information Officer

    Identify and Manage Security Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}221|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
    • A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Impact and Result

    • Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Identify and Manage Security Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Security Risk Impacts on Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your security.

    Use this research to identify and quantify the potential security impacts caused by vendors. Use Info-Tech’s approach to look at the security impacts from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Security Risk Impacts on Your Organization Storyboard

    2. Security Risk Impact Tool – Use this tool to help identify and quantify the security impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Security Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Security Risk Impacts on Your Organization

    Know where the attacks are coming from so you know where to protect.

    Analyst perspective

    It is time to start looking at risk realistically and move away from “trust but verify” toward zero trust.

    Frank Sewell, Research Director, Vendor Management

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    We are inundated with a barrage of news about security incidents on what seems like a daily basis. In such an environment, it is easy to forget that there are ways to help prevent such things from happening and that they have actual costs if we relax our diligence.

    Most people are aware of defense strategies that help keep their organization safe from direct attack and inside threats. Likewise, they expect their trusted partners to perform the same diligence. Unfortunately, as more organizations use cloud service vendors, the risks with n-party vendors are increasing.

    Over the last few years, we have learned the harsh lesson that downstream attacks affect more businesses than we ever expected as suppliers, manufacturers of base goods and materials, and rising transportation costs affect the global economy.

    “Trust but verify” – while a good concept – should give way to the more effective zero-trust model in favor of knowing it’s not a matter of if an incident happens but when.

    Executive Summary

    Your Challenge

    More than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    A new global change will impact your organization at any given time. Ensure that you monitor threats appropriately and that your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential security risk impacts on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes could introduce new risks.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals and surprise incidents.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the potential risks from vendors in your market and suggest creative and alternative ways to avoid and manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts with our Security Risk Impact Tool.

    Info-Tech Insight
    Organizations must evolve their security risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of third-party vendor risks and holding those vendors accountable throughout the vendor lifecycle are critical to preventing disastrous impacts.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Multi-blueprint series on vendor risk assessment

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Security risk impacts

    Potential losses to the organization due to security incidents

    • In this blueprint we’ll explore security risks, particularly from third-party vendors, and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct security plans.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62% 83% 84%
    Ransomware attacks spiked 62% globally (and 158% in North America alone). 83% of companies increased organizational focus on third-party risk management in 2020. In a 2020 survey, 84% of organizations reported having experienced a third-party incident in the last three years.
    One Trust, 2022 Help Net Security, 2021 Deloitte, 2020

    Identify and manage security risk impacts on your organization

    Identify and manage security risk impacts on your organization

    Due diligence will enable successful outcomes.

    What is third-party risk?

    Third-Party Vendor: Anyone who provides goods or services to a company or individual in exchange for payment transacted with electronic instructions (Law Insider).

    Third-Party Risk: The potential threat presented to organizations’ employee and customer data, financial information, and operations from the organization’s supply chain and other outside parties that provide products and/or services and have access to privileged systems (Awake Security).

    It is essential to know not only who your vendors are but also who their vendors are (n-party vendors). Organizations often overlook that their vendors rely on others to support their business, and those layers can add risk to your organization.

    Identify and manage security risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their security planning and ongoing monitoring moving forward.

    Vendor Breaches

    The IT market is an ever-shifting environment; more organizations are relying on cloud service vendors, staff augmentation, and other outside resources. Organizations should hold these vendors (and their downstream vendors) to the same levels of security and standards of conduct that they hold their internal resources.

    Resource Shortages

    A lack of resources is often overlooked, but it’s easily recognized as a reason for a security incident. All too often, companies are unwilling to dedicate resources to their vendors’ security risk assessment and ongoing monitoring needs. Only once an incident occurs do companies decide it is time to reprioritize.

    Mitigate Machine Bias

    • Buy Link or Shortcode: {j2store}343|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $9,549 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • AI is the new electricity. It is fundamentally and radically changing the fabric of our world, from the way we conduct business, to how we work and live, make decisions, and engage with each other, to how we organize our society, and ultimately, to who we are. Organizations are starting to adopt AI to increase efficiency, better engage customers, and make faster, more accurate decisions.
    • Like with any new technology, there is a flip side, a dark side, to AI – machine biases. If unchecked, machine biases replicate, amplify, and systematize societal biases. Biased AI systems may treat some of your customers (or employees) differently, based on their race, gender, identity, age, etc. This is discrimination, and it is against the law. It is also bad for business, including missed opportunities, lost consumer confidence, reputational risk, regulatory sanctions, and lawsuits.

    Our Advice

    Critical Insight

    • Machine biases are not intentional. They reflect the cognitive biases, preconceptions, and judgement of the creators of AI systems and the societal structures encoded in the data sets used for machine learning.
    • Machine biases cannot be prevented or fully eliminated. Early identification and diversity in and by design are key. Like with privacy and security breaches, early identification and intervention – ideally at the ideation phase – is the best strategy. Forewarned is forearmed. Prevention starts with a culture of diversity, inclusivity, openness, and collaboration.
    • Machine bias is enterprise risk. Machine bias is not a technical issue. It is a social, political, and business problem. Integrate it into your enterprise risk management (ERM).

    Impact and Result

    • Just because machine biases are induced by human behavior, which is also captured in data silos, they are not inevitable. By asking the right questions upfront during application design, you can prevent many of them.
    • Biases can be introduced into an AI system at any stage of the development process, from the data you collect, to the way you collect it, to which algorithms are used, to which assumptions are made, etc. Ask your data science team a lot of questions; leave no stone unturned.
    • Don’t wait until “Datasheets for Datasets” and “Model Cards for Model Reporting” (or similar frameworks) become standards. Start creating these documents now to identify and analyze biases in your apps. If using open-source data sets or libraries, you may need to create them yourself for now. If working with partners or using AI/ ML services, demand that they provide such information as part of the engagement. You, not your partners, are ultimately responsible for the AI-powered product or service you deliver to your customers or employees.
    • Build a culture of diversity, transparency, inclusivity, and collaboration – the best mechanism to prevent and address machine biases.
    • Treat machine bias as enterprise risk. Use your ERM to guide all decisions around machine biases and their mitigation.

    Mitigate Machine Bias Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the dark side of AI: algorithmic (machine) biases, how they emerge, why they are dangerous, and how to mitigate them. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand AI biases

    Learn about machine biases, how and where they arise in AI systems, and how they relate to human cognitive and societal biases.

    • Mitigate Machine Bias – Phase 1: Understand AI Biases

    2. Identify data biases

    Learn about data biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 2: Identify Data Biases
    • Datasheets for Data Sets Template
    • Datasheets for Datasets

    3. Identify model biases

    Learn about model biases and how to mitigate them.

    • Mitigate Machine Bias – Phase 3: Identify Model Biases
    • Model Cards for Model Reporting Template
    • Model Cards For Model Reporting

    4. Mitigate machine biases and risk

    Learn about approaches for proactive and effective bias prevention and mitigation.

    • Mitigate Machine Bias – Phase 4: Mitigate Machine Biases and Risk
    [infographic]

    Workshop: Mitigate Machine Bias

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare

    The Purpose

    Understand your organization’s maturity with respect to data and analytics in order to maximize workshop value.

    Key Benefits Achieved

    Workshop content aligned to your organization’s level of maturity and business objectives.

    Activities

    1.1 Execute Data Culture Diagnostic.

    1.2 Review current analytics strategy.

    1.3 Review organization's business and IT strategy.

    1.4 Review other supporting documentation.

    1.5 Confirm participant list for workshop.

    Outputs

    Data Culture Diagnostic report.

    2 Understand Machine Biases

    The Purpose

    Develop a good understanding of machine biases and how they emerge from human cognitive and societal biases. Learn about the machine learning process and how it relates to machine bias.

    Select an ML/AI project and complete a bias risk assessment.

    Key Benefits Achieved

    A solid understanding of algorithmic biases and the need to mitigate them.

    Increased insight into how new technologies such as ML and AI impact organizational risk.

    Customized bias risk assessment template.

    Completed bias risk assessment for selected project.

    Activities

    2.1 Review primer on AI and machine learning (ML).

    2.2 Review primer on human and machine biases.

    2.3 Understand business context and objective for AI in your organization.

    2.4 Discuss selected AI/ML/data science project or use case.

    2.5 Review and modify bias risk assessment.

    2.6 Complete bias risk assessment for selected project.

    Outputs

    Bias risk assessment template customized for your organization.

    Completed bias risk assessment for selected project.

    3 Identify Data Biases

    The Purpose

    Learn about data biases: what they are and where they originate.

    Learn how to address or mitigate data biases.

    Identify data biases in selected project.

    Key Benefits Achieved

    A solid understanding of data biases and how to mitigate them.

    Customized Datasheets for Data Sets Template.

    Completed datasheet for data sets for selected project.

    Activities

    3.1 Review machine learning process.

    3.2 Review examples of data biases and why and how they happen.

    3.3 Identify possible data biases in selected project.

    3.4 Discuss “Datasheets for Datasets” framework.

    3.5 Modify Datasheets for Data Sets Template for your organization.

    3.6 Complete datasheet for data sets for selected project.

    Outputs

    Datasheets for Data Sets Template customized for your organization.

    Completed datasheet for data sets for selected project.

    4 Identify Model Biases

    The Purpose

    Learn about model biases: what they are and where they originate.

    Learn how to address or mitigate model biases.

    Identify model biases in selected project.

    Key Benefits Achieved

    A solid understanding of model biases and how to mitigate them.

    Customized Model Cards for Model Reporting Template.

    Completed model card for selected project.

    Activities

    4.1 Review machine learning process.

    4.2 Review examples of model biases and why and how they happen.

    4.3 Identify potential model biases in selected project.

    4.4 Discuss Model Cards For Model Reporting framework.

    4.5 Modify Model Cards for Model Reporting Template for your organization.

    4.6 Complete model card for selected project.

    Outputs

    Model Cards for Model Reporting Template customized for your organization.

    Completed model card for selected project.

    5 Create Mitigation Plan

    The Purpose

    Review mitigation approach and best practices to control machine bias.

    Create mitigation plan to address machine biases in selected project. Align with enterprise risk management (ERM).

    Key Benefits Achieved

    A solid understanding of the cultural dimension of algorithmic bias prevention and mitigation and best practices.

    Drafted plan to mitigate machine biases in selected project.

    Activities

    5.1 Review and discuss lessons learned.

    5.2 Create mitigation plan to address machine biases in selected project.

    5.3 Review mitigation approach and best practices to control machine bias.

    5.4 Identify gaps and discuss remediation.

    Outputs

    Summary of challenges and recommendations to systematically identify and mitigate machine biases.

    Plan to mitigate machine biases in selected project.

    Build a Data Warehouse

    • Buy Link or Shortcode: {j2store}200|cart{/j2store}
    • member rating overall impact: 8.7/10 Overall Impact
    • member rating average dollars saved: $94,499 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Relational data warehouses, although reliable, centralized repositories for corporate data, were not built to handle the speed and volume of data and analytics today.
    • IT is under immense pressure from business units to provide technology that will yield greater agility and insight.
    • While some organizations are benefitting from modernization technologies, the majority of IT departments are unfamiliar with the technologies and have not yet defined clear use cases.

    Our Advice

    Critical Insight

    • The vast majority of your corporate data is not being properly leveraged. Modernize the data warehouse to get value from the 80% of unstructured data that goes unused.
    • Avoid rip and replace. Develop a future state that complements your existing data warehouse with emerging technologies.
    • Be flexible in your roadmap. Create an implementation roadmap that’s incremental and adapts to changing business priorities.

    Impact and Result

    • Establish both the business and IT perspectives of today’s data warehouse environment.
    • Explore the art-of-the-possible. Don’t get stuck trying to gather technical requirements from business users who don’t know what they don’t know. Use Info-Tech’s interview guide to discuss the pains of the current environment, and more importantly, where stakeholders want to be in the future.
    • Build an internal knowledgebase with respect to emerging technologies. The technology landscape is constantly shifting and often difficult for IT staff to keep track of. Use Info-Tech’s Data Warehouse Modernization Technology Education Deck to ensure that IT is able to appropriately match the right tools to the business’ use cases.
    • Create a compelling business case to secure investment and support.

    Build a Data Warehouse Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should be looking to modernize the relational data warehouse, review Info-Tech’s framework for identifying modernization opportunities, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess the current data warehouse environment

    Review the business’ perception and architecture of the current data warehouse environment.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 1: Assess the Current Data Warehouse Environment
    • Data Warehouse Maturity Assessment Tool

    2. Define modernization drivers

    Collaborate with business users to identify the strongest motivations for data warehouse modernization.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 2: Define Modernization Drivers
    • Data Warehouse Modernization Stakeholder Interview Guide
    • Data Warehouse Modernization Technology Education Deck
    • Data Warehouse Modernization Initiative Building Tool

    3. Create the modernization future state

    Combine business ideas with modernization initiatives and create a roadmap.

    • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 3: Create the Modernization Future State
    • Data Warehouse Modernization Technology Architectural Template
    • Data Warehouse Modernization Deployment Plan
    [infographic]

    Workshop: Build a Data Warehouse

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Current Data Warehouse Environment

    The Purpose

    Discuss the general project overview for data warehouse modernization.

    Establish the business and IT perspectives of the current state.

    Key Benefits Achieved

    Holistic understanding of the current data warehouse.

    Business user engagement from the start of the project.

    Activities

    1.1 Review data warehouse project history.

    1.2 Evaluate data warehouse maturity.

    1.3 Draw architecture diagrams.

    1.4 Review supporting data management practices.

    Outputs

    Data warehouse maturity assessment

    Data architecture diagrams

    2 Explore Business Opportunities

    The Purpose

    Conduct a user workshop session to elicit the most pressing needs of business stakeholders.

    Key Benefits Achieved

    Modernization technology selection is directly informed by business drivers.

    In-depth IT understanding of the business pains and opportunities.

    Activities

    2.1 Review general trends and drivers in your industry.

    2.2 Identify primary business frustrations, opportunities, and risks.

    2.3 Identify business processes to target for modernization.

    2.4 Capture business ideas for the future state.

    Outputs

    Business ideas for modernization

    Defined strategic direction for data warehouse modernization

    3 Review the Technology Landscape

    The Purpose

    Educate IT staff on the most common technologies for data warehouse modernization.

    Key Benefits Achieved

    Improved ability for IT to match technology with business ideas.

    Activities

    3.1 Appoint Modernization Advisors.

    3.2 Hold an open education and discussion forum for modernization technologies.

    Outputs

    Modernization Advisors identified

    Modernization technology education deck

    4 Define Modernization Solutions

    The Purpose

    Consolidate business ideas into modernization initiatives.

    Key Benefits Achieved

    Refinement of the strategic direction for data warehouse modernization.

    Activities

    4.1 Match business ideas to technology solutions.

    4.2 Group similar ideas to create modernization initiatives.

    4.3 Create future-state architecture diagrams.

    Outputs

    Identified strategic direction for data warehouse modernization

    Defined modernization initiatives

    Future-state architecture for data warehouse

    5 Establish a Modernization Roadmap

    The Purpose

    Validate and build out initiatives with business users.

    Define benefits and costs to establish ROI.

    Identify enablers and barriers to modernization.

    Key Benefits Achieved

    Completion of materials for a compelling business case and roadmap.

    Activities

    5.1 Validate use cases with business users.

    5.2 Define initiative benefits.

    5.3 Identify enablers and barriers to modernization.

    5.4 Define preliminary activities for initiatives.

    5.5 Evaluate initiative costs.

    5.6 Determine overall ROI.

    Outputs

    Validated modernization initiatives

    Data warehouse modernization roadmap

    Effectively Recognize IT Employees

    • Buy Link or Shortcode: {j2store}547|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $100 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Even when organizations do have recognition programs, employees want more recognition than they currently receive.
    • In a recent study, McLean & Company found that 69% of IT employees surveyed felt they were not adequately praised and rewarded for superior work.
    • In a lot of cases, the issue with recognition programs isn’t that IT departments haven’t thought about the importance but rather that they haven’t focused on proper execution.

    Our Advice

    Critical Insight

    • You’re busy – don’t make your recognition program more complicated than it needs to be. Focus on day-to-day ideas and actively embed recognition into your IT team’s culture.
    • Recognition is impactful independent of rewards (i.e. items with a monetary value), but rewarding employees without proper recognition can be counterproductive. Put recognition first and use rewards as a way to amplify its effectiveness.

    Impact and Result

    • Info-Tech tools and guidance will help you develop a successful and sustainable recognition program aligned to strategic goals and values.
    • By focusing on three key elements – customization, alignment, and transparency – you can improve your recognition culture within four weeks, increasing employee engagement and productivity, improving relationships, and reducing turnover.

    Effectively Recognize IT Employees Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT employee recognition program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Effectively Recognize IT Employees – Executive Brief
    • Effectively Recognize IT Employees – Phases 1-3

    1. Assess the current recognition landscape

    Understand the current perceptions around recognition practices in the organization and determine the behaviors that your program will seek to recognize.

    • Effectively Recognize IT Employees – Phase 1: Assess the Current Recognition Landscape
    • IT Employee Recognition Survey Questions

    2. Design the recognition program

    Determine the structure and processes to enable effective recognition in your IT organization.

    • Effectively Recognize IT Employees – Phase 2: Design the Recognition Program
    • Employee Recognition Program Guide
    • Employee Recognition Ideas Catalog
    • Employee Recognition Nomination Form

    3. Implement the recognition program

    Rapidly build and roll out a recognition action and sustainment plan, including training managers to reinforce behavior with recognition.

    • Effectively Recognize IT Employees – Phase 3: Implement the Recognition Program
    • Recognition Action and Communication Plan
    • Manager Training: Reinforce Behavior With Recognition
    [infographic]

    Build a Robust and Comprehensive Data Strategy

    • Buy Link or Shortcode: {j2store}120|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $46,734 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down.
    • At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing expectations and demands.

    Our Advice

    Critical Insight

    • As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    • A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    • Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Impact and Result

    • Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:
      • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy
      • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
      • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Build a Robust and Comprehensive Data Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Strategy Research – A step-by-step document to facilitate the formulation of a data strategy that brings together the business context, data management foundation, people, and culture.

    Data should be at the foundation of your organization’s evolution. The transformational insights that executives and decision makers are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, trusted, and relevant data readily available to the users who need it.

    • Build a Robust and Comprehensive Data Strategy – Phases 1-3

    2. Data Strategy Stakeholder Interview Guide and Findings – A template to support you in your meetings or interviews with key stakeholders as you work on understanding the value of data within the various lines of business.

    This template will help you gather insights around stakeholder business goals and objectives, current data consumption practices, the types or domains of data that are important to them in supporting their business capabilities and initiatives, the challenges they face, and opportunities for data from their perspective.

    • Data Strategy Stakeholder Interview Guide and Findings

    3. Data Strategy Use Case Template – An exemplar template to demonstrate the business value of your data strategy.

    Data strategy optimization anchored in a value proposition will ensure that the data strategy focuses on driving the most valuable and critical outcomes in support of the organization’s enterprise strategy. The template will help you facilitate deep-dive sessions with key stakeholders for building use cases that are of demonstrable value not only to their relevant lines of business but also to the wider organization.

    • Data Strategy Use Case Template

    4. Chief Data Officer – A job description template that includes a detailed explication of the responsibilities and expectations of a CDO.

    Bring data to the C-suite by creating the Chief Data Officer role. This position is designed to bridge the gap between the business and IT by serving as a representative for the organization's data management practices and identifying how the organization can leverage data as a competitive advantage or corporate asset.

    • Chief Data Officer

    5. Data Strategy Document Template – A structured template to plan and document your data strategy outputs.

    Use this template to document and formulate your data strategy. Follow along with the sections of the blueprint Build a Robust and Comprehensive Data Strategy and complete the template as you progress.

    • Data Strategy Document Template
    [infographic]

    Workshop: Build a Robust and Comprehensive Data Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value: Understand the Current Business Environment

    The Purpose

    Establish the business context for the business strategy.

    Key Benefits Achieved

    Substantiates the “why” of the data strategy.

    Highlights the organization’s goals, objectives, and strategic direction the data must align with.

    Activities

    1.1 Data Strategy 101

    1.2 Intro to Tech’s Data Strategy Framework

    1.3 Data Strategy Value Proposition: Understand stakeholder’s strategic priorities and the alignment with data

    1.4 Discuss the importance of vision, mission, and guiding principles of the organization’s data strategy

    1.5 Understand the organization’s data culture – discuss Data Culture Survey results

    1.6 Examine Core Value Streams of Business Architecture

    Outputs

    Business context; strategic drivers

    Data strategy guiding principles

    Sample vision and mission statements

    Data Culture Diagnostic Results Analysis

    2 Business-Data Needs Discovery: Key Business Stakeholder Interviews

    The Purpose

    Build use cases of demonstrable value and understand the current environment.

    Key Benefits Achieved

    An understanding of the current maturity level of key capabilities.

    Use cases that represent areas of concern and/or high value and therefore need to be addressed.

    Activities

    2.1 Conduct key business stakeholder interviews to initiate the build of high-value business-data cases

    Outputs

    Initialized high-value business-data cases

    3 Understand the Current Data Environment & Practice: Analyze Data Capability and Practice Gaps and Develop Alignment Strategies

    The Purpose

    Build out a future state plan that is aimed at filling prioritized gaps and that informs a scalable roadmap for moving forward on treating data as an asset.

    Key Benefits Achieved

    A target state plan, formulated with input from key stakeholders, for addressing gaps and for maturing capabilities necessary to strategically manage data.

    Activities

    3.1 Understand the current data environment: data capability assessment

    3.2 Understand the current data practice: key data roles, skill sets; operating model, organization structure

    3.3 Plan target state data environment and data practice

    Outputs

    Data capability assessment and roadmapping tool

    4 Align Business Needs with Data Implications: Initiate Roadmap Planning and Strategy Formulation

    The Purpose

    Consolidate business and data needs with consideration of external factors as well as internal barriers and enablers to the success of the data strategy. Bring all the outputs together for crafting a robust and comprehensive data strategy.

    Key Benefits Achieved

    A consolidated view of business and data needs and the environment in which the data strategy will be operationalized.

    An analysis of the feasibility and potential risks to the success of the data strategy.

    Activities

    4.1 Analyze gaps between current- and target-state

    4.2 Initiate initiative, milestone and RACI planning

    4.3 Working session with Data Strategy Owner

    Outputs

    Data Strategy Next Steps Action Plan

    Relevant data strategy related templates (example: data practice patterns, data role patterns)

    Initialized Data Strategy on-a-Page

    Further reading

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    ANALYST PERSPECTIVE

    Data Strategy: Key to helping drive organizational innovation and transformation

    "In the dynamic environment in which we operate today, where we are constantly juggling disruptive forces, a well-formulated data strategy will prove to be a key asset in supporting business growth and sustainability, innovation, and transformation.

    Your data strategy must align with the organization’s business strategy, and it is foundational to building and fostering an enterprise-wide data-driven culture."

    Crystal Singh,

    Director – Research and Advisory

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • Chief data officers (CDOs), chief architects, VPs, and digital transformation directors and CIOs who are accountable for ensuring data can be leveraged as a strategic asset of the organization.

    This Research Will Help You:

    • Put a strategy in place to ensure data is available, accessible, well integrated, secured, of acceptable quality, and suitably visualized to fuel decision making by the organizations’ executives.
    • Align data management plans and investments with business requirements and the organization’s strategic plans.
    • Define the relevant roles for operationalizing your data strategy.

    This Research Will Also Assist:

    • Data architects and enterprise architects who have been tasked with supporting the formulation or optimization of the organization’s data strategy.
    • Business leaders creating plans for leveraging data in their strategic planning and business processes.
    • IT professionals looking to improve the environment that manages and delivers data.

    This Research Will Help Them:

    • Get a handle on the current situation of data within the organization.
    • Understand how the data strategy and its resulting initiatives will affect the operations, integration, and provisioning of data within the enterprise.

    Executive Summary

    Situation

    • The volume and variety of data that organizations have been collecting and producing have been growing exponentially and show no sign of slowing down. At the same time, business landscapes and models are evolving, and users and stakeholders are becoming more and more data centric, with maturing and demanding expectations.

    Complication

    • As organizations pivot in response to industry disruptions and changing landscapes, a reactive and piecemeal approach leads to data architectures and designs that fail to deliver real and measurable value to the business.
    • Despite the growing focus on data, many organizations struggle to develop a cohesive business-driven strategy for effectively managing and leveraging their data assets.

    Resolution

    Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:

    • Establish the business context and value: Identify key business drivers for executing on an optimized data strategy, build compelling and relevant use cases, understand your organization’s culture and appetite for data, and ensure you have well-articulated vision, principles, and goals for your data strategy.
    • Ensure you have a solid data foundation: Understand your current data environment, data management enablers, people, skill sets, roles, and structure. Know your strengths and weakness so you can optimize appropriately.
    • Formulate a sustainable data strategy: Round off your strategy with effective change management and communication for building and fostering a data-driven culture.

    Info-Tech Insight

    1. As the CDO or equivalent data leader in your organization, a robust and comprehensive data strategy is the number one tool in your toolkit for delivering on your mandate of creating measurable business value from data.
    2. A data strategy should never be formulated disjointed from the business. Ensure the data strategy aligns with the business strategy and supports the business architecture.
    3. Building and fostering a data-driven culture will accelerate and sustain adoption of, appetite for, and appreciation for data and hence drive the ROI on your various data investments.

    Why do you need a data strategy?

    Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.

    The dynamic marketplace of today requires organizations to be responsive in order to gain or maintain their competitive edge and place in their industry.

    Organizations need to have that 360-degree view of what’s going on and what’s likely to happen.

    Disruptive forces often lead to changes in business models and require organizations to have a level of adaptability to remain relevant.

    To respond, organizations need to make decisions and should be able to turn to their data to gain insights for informing their decisions.

    A well-formulated and robust data strategy will ensure that your data investments bring you the returns by meeting your organization’s strategic objectives.

    Organizations need to be in a position where they know what’s going on with their stakeholders and anticipate what their stakeholders’ needs are going to be.

    Data cannot be fully leveraged without a cohesive strategy

    Most organizations today will likely have some form of data management in place, supported by some of the common roles such as DBAs and data analysts.

    Most will likely have a data architecture that supports some form of reporting.

    Some may even have a chief data officer (CDO), a senior executive who has a seat at the C-suite table.

    These are all great assets as a starting point BUT without a cohesive data strategy that stitches the pieces together and:

    • Effectively leverages these existing assets
    • Augments them with additional and relevant key roles and skills sets
    • Optimizes and fills in the gaps around your current data management enablers and capabilities for the growing volume and variety of data you’re collecting
    • Fully caters to real, high-value strategic organizational business needs

    you’re missing the mark – you are not fully leveraging the incredible value of your data.

    Cross-industry studies show that on average, less than half of an organization’s structured data is actively used in making decisions

    And, less than 1% of its unstructured data is analyzed or used at all. Furthermore, 80% of analysts' time is spent simply discovering and preparing, data with over 70% of employees having access to data they should not. Source: HBR, 2017

    Organizational drivers for a data strategy

    Your data strategy needs to align with your organizational strategy.

    Main Organizational Strategic Drivers:

    1. Stakeholder Engagement/Service Excellence
    2. Product and Service Innovations
    3. Operational Excellence
    4. Privacy, Risk, and Compliance Management

    “The companies who will survive and thrive in the future are the ones who will outlearn and out-innovate everyone else. It is no longer ‘survival of the fittest’ but ‘survival of the smartest.’ Data is the element that both inspires and enables this new form of rapid innovation.– Joel Semeniuk, 2016

    A sound data strategy is the key to unlocking the value in your organization’s data.

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, well-integrated, trustworthy, relevant data readily available to the business users who need it.

    Whether hoping to gain a better understanding of your business, trying to become an innovator in your industry, or having a compliance and regulatory mandate that needs to be met, any organization can get value from its data through a well-formulated, robust, and cohesive data strategy.

    According to a leading North American bank, “More than one petabyte of new data, equivalent to about 1 million gigabytes” is entering the bank’s systems every month. – The Wall Street Journal, 2019

    “Although businesses are at many different stages in unlocking the power of data, they share a common conviction that it can make or break an enterprise.”– Jim Love, ITWC CIO and Chief Digital Officer, IT World Canada, 2018

    Data is a strategic organizational asset and should be treated as such

    The expression “Data is an asset” or any other similar sentiment has long been heard.

    With such hype, you would have expected data to have gotten more attention in the boardrooms. You would have expected to see its value reflected on financial statements as a result of its impact in driving things like acquisition, retention, product and service development and innovation, market growth, stakeholder satisfaction, relationships with partners, and overall strategic success of the organization.

    The time has surely come for data to be treated as the asset it is.

    “Paradoxically, “data” appear everywhere but on the balance sheet and income statement.”– HBR, 2018

    “… data has traditionally been perceived as just one aspect of a technology project; it has not been treated as a corporate asset.”– “5 Essential Components of a Data Strategy,” SAS

    According to Anil Chakravarthy, who is the CEO of Informatica and has a strong vantage point on how companies across industries leverage data for better business decisions, “what distinguishes the most successful businesses … is that they have developed the ability to manage data as an asset across the whole enterprise.”– McKinsey & Company, 2019

    How data is perceived in today’s marketplace

    Data is being touted as the oil of the digital era…

    But just like oil, if left unrefined, it cannot really be used.

    "Data is the new oil." – Clive Humby, Chief Data Scientist

    Source: Joel Semeniuk, 2016

    Enter your data strategy.

    Data is being perceived as that key strategic asset in your organization for fueling innovation and transformation.

    Your data strategy is what allows you to effectively mine, refine, and use this resource.

    “The world’s most valuable resource is no longer oil, but data.”– The Economist, 2017

    “Modern innovation is now dependent upon this data.”– Joel Semeniuk, 2016

    “The better the data, the better the resulting innovation and impact.”– Joel Semeniuk, 2016

    What is it in it for you? What opportunities can data help you leverage?

    GOVERNMENT

    Leveraging data as a strategic asset for the benefit of citizens.

    • The strategic use of data can enable governments to provide higher-quality services.
    • Direct resources appropriately and harness opportunities to improve impact.
    • Make better evidence-informed decisions and better understand the impact of programs so that funds can be directed to where they are most likely to deliver the best results.
    • Maintain legitimacy and credibility in an increasingly complex society.
    • Help workers adapt and be competitive in a changing labor market.
    • A data strategy would help protect citizens from the misuse of their data.

    Source: Privy Council Office, Government of Canada, 2018

    What is it in it for you? What opportunities can data help you leverage?

    FINANCIAL

    Leveraging data to boost traditional profit and loss levers, find new sources of growth, and deliver the digital bank.

    • One bank used credit card transactional data (from its own terminals and those of other banks) to develop offers that gave customers incentives to make regular purchases from one of the bank’s merchants. This boosted the bank’s commissions, added revenue for its merchants, and provided more value to the customer (McKinsey & Company, 2017).
    • In terms of enhancing productivity, a bank used “new algorithms to predict the cash required at each of its ATMs across the country and then combined this with route-optimization techniques to save money” (McKinsey & Company, 2017).

    A European bank “turned to machine-learning algorithms that predict which currently active customers are likely to reduce their business with the bank.” The resulting understanding “gave rise to a targeted campaign that reduced churn by 15 percent” (McKinsey & Company, 2017).

    A leading Canadian bank has built a marketplace around their data – they have launched a data marketplace where they have productized the bank’s data. They are providing data – as a product – to other units within the bank. These other business units essentially represent internal customers who are leveraging the product, which is data.

    Through the use of data and advanced analytics, “a top bank in Asia discovered unsuspected similarities that allowed it to define 15,000 microsegments in its customer base. It then built a next-product-to-buy model that increased the likelihood to buy three times over.” Several sets of big data were explored, including “customer demographics and key characteristics, products held, credit-card statements, transaction and point-of-sale data, online and mobile transfers and payments, and credit-bureau data” (McKinsey & Company, 2017).

    What is it in it for you? What opportunities can data help you leverage?

    HEALTHCARE

    Leveraging data and analytics to prevent deadly infections

    The fifth-largest health system in the US and the largest hospital provider in California uses a big data and advanced analytics platform to predict potential sepsis cases at the earliest stages, when intervention is most helpful.

    Using the Sepsis Bio-Surveillance Program, this hospital provider monitors 120,000 lives per month in 34 hospitals and manages 7,500 patients with potential sepsis per month.

    Collecting data from the electronic medical records of all patients in its facilities, the solution uses natural language processing (NLP) and a rules engine to continually monitor factors that could indicate a sepsis infection. In high-probability cases, the system sends an alarm to the primary nurse or physician.

    Since implementing the big data and predictive analytics system, this hospital provider has seen a significant improvement in the mortality and the length of stay in ICU for sepsis patients.

    At 28 of the hospitals which have been on the program, sepsis mortality rates have dropped an average of 5%.

    With patients spending less time in the ICU, cost savings were also realized. This is significant, as sepsis is the costliest condition billed to Medicare, the second costliest billed to Medicaid and the uninsured, and the fourth costliest billed to private insurance.

    Source: SAS, 2019

    What is it in it for you? What opportunities can data help you leverage?

    RETAIL

    Leveraging data to better understand customer preferences, predict purchasing, drive customer experience, and optimize supply and demand planning.

    Netflix is an example of a big brand that uses big data analytics for targeted advertising. With over 100 million subscribers, the company collects large amounts of data. If you are a subscriber, you are likely familiar with their suggestions messages of the next series or movie you should catch up on. These suggestions are based on your past search data and watch data. This data provides Netflix with insights into your interests and preferences for viewing (Mentionlytics, 2018).

    “For the retail industry, big data means a greater understanding of consumer shopping habits and how to attract new customers.”– Ron Barasch, Envestnet | Yodlee, 2019

    The business case for data – moving from platitudes to practicality

    When building your business case, consider the following:

    • What is the most effective way to communicate the business case to executives?
    • How can CDOs and other data leaders use data to advance their organizations’ corporate strategy?
    • What does your data estate look like? Are you looking to leverage and drive value from your semi-structured and unstructured data assets?
    • Does your current organizational culture support a data-driven one? Does the organization have a history of managing change effectively?
    • How do changing privacy and security expectations alter the way businesses harvest, save, use, and exchange data?

    “We’re the converted … We see the value in data. The battle is getting executive teams to see it our way.”– Ted Maulucci, President of SmartONE Solutions Inc. IT World Canada, 2018

    Where do you stack up? What is your current data management maturity?

    Info-Tech’s IT Maturity Ladder denotes the different levels of maturity for an IT department and its different functions. What is the current state of your data management capability?

    Innovator - Transforms the Business. Business Partner - Expands the Business. Trusted Operator - Optimizes the Business. Firefighter - Supports the Business. Unstable - Struggles to Support.

    Info-Tech Insight

    You are best positioned to successfully execute on a data strategy if you are currently at or above the Trusted Operator level. If you find yourself still at the Unstable or Firefighter stage, your efforts are best spent on ensuring you can fulfill your day-to-day data and data management demands. Improving this capability will help build a strong data management foundation.

    Guiding principles of a data strategy

    Value of Clearly Defined Data Principles

    • Guiding principles help define the culture and characteristics of your practice by describing your beliefs and philosophy.
    • Guiding principles act as the heart of your data strategy, helping to shape initiative plans and day-to-day behaviors related to the use and treatment of the organization’s data assets.

    “Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.”– McKinsey, 2018

    Build a Robust and Comprehensive Data Strategy

    Business Strategy and Current Environment connect with the Data Strategy. Data Strategy includes: Organizational Drivers and Data Value, Data Strategy Objectives and Guiding Principles, Data Strategy Vision and Mission, Data Strategy Roadmap, People: Roles and Organizational Structure, Data Culture and Data Literacy, Data Management and Tools, Risk and Feasibility.

    Follow Info-Tech’s methodology for effectively leveraging the value out of your data

    Some say it’s the new oil. Or the currency of the new business landscape. Others describe it as the fuel of the digital economy. But we don’t need platitudes — we need real ways to extract the value from our data. – Jim Love, CIO and Chief Digital Officer, IT World Canada, 2018

    1. Business Context. 2. Data and Resources Foundation. 3. Effective Data Strategy

    Our practical step-by-step approach helps you to formulate a data strategy that delivers business value.

    1. Establish Business Context and Value: In this phase, you will determine and substantiate the business drivers for optimizing the data strategy. You will identify the business drivers that necessitate the data strategy optimization and examine your current organizational data culture. This will be key to ensuring the fruits of your optimization efforts are being used. You will also define the vision, mission, and guiding principles and build high-value use cases for the data strategy.
    2. Ensure You Have a Solid Data and Resources Foundation: This phase will help you ensure you have a solid data and resources foundation for operationalizing your data strategy. You will gain an understanding of your current environment in terms of data management enablers and the required resources portfolio of key people, roles, and skill sets.
    3. Formulate a Sustainable Data Strategy: In this phase, you will bring the pieces together for formulating an effective data strategy. You will evaluate and prioritize the use cases built in Phase 1, which summarize the alignment of organizational goals with data needs. You will also create your strategic plan, considering change management and communication.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks are used throughout all four options.

    Create a Work-From-Anywhere Strategy

    • Buy Link or Shortcode: {j2store}323|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 33 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    Work-from-anywhere isn’t going anywhere. During the initial rush to remote work, tech debt was highlighted and the business lost faith in IT. IT now needs to:

    • Rebuild trust with the CXO.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • It’s not about embracing the new normal; it’s about resiliency and long-term success. Your strategy needs to not only provide short-term operational value but also make the organization more resilient for the unknown risks of tomorrow.
    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.
    • Ensure short-term survival. Don’t focus on becoming an innovator until you are no longer stuck in firefighting.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by helping the business better adapt business processes and operations to work-from-anywhere.

    Impact and Result

    Follow these steps to build a work-from-anywhere strategy that resonates with the business:

    • Identify a vision that aligns with business goals.
    • Design the work-from-anywhere value proposition for critical business roles.
    • Benchmark your current maturity.
    • Build a roadmap for bridging the gap.

    Benefit employees’ remote working experience while ensuring that IT heads in a strategic direction.

    Create a Work-From-Anywhere Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a work-from-anywhere strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a target state

    Identify a vision that aligns with business goals, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.

    • Work-From-Anywhere Strategy Template
    • Work-From-Anywhere Value Proposition Template

    2. Analyze current fitness

    Don’t focus on becoming an innovator until you are no longer stuck in firefighting mode.

    3. Build a roadmap for improving enterprise apps

    Use these blueprints to improve your enterprise app capabilities for work-from-anywhere.

    • Microsoft Teams Cookbook – Sections 1-2
    • Rationalize Your Collaboration Tools – Phases 1-3
    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard
    • The Rapid Application Selection Framework Deck

    4. Build a roadmap for improving strategy, people & leadership

    Use these blueprints to improve IT’s strategy, people & leadership capabilities for work-from-anywhere.

    • Define Your Digital Business Strategy – Phases 1-4
    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Sustain Work-From-Home in the New Normal Storyboard
    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Manage Poor Performance While Working From Home Storyboard
    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard

    5. Build a roadmap for improving infrastructure & operations

    Use these blueprints to improve infrastructure & operations capabilities for work-from-anywhere.

    • Stabilize Infrastructure & Operations During Work-From-Anywhere – Phases 1-3
    • Responsibly Resume IT Operations in the Office – Phases 1-5
    • Execute an Emergency Remote Work Plan Storyboard
    • Build a Digital Workspace Strategy – Phases 1-3

    6. Build a roadmap for improving IT security & compliance capabilities

    Use these blueprints to improve IT security & compliance capabilities for work-from-anywhere.

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Reinforce End-User Security Awareness During Your COVID-19 Response Storyboard

    Infographic

    Workshop: Create a Work-From-Anywhere Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Target State

    The Purpose

    Define the direction of your work-from-anywhere strategy and roadmap.

    Key Benefits Achieved

    Base your decisions on senior leadership and user needs.

    Activities

    1.1 Identify drivers, benefits, and challenges.

    1.2 Perform a goals cascade to align benefits to business needs.

    1.3 Define a vision and success metrics.

    1.4 Define the value IT brings to work-from-anywhere.

    Outputs

    Desired benefits for work-from-anywhere

    Vision statement

    Mission statement

    Success metrics

    Value propositions for in-scope user groups

    2 Review In-Scope Capabilities

    The Purpose

    Focus on value. Ensure that major applications and IT capabilities will relieve employees’ pains and provide them with gains.

    Key Benefits Achieved

    Learn from past mistakes and successes.

    Increase adoption of resulting initiatives.

    Activities

    2.1 Review work-from-anywhere framework and identify capability gaps.

    2.2 Review diagnostic results to identify satisfaction gaps.

    2.3 Record improvement opportunities for each capability.

    2.4 Identify deliverables and opportunities to provide value for each.

    2.5 Identify constraints faced by each capability.

    Outputs

    SWOT assessment of work-from-anywhere capabilities

    Projects and initiatives to improve capabilities

    Deliverables and opportunities to provide value for each capability

    Constraints with each capability

    3 Build the Roadmap

    The Purpose

    Build a short-term plan that allows you to iterate on your existing strengths and provide early value to your users.

    Key Benefits Achieved

    Provide early value to address operational pain points.

    Build a plan to provide near-term innovation and business value.

    Activities

    3.1 Organize initiatives into phases.

    3.2 Identify tasks for short-term initiatives.

    3.3 Estimate effort with Scrum Poker.

    3.4 Build a timeline and tie phases to desired business benefits.

    Outputs

    Prioritized list of initiatives and phases

    Profiles for short-term initiatives

    Select and Implement a Reporting and Analytics Solution

    • Buy Link or Shortcode: {j2store}363|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $10,110 Average $ Saved
    • member rating average days saved: 3 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • Statistics show that the top priority of 85% of CIOs is insight and intelligence. Yet an appetite for intelligence does not mean that business intelligence initiatives will be an automatic success. In fact, many industry studies found that only 30% to 50% of organizations considered their BI initiative to be a complete success. It is, therefore, imperative that organizations take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.
    • The multitude of BI offerings creates a busy and sometimes overwhelming vendor landscape. When selecting a solution, you have to make sense of the many offerings and bridge the gap between what is out there and what your organization needs.
    • BI is more than software. A BI solution has to effectively address business needs and demonstrate value through content and delivery once the platform is implemented.
    • Another dimension of the success of BI is the quality and validity of the reports and insights. The overall success of the BI solution is only as good as the quality of data fueling them.

    Our Advice

    Critical Insight

    • Business intelligence starts with data management. Without data management, including governance and data quality capabilities, your BI users will not be able to get the insights they need due to inaccurate and unavailable data.
    • When selecting a BI tool, it is crucial to ensure that the tool is fit for the purpose of the organization. Ensure alignment between the business drivers and the tool capabilities.
    • Self-serve BI requires a measured approach. Self-serve BI is meant to empower users to make more informed and faster decisions. But uncontrolled self-serve BI will lead to report chaos and prevent users from getting the most out of the tool. You must govern self-serve before it gets out of hand.

    Impact and Result

    • Evaluate your organization and land yourself into one of our three BI use cases. Find a BI suite that best suits the use case and, therefore, your organization.
    • Understand the ever-changing BI market. Get to know the established vendors as well as the emerging players.
    • Define BI requirements comprehensively through the lens of business, data, architecture, and user groups. Evaluate requirements to ensure they align with the strategic goals of the business.

    Select and Implement a Reporting and Analytics Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should select and implement a business intelligence and analytics solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch a BI selection project

    Promote and get approval for the BI selection and implementation project.

    • Select and Implement a Business Intelligence and Analytics Solution – Phase 1: Launch a BI Selection Project
    • BI Score Calculator
    • BI Project Charter

    2. Select a BI solution

    Select the most suitable BI platform.

    • Select and Implement a Business Intelligence and Analytics Solution – Phase 2: Select a BI Solution
    • BI Use-Case Fit Assessment Tool
    • BI Planning and Scoring Tool
    • BI Vendor Demo Script
    • BI Vendor Shortlist & Detailed Feature Analysis Tool
    • BI Request for Proposal Template

    3. Implement the BI solution

    Build a sustainable BI program.

    • Select and Implement a Business Intelligence and Analytics Solution – Phase 3: Implement the BI Solution
    • BI Test Plan Template
    • BI Implementation Planning Tool
    • BI Implementation Work Breakdown Structure Template
    [infographic]

    Workshop: Select and Implement a Reporting and Analytics Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch a BI Selection Project

    The Purpose

    Identify the scope and objectives of the workshop.

    Discuss the benefits and opportunities related to a BI investment.

    Gain a high-level understanding of BI and the BI market definitions and details.

    Outline a project plan and identify the resourcing requirements for the project.

    Key Benefits Achieved

    Determine workshop scope.

    Identify the business drivers and benefits behind a BI investment.

    Outline the project plan for the organization’s BI selection project.

    Determine project resourcing.

    Identify and perform the steps to launch the organization’s selection project.

    Activities

    1.1 Identify business drivers for investing in process automation technology.

    1.2 Identify the organization’s fit for a BI investment.

    1.3 Create a project plan.

    1.4 Identify project resourcing.

    1.5 Outline the project’s timeline.

    1.6 Determine key metrics.

    1.7 Determine project oversight.

    1.8 Complete a project charter.

    Outputs

    Completion of a project charter

    Launched BI selection project

    2 Analyze BI Requirements and Shortlist Vendors

    The Purpose

    Identify functional requirements for the organization’s BI suite.

    Determine technical requirements for the organization’s BI suite.

    Identify the organization’s alignment to the Vendor Landscape’s use-case scenarios.

    Shortlist BI vendors.

    Key Benefits Achieved

    Documented functional requirements.

    Documented technical requirements.

    Identified use-case scenarios for the future BI solution.

    Activities

    2.1 Interview business stakeholders.

    2.2 Interview IT staff.

    2.3 Consolidate interview findings.

    2.4 Build the solution’s requirements package.

    2.5 Identify use-case scenario alignment.

    2.6 Review Info-Tech’s BI Vendor Landscape results.

    2.7 Create custom shortlist.

    Outputs

    Documented requirements for the future solution.

    Identification of the organization’s BI functional use-case scenarios.

    Shortlist of BI vendors.

    3 Plan the Implementation Process

    The Purpose

    Identify the steps for the organization’s implementation process.

    Select the right BI environment.

    Run a pilot project.

    Measure the value of your implementation.

    Key Benefits Achieved

    Install a BI solution and prepare the BI solution in a way that allows intuitive and interactive uses.

    Keep track of and quantify BI success.

    Activities

    3.1 Select the right environment for the BI platform.

    3.2 Configure the BI implementation.

    3.3 Conduct a pilot to get started with BI and to demonstrate BI possibilities.

    3.4 Promote BI development in production.

    Outputs

    A successful BI implementation.

    BI is architected with the right availability.

    BI ROI is captured and quantified.

    Build a Data Architecture Roadmap

    • Buy Link or Shortcode: {j2store}124|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $8,846 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data architecture involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.
    • Data architects must account for the constantly growing data and application complexity, more demanding needs from the business, an ever-increasing number of data sources, and a growing need to integrate components to ensure that performance isn’t compromised.

    Our Advice

    Critical Insight

    • Data architecture needs to evolve with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.
    • Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.
    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Impact and Result

    • Have a framework in place to identify the appropriate solution for the challenge at hand. Our three-phase practical approach will help you build a custom and modernized data architecture.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed.
      • Discover the best-practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Build a Data Architecture Roadmap Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should optimize its data architecture as it evolves with the drivers of the business to get the most from its data.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize your data architecture with business-driven tactics

    Identify the business drivers that necessitate data architecture improvements, then create a tactical plan for optimization.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 1: Prioritize Your Data Architecture With Business-Driven Tactics
    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template

    2. Personalize your tactics to optimize your data architecture

    Analyze how you stack up to Info-Tech’s data architecture capability model to uncover your tactical plan, and discover groundbreaking data architecture trends and how you can fit them into your action plan.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 2: Personalize Your Tactics to Optimize Your Data Architecture
    • Data Architecture Tactical Roadmap Tool
    • Data Architecture Trends Presentation

    3. Create your tactical data architecture roadmap

    Optimize your data architecture by following tactical initiatives and managing the resulting change brought on by those optimization activities.

    • Build a Business-Aligned Data Architecture Optimization Strategy – Phase 3: Create Your Tactical Data Architecture Roadmap
    • Data Architecture Decision Template
    [infographic]

    Workshop: Build a Data Architecture Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Drivers of the Business for Optimizing Data Architecture

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data architecture.

    Understand Info-Tech’s five-tier data architecture model.

    Determine the pattern of tactics that apply to the organization for optimization.

    Key Benefits Achieved

    Understanding of the current data architecture landscape.

    Priorities for tactical initiatives in the data architecture practice are identified.

    Target state for the data quality practice is defined.

    Activities

    1.1 Explain approach and value proposition.

    1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.

    1.3 Understand Info-Tech’s five-tier data architecture model.

    1.4 Determine the pattern of tactics that apply to the organization for optimization.

    Outputs

    Five-tier logical data architecture model

    Data architecture tactic plan

    2 Determine Your Tactics For Optimizing Data Architecture

    The Purpose

    Define improvement initiatives.

    Define a data architecture improvement strategy and roadmap.

    Key Benefits Achieved

    Gaps, inefficiencies, and opportunities in the data architecture practice are identified.

    Activities

    2.1 Create business unit prioritization roadmap.

    2.2 Develop subject area project scope.

    2.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    3 Create a Strategy for Data Quality Project 2

    The Purpose

    Define improvement initiatives.

    Define a data quality improvement strategy and roadmap.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Create business unit prioritization roadmap.

    3.2 Develop subject area project scope.

    3.3 Subject area 1: data lineage analysis, root cause analysis, impact assessment, business analysis.

    Outputs

    Business unit prioritization roadmap

    Subject area scope

    Data lineage diagram

    Further reading

    Build a Data Architecture Roadmap

    Optimizing data architecture requires a plan, not just a data model.

    ANALYST PERSPECTIVE

    Integral to an insight-driven enterprise is a modern and business-driven data environment.

    “As business and data landscapes change, an organization’s data architecture needs to be able to keep pace with these changes. It needs to be responsive so as to not only ensure the organization continues to operate efficiently but that it supports the overall strategic direction of the organization.

    In the dynamic marketplace of today, organizations are constantly juggling disruptive forces and are finding the need to be more proactive rather than reactive. As such, organizations are finding their data to be a source of competitive advantage where the data architecture has to be able to not only support the increasing amount, sources, and rate at which organizations are capturing and collecting data but also be able to meet and deliver on changing business needs.

    Data architecture optimization should, therefore, aid in breaking down data silos and creating a more shared and all-encompassing data environment for better empowering the business.” (Crystal Singh, Director, Research, Data and Information Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:
    • Data architects or their equivalent, looking to optimize and improve the efficiency of the capture, movement and storage of data for a variety of business drivers.
    • Enterprise architects looking to improve the backbone of the holistic approach of their organization’s structure.
    This Research Will Help You:
    • Identify the business drivers that are impacted and improved by best-practice data architecture.
    • Optimize your data architecture using tactical practices to address the pressing issues of the business to drive modernization.
    • Align the organization’s data architecture with the grander enterprise architecture.
    This Research Will Also Assist:
    • CIOs concerned with costs, benefits, and the overall structure of their organizations data flow.
    • Database administrators tasked with overseeing crucial elements of the data architecture.
    This Research Will Help Them:
    • Get a handle on the current situation of data within the organization.
    • Understand how data architecture affects the operations of the data sources within the enterprise.

    Executive summary

    Situation

    • The data architecture of a modern organization involves many moving pieces requiring coordination to provide greatest value from data.
    • Data architects are at the center of this turmoil and must be able to translate high-level business requirements into specific instructions for data workers using complex data models.

    Complication

    • Data architects must account for the constantly growing data and application complexity, and more demanding needs from the business.
    • There is an ever-increasing number of data sources and a growing need to integrate components to ensure that performance isn’t compromised.
    • There isn’t always a clearly defined data architect role, yet the responsibilities must be filled to get maximum value from data.

    Resolution

    • To deal with these challenges, a data architect must have a framework in place to identify the appropriate solution for the challenge at hand.
      • Identify and prioritize the business drivers in which data architecture changes would create the largest overall benefit, and determine the corresponding data architecture tiers that need to be addressed to customize your solution.
      • Discover the best practice trends, measure your current state, and define the targets for your data architecture tactics.
      • Build a cohesive and personalized roadmap for restructuring your data architecture. Manage your decisions and resulting changes.

    Info-Tech Insight

    1. Data architecture is not just about models. Viewing data architecture as just technical data modeling can lead to a data environment that does not aptly serve or support the business. Identify the priorities of your business and adapt your data architecture to those needs.
    2. Changes to data architecture are typically driven by four common business driver patterns. Use these as a shortcut to understand how to evolve your data architecture.
    3. Data is used differently across the layers of an organization’s data architecture; therefore, the capabilities needed to optimize the use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Data should be at the foundation of your organization’s evolution.

    The transformational insights that executives are constantly seeking to leverage can be uncovered with a data practice that makes high quality, trustworthy information readily available to the business users who need it.

    50% Organizations that embrace data are 50% more likely to launch products and services ahead of their competitors. (Nesta, 2016)

    Whether hoping to gain a better understanding of your business or trying to become an innovator in your industry, any organization can get value from its data regardless of where you are in your journey to becoming a data-driven enterprise:

    Business Monitoring
    • Data reporting
    • Uncover inefficiencies
    • Monitor progress
    • Track inventory levels
    Business Insights
    • Data analytics
    • Expose patterns
    • Predict future trends
    Business Optimization
    • Data-based apps
    • Build apps to automate actions based on insights
    Business Transformation
    • Monetary value of data
    • Create new revenue streams
    (Journey to Data Driven Enterprise, 2015)

    As organizations seek to become more data driven, it is imperative to better manage data for its effective use

    Here comes the zettabyte era.

    A zettabyte is a billion terabytes. Organizations today need to measure their data size in zettabytes, a challenge that is only compounded by the speed at which the data is expected to move.

    Arriving at the understanding that data can be the driving force of your organization is just the first step. The reality is that the true hurdles to overcome are in facing the challenges of today’s data landscape.

    Challenges of The Modern Data Landscape
    Data at rest Data movement
    Greater amounts Different types Uncertain quality Faster rates Higher complexity

    “The data environment is very chaotic nowadays. Legacy applications, data sprawl – organizations are grappling with what their data landscape looks like. Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Solution

    Well-defined and structured data management practices are the best way to mitigate the limitations that derive from these challenges and leverage the most possible value from your data.

    Refer to Info-Tech’s capstone Create a Plan For Establishing a Business-Aligned Data Management Practice blueprint to understand data quality in the context of data disciplines and methods for improving your data management capabilities.

    Data architecture is an integral aspect of data management

    Data Architecture

    The set of rules, policies, standards, and models that govern and define the type of data collected and how it is used, stored, managed, and integrated within the organization and its database systems.

    In general, the primary objective of data architecture is the standardization of data for the benefit of the organization.

    54% of leading “analytics-driven” enterprises site data architecture as a required skill for data analytics initiatives. (Maynard 2015)

    MYTH

    Data architecture is purely a model of the technical requirements of your data systems.

    REALITY

    Data architecture is largely dependent on a human element. It can be viewed as “the bridge between defining strategy and its implementation”. (Erwin 2016)

    Functions

    A strong data architecture should:

    • Define, visualize, and communicate data strategy to various stakeholders.
    • Craft a data delivery environment.
    • Ensure high data quality.
    • Provide a roadmap for continuous improvement.

    Business value

    A strong data architecture will help you:

    • Align data processes with business strategy and the overall holistic enterprise architecture.
    • Enable efficient flow of data with a stronger focus on quality and accessibility.
    • Reduce the total cost of data ownership.

    Data architects must maintain a comprehensive view of the organization’s rapidly proliferating data

    The data architect:
    • Acts as a “translator” between the business and data workers to communicate data and technology requirements.
    • Facilitates the creation of the data strategy.
    • Manages the enterprise data model.
    • Has a greater knowledge of operational and analytical data use cases.
    • Recommends data management policies and standards, and maintains data management artifacts.
    • Reviews project solution architectures and identifies cross impacts across the data lifecycle.
    • Is a hands-on expert in data management and warehousing technologies.
    • Is not necessarily it’s own designated position, but a role that can be completed by a variety of IT professionals.

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Many are experiencing the pains of poor data architecture, but leading organizations are proactively tackling these issues

    Outdated and archaic systems and processes limit the ability to access data in a timely and efficient manner, ultimately diminishing the value your data should bring.

    59%

    of firms believe their legacy storage systems require too much processing to meet today’s business needs. (Attivio, Survey Big Data decision Makers, 2016)

    48%

    of companies experience pains from being reliant on “manual methods and trial and error when preparing data.” (Attivio, Survey Big Data decision Makers, 2016)

    44%
    +
    22%

    44% of firms said preparing data was their top hurdle for analytics, with 22% citing problems in accessing data. (Data Virtualization blog, Data Movement Killed the BI Star, 2016)

    Intuitive organizations who have recognized these shortcomings have already begun the transition to modernized and optimized systems and processes.

    28%

    of survey respondents say they plan to replace “data management and architecture because it cannot handle the requirements of big data.” (Informatica, Digital Transformation: Is Your Data Management Ready, 2016)

    50%

    Of enterprises plan to replace their data warehouse systems and analytical tools in the next few years. (TDWI, End of the Data Warehouse as we know it, 2017)

    Leading organizations are attacking data architecture problems … you will be left behind if you do not start now!

    Once on your path to redesigning your data architecture, neglecting the strategic elements may leave you ineffective

    Focusing on only data models without the required data architecture guidance can cause harmful symptoms in your IT department, which will lead to organization-wide problems.

    IT Symptoms Due to Ineffective Data Architecture

    Poor Data Quality

    • Inconsistent, duplicate, missing, incomplete, incorrect, unstandardized, out of date, and mistake-riddled data can plague your systems.

    Poor Accessibility

    • Delays in accessing data.
    • Limits on who can access data.
    • Limited access to data remotely.

    Strategic Disconnect

    • Disconnect between owner and consumer of data.
    • Solutions address narrow scope problems.
    • System barriers between departments.
    Leads to Poor Organizational Conditions

    Inaccurate Insights

    • Inconsistent and/or erroneous operational and management reports.
    • Ineffective cross-departmental use of analytics.

    Ineffective Decision Making

    • Slow flow of information to executive decision makers.
    • Inconsistent interpretation of data or reports.

    Inefficient Operations

    • Limits to automated functionality.
    • Increased divisions within organization.
    • Regulatory compliance violations.
    You need a solution that will prevent the pains.

    Follow Info-Tech’s methodology to optimize data architecture to meet the business needs

    The following is a summary of Info-Tech’s methodology:

    1

    1. Prioritize your core business objectives and identify your business driver.
    2. Learn how business drivers apply to specific tiers of Info-Tech’s five-tier data architecture model.
    3. Determine the appropriate tactical pattern that addresses your most important requirements.
    Visualization of the process described on the left: Business drivers applying to Info-Tech's five-tier data architecture, then determining tactical patterns, and eventually setting targets of your desired optimized state.

    2

    1. Select the areas of the five-tier architecture to focus on.
    2. Measure current state.
    3. Set the targets of your desired optimized state.

    3

    1. Roadmap your tactics.
    2. Manage and communicate change.
    A roadmap leading to communication.

    Info-Tech will get you to your optimized state faster by focusing on the important business issues

    First Things First

    1. Info-Tech’s methodology helps you to prioritize and establish the core strategic objectives behind your goal of modernizing data architecture. This will narrow your focus to the appropriate areas of your current data systems and processes that require the most attention.

    Info-Tech has identified these four common drivers that lead to the need to optimize your data architecture.

    • Becoming More Data Driven
    • Regulations and Compliance
    • Mergers and Acquisitions
    • New Functionality or Business Rule

    These different core objectives underline the motivation to optimize data architecture, and will determine your overall approach.

    Use the five-tier architecture to provide a consumable view of your data architecture

    Every organization’s data system requires a unique design and an assortment of applications and storage units to fit their business needs. Therefore, it is difficult to paint a picture of an ideal model that has universal applications. However, when data architecture is broken down in terms of layers or tiers, there exists a general structure that is seen in all data systems.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'Apps', 'Excel and other documents', and 'Access database(s)'; 'Integration and Translation' the 'Movement and transformation of data'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'; and 'Presentation' which includes 'Reports' and 'Dashboards'.

    Thinking of your data systems and processes in this framework will allow you to see how different elements of the architecture relate to specific business operations.

    1. This blueprint will demonstrate how the business driver behind your redesign requires you to address specific layers of the five-tier data architecture.
    1. Once you’ve aligned your business driver to the appropriate data tiers, this blueprint will provide you with the best practice tactics you should apply to achieve an optimized data architecture.

    Use the five-tier architecture to prioritize tactics to improve your data architecture in line with your pattern

    Info-Tech’s Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.
    1. Based on your business driver, the relevant data tiers, and your organization’s own specific requirements you will need to establish the appropriate data architecture capabilities.
    2. This blueprint will help you measure how you are currently performing in these capabilities…
    3. And help you define and set targets so you can reach your optimized state.
    1. Once completed, these steps will be provided with the information you will need to create a comprehensive roadmap.
    2. Lastly, this blueprint will provide you with the tools to communicate this plan across your organization and offer change management guidelines to ensure successful adoption.
    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach.

    The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Do not forget: data architecture is not a standalone concept; it fits into the more holistic design of enterprise architecture

    Data Architecture in Alignment

    Data architecture can not be designed to simply address the focus of data specialists or even the IT department.

    It must act as a key component in the all encompassing enterprise architecture and reflect the strategy and design of the entire business.

    Data architecture collaborates with application architecture in the delivery of effective information systems, and informs technology architecture on data related infrastructure requirements/considerations

    Please refer to the following blueprints to see the full picture of enterprise architecture:

    A diagram titled 'Enterprise Architecture' with multiple forms of architecture interacting with each other. At the top is 'Business Architecture' which feeds into 'Data Architecture' and 'Application Architecture' which feed into each other, and influence 'Infrastructure Architecture' and 'Security Architecture'.
    Adapted from TOGAF
    Refer to Phase C of TOGAF and Bizbok for references to the components of business architecture that are used in data architecture.

    Info-Tech’s data architecture optimization methodology helped a monetary authority fulfill strict regulatory pressures

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'. Look for this symbol as you walk through the blueprint for details on how Info-Tech Consulting assisted this monetary authority.

    Situation: Strong external pressures required the monetary authority to update and optimize its data architecture.

    The monetary authority is responsible for oversight of the financial situation of a country that takes in revenue from foreign incorporation. Due to increased pressure from international regulatory bodies, the monetary authority became responsible for generating multiple different types of beneficial ownership reports based on corporation ownership data within 24 hours of a request.

    A stale and inefficient data architecture prevented the monetary authority from fulfilling external pressures.

    Normally, the process to generate and provide beneficial ownership reports took a week or more. This was due to multiple points of stale data architecture, including a dependence on outdated legacy systems and a broken process for gathering the required data from a mix of paper and electronic sources.

    Provide a structured approach to solving the problem

    Info-Tech helped the monetary authority identify the business need that resulted from regulatory pressures, the challenges that needed to be overcome, and actionable tactics for addressing the needs.

    Info-Tech’s methodology was followed to optimize the areas of data architecture that address the business driver.

    • External Requirements
    • Business Driver
        Diagnose Data Architecture Problems
      • Outdated architecture (paper, legacy systems)
      • Stale data from other agencies
      • Incomplete data
          Data Architecture Optimization Tactics
        1. Optimized Source Databases
        2. Improved Integration
        3. Data Warehouse Optimization
        4. Data Marts for Reports
        5. Report Delivery Efficiency

    As you walk through this blueprint, watch for additional case studies that walk through the details of how Info-Tech helped this monetary authority.

    This blueprint’s three-step process will help you optimize data architecture in your organization

    Phase 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    Phase 2
    Personalize Your Tactics to Optimize Your Data Architecture
    Phase 3
    Create Your Tactical Data Architecture Roadmap
    Step 1: Identify Your Business Driver for Optimizing Data Architecture
    • Learn about what data architecture is and how it must evolve with the drivers of the business.
    • Determine the business driver that your organization is currently experiencing.
    • Data Architecture Driver Pattern Identification Tool

    Step 2: Determine Actionable Tactics to Optimize Data Architecture
    • Create your data architecture optimization plan to determine the high-level tactics you need to follow.
    • Data Architecture Optimization Template

    Step 1: Measure Your Data Architecture Capabilities
    • Determine where you currently stand in the data architecture capabilities across the five-tier data architecture.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Set a Target for Data Architecture Capabilities
    • Identify your targets for the data architecture capabilities.
    • Data Architecture Tactical Roadmap Tool

    Step 3: Identify the Tactics that Apply to Your Organization
    • Understand the trends in the field of data architecture and how they can help to optimize your environment.
    • Data Architecture Trends Presentation

    Step 1: Personalize Your Data Architecture Roadmap
    • Personalize the tactics across the tiers that apply to you to build your personalized roadmap.
    • Data Architecture Tactical Roadmap Tool

    Step 2: Manage Your Data Architecture Decisions and the Resulting Changes
    • Document the changes in the organization’s data architecture.
    • Data architecture involves change management – learn how data architects should support change management in the organization.
    • Data Architecture Decision Template

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Build a Business-Aligned Data Architecture Optimization Strategy – project overview

    PHASE 1
    Prioritize Your Data Architecture With Business-Driven Tactics
    PHASE 2
    Personalize Your Tactics to Optimize Your Data Architecture
    PHASE 3
    Create Your Tactical Data Architecture Roadmap
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Your Business Driver for Optimizing Data Architecture

    1.2 Determine Actionable Tactics to Optimize Data Architecture

    2.1 Measure Your Data Architecture Capabilities

    2.2 Set a Target for Data Architecture Capabilities

    2.3 Identify the Tactics that Apply to Your Organization

    3.1 Personalize Your Data Architecture Roadmap

    3.2 Manage Your Data Architecture Decisions and the Resulting Changes

    Guided Implementations

    • Understand what data architecture is, how it aligns with enterprise architecture, and how data architects support the needs of the business.
    • Identify the business drivers that necessitate the optimization of the organization’s data architecture.
    • Create a tactical plan to optimize data architecture across Info-Tech’s five-tier logical data architecture model.
    • Understand Info-Tech’s tactical data architecture capability model and measure the current state of these capabilities at the organization.
    • Determine the target state of data architecture capabilities.
    • Understand the trends in the field of data architecture and identify how they can fit into your environment.
    • Use the results of the data architecture capability gap assessment to determine the priority of activities to populate your personalized data architecture optimization roadmap.
    • Understand how to manage change as a data architect or equivalent.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Identify the Drivers of the Business for Optimizing Data Architecture
    Module 2:
    Create a Tactical Plan for Optimizing Data Architecture
    Module 3:
    Create a Personalized Roadmap for Data Architecture Activities

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Preparation

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Organize and Plan Workshop Identify the Drivers of the Business for Optimizing Data Architecture Determine the Tactics For Optimizing Data Architecture Create Your Roadmap of Optimization Activities Create Your Personalized Roadmap Create a Plan for Change Management

    Morning Activities

    • Finalize workshop itinerary and scope.
    • Identify workshop participants.
    • Gather strategic documentation.
    • Engage necessary stakeholders.
    • Book interviews.
    • 1.1 Explain approach and value proposition.
    • 1.2 Review the common business drivers and how the organization is driving a need to optimize data architecture.
    • 2.1 Create your data architecture optimization plan.
    • 2.2 Interview key business stakeholders for input on business drivers for data architecture.
    • 3.1 Align with the enterprise architecture by interviewing the enterprise architect for input on the data architecture optimization roadmap.
    • 4.1 As a group, determine the roadmap activities that are applicable to your organization and brainstorm applicable initiatives.
    • 5.1 Use the Data Architecture Decision Documentation Template to document key decisions and updates.

    Afternoon Activities

    • 1.3 Understand Info-Tech’s Five-Tier Data Architecture.
    • 1.4 Determine the pattern of tactics that apply to the organization for optimization.
    • 2.3 With input from the business and enterprise architect, determine the current data architecture capabilities.
    • 3.3 With input from the business and enterprise architect, determine the target data architecture capabilities.
    • 4.2 Determine the timing and effort of the roadmap activities.
    • 5.2 Review best practices for change management.
    • 5.3 Present roadmap and findings to the business stakeholders and enterprise architect.

    Deliverables

    • Workshop Itinerary
    • Workshop Participant List
    1. Five-Tier Logical Data Architecture Model
    2. Data Architecture Tactic Plan
    1. Five-Tier Data Architecture Capability Model
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Tactical Roadmap
    1. Data Architecture Decision Template

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 1

    Prioritize Your Data Architecture With Business-Driven Tactics

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Prioritize Your Data Architecture With Business-Driven Tactics

    Proposed Time to Completion: 2 weeks
    Step 1.1: Identify Your Business Driver for Optimizing Data Architecture Step 1.2: Determine Actionable Tactics to Optimize Data Architecture
    Start with an analyst kick-off call:
    • Understand what data architecture is, what it is not, and how it fits into the broader enterprise architecture program.
    • Determine the drivers that fuel the need for data architecture optimization.
    Review findings with analyst:
    • Understand the Five-Tier Data Architecture Model and how the drivers of the business inform your priorities across this logical model of data architecture.
    Then complete these activities…
    • Complete the Data Architecture Driver Pattern Identification Tool.
    Then complete these activities…
    • Create a tactical data architecture optimization plan based on the business driver input.
    With these tools & templates:
    • Data Architecture Driver Pattern Identification Tool
    With these tools & templates:
    • Data Architecture Optimization Template

    Phase 1 Results & Insights

    • Data Architecture is not just about data models. The approach that Phase 1 guides you through will help to not only plan where you need to focus your efforts as a data architect (or equivalent) but also give you guidance in how you should go about optimizing the holistic data architecture environment based on the drivers of the business.

    Phase 1 will help you create a strategy to optimize your data architecture using actionable tactics

    In this phase, you will determine your focus for optimizing your data architecture based on the business drivers that are commonly felt by most organizations.

    1. Identify the business drivers that necessitate data architecture optimization efforts.
    2. Understand Info-Tech’s Five-Tier Data Architecture, a logical architecture model that will help you prioritize tactics for optimizing your data architecture environment.
    3. Identify tactics for optimizing the organization’s data architecture across the five tiers.

    “To stay competitive, we need to become more data-driven. Compliance pressures are becoming more demanding. We need to add a new functionality.”

    Info-Tech’s Five-Tier Data Architecture:

    1. Data Sources
    2. Data Integration and Translation
    3. Data Warehousing
    4. Data Analytics
    5. Data Presentation

    Tactical plan for Data Architecture Optimization

    Phase 1, Step 1: Identify Your Business Driver for Optimizing Data Architecture

    PHASE 1

    1.1 1.2
    Identify Your Business Driver for Optimizing Data Architecture Determine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand how data architecture fits into the organization’s larger enterprise architecture.
    • Understand what data architecture is and how it should be driven by the business.
    • Identify the driver that is creating a need for data architecture optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • A starting point for the many responsibilities of the data architect role. Balancing business and technical requirements can be challenging, and to do so you need to first understand what is driving the need for data architecture improvements.
    • Holistic understanding of the organization’s architecture environment, including enterprise, application, data, and technology architectures and how they interact.

    Data architecture involves planning, communication, and understanding of technology

    Data Architecture

    A description of the structure and interaction of the enterprise’s major types and sources of data, logical data assets, physical data assets, and data management resources (TOGAF 9).

    The subject area of data management that defines the data needs of the enterprise and designs the master blueprints to meet those needs (DAMA DMBOK, 2009).

    IBM (2007) defines data architecture as the design of systems and applications that facilitate data availability and distribution across the enterprise.

    Definitions vary slightly across major architecture and management frameworks.

    However, there is a general consensus that data architecture provides organizations with:

    • Alignment
    • Planning
    • Road mapping
    • Change management
    • A guide for the organization’s data management program

    Data architecture must be based on business goals and objectives; developed within the technical strategies, constraints, and opportunities of the organization in support of providing a foundation for data management.

    Current Data Management
    • Alignment
    • Planning
    • Road mapping
    Goal for Data Management

    Info-Tech Insight

    Data Architecture is not just data models. Data architects must understand the needs of the business, as well as the existing people and processes that already exist in the organization to effectively perform their job.

    Review how data architecture fits into the broader architectural context

    A flow diagram starting with 'Business Processes/Activities' to 'Business Architecture' which through a process of 'Integration' flows to 'Data Architecture' and 'Application Architecture', the latter of which also flows into to the former, and they both flow into 'Technology Architecture' which includes 'Infrastructure' and 'Security'.

    Each layer of architecture informs the next. In other words, each layer has components that execute processes and offer services to the next layer. For example, data architecture can be broken down into more granular activities and processes that inform how the organization’s technology architecture should be arranged.

    Data does not exist on its own. It is informed by business architecture and used by other architectural domains to deliver systems, IT services, and to support business processes. As you build your practice, you must consider how data fits within the broader architectural framework.

    The Zachman Framework is a widely used EA framework; within it, data is identified as the first domain.

    The framework aims to standardize artifacts (work-products) within each architectural domain, provides a cohesive view of the scope of EA and clearly delineates data components. Use the framework to ensure that your target DA practice is aligned to other domains within the EA framework.

    'The Zachman Framework for Enterprise Architecture: The Enterprise Ontology', a complicated framework with top and bottom column headers and left and right row headers. Along the top are 'Classification Names': 'What', 'How', 'Where', 'Who', 'When', and 'Why'. Along the bottom are 'Enterprise Names': 'Inventory Sets', 'Process Flows', 'Distribution Networks', 'Responsibility Assignments', 'Timing Cycles', and 'Motivation Intentions'. Along the left are 'Audience Perspectives': 'Executive Perspective', 'Business Mgmt. Perspective', 'Architect Perspective', 'Engineer Perspective', 'Technician Perspective', and 'Enterprise Perspective'. Along the right are 'Model Names': 'Scope Contexts', 'Business Concepts', 'System Logic', 'Technology Physics', 'Tool Components', and 'Operations Instances'.
    (Source: Zachman International)

    Data architects operate in alignment with the other various architecture groups

    Data architects operate in alignment with the other various architecture groups, with coordination from the enterprise architect.

    Enterprise Architect
    The enterprise architect provides thought leadership and direction to domain architects.

    They also maintain architectural standards across all the architectural domains and serve as a lead project solution architect on the most critical assignments.

    • Business Architect
      A business subject matter expert who works with the line-of-business team to assist in business planning through capability-based planning.
    • Security Architect
      Plays a pivotal role in formulating the security strategy of the organization, working with the business and CISO/security manager. Recommends and maintains security standards, policies, and best practices.
    • Infrastructure Architect
      Recommends and maintains standards across the compute, storage, and network layers of the organization. Reviews project solution architectures to ensure compliance with infrastructure standards, regulations, and target state blueprints.
    • Application Architect
      Manages the business effectiveness, satisfaction, and maintainability of the application portfolio. Conduct application architecture assessments to document expected quality attribute standards, identify hotspots, and recommend best practices.
    • Data Architect
      Facilitates the creation of data strategy and has a greater understanding of operational and analytical data use cases. Manages the enterprise data model which includes all the three layers of modelling - conceptual, logical, and physical. Recommends data management policies and standards, and maintains data management artefacts. Reviews project solution architectures and identifies cross impacts across the data lifecycle.

    As a data architect, you must maintain balance between the technical and the business requirements

    The data architect role is integral to connecting the long-term goals of the business with how the organization plans to manage its data for optimal use.

    Data architects need to have a deep experience in data management, data warehousing, and analytics technologies. At a high level, the data architect plans and implements an organization’s data, reporting, and analytics roadmap.

    Some of the role’s primary duties and responsibilities include:

    1. Data modeling
    2. Reviewing existing data architecture
    3. Benchmark and improve database performance
    4. Fine tune database and SQL queries
    5. Lead on ETL activities
    6. Validate data integrity across all platforms
    7. Manage underlying framework for data presentation layer
    8. Ensure compliance with proper reporting to bureaus and partners
    9. Advise management on data solutions

    Data architects bridge the gap between strategic and technical requirements:

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    “Fundamentally, the role of a data architect is to understand the data in an organization at a reasonable level of abstraction.” (Andrew Johnston, Independent Consultant)

    Info-Tech Insight

    The data architect role is not always clear cut. Many organizations do not have a dedicated data architect resource, and may not need one. However, the duties and responsibilities of the data architect must be carried out to some degree by a combination of resources as appropriate to the organization’s size and environment.

    Understand the role of a data architect to ensure that essential responsibilities are covered in the organization

    A database administrator (DBA) is not a data architect, and data architecture is not something you buy from an enterprise application vendor.

    Data Architect Role Description

    • The data architect must develop (along with the business) a short-term and long-term vision for the enterprise’s data architecture.
    • They must be able to create processes for governing the identification, collection, and use of accurate and valid metadata, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    Skills Necessary

    • Hands-on experience with data architecting and management, data mining, and large-scale data modeling.
    • Strong understanding of relational and non-relational data structures, theories, principles, and practices.
    • Strong familiarity with metadata management.
    • Knowledge of data privacy practices and laws.

    Define Policies, Processes, and Priorities

    • Policies
      • Boundaries of the data architecture.
      • Data architecture standards.
      • Data architecture security.
      • Responsibility of ownership for the data architecture and data repositories.
      • Responsibility for data architecture governance.
    • Processes
      • Data architecture communication.
      • Data architecture change management.
      • Data architecture governance.
      • Policy compliance monitoring.
    • Priorities
      • Align architecture efforts with business priorities.
      • Close technology gaps to meet service level agreements (SLAs).
      • Determine impacts on current or future projects.

    See Info-Tech’s Data Architect job description for a comprehensive description of the data architect role.

    Leverage data architecture frameworks to understand how the role fits into the greater Enterprise Architecture framework

    Enterprise data architectures are available from industry consortiums such as The Open Group (TOGAF®), and open source initiatives such as MIKE2.0.

    Logo for The Open Group.

    The Open Group TOGAF enterprise architecture model is a detailed framework of models, methods, and supporting tools to create an enterprise-level architecture.

    • TOGAF was first developed in 1995 and was based on the Technical Architecture Framework for Information Management (TAFIM) developed by the US Department of Defense.
    • TOGAF includes application, data, and infrastructure architecture domains providing enterprise-level, product-neutral architecture principles, policies, methods, and models.
    • As a member of The Open Group, it is possible to participate in ongoing TOGAF development initiatives.

    The wide adoption of TOGAF has resulted in the mapping of it to several other industry standards including CoBIT and ITIL.

    Logo for MIKE2.0.

    MIKE2.0 (Method for an Integrated Knowledge Environment), is an open source method for enterprise information management providing a framework for information development.

    • SAFE (Strategic Architecture for the Federated Enterprise) provides the technology solution framework for MIKE2.0
    • SAFE includes application, presentation, information, data, Infrastructure, and metadata architecture domains.

    Info-Tech Best Practice

    If an enterprise-level IT architecture is your goal, TOGAF is likely a better model. However, if you are an information and knowledge-based business then MIKE2.0 may be more relevant to your business.

    The data architect must identify what drives the need for data from the business to create a business-driven architecture

    As the business landscape evolves, new needs arise. An organization may undergo new compliance requirements, or look to improve their customer intimacy, which could require a new functionality from an application and its associated database.

    There are four common scenarios that lead to an organization’s need to optimize its data architecture and these scenarios all present unique challenges for a data architect:

    1. Becoming More Data Driven As organizations are looking to get more out of their data, there is a push for more accurate and timely data from applications. Data-driven decision making requires verifiable data from trustworthy sources. Result: Replace decisions made on gut or intuition with real and empirical data - make more informed and data-driven decisions.
    2. New Functionality or Business Rule In order to succeed as business landscapes change, organizations find themselves innovating on products or services and the way they do things. Changes in business rules, product or service offering, and new functionalities can subsequently demand more from the existing data architecture. Result: Prepare yourself to successfully launch new business initiatives with an architecture that supports business needs.
    3. Mergers and Acquisitions If an organization has recently acquired, been acquired, or is merging with another, the technological implications require careful planning to ensure a seamless fit. Application consolidation, retirement, data transfer, and integration points are crucial. Result: Leverage opportunities to incorporate and consolidate new synergistic assets to realize the ROI.
    4. Risk and Compliance Data in highly regulated organizations needs to be kept safe and secure. Architectural decisions around data impact the level of compliance within the organization. Result: Avoid the fear of data audits, regulatory violations, and privacy breaches.

    Info-Tech Best Practice

    These are not the only reasons why data architects need to optimize the organization’s data architecture. These are only four of the most common scenarios, however, other business needs can be addressed using the same concept as these four common scenarios.

    Use the Data Architecture Driver tool to identify your focus for data architecture

    Supporting Tool icon 1.1 Data Architecture Driver Pattern Identification Tool

    Follow Info-Tech’s process of first analyzing the needs of the business, then determining how best to architect your data based on these drivers. Data architecture needs to be able to rapidly evolve to support the strategic goals of the business, and the Data Architecture Driver Pattern Identification Tool will help you to prioritize your efforts to best do this.

    Tab 2. Driver Identification

    Objective: Objectively assess the most pressing business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2.

    Tab 3. Tactic Pattern Plan, Section 1

    Purpose: Review your business drivers that require architectural changes in your environment.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 1.

    Tab 3. Tactic Pattern Plan, Section 2

    Purpose: Determine a list of tactics that will help you address the business drivers.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 3, section 2.

    Step
    • Evaluate business drivers to determine the data architecture optimization priorities and tactics.
    Step
    • Understand how each business driver relates to data architecture and how each driver gives rise to a specific pattern across the five-tier data architecture.
    Step
    • Review the list of high-level tactics presented to optimize your data architecture across the five tier architecture.

    Identify the drivers for improving your data architecture

    Associated Activity icon 1.1.1 1 hour

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Instructions

    In Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, assess the degree to which the organization is feeling the pains of the four most common business drivers:

    1. Is there a present or growing need for the business to be making data-driven decisions?
    2. Does the business want to explore a new functionality and hence require a new application?
    3. Is your organization acquiring or merging with another entity?
    4. Is your organization’s regulatory environment quick to change and require stricter reporting?

    Data architecture improvements need to be driven by business need.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    “As a data architect, you have to understand the functional requirements, the non-functional requirements, then you need to make a solution for those requirements. There can be multiple solutions and multiple purposes. (Andrew Johnston, Independent Consultant)

    Interview the business to get clarity on business objectives and drivers

    Associated Activity icon 1.1.2 1 hour per interview

    INPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    OUTPUT: Sample questions targeting the activities, challenges, and opportunities of each business unit

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Business representatives, IT representatives

    Identify 2-3 business units that demonstrate enthusiasm for or a positive outlook on improving how organizational data can help them in their role and as a unit.

    Conducting a deep-dive interview process with these key stakeholders will help further identify high-level goals for the data architecture strategy within each business unit. This process will help to secure their support throughout the implementation process by giving them a sense of ownership.

    Key Interview Questions:

    1. What are your primary activities? What do you do?
    2. What challenges do you have when completing your activities?
    3. How is poor data impacting your job?
    4. If [your selected domain]’s data is improved, what business issues would this help solve?

    Request background information and documentation from stakeholders regarding the following:

    • What current data management policies and processes exist (that you know of)?
    • Who are the data owners and end users?
    • Where are the data sources within the department stored?
    • Who has access to these data sources?
    • Are there existing or ongoing data issues within those data sources?

    Interview the enterprise architect to get input on the drivers of the business

    Associated Activity icon 1.1.3 2 hours

    INPUT: Data Architecture Driver tool assessment prompts.

    OUTPUT: Identified business driver that applies to your organization.

    Materials: Data Architecture Driver Pattern Identification Tool

    Participants: Data architect, Enterprise architect

    Data architecture improvements need to be driven by business need.

    Instructions

    As you work through Tab 2. Driver Identification of the Data Architecture Driver Pattern Identification Tool, consult with the enterprise architect or equivalent to assist you in rating the importance of each of the symptoms of the business drivers. This will help you provide greater value to the business and more aligned objectives.

    Screenshot of the Data Architecture Driver Pattern Identification Tool, tab 2 Driver Identification.
    Tab 2. Driver Identification

    Once you know what that need is, go to Step 2.

    Phase 1, Step 2: Establish Actionable Tactics to Optimize Data Architecture

    PHASE 1

    1.11.2
    Identify Your Business Driver for Optimizing Data ArchitectureDetermine Actionable Tactics to Optimize Data Architecture

    This step will walk you through the following activities:

    • Understand Info-Tech’s five-tier data architecture to begin focusing your architectural optimization.
    • Create your Data Architecture Optimization Template to plan your improvement tactics.
    • Prioritize your tactics based on the five-tier architecture to plan optimization.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect
    • DBAs

    Outcomes of this step

    • A tactical and prioritized plan for optimizing the organization’s data architecture according to the needs of the business.

    To plan a business-driven architecture, data architects need to keep the organization’s big picture in mind

    Remember… Architecting an organization involves alignment, planning, road mapping, design, and change management functions.

    Data architects must be heavily involved with:

    • Understanding the short- and long-term visions of the business to develop a vision for the organization’s data architecture.
    • Creating processes for governing the identification, collection, and use of accurate and valid data, as well as for tracking data quality, completeness, and redundancy.
    • They need to create strategies for data security, backup, disaster recovery, business continuity, and archiving, and ensure regulatory compliance.

    To do this, you need a framework. A framework provides you with the holistic view of the organization’s data environment that you can use to design short- and long-term tactics for improving the use of data for the needs of the business.

    Use Info-Tech’s five-tier data architecture to model your environment in a logical, consumable fashion.

    Info-Tech Best Practice

    The more complicated an environment is, the more need there is for a framework. Being able to pick a starting point and prioritize tasks is one of the most difficult, yet most essential, aspects of any architect’s role.

    The five tiers of an organization’s data architecture support the use of data throughout its lifecycle

    Info-Tech’s five-tier data architecture model summarizes an organization’s data environment at a logical level. Data flows from left to right, but can also flow from the presentation layer back to the warehousing layer for repatriation of data.

    Info-Tech's Five Tier Data Architecture. The five tiers being 'Sources' which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'; 'Integration and Translation' which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'; 'Warehousing' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM', and 'Data Lakes & Warehouse(s) (Derived Data)'; 'Analytics' which includes 'Data Marts', 'Data Cube', 'Flat Files', 'BI Tools', and the 'Protected Zone: Data Marts - BDG Class Ref. MDM'; and 'Presentation' which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'.

    Use the Data Architecture Optimization Template to build your improvement roadmap

    Supporting Tool icon 1.2 Data Architecture Optimization Template

    Download the Data Architecture Optimization Template.

    Overview

    Use this template to support your team in creating a tactical strategy for optimizing your data architecture across the five tiers of the organization’s architecture. This template can be used to document your organization’s most pressing business driver, the reasons for optimizing data architecture according to that driver, and the tactics that will be employed to address the shortcomings in the architecture.

    Sample of Info-Tech’s Data Architecture Optimization Template. Info-Tech’s Data Architecture Optimization Template Table of Contents
    1. Build Your Current Data Architecture Logical Model Use this section to document the current data architecture situation, which will provide context for your plan to optimize your data architecture.
    2. Optimization Plan Use this section to document the tactics that will be employed to optimize the current data architecture according to the tactic pattern identified by the business driver.

    Fill out as you go

    As you read about the details of the five-tier data architecture model in the following slides, start building your current logical data architecture model by filling out the sections that correspond to the various tiers. For example, if you identified that the most pressing business driver is becoming compliant with regulations, document the sources of data required for compliance, as well as the warehousing strategy currently being employed. This will help you to understand the organization’s data architecture at a logical level.

    Tier 1 represents all of the sources of your organization’s data

    Tier 1 of Info-Tech's Five Tier Data Architecture, 'Sources', which includes 'App1 ', 'App2', 'Excel and other documents', 'Access database(s)', 'IOT devices', and 'External data feed(s) & social media'.
    –› Data to integration layer

    Tier 1 is where the data enters the organization.

    All applications, data documents such as MS Excel spreadsheets, documents with table entries, manual extractions from other document types, user-level databases including MS Access and MySQL, other data sources, data feeds, big datasets, etc. reside here.

    This tier typically holds the siloed data that is so often not available across the enterprise because the data is held within department-level applications or systems. This is also the layer where transactions and operational activities occur and where data is first created or ingested.

    There are any number of business activities from transactions through business processes that require data to flow from one system to another, so it is often at this layer we see data created more than once, data corruption occurs, manual re-keying of data from system to system, and spaghetti-like point-to-point connections are built that are often fragile. This is usually the single most problematic area within an enterprise’s data environment. Application- or operational-level (siloed) reporting often occurs at this level.

    Info-Tech Best Practice

    An optimized Tier 1 has the following attributes:

    • Rationalized applications
    • Operationalized database administration
    • Databases governed, monitored, and maintained to ensure optimal performance

    Tier 2 represents the movement of data

    Tier 2 of Info-Tech's Five Tier Data Architecture, 'Integration and Translation', which includes 'Solutions: SOA, Point to Point, Manual Loading, ESB , ETL, ODS, Data Hub' and 'Functions: Scrambling Masking Encryption, Tokenizing, Aggregation, Transformation, Migration, Modeling'.
    –› Data to Warehouse Environment

    Find out more

    For more information on data integration, see Info-Tech’s Optimize the Organization’s Data Integration Practices blueprint.

    Tier 2 is where integration, transformation, and aggregation occur.

    Regardless of how you integrate your systems and data stores, whether via ETL, ESB, SOA, data hub, ODS, point-to-point, etc., the goal of this layer is to move data at differing speeds for one of two main purposes:

    1) To move data from originating systems to downstream systems to support integrated business processes. This ensures the data is pristine through the process and improves trustworthiness of outcomes and speed to task and process completion.

    2) To move data to Tier 3 - The Data Warehouse Architecture, where data rests for other purposes. This movement of data in its purest form means we move raw data to storage locations in an overall data warehouse environment reflecting any security, compliance and other standards in our choices for how to store.

    Also, this is where data is transformed for unique business purpose that will also be moved to a place of rest or a place of specific use. Data masking, scrambling, aggregation, cleansing and matching, and other data related blending tasks occur at this layer.

    Info-Tech Best Practice

    An optimized Tier 2 has the following attributes:

    • Business data glossary is leveraged
    • ETL is governed
    • ETL team is empowered
    • Data matching is facilitated
    • Canonical data model is present

    Tier 3 is where data comes together from all sources to be stored in a central warehouse environment

    Tier 3 is where data rests in long-term storage.

    This is where data rests (long-term storage) and also where an enterprise’s information, documents, digital assets, and any other content types are stored. This is also where derived and contrived data creations are stored for re-use, and where formulas, thought models, heuristics, algorithms, report styles, templates, dashboard styles, and presentations-layer widgets are all stored in the enterprise information management system.

    At this layer there may be many technologies and many layers of security to reflect data domains, classifications, retention, compliance, and other data needs. This is also the layer where data lakes exist as well as traditional relational databases, enterprise database systems, enterprise content management systems, and simple user-level databases.

    Info-Tech Best Practice

    An optimized Tier 3 has the following attributes:

    • Data warehouse is governed
    • Data warehouse operations and planning
    • Data library is comprehensive
    • Four Rosetta Stones of data are in place: BDG, data classification, reference data, master data.
    Data from integration layer –›
    Tier 3 of Info-Tech's Five Tier Data Architecture, 'Data Warehouse Environment' which includes 'Data Lakes & Warehouse(s) (Raw Data)', 'EIM, ECM, DAM'.
    –› Analytics

    Find out more

    For more information on Data Warehousing, see Info-Tech’s Build an Extensible Data Warehouse Foundation and Drive Business Innovation With a Modernized Data Warehouse Environment blueprints.

    Tier 4 is where knowledge and insight is born

    Tier 4 represents data being used for a purpose.

    This is where you build fit-for-purpose data sets (marts, cubes, flat files) that may now draw from all enterprise data and information sources as held in Tier 3. This is the first place where enterprise views of all data may be effectively done and with trust that golden records from systems of record are being used properly.

    This is also the layer where BI tools get their greatest use for performing analysis. Unlike Tier 3 where data is at rest, this tier is where data moves back into action. Data is brought together in unique combinations to support reporting, and analytics. It is here that the following enterprise analytic views are crafted:
    Exploratory, Inferential, Causal, Comparative, Statistical, Descriptive, Diagnostic, Hypothesis, Predictive, Decisional, Directional, Prescriptive

    Info-Tech Best Practice

    An optimized Tier 4 has the following attributes:

    • Reporting meets business needs
    • Data mart operations are in place
    • Governance of data marts, cubes, and BI tools in place
    Warehouse Environment –›
    Tier 4 of Info-Tech's Five Tier Data Architecture, 'Analytics', which includes 'Data Marts', 'Data Cube', 'Flat Files', and 'BI Tools'.
    –› Presentation

    Find out more

    For more information on BI tools and strategy, see Info-Tech’s Select and Implement a Business Intelligence and Analytics Solution and Build a Next Generation BI with a Game-Changing BI Strategy blueprints.

    The presentation layer, Tier 5, is where data becomes presentable information

    Tier 5 represents data in knowledge form.

    This is where the data and information combine in information insight mapping methods (presentations, templates, etc.). We craft and create new ways to slice and dice data in Tier 4 to be shown and shared in Tier 5.

    Templates for presenting insights are extremely valuable to an enterprise, both for their initial use, and for the ability to build deeper, more insightful analytics. Re-use of these also enables maximum speed for sharing, consuming the outputs, and collective understanding of these deeper meanings that is a critical asset to any enterprise. These derived datasets and the thought models, presentation styles, templates, and other derived and contrived assets should be repatriated into the derived data repositories and the enterprise information management systems respectively as shown in Tier 3.

    Find out more

    For more information on enterprise content management and metadata, see Info-Tech’s Develop an ECM Strategy and Break Open Your DAM With Intuitive Metadata blueprints.

    Tier 5 of Info-Tech's Five Tier Data Architecture, 'Presentation', which includes 'Formulas', 'Thought Models', 'Reports', 'Dashboards', 'Presentations', and 'Derived Data (from analytics activities)'. The 'Repatriation of data' feeds the derived data back into Warehousing.

    Info-Tech Best Practice

    An optimized Tier 5 has the following attributes:

    • Metadata creation is supervised
    • Metadata is organized
    • Metadata is governed
    • Content management capabilities are present

    Info-Tech Insight

    Repatriation of data and information is an essential activity for all organizations to manage organizational knowledge. This is the activity where information, knowledge, and insights that are stored in content form are moved back to the warehousing layer for long-term storage. Because of this, it is crucial to have an effective ECM strategy as well as the means to find information quickly and efficiently. This is where metadata and taxonomy come in.

    As a data architect, you must prioritize your focus according to business need

    Determine your focus.

    Now that you have an understanding of the drivers requiring data architecture optimization, as well as the current data architecture situation at your organization, it is time to determine the actions that will be taken to address the driver.

    1. Business driver

    Screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.
    Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan

    3. Documented tactic plan

    Data Architecture Optimization Template

    2. Tactics across the five tiers

    Another screenshot of Data Architecture Driver Pattern Identification Tool, Tab 2. Tactic Pattern Plan.

    The next four slides provide an overview of the priorities that accompany the four most common business drivers that require updates to a stale data architecture.

    Business driver #1: Adding a new functionality to an application can have wide impacts on data architecture

    Does the business wants to add a new application or supplement an existing application with a new functionality?

    Whether the business wants to gain better customer intimacy, achieve operational excellence, or needs to change its compliance and reporting strategy, the need for collecting new data through a new application or a new functionality within an existing application can arise. This business driver has the following attributes:

    • Often operational oriented and application driven.
    • An application is changed through an application version upgrade, migration to cloud, or application customization, or as a result of application rationalization or changes in the way that application data is generated.
    • However, not all new functionalities trigger this scenario. Non-data-related changes, such as a new interface, new workflows, or any other application functionality changes that do not involve data, will not have data architecture impacts.
    Stock photo of someone using a smartphone with apps.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality. Tactics for this business driver should address the following pattern:
    Tiers 1 and 2 highlighted.

    Business driver #2: Organizations today are looking to become more data driven

    Does the business wants to better leverage its data?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    “Data-drivenness is about building tools, abilities, and, most crucially, a culture that acts on data.” (Carl Anderson, Creating a Data-Driven Organization)

    Tactics for this business driver should address the following pattern:
    Tiers 3, 4, and 5 highlighted.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier and the integration of the new functionality.
    Stock photo of someone sitting at multiple computers with analytics screens open.
    • This scenario is typically project driven and analytical oriented.
    • The business is looking to leverage data and information by processing data through BI tools and self-service.
    • Example: The organization wants to include new third-party data, and needs to build a new data mart to provide a slice of data for analysis.

    Business driver #3: Risk and compliance demands can put pressure on outdated architectures

    Is there increasing pressure on the business to maintain compliance requirements as per regulations?

    An organization can want to use its data for multiple reasons. Whether these reasons include improving customer experience or operational excellence, the data architect must ensure that the organization’s data aggregation environment, reporting and analytics, and presentation layer are assessed and optimized for serving the needs of the business.

    There are different types of requirements:
    • Can be data-element driven. For example, PII, PHI are requirements around data elements that are associated with personal and health information.
    • Can be process driven. For example, some requirements restrict data read/write to certain groups.
    Stock photo of someone pulling a block out of a Jenga tower.
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture where data is stored: at the sources, the warehouse environment, and analytics layer. Tactics for this business driver should address the following pattern:
    Tiers 1, 3, and 4 highlighted.

    Business driver #4: Mergers and acquisitions can require a restructuring of the organization’s data architecture

    Is the organization looking to acquire or merge with another organization or line of business?

    There are three scenarios that encompass the mergers and acquisitions business driver for data architecture:

    1. The organization acquires/merges with another organization and wants to integrate the data.
    2. The organization acquires/merges a subset of an organization (a line of business, for example) and wants to integrate the data.
    3. The organization acquires another organization for competitive purposes, and does not need to integrate the data.
    Regardless of what scenario your organization falls into, you must go through the same process of identifying the requirements for the new data:
    1. Understand what data you are getting.
      The business may acquire another organization for the data, for the technology, and/or for algorithms (for example). If the goal is to integrate the new data, you must understand if the data is unstructured, structured, how much data, etc.
    2. Plan for the integration of the new data into your environment.
      Do you have the expertise in-house to integrate the data? Database structures and systems are often mismatched (for example, acquired company could have an Oracle database whereas you are an SAP shop) and this may require expertise from the acquired company or a third party.
    3. Integrate the new data.
      Often, the extraction of the new data is the easy part. Transforming and loading the data is the difficult and costly part.
    “As a data architect, you must do due diligence of the acquired firm. What are the workflows, what are the data sources, what data is useful, what is useless, what is the value of the data, and what are the risks of embedding the data?” (Anonymous Mergers and Acquisitions Consultant)
    Modified icon for Tools & Templates. When this business driver arises, data architects should focus on optimizing architecture at the source tier, the warehousing layer, and analytics. Tiers 1, 3, and 4 highlighted.

    Determine your tier priority pattern and the tactics that you should address based on the business drivers

    Associated Activity icon 1.2.1 30 minutes

    INPUT: Business driver assessment

    OUTPUT: Tactic pattern and tactic plan

    Materials: Data Architecture Driver Pattern Identification Tool, Data Architecture Optimization Template

    Participants: Data architect, Enterprise architect

    Instructions
    1. After you have assessed the organization’s business driver on Tab 1. Driver Identification, move to Tab 2. Tactic Pattern Plan.
    2. Here, you will find a summary of the business driver that applies to you, as well as the tier priority pattern that will help you to focus your efforts for data architecture.
    3. Document the Tier Priority Pattern and associated tactics in Section 2. Optimization Plan of the Data Architecture Optimization Plan.
    Screenshot of Data Architecture Driver Tool.
    Data Architecture Driver Tool
    Arrow pointing right. Sample of Data Architecture Optimization Template
    Data Architecture Optimization Template

    Info-Tech Insight

    Our approach will help you to get to the solution of the organization’s data architecture problems as quickly as possible. However, keep in mind that you should still address the other tiers of your data architecture even if they are not part of the pattern we identified. For example, if you need to become more data driven, don’t completely ignore the sources and the integration of data. However, to deliver the most and quickest value, focus on tiers 3, 4, and 5.

    This phase helped you to create a tactical plan to optimize your data architecture according to business priorities

    Phase 1 is all about focus.

    Data architects and those responsible for updating an organization’s data architecture have a wide-open playing field with which to take their efforts. Being able to narrow down your focus and generate an actionable plan will help you provide more value to the organization quickly and get the most out of your data.

      Phase 1
      • Business Drivers
        • Tactic Pattern
          • Tactical Plan

    Now that you have your prioritized tactical plan, move to Phase 2. This phase will help you map these priorities to the essential capabilities and measure where you stack up in these capabilities. This is an essential step in creating your data architecture roadmap and plan for coming years to modernize the organization’s data architecture.

    To identify what the monetary authority needed from its data architecture, Info-Tech helped determine the business driver

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 1

    Prior to receiving new external requirements, the monetary Authority body had been operating with an inefficient system. Outdated legacy systems, reports in paper form, incomplete reports, and stale data from other agencies resulted in slow data access. The new requirements demanded speeding up this process.

    Diagram comparing the 'Original Reporting' requirement of 'Up to 7 days' vs the 'New Requirement' of 'As soon as 1 hour'. The steps of reporting in that time are 'Report Request', 'Gather Data', and 'Make Report'.

    Although the organization understood it needed changes, it first needed to establish what were the business objectives, and which areas of their architecture they would need to focus on.

    The business driver in this case was compliance requirements, which directed attention to the sources, aggregation, and insights tiers.

    Tiers 1, 3, and 4 highlighted.

    Looking at the how the different tiers relate to certain business operations, the organization uncovered the best practise tactics to achieving an optimized data architecture.

    1. Source Tactics: 3. Warehousing Tactics: 4. Analytics Tactics:
    • Identify data sources
    • Ensure data quality
    • Properly catalogue data
    • Properly index data
    • Provide the means for data accessibility
    • Allow for data reduction/space for report building

    Once the business driver had been established, the organization was able to identify the specific areas it would eventually need to evaluate and remedy as needed.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1

    Sample of activity 1.1.1 'Identify the drivers for improving your data architecture'. Identify the business driver that will set the direction of your data architecture optimization plan.

    In this activity, the facilitator will guide the team in identifying the business driver that is creating the need to improve the organization’s data architecture. Data architecture needs to adapt to the changing needs of the business, so this is the most important step of any data architecture improvements.

    1.2.1

    Sample of activity 1.2.1 'Determine your tier priority pattern and the tactics that you should address based on the business drivers'. Determine the tactics that you will use to optimize data architecture.

    In this activity, the facilitator will help the team create a tactical plan for optimizing the organization’s data architecture across the five tiers of the logical model. This plan can then be followed when addressing the business needs.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 2

    Personalize Your Tactics to Optimize Your Data Architecture

    Phase 2 will determine your tactics that you should implement to optimize your data architecture

    Business Drivers
    Each business driver requires focus on specific tiers and their corresponding capabilities, which in turn correspond to tactics necessary to achieve your goal.
    New Functionality Risk and Compliance Mergers and Acquisitions Become More Data Driven
    Tiers 1. Data Sources 2. Integration 3. Warehousing 4. Insights 5. Presentation
    Capabilities Current Capabilities
    Target Capabilities
    Example Tactics Leverage indexes, partitions, views, and clusters to optimize performance.

    Cleanse data source.

    Leverage integration technology.

    Identify matching approach priorities.

    Establish governing principles.

    Install performance enhancing technologies.

    Establish star schema and snowflake principles.

    Share data via data mart.

    Build metadata architecture:
    • Data lineage
    • Sharing
    • Taxonomy
    • Automatic vs. manual creation

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Personalize Your Tactics to Optimize Your Data Architecture

    Proposed Time to Completion: 2 weeks
    Step 2.1: Measure Your Data Architecture Capabilities Step 2.2: Set a Target for Data Architecture Capabilities Step 2.3: Identify the Tactics That Apply to Your Organization
    Start with an analyst kick-off call:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Review findings with analyst:
    • Understand Info-Tech’s data architecture capability model to begin identifying where to develop tactics for optimizing your data architecture.
    Finalize phase deliverable:
    • Learn about the trends in data architecture that can be leveraged to develop tactics.
    Then complete these activities…
    • Measure your current state across the tiers of the capability model that will help address your business driver.
    Then complete these activities…
    • Measure your target state for the capabilities that will address your business driver.
    Then complete these activities…
    • Review the tactical roadmap that was created with guidance from the capability gap analysis.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Trends Presentation Template

    Phase 2 Results & Insights

    • Data architecture is not just data models. Understand the essential capabilities that your organization needs from its data architecture to develop a tactical plan for optimizing data architecture across its people, processes, and technology.

    Phase 2, Step 1: Measure Your Data Architecture Capabilities

    PHASE 2

    2.1 2.2 2.3
    Measure Your Data Architecture Capabilities Set a Target for Data Architecture Capabilities Identify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • As you walk through the data architecture capability model, measure your current state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    To personalize your tactical strategy, you must measure up your base data architecture capabilities

    What is a capability?

    Capabilities represent a mixture of people, technology, and processes. The focus of capability design is on the outcome and the effective use of resources to produce a differentiating capability or an essential supporting capability.

    To personalize your tactics, you have to understand what the essential capabilities are across the five tiers of an organization’s data architecture. Then, assess where you currently stand in these capabilities and where you need to go in order to build your optimization plan.

    'Capability' as a mixture of 'People', 'Technology', 'Process', and 'Assets'.

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Use Info-Tech’s data architecture capability model as a resource to assess and plan your personalized tactics

    Info-Tech’s data architecture capability model can be laid over the five-tier data architecture to understand the essential and advanced capabilities that an organization should have, and to build your tactical strategy for optimizing the organization’s data architecture across the tiers.

    Info-Tech’s Data Architecture Capability Model featuring the five-tier architecture listing 'Core Capabilities' and 'Advanced Capabilities' within each tier, and a list of 'Cross Capabilities' which apply to all tiers.

    Use the Data Architecture Tactical Roadmap Tool to create a tailored plan of action

    Supporting Tool icon 2.1.1 Data Architecture Tactical Roadmap Tool

    Instructions

    Use the Data Architecture Tactical Roadmap Tool as your central tool to develop a tactical plan of action to optimize the organization’s data architecture.

    This tool contains the following sections:

    1. Business Driver Input
    2. Capability Assessment
    3. Capability Gap Analysis
    4. Tactical Roadmap
    5. Metrics
    6. Initiative Roadmap

    INFO-TECH DELIVERABLE

    Sample of the Info-Tech deliverable Data Architecture Tactical Roadmap Tool.

    Benefits of using this tool:

    • Comprehensive documentation of data architecture capabilities present in leading organizations.
    • Generates an accurate architecture roadmap for your organization that is developed in alignment with the broader enterprise architecture and related architectural domains.

    To create a plan for your data architecture priorities, you must first understand where you currently stand

    Now that you understand the business problem that you are trying to solve, it is time to take action in solving the problem.

    The organization likely has some of the capabilities that are needed to solve the problem, but also a need to improve other capabilities. To narrow down the capabilities that you should focus on, first select the business driver that was identified in Phase 1 in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool. This will customize the roadmap tool to deselect the capabilities that are likely to be less relevant to your organization.

    For Example: If you identified your business driver as “becoming more data-driven”, you will want to focus on measuring and building out the capabilities within Tiers 3, 4, and 5 of the capability model.

    Data Architecture Capability Model
    Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted.

    Note

    If you want to assess your organization for all of the capabilities across the data architecture capability model, select “Comprehensive Data Architecture Assessment” in Tab 1. Business Driver Input of the Data Architecture Tactical Roadmap Tool.

    Determine your current state across the related architecture tiers

    Associated Activity icon 2.1.2 1 hour

    INPUT: Current data architecture capabilities.

    OUTPUT: An idea of where you currently stand in the capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect, Enterprise architect, Business representatives

    Use the Data Architecture Tactical Roadmap Tool to evaluate the baseline and target capabilities of your practice in terms of how data architecture is approached and executed.

    Instructions
    1. Invite the appropriate stakeholders to participate in this exercise.
    2. On Tab 2. Practice Components, assess the current and target states of each capability on a scale of 1–5.
    3. Note: “Ad hoc” implies a capability is completed, but randomly, informally, and without a standardized method.
      These results will set the baseline against which you will monitor performance progress and keep track of improvements over time.
    To assess data architecture maturity, Info-Tech uses the Capability Maturity Model Integration (CMMI) program for rating capabilities on a scale of 1 to 5:

    1 = Initial/Ad hoc

    2 = Developing

    3 = Defined

    4 = Managed and Measurable

    5 = Optimized

    Info-Tech Insight

    Focus on Early Alignment. Assessing capabilities within specific people’s job functions can naturally result in disagreement or debate, especially between business and IT people. Objectively facilitate any debate and only finalize capability assessments when there is full alignment. Remind everyone that data architecture should ultimately serve business needs wherever possible.

    Phase 2, Step 2: Set a Target for Data Architecture Capabilities

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Determine your target state in each of the relevant capabilities.
    • Distinguish between essential and nice-to-have capabilities for your organization.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A holistic understanding of where the organization’s data architecture currently sits, where it needs to go, and where the biggest gaps lie.

    To create a plan for your data architecture priorities, you must also understand where you need to get to in the future

    Keep the goal in mind by documenting target state objectives. This will help to measure the highest priority gaps in the organization’s data architecture capabilities.

    Example driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Current Capabilities Arrow pointing right. Target Capabilities
    Gaps and Priorities
    Stock photo of a hand placing four shelves arranged as stairs. On the first step is a mini-cut-out of a person walking.

    Determine your future state across the relevant tiers of the data architecture capability model

    Associated Activity icon 2.2.1 2 hours

    INPUT: Current state of data architecture capabilities.

    OUTPUT: Target state of data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    The future of data architecture is now.

    Determine the state of data architecture capabilities that the organization needs to reach to address the drivers of the business.

    For example: If you identified your business driver as “becoming more data driven”, you will want to focus on the capabilities within Tiers 3, 4, and 5 of the capability model.

    Driver = Becoming more data driven Arrow pointing right. Info-Tech’s Data Architecture Capability Model with tiers 3, 4, and 5 highlighted. Arrow pointing right. Target Capabilities

    Identify where gaps in your data architecture capabilities lie

    Associated Activity icon 2.2.2 1 hour

    INPUT: Current and target states of data architecture capabilities.

    OUTPUT: Holistic understanding of where you need to improve data architecture capabilities.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Visualization of gap assessment of data quality practice capabilities

    To enable deeper analysis on the results of your capability assessment, Tab 4. Capability Gap Analysis in the Data Architecture Tactical Roadmap Tool creates visualizations of the gaps identified in each of your practice capabilities and related data management practices. These diagrams serve as analysis summaries.

    Gap Assessment of Data Source Capabilities

    Sample of the Data Architecture Tactical Roadmap Tool, tab 4. Capability Gap Analysis.

    Use Tab 3. Data Quality Practice Scorecard to enhance your data quality project.

    1. Enhance your gap analyses by forming a relative comparison of total gaps in key practice capability areas, which will help in determining priorities.
    2. Put these up on display to improve discussion in the gap analyses and prioritization sessions.
    3. Improve the clarity and flow of your strategy template, final presentations, and summary documents by copying and pasting the gap assessment diagrams.

    Phase 2, Step 3: Identify the Tactics That Apply to Your Organization

    PHASE 2

    2.12.22.3
    Measure Your Data Architecture CapabilitiesSet a Target for Data Architecture CapabilitiesIdentify the Tactics That Apply to Your Organization

    This step will walk you through the following activities:

    • Before making your personal tactic plan, identify the trends in data architecture that can benefit your organization.
    • Understand Info-Tech’s data architecture capability model.
    • Initiate the Data Architecture Roadmap Tool to begin creating a roadmap for your optimization plan.

    This step involves the following participants:

    • Data Architect

    Outcomes of this step

    • A framework for generating a tactical plan for data architecture optimization.
    • Knowledge of the various trends in the data architecture field that can be incorporated into your plan.

    Capitalize on trends in data architecture before you determine the tactics that apply to you

    Stop here. Before you begin to plan for optimization of the organization’s data environment, get a sense of the sustainability and scalability of the direction of the organization’s data architecture evolution.

    Practically any trend in data architecture is driven by an attempt to solve one or more the common challenges of today’s tumultuous data landscape, otherwise known as “big data.” Data is being produced in outrageous amounts, at very high speeds, and in a growing number of types and structures.

    To meet these demands, which are not slowing down, you must keep ahead of the curve. Consider the internal and external catalysts that might fuel your organization’s need to modernize its data architecture:

    Big Data

    Data Storage

    Advanced analytics

    Unstructured data

    Integration

    Hadoop ecosystem

    The discussion about big data is no longer about what it is, but how do businesses of all types operationalize it.

    Is your organization currently capturing and leveraging big data?

    Are they looking to do so in the near future?

    The cloud

    The cloud offers economical solutions to many aspects of data architecture.

    Have you dealt with issues of lack of storage space or difficulties with scalability?

    Do you need remote access to data and tools?

    Real-time architecture

    Advanced analytics (machine learning, natural language processing) often require data in real-time. Consider Lambda and Kappa architectures.

    Has your data flow prevented you from automation, advanced analytics, or embracing the world of IoT?

    Graph databases

    Self-service data access allows more than just technical users to participate in analytics. NoSQL can uncover buried relationships in your data.

    Has your organization struggled to make sense of different types of unstructured data?

    Is ETL enough?

    What SQL is to NoSQL, ETL is to NoETL. Integration techniques are being created to address the high variety and high velocity of data.

    Have your data scientists wasted too much time and resources in the ETL stage?

    Read the Data Architecture Trends Presentation to understand the current cutting edge topics in data architecture

    Supporting Tool icon 2.1 Data Architecture Trends Presentation

    The speed at which new technology is changing is making it difficult for IT professionals to keep pace with best practices, let alone cutting edge technologies.

    The Info-Tech Data Architecture Trends Presentation provides a glance at some of the more significant innovations in technology that are driving today’s advanced data architectures.

    This presentation also explains how these trends relate to either the data challenges you may be facing, or the specific business drivers you are hoping to bring to your organization.

    Sample of the Data Architecture Trends Presentation.
    Data Architecture Trends Presentation

    Gaps between your current and future capabilities will help you to determine the tactics that apply to you

    Now that you know where the organization currently stands, follow these steps to begin prioritizing the initiatives:

    1. What are you trying to accomplish? Determine target states that are framed in quantifiable objectives that can be clearly communicated. The more specific the objectives are the better.
    2. Evaluate the “delta,” or difference between where the organization currently stands and where it needs to go. This will be expressed in terms of gap closure strategies, and will help clarify the initiatives that will populate the road map.
    3. Determine the relative business value of each initiative, as well as the relative complexities of successfully implementing them. These scores should be created with stakeholder input, and then plotted in an effort/transition quadrant map to determine where the quickest and most valuable wins lie.
    Current State Gap Closure Strategies Target State Data Architecture Tactical Roadmap
    • Organization objectives
    • Functional needs
    • Current operating models
    • Technology assets
    Initiatives involving:
    • Organizational changes
    • Functional changes
    • Technology changes
    • Process changes
    • Performance objectives (revenue growth, customer intimacy, growth of organization)
    • Operating model improvements
    • Prioritized, simplified, and compelling vision of how the organization will optimize data architecture

    (Source: “How to Build a Roadmap”)

    Info-Tech Insight

    Optimizing data architecture requires a tactical approach, not a passive approach. The demanding task of optimization requires the ability to heavily prioritize. After you have identified why, determine how using our pre-built roadmap to address the four common drivers.

    Each of the layers of an organization’s data architecture have associated challenges to optimization

    Stop! Before you begin, recognize these “gotchas” that can present roadblocks to creating an effective data architecture environment.

    Before diving headfirst into creating your tactical data architecture plan, documenting the challenges associated with each aspect of the organization’s data architecture can help to identify where you need to focus your energy in optimizing each tier. The following table presents the common challenges across the five tiers:

    Source Tier

    Integration Tier

    Warehousing Tier

    Analytics Tier

    Presentation Tier

    Inconsistent data models Performance issues Scalability of the data warehouse Data currency, flexibility Model interoperability
    Data quality measures: data accuracy, timeliness, accessibility, relevance Duplicated data Infrastructure needed to support volume of data No business context for using the data in the correct manner No business context for using the data in the correct manner
    Free-form field and data values beyond data domain Tokenization and other required data transformations Performance
    Volume
    Greedy consumers can cripple performance
    Insufficient infrastructure
    Inefficiencies in building the data mart Report proliferation/chaos (“kitchen sink dashboards”)
    Reporting out of source systems DB model inefficiencies
    Manual errors;
    Application usability
    Elasticity

    Create metrics before you plan to optimize your data architecture

    Associated Activity icon 2.2.3 1 hour

    INPUT: Tactics that will be used to optimize data architecture.

    OUTPUT: Metrics that can be used to measure optimization success.

    Materials: Data Architecture Tactical Roadmap Tool

    Participants: Data architect

    Metrics will help you to track your optimization efforts and ensure that they are providing value to the organization.

    There are two types of metrics that are useful for data architects to track and measure: program metrics and project metrics. Program metrics represent the activities that the data architecture program, which is the sum of multiple projects, should help to improve. Project metrics are the more granular metrics that track each project.

    Program Metrics

    • TCO of IT
      • Costs associated with applications, databases, data maintenance
      • Should decrease with better data architecture (rationalized apps, operationalized databases)
    • Cost savings:
      • Retiring a legacy system and associated databases
      • Consolidated licensing
      • Introducing shared services
    • Data systems under maintenance (maintenance burden)
    • End-user data requests fulfilled
    • Improvement of time of delivery of reports and insights

    Project Metrics

    • Percent of projects in alignment with EA
    • Percent of projects compliant with the EA governance process (architectural due diligence rate)
    • Reducing time to market for launching new products
      • Reducing human error rates
      • Speeding up order delivery
      • Reducing IT costs
      • Reducing severity and frequency of security incidents

    Use Tab 6. Metrics of the Data Architecture Tactical Roadmap Tool to document and track metrics associated with your optimization tactics.

    Use Info-Tech’s resources to build your data architecture capabilities

    The following resources from Info-Tech can be used to improve the capabilities that were identified as having a gap. Read more about the details of the five-tier architecture in the blueprints below:

    Data Governance

    Data architecture depends on effective data governance. Use our blueprint, Enable Shared Insights With an Effective Data Governance Engine to get more out of your architecture.

    Data Quality

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach.

    Master Data Management

    When you start your data governance program, you will quickly realize that you need an effective MDM strategy for managing your critical data assets. Use our blueprint, Develop a Master Data Management Strategy and Roadmap to Better Monetize Data to get started with MDM.

    Data Warehouse

    The key to maintaining high data quality is a proactive approach that requires you to establish and update strategies for preventing, detecting, and correcting errors. Find out more on how to improve data quality with Info-Tech’s blueprint, Drive Business Innovation With a Modernized Data Warehouse Environment.

    With the optimal tactics identified, the monetary authority uncovered areas needing improvement

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 2

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Best Practice Tactic Current State Solution
    Tier 1 - Data Sources Identify data sources Data coming from a number of locations. Create data model for old and new systems.
    Ensure data quality Internal data scanned from paper and incomplete. Data cleansing and update governance and business rules for migration to new system.
    External sources providing conflicting data.
    Tier 3 - Data Warehousing Data catalogue Data aggregated incompletely. Built proper business data glossary for searchability.
    Indexing Data warehouse performance sub-optimal. Architected data warehouse for appropriate use (star schema).
    Tier 4 - Data Analytics Data accessibility Relevant data buried in warehouse. Build data marts for access.
    Data reduction Accurate report building could not be performed in current storage. Built interim solution sandbox, spin up SQL database.

    Establishing these solutions provided the organization with necessary information to build their roadmap and move towards implementing an optimized data architecture.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 – 2.2.2

    Sample of activities 2.1.1 and 2.2.2, the first being 'Determine your current state across the related architecture tiers'. Evaluate your current capabilities and design your target data quality practice from two angles

    In this assessment and planning activity, the team will evaluate the current and target capabilities for your data architecture’s ability to meet business needs based on the essential capabilities across the five tiers of an organization’s architectural environment.

    2.2.3

    Sample of activity 2.2.3 'Create metrics before you plan to optimize your data architecture'. Create metrics to track the success of your optimization plan.

    The Info-Tech facilitator will guide you through the process of creating program and project metrics to track as you optimize your data architecture. This will help to ensure that the tactics are helping to improve crucial business attributes.

    Build a Business-Aligned Data Architecture Optimization Strategy

    PHASE 3

    Create Your Tactical Data Architecture Roadmap

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create Your Tactical Data Architecture Roadmap

    Proposed Time to Completion: 2 weeks
    Step 3.1: Personalize Your Data Architecture RoadmapStep 3.2: Manage Your Data Architecture Decisions and the Resulting Changes
    Start with an analyst kick-off call:
    • Review the tactical plan that addresses the business drivers by optimizing your data architecture in the relevant focus areas.
    Review findings with analyst:
    • Discuss and review the roadmap of optimization activities, including dependencies, timing, and ownership of activities.
    • Understand how change management is an integral aspect of any data architecture optimization plan.
    Then complete these activities…
    • Create your detailed data architecture initiative roadmap.
    Then complete these activities…
    • Create your Data Architecture Decision Template to document the changes that are going to be made to optimize your data architecture environment.
    • Review how change management fits into the data architecture improvement program.
    With these tools & templates:
    • Data Architecture Tactical Roadmap Tool
    With these tools & templates:
    • Data Architecture Decision Template

    Phase 3 Results & Insights

    • Phase 3 will help you to build a personalized roadmap and plan for optimizing data architecture in your organization. In carrying out this roadmap, changes will, by necessity, occur. Therefore, an integral aspect of a data architect’s role is change management. Use the resources included in Phase 3 to smoothen the change management process.

    Phase 3, Step 1: Personalize Your Data Architecture Roadmap

    PHASE 3

    3.1 3.2
    Personalize Your Data Architecture Roadmap Manage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • Determine the timing, effort, and ownership of the recommended optimization initiatives.
    • Brainstorm initiatives that are not yet on the roadmap but apply to you.

    This step involves the following participants:

    • Data Architect
    • DBAs
    • Enterprise Architect

    Outcomes of this step

    • A roadmap of specific initiatives that map to the tactical plan for optimizing your organization’s data architecture.
    • A plan for communicating high-level business objectives to data workers to address the issues of the business.

    Now that you have tactical priorities, identify the actionable steps that will lead you to an optimized data architecture

    Phase 1 and 2 helped you to identify tactics that address some of the most common business drivers. Phase 3 will bring you through the process of practically planning what those tactics look like in your organization’s environment and create a roadmap to plan how you will generate business value through optimization of your data architecture environment.

    Diagram of the three phases and the goals of each one. The first phase says 'Identify your data architecture business driver' and highlights 'Business Driver 3' out of four to focus on in Phase 2. Phase 2 says 'Optimization tactics across the five-tier logical data architecture' and identifies four of six 'Tactics' to use in Phase 3. Phase 3 is a 'Practical Roadmap of Initiatives' and utilizes a timeline of initiatives in which to apply the chosen tactics.

    Use the Data Architecture Tactic Roadmap Tool to personalize your roadmap

    Supporting Tool icon 3.1.1 Data Architecture Tactic Roadmap Tool
    Generating Your Roadmap
    1. On Tab 5. Tactic and Initiative Planning, you will find a list of tactics that correspond to every capability that applies to your chosen driver and where there is a gap. In addition, each tactic has a sequence of “Suggested Initiatives,” which represent the best-practice steps that you should take to optimize your data architecture according to your priorities and gaps.
    2. Customize this list of initiatives according to your needs.
    3. The Gantt chart is generated in Tab 7. Initiative Roadmap, and can be used to organize your plan and ensure that all of the essential aspects of optimizing data architecture are addressed.
    4. The roadmap can be used as an “executive brief” roadmap and as a communication tool for the business.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning.
    Tab 5. Tactic and Initiative Planning

    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap.
    Tab 7. Initiative Roadmap

    Determine the details of your data architecture optimization activities

    Associated Activity icon 3.1.2 1 hour

    INPUT: Timing of initiatives for optimizing data architecture.

    OUTPUT: Optimization roadmap

    Materials: Data Architecture Tactic Roadmap Tool

    Participants: Data architect, Enterprise Architect

    Instructions

    1. With the list of suggested activities in place on Tab 5. Tactic and Initiative Planning, select whether or not the initiatives will be included in the roadmap. By default, all of the initiatives are set to “Yes.”
    2. Plan the sequence, starting time, and length of each initiative, as well as the assigned responsibility of the initiative in Tab 5. Tactic and Initiative Planning of the Data Architecture Tactic Roadmap Tool.
    3. The tool will a generate a Gantt chart based on the start and length of your initiatives.
    4. The Gantt chart is generated in Tab 7. Initiative Roadmap.
    Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 5. Tactic and Initiative Planning. Tab 5. Tactic and Initiative Planning Screenshot of the Data Architecture Tactic Roadmap Tool, Tab 7. Initiative Roadmap. Tab 7. Initiative Roadmap

    Info-Tech Insight

    The activities that populate the roadmap can be taken as best practice activities. If you want an actionable, comprehensive, and prescriptive plan for optimizing your data architecture, fill in the timing of the activities and print the roadmap. This can serve as a rapid communication tool for your data architecture plan to the business and other architects.

    Optimizing data architecture relies on communication between the business and data workers

    Remember: Data architects bridge the gap between strategic and technical requirements of data.

    Visualization centering the 'Data Architect' as the bridge between 'Data Workers', 'Business', and 'Data & Applications'.

    Therefore, as you plan the data and its interactions with applications, it is imperative that you communicate the plan and its implications to the business and the data workers. Stock photo of coworkers communicating.
    Also remember: In Phase 1, you built your tactical data architecture optimization plan.
    Sample 1 of the Data Architecture Optimization Template. Sample 2 of the Data Architecture Optimization Template.
    Use this document to communicate your plan for data architecture optimization to both the business and the data workers. Socialize this document as a representation of your organization’s current data architecture as well as where it is headed in the future.

    Communicate your data architecture optimization plan to the business for approval

    Associated Activity icon 3.1.3 2 hours

    INPUT: Data Architecture Tactical Roadmap

    OUTPUT: Communication plan

    Materials: Data Architecture Optimization Template

    Participants: Data Architect, Business representatives, IT representatives

    Instructions

    Begin by presenting your plan and roadmap to the business units who participated in business interviews in activity 1.1.3 of Phase 1.

    If you receive feedback that suggests that you should make revisions to the plan, consult Info-Tech Research Group for suggestions on how to improve the plan.

    If you gain approval for the plan, communicate it to DBAs and other data workers.

    Iterative optimization and communication plan:
    Visualization of the Iterative optimization and communication plan. 'Start here' at 'Communicate Plan and Roadmap to the Business', and then continue in a cycle of 'Receive Approval or Suggested Modifications', 'Get Advice for Improvements to the Plan', 'Revise Plan', and back to the initial step until you receive 'Approval', then 'Present to Data Workers'.

    With a roadmap in place, the monetary authority followed a tactical and practical plan to repair outdated data architecture

    CASE STUDY

    Industry: Financial
    Source: Info-Tech Consulting
    Symbol for 'Monetary Authority Case Study'.

    Part 3

    After establishing the appropriate tactics based on its business driver, the monetary authority was able to identify its shortcomings and adopt resolutions to remedy the issues.

    Challenge

    A monetary authority was placed under new requirements where it would need to produce 6 different report types on its clients to a regulatory body within a window potentially as short as 1 hour.

    With its current capabilities, it could complete such a task in roughly 7 days.

    The organization’s data architecture was comprised of legacy systems that had poor searchability. Moreover, the data it worked with was scanned from paper, regularly incomplete and often inconsistent.

    Solution

    The solution first required the organization to establish the business driver behind the need to optimize its architecture. In this case, it would be compliance requirements.

    With Info-Tech’s methodology, the organization focused on three tiers: data sources, warehousing, and analytics.

    Several solutions were developed to address the appropriate lacking capabilities. Firstly, the creation of a data model for old and new systems. The implementation of governance principles and business rules for migration of any data. Additionally, proper indexing techniques and business data glossary were established. Lastly, data marts and sandboxes were designed for data accessibility and to enable a space for proper report building.

    Results

    With the solutions established, the monetary authority was given information it needed to build a comprehensive roadmap, and is currently undergoing the implementation of the plan to ensure it will experience its desired outcome – an optimized data architecture built with the capacity to handle external compliance requirements.

    Phase 3, Step 2: Manage Your Data Architecture Decisions and the Resulting Changes

    PHASE 3

    3.13.2
    Personalize Your Data Architecture RoadmapManage Your Data Architecture Decisions and the Resulting Changes

    This step will walk you through the following activities:

    • With a plan in place, document the major architectural decisions that have been and will be made to optimize data architecture.
    • Create a plan for change and release management, an essential function of the data architect role.

    This step involves the following participants:

    • Data Architect
    • Enterprise Architect

    Outcomes of this step

    • Resources for documenting and managing the inevitable change associated with updates to the organization’s data architecture environment.

    To implement data architecture changes, you must plan to accommodate the issues that come with change

    Once you have a plan in place, one the most challenging aspects of improving an organization is yet to come…overcoming change!

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    Stock photo of multiple hands placing app/website design elements on a piece of paper.

    Create roadmap

    Arrow pointing down.

    Communicate roadmap

    Arrow pointing down.

    Implement roadmap

    Arrow pointing down.

    Change management

    Use the Data Architecture Decision Template when architectural changes are made

    Supporting Tool icon 3.2 Data Architecture Decision Template
    Document the architectural decisions made to provide context around changes made to the organization’s data environment.

    The goal of this Data Architecture Decision Template is to provide data architects with a template for managing the changes that accompany major architectural decisions. As you work through the Build a Business-Aligned Data Architecture Optimization Strategy blueprint, you will create a plan for tactical initiatives that address the drivers of the business to optimize your data architecture. This plan will bring about changes to the organization’s data architecture that need change management considerations.

    Document any major changes to the organization’s data architecture that are required to evolve with the organization’s drivers. This will ensure that major architectural changes are documented, tracked, and that the context around the decision is maintained.

    “Environment is very chaotic nowadays – legacy apps, sprawl, ERPs, a huge mix and orgs are grappling with what our data landscape look like? Where are our data assets that we need to use?” (Andrew Johnston, Independent Consultant)

    Sample of the Data Architecture Decision Template.

    Use Info-Tech’s Data Architecture Decision Template to document any major changes in the organization’s data architecture.

    Leverage Info-Tech’s resources to smooth change management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the change management considerations that come with major architectural decisions.

    “When managing change, the job of the data architect is to avoid unnecessary change and to encapsulate necessary change.

    You must provide motivation for simplifying change, making it manageable for the whole organization.” (Andrew Johnston, Independent Consultant)

    See Info-Tech’s resources on change management to smooth changes:
    Banner for the blueprint set 'Optimize Change Management' with subtitle 'Turn and face the change with a right-sized change management process'.
    Sample of the Optimize Change Management blueprint.

    Change Management Blueprint

    Sample of the Change Management Roadmap Tool.

    Change Management Roadmap Tool

    Use Info-Tech’s resources for effective release management

    As changes to the architectural environment occur, data architects must stay ahead of the curve and plan the release management considerations around new hardware and software releases or updates.

    Release management is a process that encompasses the planning, design, build, configuration, and testing of hardware and software releases to create a defined set of release components (ITIL). Release activities can include the distribution of the release and supporting documentation directly to end users. See Info-Tech’s resources on Release Management to smooth changes:

    Banner for the blueprint set 'Take a Holistic View to Optimize Release Management' with subtitle 'Build trust by right-sizing your process using appropriate governance'.
    Samples of the Release Management blueprint.

    Release Management Blueprint

    Sample of the Release Management Process Standard Template.

    Release Management Process Standard Template

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of a Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1.1

    Sample of activity 3.1.2 'Determine the timing of your data architecture optimization activities'. Create your personalized roadmap of activities.

    In this activity, the facilitator will guide the team in evaluating practice gaps highlighted by the assessment, and compare these gaps at face value so general priorities can be documented. The same categories as in 3.1.1 are considered.

    3.1.3

    Sample of activity 3.1.3 'Communicate your Data Architecture Optimization Plan to the business for approval'. Communicate your data architecture optimization plan.

    The facilitator will help you to identify the optimal medium and timing for communicating your plan for optimizing your data architecture.

    Insight breakdown

    Insight 1

    • Data architecture needs to evolve along with the changing business landscape. There are four common business drivers that put most pressure on archaic architectures. As a result, the organization’s architecture must be flexible and responsive to changing business needs.

    Insight 2

    • Data architecture is not just about models.
      Viewing data architecture as just technical data modeling can lead to structurally unsound data that does not serve the business.

    Insight 3

    • Data is used differently across the layers of an organization’s data architecture, and the capabilities needed to optimize use of data change with it. Architecting and managing data from source to warehousing to presentation requires different tactics for optimal use.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of what data architecture is, how data architects can provide value to the organization, and how data architecture fits into the larger enterprise architecture picture.
    • The capabilities required for optimization of the organization’s data architecture across the five tiers of the logical data architecture model.

    Processes Optimized

    • Prioritization and planning of data architect responsibilities across the five tiers of the five-tier logical data architecture model.
    • Roadmapping of tactics that address the most common business drivers of the organization.
    • Architectural change management.

    Deliverables Completed

    • Data Architecture Driver Pattern Identification Tool
    • Data Architecture Optimization Template
    • Data Architecture Trends Presentation
    • Data Architecture Roadmap Tool
    • Data Architecture Decision Template

    Research contributors and experts

    Photo of Ron Huizenga, Senior Product Manager, Embarcadero Technologies, Inc. Ron Huizenga, Senior Product Manager
    Embarcadero Technologies, Inc.

    Ron Huizenga has over 30 years of experience as an IT executive and consultant in enterprise data architecture, governance, business process reengineering and improvement, program/project management, software development, and business management. His experience spans multiple industries including manufacturing, supply chain, pipelines, natural resources, retail, healthcare, insurance, and transportation.

    Photo of Andrew Johnston, Architect, Independent Consultant. Andrew Johnston, Architect Independent Consultant

    An independent consultant with a unique combination of managerial, commercial, and technical skills, Andrew specializes in the development of strategies and technical architectures that allow businesses to get the maximum benefit from their IT resources. He has been described by clients as a "broad spectrum" architect, summarizing his ability to engage in many problems at many levels.

    Research contributors

    Internal Contributors
    Logo for Info-Tech Research Group.
    • Steven J. Wilson, Senior Director, Research & Advisory Services
    • Daniel Ko, Research Manager
    • Bernie Gilles, Senior Director, Research & Advisory Services
    External Contributors
    Logo for Embarcadero.
    Logo for Questa Computing. Logo for Geha.
    • Ron Huizenga, Embercardo Technologies
    • Andrew Johnston, Independent Consultant
    • Darrell Enslinger, Government Employees Health Association
    • Anonymous Contributors

    Bibliography

    Allen, Mark. “Get the ETL Out of Here.” MarkLogic. Sep, 2016. Web. 25 Apr 2017.[http://www.marklogic.com/blog/get-the-etl-out-of-here/]

    Anadiotis, George. “Streaming hot: Real-time big data architecture matters.” ZDNet. Jan, 2017. Web. 25 Apr 2017. [http://www.zdnet.com/article/streaming-hot-real-time-big-data-architecture-matters/]

    Aston, Dan. “The Economic value of Enterprise Architecture and How to Show It.” Erwin. Aug, 2016. Web. 20 Apr 2017. [http://erwin.com/blog/economic-value-enterprise-architecture-show/]

    Baer, Tony. “2017 Trends to Watch: Big Data.” Ovum. Nov, 2016. Web. 25 Apr 2017.

    Bmc. “Benefits & Advantages of Hadoop.” Bmc. Web. 25 Apr 2017. [http://www.bmcsoftware.ca/guides/hadoop-benefits-business-case.html]

    Boyd, Ryan, et al. “Relational vs. Graph Data Modeling” DZone. Mar 2016. Web. 25 Apr 2017. [https://dzone.com/articles/relational-vs-graph-data-modeling]

    Brahmachar, Satya. “Theme To Digital Transformation - Journey to Data Driven Enterprise” Feb, 2015. Web. 20 Apr 2017. [http://satyabrahmachari-thought-leader.blogspot.ca/2015/02/i-smac-theme-to-digital-transformation.html]

    Capsenta. “NoETL.” Capsenta. Web. 25 Apr 2017. [https://capsenta.com/wp-content/uploads/2015/03/Capsenta-Booklet.pdf]

    Connolly, Shaun. “Implementing the Blueprint for Enterprise Hadoop” Hortonworks. Apr, 2014. Web. 25 Apr 2017. https://hortonworks.com/blog/implementing-the-blue...

    Forbes. “Cloud 2.0: Companies Move From Cloud-First To Cloud-Only.” Forbes. Apr, 2017. Web. 25 Apr 2017. [https://www.forbes.com/sites/vmware/2017/04/07/cloud-2-0-companies-move-from-cloud-first-to-cloud-only/#5cd9d94a4d5e]

    Forgeat, Julien. “Lambda and Kappa.” Ericsson. Nov 2015. Web 25 Apr 2017. [https://www.ericsson.com/research-blog/data-knowledge/data-processing-architectures-lambda-and-kappa/]

    Grimes, Seth. “Is It Time For NoETL?” InformationWeek. Mar, 2010. Web. 25 Apr 2017. [http://www.informationweek.com/software/information-management/is-it-time-for-noetl/d/d-id/1087813]

    Gupta, Manav. et al. “How IB‹ leads in building big data analytics solutions in the cloud.” IBM. Feb, 2016. Web. 25 Apr 2017. [https://www.ibm.com/developerworks/cloud/library/cl-ibm-leads-building-big-data-analytics-solutions-cloud-trs/index.html#N102DE]

    “How To Build A Roadmap.” Hub Designs Magazine. Web 25 Apr 2017. [https://hubdesignsmagazine.com/2011/03/05/how-to-build-a-roadmap/]

    IBM. “Top industry use cases for stream computing.” IBM. Oct, 2015. Web. 25 Apr 2017. [https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=IMW14704USEN]

    Mateos-Garcia, Juan, et al. “Skills Of The Datavores.” Nesta. July. 2015. Web. 8 Aug 2016. [https://www.nesta.org.uk/sites/default/files/skills_of_the_datavores.pdf].

    Maynard, Steven. “Analytics: Don’t Forget The Human Element” Forbes. 2015. Web. 20 Apr. 2017. [http://www.ey.com/Publication/vwLUAssets/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015/$FILE/EY-Forbes-Insights-Data-and-Analytics-Impact-Index-2015.pdf]

    Neo4j. “From Relational to Neo4j.” Neo4j. Web. 25 Apr 2017. [https://neo4j.com/developer/graph-db-vs-rdbms/#_from_relational_to_graph_databases]

    NoETL “NoETL.” NoETL. Web. 25 Apr 2017. [http://noetl.org/]

    Nolan, Roger. “Digital Transformation: Is Your Data Management Ready?” Informatica. Jun, 2016. Web. 20 Apr 2017. [https://blogs.informatica.com/2016/06/10/digital-transformation-data-management-ready/#fbid=hmBYQgS6hnm]

    OpsClarity. “2016 State of Fast Data & Streaming Applications.” OpsClarity. Web. 25 Apr 2017. [https://www.opsclarity.com/wp-content/uploads/2016/07/2016FastDataSurvey.pdf]

    Oracle. “A Relational Database Overview.” Oracle. Web. 25 Apr 2017. [https://docs.oracle.com/javase/tutorial/jdbc/overview/database.html]

    Ponemon Institute LLC. “Big Data Cybersecurity Analytics Research Repor.t” Cloudera. Aug, 2016. Web. 25 Apr 2017. [https://www.cloudera.com/content/dam/www/static/documents/analyst-reports/big-data-cybersecurity-analytics-research-report.pdf]

    Sanchez, Jose Juan. “Data Movement Killed the BI Star.” DV Blog. May, 2016. Web. 20 Apr. 2017. [http://www.datavirtualizationblog.com/data-movement-killed-the-bi-star/]

    SAS. “Hadoop; What it is and why does it matter?” SAS. Web. 25 Apr 2017. [https://www.sas.com/en_ca/insights/big-data/hadoop.html#hadoopusers]

    Schumacher, Robin. “A Quick Primer on graph Databases for RDBMS Professionals.” Datastax. Jul, 2016. Web. 25 Apr 2017. [http://www.datastax.com/2016/07/quick-primer-on-graph-databases-for-rdbms-professionals]

    Swoyer, Steve. “It’s the End of the Data Warehouse as We Know It.” TDWI. Jan, 2017. Web. 20 Apr. 2017. [https://upside.tdwi.org/articles/2017/01/11/end-of-the-data-warehouse-as-we-know-it.aspx]

    Webber, Jim, and Ian Robinson. “The Top 5 Use Cases of Graph Databases.” Neo4j. 2015. Web. 25 Apr 2017. [http://info.neo4j.com/rs/773-GON-065/images/Neo4j_Top5_UseCases_Graph%20Databases.pdf]

    Zachman Framework. [https://www.zachman.com/]

    Zupan, Jane. “Survey of Big Data Decision Makers.” Attiv/o. May, 2016. Web. 20 Apr 2017. [https://www.attivio.com/blog/post/survey-big-data-decision-makers]

    Design a Tabletop Exercise to Support Your Security Operation

    • Buy Link or Shortcode: {j2store}319|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
    • Security incidents are inevitable, but how they are handled is critical.
    • The increasing use of sophisticated malware is making it difficult for organizations to identify the true intent behind the attack campaign.
    • The incident response is often handled in an ad hoc or ineffective manner.

    Our Advice

    Critical Insight

    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
    • Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    • You might experience a negative return on your security control investment. As technology in the industry evolves, threat actors will adopt new tools, tactics, and procedures; a tabletop exercise will help ensure teams are leveraging your security investment properly and providing relevant situational awareness to stay on top of the rapidly evolving threat landscape.

    Impact and Result

    Establish and design a tabletop exercise capability to support and test the efficiency of the core prevention, detection, analysis, and response functions that consist of an organization's threat intelligence, security operations, vulnerability management, and incident response functions.

    Design a Tabletop Exercise to Support Your Security Operation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design a tabletop exercise, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    Evaluate the need for a tabletop exercise.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 1: Plan

    2. Design

    Determine the topics, scope, objectives, and participant roles and responsibilities.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 2: Design

    3. Develop

    Create briefings, guides, reports, and exercise injects.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 3: Develop
    • Design a Tabletop Exercise to Support Your Security Operation – Inject Examples

    4. Conduct

    Host the exercise in a conference or classroom setting.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 4: Conduct

    5. Evaluate

    Plan to ensure measurement and continued improvement.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 5: Evaluate
    [infographic]

    Kick-Start IT-Led Business Innovation

    • Buy Link or Shortcode: {j2store}87|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $38,844 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The CIO is not considered a strategic partner. The business may be satisfied with IT services, but no one is looking to IT to solve business problems or drive the enterprise forward.
    • Even if IT staff do generate ideas that will improve operational efficiency or enable the business, few are ever assessed or executed upon.

    Our Advice

    Critical Insight

    • Business demand for new technology is creating added pressure to innovate and executive stakeholders expect more from IT. If IT is not viewed as a source of innovation, its perceived value will decrease and the threat of shadow IT will grow. Do not wait to start finding and capitalizing on opportunities for IT-led innovation.

    Impact and Result

    • Start innovating right away. All you need are business pains and people willing to ideate around them.
    • Assemble a small team and arm them with proven techniques for identifying unique opportunities for innovation, developing impactful solutions, and prototyping quickly and effectively. Incubate a reservoir of ideas, both big and small, so that you are ready to execute on innovative projects when the timing is right.
    • Once you have demonstrated IT’s ability to innovate, mature your capability with a permanent innovation process and program.

    Kick-Start IT-Led Business Innovation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create innovation processes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch innovation

    Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.

    • Kick-Start IT-Led Business Innovation – Phase 1: Launch Innovation
    • Innovation Working Group Charter

    2. Ideate

    Identify critical opportunities for innovation and brainstorm effective solutions.

    • Kick-Start IT-Led Business Innovation – Phase 2: Ideate
    • Idea Document
    • Idea Reservoir Tool

    3. Prototype

    Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.

    • Kick-Start IT-Led Business Innovation – Phase 3: Prototype
    • Prototyping Workbook
    • Prototype Assessment

    4. Mature innovation capability

    Formalize the innovation process and implement a program to create a strong culture of innovation in IT.

    • Kick-Start IT-Led Business Innovation – Phase 4: Mature Innovation Capability

    Infographic

    Workshop: Kick-Start IT-Led Business Innovation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Innovation

    The Purpose

    Introduce innovation.

    Assess overall IT maturity to understand what you want to achieve with innovation.

    Define the innovation mandate.

    Introduce ideation.

    Key Benefits Achieved

    A set of shared objectives for innovation will be defined.

    A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.

    The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.

    Activities

    1.1 Define workshop goals and objectives.

    1.2 Introduce innovation.

    1.3 Assess IT maturity.

    1.4 Define the innovation mandate.

    1.5 Introduce ideation.

    Outputs

    Workshop goals and objectives.

    An understanding of innovation.

    IT maturity assessment.

    Sponsored innovation mandate.

    An understanding of ideation.

    2 Ideate, Part I

    The Purpose

    Identify and prioritize opportunities for IT-led innovation.

    Map critical processes to identify the pains that should be ideated around.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Key Benefits Achieved

    The team will learn best practices for ideation.

    Critical pain points that might be addressed through innovation will be identified and well understood.

    A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.

    The team will prioritize the ideas that should be investigated further and prototyped after the workshop.

    Activities

    2.1 Identify processes that present opportunities for IT-led innovation.

    2.2 Map selected processes.

    2.3 Finalize problem statements.

    2.4 Generate ideas.

    2.5 Assess ideas.

    2.6 Pitch and prioritize ideas.

    Outputs

    A list of processes with high opportunity for IT-enablement.

    Detailed process maps that highlight pain points and stakeholder needs.

    Problem statements to ideate around.

    A long list of ideas to address pain points.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    3 Ideate, Part II

    The Purpose

    Ideate around a more complex problem that presents opportunity for IT-led innovation.

    Map the associated process to define pain points and stakeholder needs in detail.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Introduce prototyping.

    Map the user journey for prioritized ideas.

    Key Benefits Achieved

    The team will be ready to facilitate ideation independently with other staff after the workshop.

    A critical problem that might be addressed through innovation will be defined and well understood.

    A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.

    Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.

    The team will learn best practices for prototyping.

    The team will identify the assumptions that need to be tested when top ideas are prototyped.

    Activities

    3.1 Select an urgent opportunity for IT-led innovation.

    3.2 Map the associated process.

    3.3 Finalize the problem statement.

    3.4 Generate ideas.

    3.5 Assess ideas.

    3.6 Pitch and prioritize ideas.

    3.7 Introduce prototyping.

    3.8 Map the user journey for top ideas.

    Outputs

    Selection of a process which presents a critical opportunity for IT-enablement.

    Detailed process map that highlights pain points and stakeholder needs.

    Problem statement to ideate around.

    A long list of ideas to solve the problem.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    An understanding of effective prototyping techniques.

    A user journey for at least one of the top ideas.

    4 Implement an Innovation Process and Program

    The Purpose

    Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.

    Create an action plan to operationalize your new process.

    Develop a program to help support the innovation process and nurture your innovators.

    Create an action plan to implement your innovation program.

    Decide how innovation success will be measured.

    Key Benefits Achieved

    The team will learn best practices for managing innovation.

    The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.

    The team will understand the current innovation ecosystem: drivers, barriers, and enablers.

    The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.

    You will be ready to measure and report on the success of your program.

    Activities

    4.1 Design an IT-led innovation process.

    4.2 Assign roles and responsibilities.

    4.3 Generate an action plan to roll out the process.

    4.4 Determine critical process metrics to track.

    4.5 Identify innovation drivers, enablers, and barriers.

    4.6 Develop a program to nurture a culture of innovation.

    4.7 Create an action plan to jumpstart each of your program components.

    4.8 Determine critical metrics to track.

    4.9 Summarize findings and gather feedback.

    Outputs

    A process for IT-led innovation.

    Defined process roles and responsibilities.

    An action plan for operationalizing the process.

    Critical process metrics to measure success.

    A list of innovation drivers, enablers, and barriers.

    A program for innovation that will leverage enablers and minimize barriers.

    An action plan to roll out your innovation program.

    Critical program metrics to track.

    Overview of workshop results and feedback.

    Build IT Capabilities to Enable Digital Marketing Success

    • Buy Link or Shortcode: {j2store}553|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Misalignment: Even if IT builds the capabilities to pursue digital channels, the channels will underperform in realizing organizational goals if the channels and the goals are misaligned.
    • Ineffective analytics: Failure to integrate and analyze new data will undermine organizational success in influencer and sentiment identification.
    • Missed opportunity: If IT does not develop the capabilities to support these channels, then lead generation, brand promotion, and engagement opportunities will be lost.
    • Lack of control: Marketing is developing and depending on internal power users and agencies. This practice can isolate IT from digital marketing technology decision making.

    Our Advice

    Critical Insight

    • Identify and understand the digital marketing channels that can benefit your organization.
    • Get stakeholder buy-in to facilitate collaboration between IT and product marketing groups to identify necessary IT capabilities.
    • Build IT capability by purchasing software, outsourcing, and training or hiring individuals with necessary skillsets.
    • Become transformational: use IT capabilities to support analytics that identify new customer segments, key influencers, and other invaluable insights.
    • Time is of the essence! It is easier to begin strengthening the relationship between marketing and IT today then it will be at any point in the future.
    • Being transformational means more than just enabling the channels marketing wants to pursue; IT must assist in identifying new segments and digital marketing opportunities, such as enabling influencer management.

    Impact and Result

    • IT is involved in decision making and has a complete understanding of the digital channels the organization is going to migrate to or phase out if unused.
    • IT has the necessary capabilities to support and enable success in all relevant digital channel management technologies.
    • IT is a key player in ensuring that all relevant data from new digital channels is managed and analyzed in order to maintain a 360 degree view of customers and feed real-time campaigns.
    • This enables the organization to not only target existing segments effectively, but also to identify and pursue new opportunities not presented before.
    • These opportunities include: identifying new segments among social networks, identifying key influencers as a new target, identifying proactive service and marketing opportunities from the public social cloud, and conducting new competitive analyses on the public social cloud.

    Build IT Capabilities to Enable Digital Marketing Success Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case for building IT capabilities

    Identify the symptoms of inadequate IT support of digital marketing to diagnose the problems in your organization.

    • Storyboard: Build IT Capabilities to Enable Digital Marketing Success

    2. Identify digital marketing opportunities to understand the need for action in your organization

    Identify the untapped digital marketing value in your organization to understand where your organization needs to improve.

    • Digital Marketing Capability Builder Tool

    3. Mobilize for action: get stakeholder buy-in

    Develop a plan for communicating with stakeholders to ensure buy-in to the digital marketing capability building project.

    • Digital Marketing Communication Deck

    4. Identify the product/segment-specific digital marketing landscape to identify required IT capabilities

    Assess how well each digital channel reaches target segments. Identify the capabilities that must be built to enable digital channels.

    5. Create a roadmap for building capabilities to enable digital marketing

    Assess the people, processes, and technologies required to build required capabilities and determine the best fit with your organization.

    [infographic]

    Workshop: Build IT Capabilities to Enable Digital Marketing Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Digital Marketing Opportunities

    The Purpose

    Determine the fit of each digital channel with your organizational goals.

    Determine the fit of digital channels with your organizational structure and business model.

    Compare the fit of digital channels with your organization’s current levels of use to:Identify missed opportunities your organization should capitalize on.Identify digital channels that your organization is wasting resources on.

    Identify missed opportunities your organization should capitalize on.

    Identify digital channels that your organization is wasting resources on.

    Key Benefits Achieved

    IT department achieves consensus around which opportunities need to be pursued.

    Understanding that continuing to pursue excellent-fit digital channels that your organization is currently active on is a priority.

    Identification of the channels that stopping activity on could free up resources for.

    Activities

    1.1 Define and prioritize organizational goals.

    1.2 Assess digital channel fit with goals and organizational characteristics.

    1.3 Identify missed opportunities and wasted resources in your digital channel mix.

    1.4 Brainstorm creative ways to pursue untapped digital channels.

    Outputs

    Prioritized list of organizational goals.

    Assigned level of fit to digital channels.

    List of digital channels that represent missed opportunities or wasted resources.

    List of brainstormed ideas for pursuing digital channels.

    2 Identify Your Product-Specific Digital Marketing Landscape

    The Purpose

    Identify the digital channels that will be used for specific products and segments.

    Identify the IT capabilities that must be built to enable digital channels.

    Prioritize the list of IT capabilities.

    Key Benefits Achieved

    IT and marketing achieve consensus around which digital channels will be pursued for specific product-segment pairings.

    Identification of the capabilities that IT must build.

    Activities

    2.1 Assess digital channel fit with specific products.

    2.2 Identify the digital usage patterns of target segments.

    2.3 Decide precisely which digital channels you will use to sell specific products to specific segments.

    2.4 Identify and prioritize the IT capabilities that need to be built to succeed on each digital channel.

    Outputs

    Documented channel fit with products.

    Documented channel usage by target segments.

    Listed digital channels that will be used for each product-segment pairing.

    Listed and prioritized capabilities that must be built to enable success on necessary digital channels.

    3 Enable Digital Marketing Capabilities and Leverage Analytics

    The Purpose

    Identification of the best possible way to build IT capabilities for all channels.

    Creation of a plan for leveraging transformational analytics to supercharge your digital marketing strategy.

    Key Benefits Achieved

    IT understanding of the costs and benefits of capability building options (people, process, and technology).

    Information about how specific technology vendors could fit with your organization.

    IT identification of opportunities to leverage transformational analytics in your organization.

    Activities

    3.1 Identify the gaps in your IT capabilities.

    3.2 Evaluate options for building capabilities.

    3.3 Identify opportunities for transformational analytics.

    Outputs

    A list of IT capability gaps.

    An action plan for capability building.

    A plan for leveraging transformational analytics.

    Implement an IT Chargeback System

    • Buy Link or Shortcode: {j2store}71|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Business units voraciously consume IT services and don’t understand the actual costs of IT. This is due to lack of IT cost transparency and business stakeholder accountability for consumption of IT services.
    • Business units perceive IT costs as uncompetitive, resulting in shadow IT and a negative perception of IT.
    • Business executives have decided to implement an IT chargeback program and IT must ensure the program succeeds.

    Our Advice

    Critical Insight

    Price IT services so that business consumers find them meaningful, measurable, and manageable:

    • The business must understand what they are being charged for. If they can’t understand the value, you’ve chosen the wrong basis for charge.
    • Business units must be able to control and track their consumption levels, or they will feel powerless to control costs and you’ll never attain real buy-in.

    Impact and Result

    • Explain IT costs in ways that matter to the business. Instead of focusing on what IT pays for, discuss the value that IT brings to the business by defining IT services and how they serve business users.
    • Develop a chargeback model that brings transparency to the flow of IT costs through to business value. Demonstrate how a good chargeback model can bring about fair “pay-for-value” and “pay-for-what-you-use” pricing.
    • Communicate IT chargeback openly and manage change effectively. Business owners will want to know how their profit and loss statements will be affected by the new pricing model.

    Implement an IT Chargeback System Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT chargeback program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Make the case for IT chargeback, then assess the financial maturity of the organization and identify a pathway to success. Create a chargeback governance model.

    • Implement IT Chargeback – Phase 1: Launch
    • IT Chargeback Kick-Off Presentation

    2. Define

    Develop a chargeback model, including identifying user-facing IT services, allocating IT costs to services, and setting up the chargeback program.

    • Implement IT Chargeback – Phase 2: Define
    • IT Chargeback Program Development & Management Tool

    3. Implement

    Communicate the rollout of the IT chargeback model and establish a process for recovering IT services costs from business units.

    • Implement IT Chargeback – Phase 3: Implement
    • IT Chargeback Communication Plan
    • IT Chargeback Rollout Presentation
    • IT Chargeback Financial Presentation

    4. Revise

    Gather and analyze feedback from business owners, making necessary modifications to the chargeback model and communicating the implications.

    • Implement IT Chargeback – Phase 4: Revise
    • IT Chargeback Change Communication Template
    [infographic]

    Workshop: Implement an IT Chargeback System

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Kick-Off IT Chargeback

    The Purpose

    Make the case for IT chargeback.

    Identify the current and target state of chargeback maturity.

    Establish a chargeback governance model.

    Key Benefits Achieved

    Investigated the benefits and challenges of implementing IT chargeback.

    Understanding of the reasons why traditional chargeback approaches fail.

    Identified the specific pathway to chargeback success.

    Activities

    1.1 Investigate the benefits and challenges of implementing IT chargeback

    1.2 Educate business owners and executives on IT chargeback

    1.3 Identify the current and target state of chargeback maturity

    1.4 Establish chargeback governance

    Outputs

    Defined IT chargeback mandate

    IT chargeback kick-off presentation

    Chargeback maturity assessment

    IT chargeback governance model

    2 Develop the Chargeback Model

    The Purpose

    Develop a chargeback model.

    Identify the customers and user-facing services.

    Allocate IT costs.

    Determine chargeable service units.

    Key Benefits Achieved

    Identified IT customers.

    Identified user-facing services and generated descriptions for them.

    Allocated IT costs to IT services.

    Identified meaningful, measurable, and manageable chargeback service units.

    Activities

    2.1 Identify user-facing services and generate descriptions

    2.2 Allocate costs to user-facing services

    2.3 Determine chargeable service units and pricing

    2.4 Track consumption

    2.5 Determine service charges

    Outputs

    High-level service catalog

    Chargeback model

    3 Communicate IT Chargeback

    The Purpose

    Communicate the implementation of IT chargeback.

    Establish a process for recovering the costs of IT services from business units.

    Share the financial results of the charge cycle with business owners.

    Key Benefits Achieved

    Managed the transition to charging and recovering the costs of IT services from business units.

    Communicated the implementation of IT chargeback and shared the financial results with business owners.

    Activities

    3.1 Create a communication plan

    3.2 Deliver a chargeback rollout presentation

    3.3 Establish a process for recovering IT costs from business units

    3.4 Share the financial results from the charge cycle with business owners

    Outputs

    IT chargeback communication plan

    IT chargeback rollout presentation

    IT service cost recovery process

    IT chargeback financial presentation

    4 Review the Chargeback Model

    The Purpose

    Gather and analyze feedback from business owners on the chargeback model.

    Make necessary modifications to the chargeback model and communicate implications.

    Key Benefits Achieved

    Gathered business stakeholder feedback on the chargeback model.

    Made necessary modifications to the chargeback model to increase satisfaction and accuracy.

    Managed changes by communicating the implications to business owners in a structured manner.

    Activities

    4.1 Address stakeholder pain points and highly disputed costs

    4.2 Update the chargeback model

    4.3 Communicate the chargeback model changes and implications to business units

    Outputs

    Revised chargeback model with business feedback, change log, and modifications

    Chargeback change communication

    Configuration management

    • Buy Link or Shortcode: {j2store}4|cart{/j2store}
    • Related Products: {j2store}4|crosssells{/j2store}
    • Up-Sell: {j2store}4|upsells{/j2store}
    • Download01-Title: Harness the power of Configuration Management Executive Brief
    • Download-01: Visit Link
    • member rating overall impact: 8.0/10
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    Configuration management is all about being able to manage your assets within the support processes. That means to record what you need. Not less than that, and not more either.

    Asset Management, Configuration Management, Lifecycle Management

    Time Study

    • Buy Link or Shortcode: {j2store}260|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • In ESG’s 2018 report “The Life of Cybersecurity Professionals,” 36% of participants expressed the overwhelming workload was a stressful aspect of their job.
    • Organizations expect a lot from their security specialists. From monitoring the threat environment, protecting business assets, and learning new tools, to keeping up with IT initiatives, cybersecurity teams struggle to balance their responsibilities with the constant emergencies and disruptions that take them away from their primary tasks.
    • Businesses fail to recognize the challenges associated with task prioritization and the time management practices of a security professional.

    Our Advice

    Critical Insight

    • The majority of scheduled calendar meetings include employees and peers.
      • Our research indicates cybersecurity professionals spent the majority of their meetings with employees (28%) and peers (24%). Other stakeholders involved in meetings included by myself (15%), boss (13%), customers (10%), vendors (8%), and board of directors (2%).
    • Calendar meetings are focused on project work, management, and operations.
      • When asked to categorize calendar meetings, the focus was on project work (26%), management (23%), and operations (22%). Other scheduled meetings included ones focused on strategy (15%), innovation (9%), and personal time (5%).
    • Time management scores were influenced by the percentage of time spent with employees and peers.
      • When participants were divided into good and poor time managers, we found good time managers spent less time with their peers and more time with their employees. This may be due to the nature of employee meetings being more directly tied to the project outputs of the manager than their peer meetings. Managers who spend more time in meetings with their employees feel a sense of accomplishment, and hence rate themselves higher in time management.

    Impact and Result

    • Understand how cybersecurity professionals allocate their time.
    • Gain insight on whether perceived time management skills are associated with calendar maintenance factors.
    • Identify common time management pain points among cybersecurity professionals.
    • Identify current strategies cybersecurity professionals use to manage their time.

    Time Study Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read our Time Study

    Read our Time Study to understand how cybersecurity professionals allocate their time, what pain points they endure, and tactics that can be leveraged to better manage time.

    • Time Study Storyboard
    [infographic]

    Define a Sourcing Strategy for Your Development Team

    • Buy Link or Shortcode: {j2store}161|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Hiring quality development team resources is becoming increasingly difficult and costly in most domestic markets.
    • Firms are seeking to do more with less and increase their development team throughput.
    • Globalization and increased competition are driving a need for more innovation in your applications.
    • Firms want more cost certainty and tighter control of their development investment.

    Our Advice

    Critical Insight

    • Choosing the right sourcing strategy is not just a question of technical skills! Successful sourcing is based on matching your organization’s culture, knowledge, and experiences to the right choice of internal or external partnership.

    Impact and Result

    • We will help you build a sourcing strategy document for your application portfolio.
    • We will examine your portfolio and organization from three different perspectives to enable you to determine the right approach:
      • From a business perspective, reliance on the business, strategic value of the product, and maturity of product ownership are critical.
      • From an organizational perspective, you must examine your culture for communication processes, conflict resolution methods, vendor management skills, and geographic coverage.
      • From a technical perspective, consider integration complexity, environmental complexity, and testing processes.

    Define a Sourcing Strategy for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a Sourcing Strategy for Your Development Team Storyboard – A guide to help you choose the right resourcing strategy to keep pace with your rapidly changing application and development needs.

    This project will help you define a sourcing strategy for your application development team by assessing key factors about your products and your organization, including critical business, technical, and organizational factors. Use this analysis to select the optimal sourcing strategy for each situation.

    • Define a Sourcing Strategy for Your Development Team Storyboard

    2. Define a Sourcing Strategy Workbook – A tool to capture the results of activities to build your sourcing strategy.

    This workbook is designed to capture the results of the activities in the storyboard. Each worksheet corresponds with an activity from the deck. The workbook is also a living artifact that should be updated periodically as the needs of your team and organization change.

    • Define a Sourcing Strategy Workbook
    [infographic]

    Further reading

    Define a Sourcing Strategy for Your Development Team

    Choose the right resourcing strategy to keep pace with your rapidly changing application and development needs.

    Analyst Perspective

    Choosing the right sourcing strategy for your development team is about assessing your technical situation, your business needs, your organizational culture, and your ability to manage partners!

    Photo of Dr. Suneel Ghei, Principal Research Director, Application Development, Info-Tech Research Group

    Firms today are under continuous pressure to innovate and deliver new features to market faster while at the same time controlling costs. This has increased the need for higher throughput in their development teams along with a broadening of skills and knowledge. In the face of these challenges, there is a new focus on how firms source their development function. Should they continue to hire internally, offshore, or outsource? How do they decide which strategy is the right fit?

    Info-Tech’s research shows that the sourcing strategy considerations have evolved beyond technical skills and costs. Identifying the right strategy has become a function of the characteristics of the organization, its culture, its reliance on the business for knowledge, its strategic value of the application, its vendor management skills, and its ability to internalize external knowledge. By assessing these factors firms can identify the best sourcing mix for their development portfolios.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Hiring quality development team resources is becoming increasingly difficult and costly in most domestic markets.
    • Firms are seeking to do more with less and increase their development team throughput.
    • Globalization and increased competition is driving a need for more innovation in your applications.
    • Firms want more cost certainty and tighter control of their development investment.
    Common Obstacles
    • Development leaders are encouraged to manage contract terms and SLAs rather than build long-term relationships.
    • People believe that outsourcing means you will permanently lose the knowledge around solutions.
    • Moving work outside of the current team creates motivational and retention challenges that can be difficult to overcome.
    Info-Tech’s Approach
    • Looking at this from these three perspectives will enable you to determine the right approach:
      1. From a business perspective, reliance on the business, strategic value of the product, and maturity of product ownership are critical.
      2. From an organizational perspective, you must examine your culture for communication processes, conflict resolution methods, vendor management skills, and geographic coverage
      3. From a technical perspective, consider integration complexity, environment complexity, and testing processes.

    Info-Tech Insight

    Choosing the right sourcing strategy is not just a question of technical skills! Successful sourcing is based on matching your organization’s culture, knowledge, and experiences to the right choice of internal or external partnership.

    Define a sourcing strategy for your development team

    Business
    • Business knowledge/ expertise required
    • Product owner maturity
    Technical
    • Complexity and maturity of technical environment
    • Required level of integration
    Organizational
    • Company culture
    • Desired geographic proximity
    • Required vendor management skills
    1. Assess your current delivery posture for challenges and impediments.
    2. Decide whether to build or buy a solution.
    3. Select your desired sourcing strategy based on your current state and needs.
    Example sourcing strategy with initiatives like 'Client-Facing Apps' and 'ERP Software' assigned to 'Onshore Dev', 'Outsource Team', 'Offshore Dev', 'Outsource App (Buy)', 'Outsource Dev', or 'Outsource Roles'.

    Three Perspectives +

    Three Steps =

    Your Sourcing Strategy

    Diverse sourcing is used by many firms

    Many firms across all industries are making use of different sourcing strategies to drive innovation and solve business issues.

    According to a report by ReportLinker the global IT services outsourcing market reached US$413.8 billion in 2021.

    In a recent study of Canadian software firms, it was found that almost all firms take advantage of outside knowledge in their application development process. In most cases these firms also use outside resources to do development work, and about half the time they use externally built software packages in their products (Ghei, 2020)!

    Info-Tech Insight

    In today’s diverse global markets, firms that wish to stay competitive must have a defined ability to take advantage of external knowledge and to optimize their IT services spend.

    Modeling Absorptive Capacity for Open Innovation in the Canadian Software Industry (Source: Ghei, 2020; n=54.)

    56% of software development firms are sourcing applications instead of resources.

    68% of firms are sourcing external resources to develop software products.

    91% of firms are leveraging knowledge from external sources.

    Internal sourcing models

    Insourcing comes in three distinct flavors

    Geospatial map giving example locations for the three internal sourcing models. In this example, 'Head Office' is located in North America, 'Onshore' is 'Located in the same area or even office as your core business resources. Relative Cost: $$$', 'Near Shore' is 'Typically, within 1-3 time zones for ease of collaboration where more favorable resource costs exist. Relative Cost: $$', and 'Offshore' is 'Located in remote markets where significant labor cost savings can be realized. Relative Cost: $'.

    Info-Tech Insight

    Insourcing allows you to stay close to more strategic applications. But choosing the right model requires a strong look inside your organization and your ability to provide business knowledge support to developers who may have different skills and cultures and are in different geographies.

    Outsourcing models

    External sourcing can be done to different degrees

    Outsource Roles
    • Enables resource augmentation
    • Typically based on skills needs
    • Short-term outsourcing with eventual integration or dissolution
    Outsource Teams (or Projects)
    • Use of a full team or multiple teams of vendor resources
    • Meant to be temporary, with knowledge transfer at the end of the project
    Outsource Products
    • Use of a vendor to build, maintain, and support the full product
    • Requires a high degree of contract management skill

    Info-Tech Insight

    Outsourcing represents one of the most popular ways for organizations to source external knowledge and skills. The choice of model is a function of the organization’s ability to support the external resources and to absorb the knowledge back into the organization.

    Defining your sourcing strategy

    Follow the steps below to identify the best match for your organization

    Review Your Current Situation

    Review the issues and opportunities related to application development and categorize them based on the key factors.

    Arrow pointing right. Assess Build Versus Buy

    Before choosing a sourcing model you must assess whether a particular product or function should be bought as a package or developed.

    Arrow pointing right. Choose the Right Sourcing Strategy

    Based on the research, use the modeling tool to match the situation to the appropriate sourcing solution.

    Step 1.1

    Review Your Current Situation

    Activities
    • 1.1.1 Identify and categorize your challenges

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders
    Outcomes of this step

    Review your current delivery posture for challenges and impediments.

    Define a Sourcing Strategy for Your Development Team
    Step 1.1 Step 1.2 Step 1.3

    Review your situation

    There are three key areas to examine in your current situation:

    Business Challenges
    • Do you need to gain new knowledge to drive innovation?
    • Does your business need to enhance its software to improve its ability to compete in the market?
    • Do you need to increase your speed of innovation?

    Technology Challenges

    • Are you being asked to take tighter control of your development budgets?
    • Does your team need to expand their skills and knowledge?
    • Do you need to increase your development speed and capacity?

    Market Challenges

    • Is your competition seen as more innovative?
    • Do you need new features to attract new clients?
    • Are you struggling to find highly skilled and knowledgeable development resources?
    Stock image of multi-colored arrows travelling in a line together before diverging.

    Info-Tech Insight

    Sourcing is a key tool to solve business and technical challenges and enhance market competitiveness when coupled with a robust definition of objectives and a way to measure success.

    1.1.1 Identify and categorize your challenges

    60 minutes

    Output: List of the key challenges in your software lifecycle. Breakdown of the list into categories to identify opportunities for sourcing

    Participants: Product management team, Software development leadership team, Key stakeholders

    1. What challenge is your firm is facing with respect to your software that you think sourcing can address? (20 minutes)
    2. Is the challenge related to a business outcome, development methodology, or technology challenge? (10 minutes)
    3. Is the challenge due to a skills gap, budget or resource challenge, throughput issue, or a broader organizational knowledge or process issue? (10 minutes)
    4. What is the specific objective for the team/leader in addressing this challenge? (15 minutes)
    5. How will you measure progress and achievement of this objective? (5 minutes)

    Document results in the Define a Sourcing Strategy Workbook

    Identify and categorize your challenges

    Sample table for identifying and categorizing challenges, with column groups 'Challenge' and 'Success Measures' containing headers 'Issue, 'Category', 'Breadth', and 'Stakeholder' in the former, and 'Objective' and 'Measurement' in the latter.

    Step 1.2

    Assess Build Versus Buy

    Activities
    • 1.2.1 Understand the benefits and drawbacks of build versus buy in your organizational context

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders

    Outcomes of this step

    Understand in your context the benefits and drawbacks of build versus buy, leveraging Info-Tech’s recommended definitions as a starting point.

    Define a Sourcing Strategy for Your Development Team

    Step 1.1 Step 1.2 Step 1.3

    Look vertically across the IT hierarchy to assess the impact of your decision at every level

    IT Hierarchy with 'Enterprise' at the top, branching out to 'Portfolio', then to 'Solution' at the bottom. The top is 'Strategic', the bottom 'Operational'.

    Regardless of the industry, a common and challenging dilemma facing technology teams is to determine when they should build software or systems in-house versus when they should rely wholly on an outside vendor for delivering on their technology needs.

    The answer is not as cut and dried as one would expect. Any build versus buy decision may have an impact on strategic and operational plans. It touches every part of the organization, starting with individual projects and rolling up to the enterprise strategy.

    Info-Tech Insight

    Do not ignore the impact of a build or buy decision on the various management levels in an IT organization.

    Deciding whether to build or buy

    It is as much about what you gain as it is about what problem you choose to have

    BUILD BUY

    Multi-Source Best of Breed

    Integrate various technologies that provide subset(s) of the features needed for supporting the business functions.

    Vendor Add-Ons & Integrations

    Enhance an existing vendor’s offerings by using their system add-ons either as upgrades, new add-ons, or integrations.
    Pros
    • Flexibility in choice of tools
    • In some cases, cost may be lower
    • Easier to enhance with in-house teams
    Cons
    • Introduces tool sprawl
    • Requires resources to understand tools and how they integrate
    • Some of the tools necessary may not be compatible with one another
    Pros
    • Reduces tool sprawl
    • Supports consistent tool stack
    • Vendor support can make enhancement easier
    • Total cost of ownership may be lower
    Cons
    • Vendor lock-in
    • The processes to enhance may require tweaking to fit tool capability

    Multi-Source Custom

    Integrate systems built in-house with technologies developed by external organizations.

    Single Source

    Buy an application/system from one vendor only.
    Pros
    • Flexibility in choice of tools
    • In some cases, cost may be lower
    • Easier to enhance with in-house teams
    Cons
    • May introduce tool sprawl
    • Requires resources to have strong technical skills
    • Some of the tools necessary may not be compatible with one another
    Pros
    • Reduces tool sprawl
    • Supports consistent tool stack
    • Vendor support can make enhancement easier
    • Total cost of ownership may be lower
    Cons
    • Vendor lock-in
    • The processes to enhance may require tweaking to fit tool capability

    1.2.1 Understand the benefits and drawbacks of build versus buy in your organizational context

    30 minutes

    Output: A common understanding of the different approaches to build versus buy applied to your organizational context

    Participants: Product management team, Software development leadership team, Key stakeholders

    1. Look at the previous slide, Deciding whether to build or buy.
    2. Discuss the pros and cons listed for each approach.
      1. Do they apply in your context? Why or why not?
      2. Are there some approaches not applicable in terms of how you wish to work?
    3. Record the curated list of pros and cons for the different build/buy approaches.
    4. For each approach, arrange the pros and cons in order of importance.

    Document results in the Define a Sourcing Strategy Workbook

    Step 1.3

    Choose the Right Sourcing Strategy

    Activities
    • 1.3.1 Determine the right sourcing strategy for your needs

    This step involves the following participants:

    • Product management team
    • Software development leadership team
    • Key stakeholders

    Outcomes of this step

    Choose your desired sourcing strategy based on your current state and needs.

    Define a Sourcing Strategy for Your Development Team

    Step 1.1 Step 1.2 Step 1.3

    Choose the right sourcing strategy

    • Based on our research, finding the right sourcing strategy for a particular situation is a function of three key areas:
      • Business drivers
      • Organizational drivers
      • Technical drivers
    • Each area has key characteristics that must be assessed to confirm which strategy is best suited for the situation.
    • Once you have assessed the factors and ranked them from low to high, we can then match your results with the best-fit strategy.
    Business
    • Business knowledge/ expertise required
    • Product owner maturity

    Technical

    • Complexity and maturity of technical environment
    • Required level of integration

    Organizational

    • Your culture
    • Desired geographic proximity
    • Required vendor management skills

    Business drivers

    To choose the right sourcing strategy, you need to assess your key drivers of delivery

    Product Knowledge
    • The level of business involvement required to support the development team is a critical factor in determining the sourcing model.
    • Both the breadth and depth of involvement are critical factors.
    Strategic Value
    • The strategic value of the application to the company is also a critical component.
    • The more strategic the application is to the company, the closer the sourcing should be maintained.
    • Value can be assessed based on the revenue derived from the application and the depth of use of the application by the organization.
    Product Ownership Maturity
    • To support sourcing models that move further from organizational boundaries a strong product ownership function is required.
    • Product owners should ideally be fully allocated to the role and engaged with the development teams.
    • Product owners should be empowered to make decisions related to the product, its vision, and its roadmap.
    • The higher their allocation and empowerment, the higher the chances of success in external sourcing engagements.
    Stock image of a person running up a line with a positive trend.

    Case Study: The GoodLabs Studio Experience Logo for GoodLabs Studio.

    INDUSTRY: Software Development | SOURCE: Interview with Thomas Lo, Co-Founder, GoodLabs Studio
    Built to Outsource Development Teams
    • GoodLabs is an advanced software innovation studio that provides bespoke team extensions or turnkey digital product development with high-caliber software engineers.
    • Unlike other consulting firms, GoodLabs works very closely with its customers as a unified team to deliver the most significant impact on clients’ projects.
    • With this approach, it optimizes the delivery of strong software engineering skills with integrated product ownership from the client, enabling long-term and continued success for its clients.
    Results
    • GoodLabs is able to attract top engineering talent by focusing on a variety of complex projects that materially benefit from technical solutions, such as cybersecurity, fraud detection, and AI syndrome surveillance.
    • Taking a partnership approach with the clients has led to the successful delivery of many highly innovative and challenging projects for the customers.

    Organizational drivers

    To choose the right sourcing strategy for a particular problem you need to assess the organization’s key capabilities

    Stock photo of someone placing blocks with illustrated professionals one on top of the other. Vendor Management
    • Vendor management is a critical skill for effective external sourcing.
    • This can be assessed based on the organization’s ability to cultivate and grow long-term relationships of mutual value.
    • The longevity and growth of existing vendor relationships can be a good benchmark for future success.
    Absorptive Capacity
    • To effectively make use of external sourcing models, the organization must have a well-developed track record of absorbing outside knowledge.
    • This can be assessed by looking at past cases where external knowledge was sourced and internalized, such as past vendor development engagements or use of open-source code.
    Organizational Culture
    • Another factor in success of vendor engagements and long-term relationships is the matching of organizational cultures.
    • It is key to measure the organization’s current position on items like communication strategy, geographical dispersal, conflict resolution strategy, and hierarchical vs flat management.
    • These factors should be documented and matched with partners to determine the best fit.

    Case Study: WCIRB California Logo for WCIRB California.

    INDUSTRY: Workers Compensation Insurance | SOURCE: Interview with Roger Cottman, Senior VP and CIO, WCIRB California
    Trying to Find the Right Match
    • WCIRB is finding it difficult to hire local resources in California.
    • Its application is a niche product. Since no off-the-shelf alternatives exist, the organization will require a custom application.
    • WCIRB is in the early stages of a digital platform project and is looking to bring in a partner to provide a full development team, with the goal of ideally bringing the application back in-house once it is built.
    • The organization is looking for a local player that will be able to integrate well with the business.
    • It has engaged with two mid-sized players but both have been slow to respond, so it is now considering alternative approaches.
    Info-Tech’s Recommended Approach
    • WCIRB is finding that mid-sized players don’t fit its needs and is now looking for a larger player
    • Based on our research we have advised that WCIRB should ensure the partner is geographically close to its location and can be a strategic partner, not simply work on an individual project.

    Technical drivers

    To choose the right sourcing strategy for a particular problem you need to assess your technical situation and capabilities

    Environment Complexity
    • The complexity of your technical environment is a hurdle that must be overcome for external sourcing models.
    • The number of environments used in the development lifecycle and the location of environments (physical, virtual, on-premises, or cloud) are key indicators.
    Integration Requirements
    • The complexity of integration is another key technical driver.
    • The number of integrations required for the application is a good measuring stick. Will it require fewer than 5, 5-10, or more than 10?
    Testing Capabilities
    • Testing of the application is a key technical driver of success for external models.
    • Having well-defined test cases, processes, and shared execution with the business are all steps that help drive success of external sourcing models.
    • Test automation can also help facilitate success of external models.
    • Measure the percentage of test cases that are standardized, the level of business involvement, and the percentage of test cases that are automated.
    Stock image of pixelated light.

    Case Study: Management Control Systems (MC Systems) Logo for MC Systems.

    INDUSTRY: Technology Services | SOURCE: Interview with Kathryn Chin See, Business Development and Research Analyst, MC Systems
    Seeking to Outsource Innovation
    • MC Systems is seeking to outsource its innovation function to get budget certainty on innovation and reduce costs. It is looking for a player that has knowledge of the application areas it is looking to enhance and that would augment its own business knowledge.
    • In previous outsourcing experiences with skills augmentation and application development the organization had issues related to the business depth and product ownership it could provide. The collaborations did not lead to success as MC Systems lacked product ownership and the ability to reintegrate the outside knowledge.
    • The organization is concerned about testing of a vendor-built application and how the application will be supported.
    Info-Tech’s Recommended Approach
    • To date MC Systems has had success with its outsourcing approach when outsourcing specific work items.
    • It is now looking to expand to outsourcing an entire application.
    • Info-Tech’s recommendation is to seek partners who can take on development of the application.
    • MC Systems will still need resources to bring knowledge back in-house for testing and to provide operational support.

    Choosing the right model


    Legend for the table below using circles with quarters to represent Low (0 quarters) to High (4 quarters).
    Determinant Key Questions to Ask Onshore Nearshore Offshore Outsource Role(s) Outsource Team Outsource Product(s)
    Business Dependence How much do you rely on business resources during the development cycle? Circle with 4 quarters. Circle with 3 quarters. Circle with 1 quarter. Circle with 2 quarters. Circle with 1 quarter. Circle with 0 quarters.
    Absorptive Capacity How successful has the organization been at bringing outside knowledge back into the firm? Circle with 0 quarters. Circle with 1 quarter. Circle with 1 quarter. Circle with 2 quarters. Circle with 1 quarter. Circle with 4 quarters.
    Integration Complexity How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10? Circle with 4 quarters. Circle with 3 quarters. Circle with 3 quarters. Circle with 2 quarters. Circle with 1 quarter. Circle with 0 quarters.
    Product Ownership Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps? Circle with 1 quarter. Circle with 2 quarters. Circle with 3 quarters. Circle with 2 quarters. Circle with 4 quarters. Circle with 4 quarters.
    Organization Culture Fit What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed? Circle with 1 quarter. Circle with 1 quarter. Circle with 3 quarters. Circle with 1 quarter. Circle with 3 quarters. Circle with 4 quarters.
    Vendor Mgmt Skills What is your skill level in vendor management? How long are your longest-standing vendor relationships? Circle with 0 quarters. Circle with 1 quarter. Circle with 1 quarter. Circle with 2 quarters. Circle with 3 quarters. Circle with 4 quarters.

    1.3.1 Determine the right sourcing strategy for your needs

    60 minutes

    Output: A scored matrix of the key drivers of the sourcing strategy

    Participants: Development leaders, Product management team, Key stakeholders

    Choose one of your products or product families and assess the factors below on a scale of None, Low, Medium, High, and Full.

    • 3.1 Assess the business factors that drive selection using these key criteria (20 minutes):
      • 3.1.1 Product knowledge
      • 3.1.2 Strategic value
      • 3.1.3 Product ownership
    • 3.2 Assess the organizational factors that drive selection using these key criteria (20 minutes):
      • 3.2.1 Vendor management
      • 3.2.2 Absorptive capacity
      • 3.2.3 Organization culture
    • 3.3 Assess the technical factors that drive selection using these key criteria (20 minutes):
      • 3.3.1 Environments
      • 3.3.2 Integration
      • 3.3.3 Testing

    Document results in the Define a Sourcing Strategy Workbook

    Things to Consider When Implementing

    Once you have built your strategy there are some additional things to consider

    Things to Consider Before Acting on Your Strategy

    By now you understand what goes into an effective sourcing strategy. Before implementing one, there are a few key items you need to consider:

    Example 'Sourcing Strategy for Your Portfolio' with initiatives like 'Client-Facing Apps' and 'ERP Software' assigned to 'Onshore Dev', 'Outsource Team', 'Offshore Dev', 'Outsource App (Buy)', 'Outsource Dev', or 'Outsource Roles'. Start with a pilot
    • Changing sourcing needs to start with one team.
    • Grow as skills develop to limit risk.
    Build an IT workforce plan Enhance your vendor management skills Involve the business early and often
    • The business should feel they are part of the discussion.
    • See our Agile/DevOps Research Center for more information on how the business and IT can better work together.
    Limit sourcing complexity
    • Having too many different partners and models creates confusion and will strain your ability to manage vendors effectively.

    Bibliography

    Apfel, Isabella, et al. “IT Project Member Turnover and Outsourcing Relationship Success: An Inverted-U Effect.” Developments, Opportunities and Challenges of Digitization, 2020. Web.

    Benamati, John, and Rajkumar, T.M. “The Application Development Outsourcing Decision: An Application of the Technology Acceptance Model.” Journal of Computer Information Systems, vol. 42, no. 4, 2008, pp. 35-43. Web.

    Benamati, John, and Rajkumar, T.M. “An Outsourcing Acceptance Model: An Application of TAM to Application Development Outsourcing Decisions.” Information Resources Management Journal, vol. 21, no. 2, pp. 80-102, 2008. Web.

    Broekhuizen, T. L. J., et al. “Digital Platform Openness: Drivers, Dimensions and Outcomes.” Journal of Business Research, vol. 122, July 2019, pp. 902-914. Web.

    Brook, Jacques W., and Albert Plugge. “Strategic Sourcing of R&D: The Determinants of Success.” Business Information Processing, vol. 55, Aug. 2010, pp. 26-42. Web.

    Delen, G. P A.J., et al. “Foundations for Measuring IT-Outsourcing Success and Failure.” Journal of Systems and Software, vol. 156, Oct. 2019, pp. 113-125. Web.

    Elnakeep, Eman, et al. “Models and Frameworks for IS Outsourcing Structure and Dimensions: A Holistic Study.” Lecture notes in Networks and Systems, 2019. Web.

    Ghei, Suneel. Modeling Absorptive Capacity for Open Innovation in the Software Industry. 2020. Faculty of Graduate Studies, Athabasca University, 2020. DBA Dissertation.

    “IT Outsourcing Market Research Report by Service Model, Organization Sizes, Deployment, Industry, Region – Global Forecast to 2027 – Cumulative Impact of COVID-19.” ReportLinker, April 2022. Web.

    Jeong, Jongkil Jay, et al. “Enhancing the Application and Measurement of Relationship Quality in Future IT Outsourcing Studies.” 26th European Conference on Information Systems: Beyond Digitization – Facets of Socio-Tehcnical Change: Proceedings of ECIS 2018, Portsmouth, UK, June 23-28, 2018. Edited by Peter Bednar, et al., 2018. Web.

    Könning, Michael. “Conceptualizing the Effect of Cultural Distance on IT Outsourcing Success.” Proceedings of Australasian Conference on Information Systems 2018, Sydney, Australia, Dec. 3-5, 2018. Edited by Matthew Noble, UTS ePress, 2018. Web.

    Lee, Jae-Nam, et al. “Holistic Archetypes of IT Outsourcing Strategy: A Contingency Fit and Configurational Approach.” MIS Quarterly, vol. 43, no. 4, Dec. 2019, pp. 1201-1225. Web.

    Loukis, Euripidis, et al. “Determinants of Software-as-a-Service Benefits and Impact on Firm Performance.” Decision Support Systems, vol. 117, Feb. 2019, pp. 38-47. Web.

    Martensson, Anders. “Patterns in Application Development Sourcing in the Financial Industry.” Proceedings of the 13th European Conference of Information Systems, 2004. Web.

    Martínez-Sánchez, Angel, et al. “The Relationship Between R&D, the Absorptive Capacity of Knowledge, Human Resource Flexibility and Innovation: Mediator Effects on Industrial Firms.” Journal of Business Research, vol. 118, Sept. 2020, pp. 431-440. Web.

    Moreno, Valter, et al. “Outsourcing of IT and Absorptive Capacity: A Multiple Case Study in the Brazilian Insurance Sector.” Brazilian Business Review, vol. 17, no. 1, Jan.-Feb. 2020, pp. 97-113. Web.

    Ozturk, Ebru. “The Impact of R&D Sourcing Strategies on Basic and Developmental R&D in Emerging Economies.” European Journal of Innovation Management, vol. 21, no. 7, May 2018, pp. 522-542. Web.

    Ribas, Imma, et al. “Multi-Step Process for Selecting Strategic Sourcing Options When Designing Supply Chains.” Journal of Industrial Engineering and Management, vol. 14, no. 3, 2021, pp. 477-495. Web.

    Striteska, Michaela Kotkova, and Viktor Prokop. “Dynamic Innovation Strategy Model in Practice of Innovation Leaders and Followers in CEE Countries – A Prerequisite for Building Innovative Ecosystems.” Sustainability, vol. 12, no. 9, May 2020. Web.

    Thakur-Wernz, Pooja, et al. “Antecedents and Relative Performance of Sourcing Choices for New Product Development Projects.” Technovation, 2020. Web.

    Set Meaningful Employee Performance Measures

    • Buy Link or Shortcode: {j2store}597|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Despite the importance of performance measures, most organizations struggle with choosing appropriate metrics and standards of performance for their employees.
    • Performance measures are often misaligned with the larger strategy, gamed by employees, or too narrow to provide an accurate picture of employee achievements.
    • Additionally, many organizations track too many metrics, resulting in a bureaucratic nightmare with little payoff.

    Our Advice

    Critical Insight

    • Focus on what matters by aligning your departmental goals with the enterprise's mission and business goals. Break down departmental goals into specific goals for each employee group.
    • Employee engagement, which results in better performance, is directly correlated with employees’ understanding what is expected of them on the job and with their performance reviews reflecting their actual contributions.
    • Shed unnecessary metrics in favor of a lean, holistic approach to performance measurement. Include quantitative, qualitative, and behavioral dimensions in each goal and set appropriate measures for each dimension to meet simple targets. This encourages well-rounded behaviors and discourages rogue behavior.
    • Get rid of the stick-and-carrot approach to management. Use performance measurement to inspire and engage employees, not punish them.

    Impact and Result

    • Learn about and leverage the McLean & Company framework and process to effective employee performance measurement setting.
    • Plan effective communications and successfully manage departmental employee performance measurement by accurately recording goals, measures, and requirements.
    • Find your way through the maze of employee performance management with confidence.

    Set Meaningful Employee Performance Measures Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set Meaningful Employee Performance Measures Storyboard – This deck provides a comprehensive framework for setting, communicating, and reviewing employee performance measures that will drive business results

    This research will help you choose an appropriate measurement framework, set effective measures. and communicate and review your performance measures. Use Info-Tech's process to set meaningful measures that will inspire employees and drive performance.

    • Set Meaningful Employee Performance Measures Storyboard

    2. Employee Performance Measures Goals Cascade – A tool to assist you in turning your organizational goals into meaningful individual employee performance measures.

    This tool will help you set departmental goals based on organizational mission and business goals and choose appropriate measures and weightings for each goal. Use this template to plan a comprehensive employee measurement system.

    • Employee Performance Measures Goals Cascade

    3. Employee Performance Measures Template – A template for planning and tracking your departmental goals, employee performance measures, and reporting requirements.

    This tool will help you set departmental goals based on your organizational mission and business goals, choose appropriate measures and weightings for each goal, and visualize you progress toward set goals. Use this template to plan and implement a comprehensive employee measurement system from setting goals to communicating results.

    • Employee Performance Measures Template

    4. Feedback and Coaching Guide for Managers – A tool to guide you on how to coach your team members.

    Feedback and coaching will improve performance, increase employee engagement, and build stronger employee manager relationships. Giving feedback is an essential part of a manger's job and if done timely can help employees to correct their behavior before it becomes a bigger problem.

    • Feedback and Coaching Guide for Managers

    Infographic

    Workshop: Set Meaningful Employee Performance Measures

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Source and Set Goals

    The Purpose

    Ensure that individual goals are informed by business ones.

    Key Benefits Achieved

    Individuals understand how their goals contribute to organizational ones.

    Activities

    1.1 Understand how your department contributes to larger organizational goals.

    1.2 Determine the timelines you need to measure employees against.

    1.3 Set Business aligned department, team, and individual goals.

    Outputs

    Business-aligned department and team goals

    Business-aligned individual goals

    2 Design Measures

    The Purpose

    Create holistic performance measures.

    Key Benefits Achieved

    Holistic performance measures are created.

    Activities

    2.1 Choose your employee measurement framework: generic or individual.

    2.2 Define appropriate employee measures for preestablished goals.

    2.3 Determine employee measurement weightings to drive essential behaviors.

    Outputs

    Determined measurement framework

    Define employee measures.

    Determined weightings

    3 Communicate to Implement and Review

    The Purpose

    Learn how to communicate measures to stakeholders and review measures.

    Key Benefits Achieved

    Learn how to communicate to stakeholders and coach employees through blockers.

    Activities

    3.1 Learn how to communicate selected performance measures to stakeholders.

    3.2 How to coach employees though blockers.

    3.3 Reviewing and updating measures.

    Outputs

    Effective communication with stakeholders

    Coaching and feedback

    When to update

    4 Manager Training

    The Purpose

    Train managers in relevant areas.

    Key Benefits Achieved

    Training delivered to managers.

    Activities

    4.1 Deliver Build a Better Manager training to managers.

    4.2

    Outputs

    Manager training delivered

    Further reading

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    EXECUTIVE BRIEF

    Set employees up for success by implementing performance measures that inspire great performance, not irrelevant reporting.

    Executive Summary

    Your Challenge

    In today’s competitive environment, managers must assess and inspire employee performance in order to assess the achievement of business goals.

    Despite the importance of performance measures, many leaders struggle with choosing appropriate metrics.

    Performance measures are often misaligned with the larger strategy, gamed by employees, or are too narrow to provide an accurate picture of employee achievements.

    Common Obstacles

    Managers who invest time in creating more effective performance measures will be rewarded with increased employee engagement and better employee performance.

    Too little time setting holistic employee measures often results in unintended behaviors and gaming of the system.

    Conversely, too much time setting employee measures will result in overreporting and underperforming employees.

    Info-Tech’s Approach

    Info-Tech helps managers translate organizational goals to employee measures. Communicating these to employees and other stakeholders will help managers keep better track of workforce productivity, maintain alignment with the organization’s business strategy, and improve overall results.

    Info-Tech Insight

    Performance measures are not about punishing bad performance, but inspiring higher performance to achieve business goals.

    Meaningful performance measures drive employee engagement...

    Clearly defined performance measures linked to specific goals bolster engagement by showing employees the importance of their contributions.

    Significant components of employee engagement are tied to employee performance measures.

    A diagram of employee engagement survey and their implications.

    Which, in turn, drives business success.

    Improved employee engagement is proven to improve employee performance. Setting meaningful measures can impact your bottom line.

    Impact of Engagement on Performance

    A diagram that shows Percent of Positive Responses Among Engaged vs. Disengaged
    Source: McLean & Company Employee Engagement Survey Jan 2020-Jan 2023; N=5,185 IT Employees; were either Engaged or Disengaged (Almost Engaged and Indifferent were not included)

    Engaged employees don’t just work harder, they deliver higher quality service and products.

    Engaged employees are significantly more likely to agree that they regularly accomplish more than what’s expected of them, choose to work extra hours to improve results, and take pride in the work they do.

    Without this sense of pride and ownership over the quality-of-service IT provides, IT departments are at serious risk of not being able to deliver quality service, on-time and on-budget.

    Create meaningful performance measures to drive employee engagement by helping employees understand how they contribute to the organization.

    Unfortunately, many employee measures are meaningless and fail to drive high-quality performance.

    Too many ineffective performance measures create more work for the manager rather than inspire employee performance. Determine if your measures are worth tracking – or if they are lacking.

    Meaningful performance measures are:

    Ineffective performance measures are:

    Clearly linked to organizational mission, values, and objectives.

    Based on a holistic understanding of employee performance.

    Relevant to organizational decision-making.

    Accepted by employees and managers.

    Easily understood by employees and managers.

    Valid: relevant to the role and goals and within an employee’s control.

    Reliable: consistently applied to assess different employees doing the same job.

    Difficult to track, update, and communicate.

    Easily gamed by managers or employees.

    Narrowly focused on targets rather than the quality of work.

    The cause of unintended outcomes or incentive for the wrong behaviors.

    Overly complex or elaborate.

    Easily manipulated due to reliance on simple calculations.

    Negotiable without taking into account business needs, leading to lower performance standards.

    Adopt a holistic approach to create meaningful performance measurement

    A diagram that shows a holistic approach to create meaningful performance measurement, including inputs, organizational costs, department goals, team goals, individual goals, and output.

    Info-Tech’s methodology to set the stage for more effective employee measures

    1. Source and Set Goals

    Phase Steps
    1.1 Create business-aligned department and team goals
    1.2 Create business-aligned individual goals

    Phase Outcomes
    Understand how your department contributes to larger organizational goals.
    Determine the timelines you need to measure employees against.
    Set business-aligned department, team, and individual goals.

    2. Design Measures

    Phase Steps
    1.1 Choose measurement framework
    1.2 Define employee measures
    1.3 Determine weightings

    Phase Outcomes
    Choose your employee measurement framework: generic or individual.
    Define appropriate employee measures for preestablished goals.
    Determine employee measurement weightings to drive essential behaviors.
    Ensure employee measures are communicated to the right stakeholders.

    3. Communicate to Implement and Review

    Phase Steps
    1.1 Communicate to stakeholders
    1.2 Coaching and feedback
    1.3 When to update

    Phase Outcomes
    Communicate selected performance measure to stakeholders.
    Learn how to coach employees though blockers.
    Understand how to review and when to update measures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to four months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Establish Data Governance

    • Buy Link or Shortcode: {j2store}123|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $48,494 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organizations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, as well as changing and maturing user landscapes and demands for data.
    • Although the need for a data governance program is often evident, organizations often miss the mark.
    • Your data governance efforts should be directly aligned to delivering measurable business value by supporting key strategic initiatives, value streams, and underlying business capabilities.

    Our Advice

    Critical Insight

    • Your organization’s value streams and their associated business capabilities require effectively governed data. Without this, you may experience elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organization’s enterprise governance function. It should not be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

    Impact and Result

    Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organizational value streams and their business capabilities with key data governance dimensions and initiatives. Info-Tech's approach will help you:

    • Align your data governance with enterprise governance, business strategy, and the organizational value streams to ensure the program delivers measurable business value.
    • Understand your current data governance capabilities and build out a future state that is right-sized and relevant.
    • Define data governance leadership, accountability, and responsibility.
    • Ensure data governance is supported by an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Establish Data Governance Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Governance Research – A step-by-step document to ensure that the people handling the data are involved in the decisions surrounding data usage, data quality, business processes, and change implementation.

    Data governance is a strategic program that will help your organization control data by managing the people, processes, and information technology needed to ensure that accurate and consistent data policies exist across varying lines of the business, enabling data-driven insight. This research will provide an overview of data governance and its importance to your organization, assist in making the case and securing buy-in for data governance, identify data governance best practices and the challenges associated with them, and provide guidance on how to implement data governance best practices for a successful launch.

    • Establish Data Governance – Phases 1-3

    2. Data Governance Planning and Roadmapping Workbook – A structured tool to assist with establishing effective data governance practices.

    This workbook will help your organization understand the business and user context by leveraging your business capability map and value streams, develop data use cases using Info-Tech's framework for building data use cases, and gauge the current state of your organization's data culture.

    • Data Governance Planning and Roadmapping Workbook

    3. Data Use Case Framework Template – An exemplar template to highlight and create relevant use cases around the organization’s data-related problems and opportunities.

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization. This template provides a framework for data requirements and a mapping methodology for creating use cases.

    • Data Use Case Framework Template

    4. Data Governance Initiative Planning and Roadmap Tool – A visual roadmapping tool to assist with establishing effective data governance practices.

    This tool will help your organization plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organization.

    • Data Governance Initiative Planning and Roadmap Tool

    5. Business Data Catalog – A comprehensive template to help you to document the key data assets that are to be governed based on in-depth business unit interviews, data risk/value assessments, and a data flow diagram for the organization.

    Use this template to document information about key data assets such as data definition, source system, possible values, data sensitivity, data steward, and usage of the data.

    • Business Data Catalog

    6. Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    • Data Governance Program Charter Template

    7. Data Governance Policy

    This policy establishes uniform data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organization.

    • Data Governance Policy

    8. Data Governance Exemplar – An exemplar showing how you can plan and document your data governance outputs.

    Use this exemplar to understand how to establish data governance in your organization. Follow along with the sections of the blueprint Establish Data Governance and complete the document as you progress.

    • Data Governance Exemplar
    [infographic]

    Workshop: Establish Data Governance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Identify key business data assets that need to be governed.

    Create a unifying vision for the data governance program.

    Key Benefits Achieved

    Understand the value of data governance and how it can help the organization better leverage its data.

    Gain knowledge of how data governance can benefit both IT and the business.

    Activities

    1.1 Establish business context, value, and scope of data governance at the organization

    1.2 Introduction to Info-Tech’s data governance framework

    1.3 Discuss vision and mission for data governance

    1.4 Understand your business architecture, including your business capability map and value streams

    1.5 Build use cases aligned to core business capabilities

    Outputs

    Sample use cases (tied to the business capability map) and a repeatable use case framework

    Vision and mission for data governance

    2 Understand Current Data Governance Capabilities and Plot Target-State Levels

    The Purpose

    Assess which data contains value and/or risk and determine metrics that will determine how valuable the data is to the organization.

    Assess where the organization currently stands in data governance initiatives.

    Determine gaps between the current and future states of the data governance program.

    Key Benefits Achieved

    Gain a holistic understanding of organizational data and how it flows through business units and systems.

    Identify which data should fall under the governance umbrella.

    Determine a practical starting point for the program.

    Activities

    2.1 Understand your current data governance capabilities and maturity

    2.2 Set target-state data governance capabilities

    Outputs

    Current state of data governance maturity

    Definition of target state

    3 Build Data Domain to Data Governance Role Mapping

    The Purpose

    Determine strategic initiatives and create a roadmap outlining key steps required to get the organization to start enabling data-driven insights.

    Determine timing of the initiatives.

    Key Benefits Achieved

    Establish clear direction for the data governance program.

    Step-by-step outline of how to create effective data governance, with true business-IT collaboration.

    Activities

    3.1 Evaluate and prioritize performance gaps

    3.2 Develop and consolidate data governance target-state initiatives

    3.3 Define the role of data governance: data domain to data governance role mapping

    Outputs

    Target-state data governance initiatives

    Data domain to data governance role mapping

    4 Formulate a Plan to Get to Your Target State

    The Purpose

    Consolidate the roadmap and other strategies to determine the plan of action from Day One.

    Create the required policies, procedures, and positions for data governance to be sustainable and effective.

    Key Benefits Achieved

    Prioritized initiatives with dependencies mapped out.

    A clearly communicated plan for data governance that will have full business backing.

    Activities

    4.1 Identify and prioritize next steps

    4.2 Define roles and responsibilities and complete a high-level RACI

    4.3 Wrap-up and discuss next steps and post-workshop support

    Outputs

    Initialized roadmap

    Initialized RACI

    Further reading

    Establish Data Governance

    Deliver measurable business value.

    Executive Brief

    Analyst Perspective

    Establish a data governance program that brings value to your organization.

    Picture of analyst

    Data governance does not sit as an island on its own in the organization – it must align with and be driven by your enterprise governance. As you build out data governance in your organization, it’s important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company’s data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organization’s operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization. Promote and drive the responsible and ethical use of data while helping to build and foster an organizational culture of data excellence.

    Crystal Singh

    Director, Research & Advisory, Data & Analytics Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The amount of data within organizations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organizations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.

    Common Obstacles

    Organizations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organizations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.

    Info-Tech’s Approach

    Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organizational value streams and their business capabilities with key data governance dimensions and initiatives. Organizations should:

    • Align their data governance with enterprise governance, business strategy and value streams to ensure the program delivers measurable business value.
    • Understand their current data governance capabilities so as to build out a future state that is right-sized and relevant.
    • Define data leadership, accountability, and responsibility. Support these with an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.

    Your challenge

    This research is designed to help organizations build and sustain an effective data governance program.

    • Your organization has recognized the need to treat data as a corporate asset for generating business value and/or managing and mitigating risk.
    • This has brought data governance to the forefront and highlighted the need to build a performance-driven enterprise program for delivering quality, trusted, and readily consumable data to users.
    • An effective data governance program is one that defines leadership, accountability, and responsibility related to data use and handling. It’s supported by a well-oiled operating model and relevant policies and procedures, all of which help build and foster a culture of data excellence where the right users get access to the right data at the right time via the right mechanisms.

    As you embark on establishing data governance in your organization, it’s vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.

    “Data processing and cleanup can consume more than half of an analytics team’s time, including that of highly paid data scientists, which limits scalability and frustrates employees.” – Petzold, et al., 2020

    Image is a circle graph and 30% of it is coloured with the number 30% in the middle of the graph

    “The productivity of employees across the organization can suffer.” – Petzold, et al., 2020

    Respondents to McKinsey’s 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020

    Common obstacles

    Some of the barriers that make data governance difficult to address for many organizations include:

    • Gaps in communicating the strategic value of data and data governance to the organization. This is vital for securing senior leadership buy-in and support, which, in turn, is crucial for sustained success of the data governance program.
    • Misinterpretation or a lack of understanding about data governance, including what it means for the organization and the individual data user.
    • A perception that data governance is inhibiting or an added layer of bureaucracy or complication rather than an enabling and empowering framework for stakeholders in their use and handling of data.
    • Embarking on data governance without firmly substantiating and understanding the organizational drivers for doing so. How is data governance going to support the organization’s value streams and their various business capabilities?
    • Neglecting to define and measure success and performance. Just as in any other enterprise initiative, you have to be able to demonstrate an ROI for time, resources and funding. These metrics must demonstrate the measurable business value that data governance brings to the organization.
    • Failure to align data governance with enterprise governance.
    Image is a circle graph and 78% of it is coloured with the number 78% in the middle of the graph

    78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020

    Image is a circle graph and 58% of it is coloured with the number 58% in the middle of the graph

    But despite these ambitions, there appears to be a “data culture disconnect” – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020

    The strategic value of data

    Power intelligent and transformative organizational performance through leveraging data.

    Respond to industry disruptors

    Optimize the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    The journey to being data-driven

    The journey to declaring that you are a data-driven organization requires a pit stop at data enablement.

    The Data Economy

    Data Disengaged

    You have a low appetite for data and rarely use data for decision making.

    Data Enabled

    Technology, data architecture, and people and processes are optimized and supported by data governance.

    Data Driven

    You are differentiating and competing on data and analytics; described as a “data first” organization. You’re collaborating through data. Data is an asset.

    Data governance is essential for any organization that makes decisions about how it uses its data.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (Olavsrud, 2021).
    • True business-IT collaboration that will lead to increased consistency and confidence in data to support decision making. This, in turn, helps fuel innovation and growth.

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done.
    • Meant to solve all data-related business or IT problems in an organization.
    • An inhibitor or impediment to using and sharing data.

    Info-Tech’s Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Create impactful data governance by embedding it within enterprise governance

    A model is depicted to show the relationship between enterprise governance and data governance.

    Organizational drivers for data governance

    Data governance personas:

    Conformance: Establishing data governance to meet regulations and compliance requirements.

    Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.

    Two images are depicted that show the difference between conformance and performance.

    Data Governance is not a one-person show

    • Data governance needs a leader and a home. Define who is going to be leading, driving, and steering data governance in your organization.
    • Senior executive leaders play a crucial role in championing and bringing visibility to the value of data and data governance. This is vital for building and fostering a culture of data excellence.
    • Effective data governance comes with business and IT alignment, collaboration, and formally defined roles around data leadership, ownership, and stewardship.
    Four circles are depicted. There is one person in the circle on the left and is labelled: Data Governance Leadership. The circle beside it has two people in it and labelled: Organizational Champions. The circle beside it has three people in it and labelled: Data Owners, Stewards & Custodians. The last circle has four people in it and labelled: The Organization & Data Storytellers.

    Traditional data governance organizational structure

    A traditional structure includes committees and roles that span across strategic, tactical, and operational duties. There is no one-size-fits-all data governance structure. However, most organizations follow a similar pattern when establishing committees, councils, and cross-functional groups. Most organizations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program, such as the focus of the data governance project and the maturity and size of the organization.

    A triangular model is depicted and is split into three tiers to show the traditional data governance organizational structure.

    A healthy data culture is key to amplifying the power of your data.

    “Albert Einstein is said to have remarked, ‘The world cannot be changed without changing our thinking.’ What is clear is that the greatest barrier to data success today is business culture, not lagging technology. “– Randy Bean, 2020

    What does it look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    “It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centers of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organization has successfully forged a data culture.”– Randy Bean, 2020

    Data literacy is an essential part of a data-driven culture

    • In a data-driven culture, decisions are made based on data evidence, not on gut instinct.
    • Data often has untapped potential. A data-driven culture builds tools and skills, builds users’ trust in the condition and sources of data, and raises the data skills and understanding among their people on the front lines.
    • Building a data culture takes an ongoing investment of time, effort, and money. This investment will not achieve the transformation you want without data literacy at the grassroots level.

    Data-driven culture = “data matters to our company”

    Despite investments in data initiative, organizations are carrying high levels of data debt

    Data debt is “the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.”

    Data debt is a problem for 78% of organizations.

    40% of organizations say individuals within the business do not trust data insights.

    66% of organizations say a backlog of data debt is impacting new data management initiatives.

    33% of organizations are not able to get value from a new system or technology investment.

    30% of organizations are unable to become data-driven.

    Source: Experian, 2020

    Absent or sub-optimal data governance leads to data debt

    Only 3% of companies’ data meets basic quality standards. (Source: Nagle, et al., 2017)

    Organizations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)

    Only 51% of organizations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)

    35% of organizations say they’re not able to see a ROI for data management initiatives. (Source: Experian, 2020)

    Embrace the technology

    Make the available data governance tools and technology work for you:

    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management

    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.

    Logos of data governance tools and technology.

    Measure success to demonstrate tangible business value

    Put data governance into the context of the business:

    • Tie the value of data governance and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don’t let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data governance program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organization.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritization

    Build a use case that is tied to business capabilities. Prioritize accordingly.

    Business Data Glossary

    Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Key takeaways for effective business-driven data governance

    Data governance leadership and sponsorship is key.

    Ensure strategic business alignment.

    Build and foster a culture of data excellence.

    Evolve along the data journey.

    Make data governance an enabler, not a hindrance.

    Insight summary

    Overarching insight

    Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Insight 1

    Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function. It shouldn’t be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

    Insight 2

    Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organization.

    Insight 3

    Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.

    Tactical insight

    Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organization. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organization.

    Info-Tech’s methodology for establishing data governance

    1. Build Business and User Context 2. Understand Your Current Data Governance Capabilities 3. Build a Target State Roadmap and Plan
    Phase Steps
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organization’s Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Phase Outcomes
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • Categorization of your organization’s key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organization’s current data culture
    • A data governance roadmap and target-state plan comprising of prioritized initiatives

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Screenshot of Info-Tech's Data Governance Planning and Roadmapping Workbook data-verified=

    Data Governance Planning and Roadmapping Workbook

    Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll-out, and scale data governance in your organization.

    Screenshot of Info-Tech's Data Use Case Framework Template

    Data Use Case Framework Template

    This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organization’s data-related problems and opportunities.

    Screenshot of Info-Tech's Business Data Glossary data-verified=

    Business Data Glossary

    Use this template to document the key data assets that are to be governed and create a data flow diagram for your organization.

    Screenshot of Info-Tech's Data Culture Diagnostic and Scorecard data-verified=

    Data Culture Diagnostic and Scorecard

    Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.

    Key deliverable:

    Data Governance Planning and Roadmapping Workbook

    Measure the value of this blueprint

    Leverage this blueprint’s approach to ensure your data governance initiatives align and support your key value streams and their business capabilities.

    • Aligning your data governance program and its initiatives to your organization’s business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data governance with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.
    Screenshot from this blueprint on the Measurable Business Value

    In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.

    In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Establish Data Governance project overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    1. Build Business and User context2. Understand Your Current Data Governance Capabilities3. Build a Target State Roadmap and Plan
    Best-Practice Toolkit
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organization’s Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • Your organization’s business capabilities and value streams
    • A business capability map for your organization
    • Categorization of your organization’s key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organization’s current data culture
    • A data governance roadmap and target-state plan comprising of prioritized initiatives

    Guided Implementation

    What does a typical GI on this topic look like?

    An outline of what guided implementation looks like.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value Understand Current Data Governance Capabilities and Plot Target-State Levels Build Data Domain to Data Governance Role Mapping Formulate a Plan to Get to Your Target State
    Activities
    • Establish business context, value, and scope of data governance at the organization
    • Introduction to Info-Tech’s data governance framework
    • Discuss vision and mission for data governance
    • Understand your business architecture, including your business capability map and value streams
    • Build use cases aligned to core business capabilities
    • Understand your current data governance capabilities and maturity
    • Set target state data governance capabilities
    • Evaluate and prioritize performance gaps
    • Develop and consolidate data governance target-state initiatives
    • Define the role of data governance: data domain to data governance role mapping
    • Identify and prioritize next steps
    • Define roles and responsibilities and complete a high-level RACI
    • Wrap-up and discuss next steps and post-workshop support
    Deliverables
    1. Sample use cases (tied to the business capability map) and a repeatable use case framework
    2. Vision and mission for data governance
    1. Current state of data governance maturity
    2. Definition of target state
    1. Target-state data governance initiatives
    2. Data domain to data governance role mapping
    1. Initialized roadmap
    2. Initialized RACI

    Phase 1

    Build Business and User Context

    Three circles are in the image that list the three phases and the main steps. Phase 1 is highlighted.

    “When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.” – Jason Lim, Alation

    This phase will guide you through the following activities:

    • Identify Your Business Capabilities
    • Define your Organization’s Key Business Capabilities
    • Develop a Strategy Map that Aligns Business Capabilities to Your Strategic Focus

    This phase involves the following participants:

    • Data Governance Leader/Data Leader (CDO)
    • Senior Business Leaders
    • Business SMEs
    • Data Leadership, Data Owners, Data Stewards and Custodians

    Step 1.1

    Substantiate Business Drivers

    Activities

    1.1.1 Identify Your Business Capabilities

    1.1.2 Categorize Your Organization’s Key Business Capabilities

    1.1.3 Develop a Strategy Map Tied to Data Governance

    This step will guide you through the following activities:

    • Leverage your organization’s existing business capability map or initiate the formulation of a business capability map, guided by info-Tech’s approach
    • Determine which business capabilities are considered high priority by your organization
    • Map your organization’s strategic objectives to value streams and capabilities to communicate how objectives are realized with the support of data

    Outcomes of this step

    • A foundation for data governance initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Info-Tech Insight

    Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.

    1.1.1 Identify Your Business Capabilities

    Confirm your organization's existing business capability map or initiate the formulation of a business capability map:

    • If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organization creates and captures value) and their business capabilities are reflective of the organization’s current business environment.
    • If you do not have an existing business capability map, follow this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organization’s value streams. Meet with senior leadership and other key business stakeholders to define how your organization creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Input

    • List of confirmed value streams and their related business capabilities

    Output

    • Business capability map with value streams for your organization

    Materials

    • Your existing business capability map or the template provided in the Data Governance Planning and Roadmapping Workbook accompanying this blueprint

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Define or validate the organization’s value streams

    Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.

    If the organization does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture related work? Who has the relevant skills, competencies, experience, and knowledge about the organization?
    • Engage with these stakeholders to define and validate how the organization creates value.
    • Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organization’s products and/or services help them accomplish that?
      • What are the benefits your organization delivers to them and how does your organization deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data governance to the organization's value realization activities.

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for retail banking.

    For this value stream, download Info-Tech’s Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for higher education

    For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for local government

    For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for manufacturing

    For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example of value streams – Retail

    Value streams connect business goals to the organization’s value realization activities.

    Example value stream descriptions for: Retail

    Model example of value streams for retail

    Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    For this value stream, download Info-Tech’s Industry Reference Architecture for Retail.

    Define the organization’s business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”

    If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described above:

    • Analyze the value streams to identify and describe the organization’s capabilities that support them.
    • Consider: What is the objective of your value stream? (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don’t start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organization, remove the ones that don’t, and add any needed.

    Align data governance to the organization's value realization activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail Banking

    Model example business capability map for retail banking

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Higher Education

    Model example business capability map for higher education

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Model example business capability map for local government

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Model example business capability map for manufacturing

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.

    Example business capability map - Retail

    A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Model example business capability map for retail

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.1.2 Categorize Your Organization’s Key Capabilities

    Determine which capabilities are considered high priority in your organization.

    1. Categorize or heatmap the organization’s key capabilities. Consult with senior and other key business stakeholders to categorize and prioritize the business’ capabilities. This will aid in ensuring your data governance future state planning is aligned with the mandate of the business. One approach to prioritizing capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organization. Highlight these capabilities and prioritize programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organization an edge over rivals or other players in your industry.

    This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.

    Input

    • Strategic insight from senior business stakeholders on the business capabilities that drive value for the organization

    Output

    • Business capabilities categorized and prioritized (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk)

    Materials

    • Your existing business capability map or the business capability map derived in the previous activity

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech’s Document Your Business Architecture.

    Example of business capabilities categorization or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business’ priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organization’s competitive advantage creators.

    Example: Retail

    Example of business capabilities categorization or heatmapping – Retail

    For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.

    1.1.3 Develop a Strategy Map Tied to Data Governance

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organization’s business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and, ultimately, to data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organization.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritize the data initiatives that deliver the most value to the organization.

    Input

    • Strategic objectives as outlined by the organization’s business strategy and confirmed by senior leaders

    Output

    • A strategy map that maps your organizational strategic objectives to value streams, business capabilities, and, ultimately, to data program

    Materials

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech’s Data Governance Planning and Roadmapping Workbook

    Example of a strategy map tied to data governance

    • Strategic objectives are the outcomes that the organization is looking to achieve.
    • Value streams enable an organization to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap and which will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip:

    Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.

    Example: Retail

    Example of a strategy map tied to data governance for retail

    For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.

    Step 1.2

    Build High-Value Use Cases for Data Governance

    Activities

    1.2.1 Build High-Value Use Cases

    This step will guide you through the following activities:

    • Leveraging your categorized business capability map to conduct deep-dive sessions with key business stakeholders for creating high-value uses cases
    • Discussing current challenges, risks, and opportunities associated with the use of data across the lines of business
    • Exploring which other business capabilities, stakeholder groups, and business units will be impacted

    Outcomes of this step

    • Relevant use cases that articulate the data-related challenges, needs, or opportunities that are clear and contained and, if addressed ,will deliver value to the organization

    Info-Tech Tip

    One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organizational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.

    1.2.1 Build High-Value Use Cases

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well as the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech’s framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Input

    • Value streams and business capabilities as defined by business leaders
    • Business stakeholders’ subject area expertise
    • Data custodian systems, integration, and data knowledge

    Output

    • Use cases that articulate data-related challenges, needs or opportunities that are tied to defined business capabilities and hence if addressed will deliver measurable value to the organization.

    Materials

    • Your business capability map from activity 1.1.1
    • Info-Tech’s Data Use Case Framework Template
    • Whiteboard or flip charts (or shared screen if working remotely)
    • Markers/pens

    Participants

    • Key business stakeholders
    • Data stewards and business SMEs
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech’s Data Use Case Framework Template

    Info-Tech’s Framework for Building Use Cases

    Objective: This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.

    Leveraging your business capability map, build use cases that align with the organization’s key business capabilities.

    Consider:

    • Is the business capability a cost advantage creator or an industry differentiator?
    • Is the business capability currently underserved by data?
    • Does this need to be addressed? If so, is this risk- or value-driven?

    Info-Tech’s Data Requirements and Mapping Methodology for Creating Use Cases

    1. What business capability (or capabilities) is this use case tied to for your business area(s)?
    2. What are your data-related challenges in performing this today?
    3. What are the steps in this process/activity today?
    4. What are the applications/systems used at each step today?
    5. What data domains are involved, created, used, and/or transformed at each step today?
    6. What does an ideal or improved state look like?
    7. What other business units, business capabilities, activities, and/or processes will be impacted or improved if this issue was solved?
    8. Who are the stakeholders impacted by these changes? Who needs to be consulted?
    9. What are the risks to the organization (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?
    10. What compliance, regulatory, and/or policy concerns do we need to consider in any solution?
    11. What measures of success or change should we use to prove the value of the effort (such as KPIs, ROI)? What is the measurable business value of doing this?

    The resulting use cases are to be prioritized and leveraged for informing the business case and the data governance capabilities optimization plan.

    Taken from Info-Tech’s Data Use Case Framework Template

    Phase 2

    Understand Your Current Data Governance Capabilities

    Three circles are in the image that list the three phases and the main steps. Phase 2 is highlighted.

    This phase will guide you through the following activities:

    • Understand the Key Components of Data Governance
    • Gauge Your Organization’s Current Data Culture

    This phase involves the following participants:

    • Data Leadership
    • Data Ownership & Stewardship
    • Policies & Procedures
    • Data Literacy & Culture
    • Operating Model
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Step 2.1

    Understand the Key Components of Data Governance

    This step will guide you through the following activities:

    • Understanding the core components of an effective data governance program and determining your organization’s current capabilities in these areas:
      • Data Leadership
      • Data Ownership & Stewardship
      • Policies & Procedures
      • Data Literacy & Culture
      • Operating Model
      • Data Management
      • Data Privacy & Security
      • Enterprise Projects & Services

    Outcomes of this step

    • An understanding the core components of an effective data governance program
    • An understanding your organization’s current data governance capabilities

    Review: Info-Tech’s Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Key components of data governance

    A well-defined data governance program will deliver:

    • Defined accountability and responsibility for data.
    • Improved knowledge and common understanding of the organization’s data assets.
    • Elevated trust and confidence in traceable data.
    • Improved data ROI and reduced data debt.
    • An enabling framework for supporting the ethical use and handling of data.
    • A foundation for building and fostering a data-driven and data-literate organizational culture.

    The key components of establishing sustainable enterprise data governance, taken from Info-Tech’s Data Governance Framework:

    • Data Leadership
    • Data Ownership & Stewardship
    • Operating Model
    • Policies & Procedures
    • Data Literacy & Culture
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Data Leadership

    • Data governance needs a dedicated head or leader to steer the organization’s data governance program.
    • For organizations that do have a chief data officer (CDO), their office is the ideal and effective home for data governance.
    • Heads of data governance also have titles such as director of data governance, director of data quality, and director of analytics.
    • The head of your data governance program works with all stakeholders and partners to ensure there is continuous enterprise governance alignment and oversight and to drive the program’s direction.
    • While key stakeholders from the business and IT will play vital data governance roles, the head of data governance steers the various components, stakeholders, and initiatives, and provides oversight of the overall program.
    • Vital data governance roles include: data owners, data stewards, data custodians, data governance steering committee (or your organization’s equivalent), and any data governance working group(s).

    The role of the CDO: the voice of data

    The office of the chief data officer (CDO):

    • Has a cross-organizational vision and strategy for data.
    • Owns and drives the data strategy; ensures it supports the overall organizational strategic direction and business goals.
    • Leads the organizational data initiatives, including data governance
    • Is accountable for the policy, strategy, data standards, and data literacy necessary for the organization to operate effectively.
    • Educates users and leaders about what it means to be “data-driven.”
    • Builds and fosters a culture of data excellence.

    “Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organization: ‘data.’ ”

    – Carruthers and Jackson, 2020

    Who does the CDO report to?

    Example reporting structure.
    • The CDO should be a true C- level executive.
    • Where the organization places the CDO role in the structure sends an important signal to the business about how much it values data.

    “The title matters. In my opinion, you can’t have a CDO without executive authority. Otherwise no one will listen.”

    – Anonymous European CDO

    “The reporting structure depends on who’s the ‘glue’ that ties together all these uniquely skilled individuals.”

    – John Kemp, Senior Director, Executive Services, Info-Tech Research Group

    Data Ownership & Stewardship

    Who are best suited to be data owners?

    • Wherever they may sit in your organization, data owners will typically have the highest stake in that data.
    • Data owners need to be suitably senior and have the necessary decision-making power.
    • They have the highest interest in the related business data domain, whether they are the head of a business unit or the head of a line of business that produces data or consumes data (or both).
    • If they are neither of these, it’s unlikely they will have the interest in the data (in terms of its quality, protection, ethical use, and handling, for instance) necessary to undertake and adopt the role effectively.

    Data owners are typically senior business leaders with the following characteristics:

    • Positioned to accept accountability for their data domain.
    • Hold authority and influence to affect change, including across business processes and systems, needed to improve data quality, use, handling, integration, etc.
    • Have access to a budget and resources for data initiatives such as resolving data quality issues, data cleansing initiatives, business data catalog build, related tools and technology, policy management, etc.
    • Hold the influence needed to drive change in behavior and culture.
    • Act as ambassadors of data and its value as an organizational strategic asset.

    Right-size your data governance organizational structure

    • Most organizations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program such as the focus of the data governance project as well as the maturity and size of the organization.
    • Your data governance structure has to work for your organization, and it has to evolve as the organization evolves.
    • Formulate your blend of data governance roles, committees, councils, and cross-functional groups, that make sense for your organization.
    • Your data governance organizational structure should not add complexity or bureaucracy to your organization’s data landscape; it should support and enable your principle of treating data as an asset.

    There is no one-size-fits-all data governance organizational structure.

    Example of a Data Governance Organizational Structure

    Critical roles and responsibilities for data governance

    Data Governance Working Groups

    Data governance working groups:

    • Are cross-functional teams
    • Deliver on data governance projects, initiatives, and ad hoc review committees.

    Data Stewards

    Traditionally, data stewards:

    • Serve on an operational level addressing issues related to adherence to standards/procedures, monitoring data quality, raising issues identified, etc.
    • Are responsible for managing access, quality, escalating issues, etc.

    Data Custodians

    • Traditionally, data custodians:
    • Serve on an operational level addressing issues related to data and database administration.
    • Support the management of access, data quality, escalating issues, etc.
    • Are SMEs from IT and database administration.

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enabling business capabilities with data governance role definitions

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Operating Model

    Your operating model is the key to designing and operationalizing a form of data governance that delivers measurable business value to your organization.

    “Generate excitement for data: When people are excited and committed to the vision of data enablement, they’re more likely to help ensure that data is high quality and safe.” – Petzold, et al., 2020

    Operating Model

    Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organization and manages risks while building and fostering a culture of data excellence along the way. Some organizations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organized, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.

    Examples of focus areas for your operating model:

    • Delivery: While there are core tenets to every data governance program, there is a level of variability in the implementation of data governance programs across organizations, sectors, and industries. Every organization has its own particular drivers and mandates, so the level and rigor applied will also vary.
    • The key is to determine what style will work best in your organization, taking into consideration your organizational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernization initiatives, and/or regulatory and compliances drivers.

    • Communication: Communication is vital across all levels and stakeholder groups. For instance, there needs to be communication from the data governance office up to senior leadership, as well as communication within the data governance organization, which is typically made up of the data governance steering committee, data governance council, executive sponsor/champion, data stewards, and data custodians and working groups.
    • Furthermore, communication with the wider organization of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.

    Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.

    Operating Model

    Tie the value of data governance and its initiatives back to the business capabilities that are enabled.

    “Leading organizations invest in change management to build data supporters and convert the skeptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]” – Petzold, et al., 2020

    Operating Model

    Examples of focus areas for your operating model (continued):

    • Change management and issue resolution: Data governance initiatives will very likely bring about a level of organizational disruption, with governance recommendations and future state requiring potentially significant business change. This may include a redesign of a substantial number of data processes affecting various business units, which will require tweaking the organization’s culture, thought processes, and procedures surrounding its data.
    • Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

      Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    • Performance measuring, monitoring and reporting: Measuring and reporting on performance, successes, and realization of tangible business value are a must for sustaining, growing, and scaling your data governance program.
    • Aligning your data governance to the organization's value realization activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.

    Info-Tech Tip:

    Launching a data governance program will bring with it a level of disruption to the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.

    Policies, Procedures & Standards

    “Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardize the format as well as the meaning.” – U.S. Geological Survey

    Policies, Procedures & Standards

    • When defining, updating, or refreshing your data policies, procedures, and standards, ensure they are relevant, serve a purpose, and/or support the use of data in the organization.
    • Avoid the common pitfall of building out a host of policies, procedures, and standards that are never used or followed by users and therefore don’t bring value or serve to mitigate risk for the organization.
    • Data policies can be thought of as formal statements and are typically created, approved, and updated by the organization’s data decision-making body (such as a data governance steering committee).
    • Data standards and procedures function as actions, or rules, that support the policies and their statements.
    • Standards and procedures are designed to standardize the processes during the overall data lifecycle. Procedures are instructions to achieve the objectives of the policies. The procedures are iterative and will be updated with approval from your data governance committee as needed.
    • Your organization’s data policies, standards, and procedures should not bog down or inhibit users; rather, they should enable confident data use and handling across the overall data lifecycle. They should support more effective and seamless data capture, integration, aggregation, sharing, and retention of data in the organization.

    Examples of data policies:

    • Data Classification Policy
    • Data Retention Policy
    • Data Entry Policy
    • Data Backup Policy
    • Data Provenance Policy
    • Data Management Policy

    Data Domain Documentation

    Select the correct granularity for your business need

    Diagram of data domain documentation
    Sources: Dataversity; Atlan; Analytics8

    Data Domain Documentation Examples

    Data Domain Documentation Examples

    Data Culture

    “Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.” – Petzold, et al., 2020

    A healthy data culture is key to amplifying the power of your data and to building and sustaining an effective data governance program.

    What does a healthy data culture look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    Building a culture of data excellence.

    Leverage Info-Tech’s Data Culture Diagnostic to understand your organization’s culture around data.

    Screenshot of Data Culture Scorecard

    Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic

    Cultivating a data-driven culture is not easy

    “People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.” – Lim, Alation

    It cannot be purchased or manufactured,

    It must be nurtured and developed,

    And it must evolve as the business, user, and data landscapes evolve.

    “Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.” – Randy Bean, 2020

    Hallmarks of a data-driven culture

    There is a trusted, single source of data the whole company can draw from.

    There’s a business glossary and data catalog and users know what the data fields mean.

    Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.

    Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.

    Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.

    A data-driven culture requires a number of elements:

    • High-quality data
    • Broad access and data literacy
    • Data-driven decision-making processes
    • Effective communication

    Data Literacy

    Data literacy is an essential part of a data-driven culture.

    • Building a data-driven culture takes an ongoing investment of time, effort, and money.
    • This investment will not realize its full return without building up the organization’s data literacy.
    • Data literacy is about filling data knowledge gaps across all levels of the organization.
    • It’s about ensuring all users – senior leadership right through to core users – are equipped with appropriate levels of training, skills, understanding, and awareness around the organization’s data and the use of associated tools and technologies. Data literacy ensures users have the data they need and they know how to interpret and leverage it.
    • Data literacy drives the appetite, demand, and consumption for data.
    • A data-literate culture is one where the users feel confident and skilled in their use of data, leveraging it for making informed or evidence-based decisions and generating insights for the organization.

    Data Management

    • Data governance serves as an enabler to all of the core components that make up data management:
      • Data quality management
      • Data architecture management
      • Data platform
      • Data integration
      • Data operations management
      • Data risk management
      • Reference and master data management (MDM)
      • Document and content management
      • Metadata management
      • Business intelligence (BI), reporting, analytics and advanced analytics, artificial intelligence (AI), machine learning (ML)
    • Key tools such as the business data glossary and data catalog are vital for operationalizing data governance and in supporting data management disciplines such as data quality management, metadata management, and MDM as well as BI, reporting, and analytics.

    Enterprise Projects & Services

    • Data governance serves as an enabler to enterprise projects and services that require, use, share, sell, and/or rely on data for their viability and, ultimately, their success.
    • Folding or embedding data governance into the organization’s project management function or project management office (PMO) serves to ensure that, for any initiative, suitable consideration is given to how data is treated.
    • This may include defining parameters, following standards and procedures around bringing in new sources of data, integrating that data into the organization’s data ecosystem, using and sharing that data, and retaining that data post-project completion.
    • The data governance function helps to identify and manage any ethical issues, whether at the start of the project and/or throughout.
    • It provides a foundation for asking relevant questions as it relates to the use or incorporation of data in delivering the specific project or service. Do we know where the data obtained from? Do we have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used? What are the positive effects, negative impacts, and/or risks associated with our intended use of that data? Are we positioned to mitigate those risks?
    • Mature data governance creates organizations where the above considerations around data management and the ethical use and handling of data is routinely implemented across the business and in the rollout and delivery of projects and services.

    Data Privacy & Security

    • Data governance supports the organization’s data privacy and security functions.
    • Key tools include the data classification policy and standards and defined roles around data ownership and data stewardship. These are vital for operationalizing data governance and supporting data privacy, security, and the ethical use and handling of data.
    • While some organizations may have a dedicated data security and privacy group, data governance provides an added level of oversight in this regard.
    • Some of the typical checks and balances include ensuring:
      • There are policies and procedures in place to restrict and monitor staff’s access to data (one common way this is done is according to job descriptions and responsibilities) and that these comply with relevant laws and regulations.
      • There’s a data classification scheme in place where data has been classified on a hierarchy of sensitivity (e.g. top secret, confidential, internal, limited, public).
      • The organization has a comprehensive data security framework, including administrative, physical, and technical procedures for addressing data security issues (e.g. password management and regular training).
      • Risk assessments are conducted, including an evaluation of risks and vulnerabilities related to intentional and unintentional misuse of data.
      • Policies and procedures are in place to mitigate the risks associated with incidents such as data breaches.
      • The organization regularly audits and monitors its data security.

    Ethical Use & Handling of Data

    Data governance will support your organization’s ethical use and handling of data by facilitating definition around important factors, such as:

    • What are the various data assets in the organization and what purpose(s) can they be used for? Are there any limitations?
    • Who is the related data owner? Who holds accountability for that data? Who will be answerable?
    • Where was the data obtained from? What is the intended use of that data? Do you have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used?
    • What are the positive effects, negative impacts, and/or risks associated with the use of that data?

    Ethical Use & Handling of Data

    • Data governance serves as an enabler to the ethical use and handling of an organization’s data.
    • The Open Data Institute (ODI) defines data ethics as: “A branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use.”
    • Data ethics relates to good practice around how data is collected, used and shared. It’s especially relevant when data activities have the potential to impact people and society, whether directly or indirectly (Open Data Institute, 2019).
    • A failure to handle and use data ethically can negatively impact an organization’s direct stakeholders and/or the public at large, lead to a loss of trust and confidence in the organization's products and services, lead to financial loss, and impact the organization’s brand, reputation, and legal standing.
    • Data governance plays a vital role in building and managing your data assets, knowing what data you have, and knowing the limitations of that data. Data ownership, data stewardship, and your data governance decision-making body are key tenets and foundational components of your data governance. They enable an organization to define, categorize, and confidently make decisions about its data.

    Step 2.2

    Gauge Your Organization’s Current Data Culture

    Activities

    2.2.1 Gauge Your Organization’s Current Data Culture

    This step will guide you through the following activities:

    • Conduct a data culture survey or leverage Info-Tech’s Data Culture Diagnostic to increase your understanding of your organization’s data culture

    Outcomes of this step

    • An understanding of your organizational data culture

    2.2.1 Gauge Your Organization’s Current Data Culture

    Conduct a Data Culture Survey or Diagnostic

    The objectives of conducting a data culture survey are to increase the understanding of the organization's data culture, your users’ appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organization who should receive the survey

    Output

    • Your organization’s Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organization

    Materials

    Screenshot of Data Culture Scorecard

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organization
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    Phase 3

    Build a Target State Roadmap and Plan

    Three circles are in the image that list the three phases and the main steps. Phase 3 is highlighted.

    “Achieving data success is a journey, not a sprint.” Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.” – Randy Bean, 2020

    This phase will guide you through the following activities:

    • Build your Data Governance Roadmap
    • Develop a target state plan comprising of prioritized initiatives

    This phase involves the following participants:

    • Data Governance Leadership
    • Data Owners/Data Stewards
    • Data Custodians
    • Data Governance Working Group(s)

    Step 3.1

    Formulate an Actionable Roadmap and Right-Sized Plan

    This step will guide you through the following activities:

    • Build your data governance roadmap
    • Develop a target state plan comprising of prioritized initiatives

    Outcomes of this step

    • A foundation for data governance initiative planning that’s aligned with the organization’s business architecture: value streams, business capability map, and strategy map

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right sized to deliver value in your organization.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organization’s fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolize the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritization

    Build a use case that is tied to business capabilities. Prioritize accordingly.

    Business Data Glossary/Catalog

    Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Recall: Info-Tech’s Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Build an actionable roadmap

    Data Governance Leadership & Org Structure Division

    Define key roles for getting started.

    Use Case Build & Prioritization

    Start small and then scale – deliver early wins.

    Literacy Program

    Start understanding data knowledge gaps, building the program, and delivering.

    Tools & Technology

    Make the available data governance tools and technology work for you.

    Key components of your data governance roadmap

    By now, you have assessed current data governance environment and capabilities. Use this assessment, coupled with the driving needs of your business, to plot your data Governance roadmap accordingly.

    Sample data governance roadmap milestones:

    • Define data governance leadership.
    • Define and formalize data ownership and stewardship (as well as the role IT/data management will play as data custodians).
    • Build/confirm your business capability map and data domains.
    • Build business data use cases specific to business capabilities.
    • Define business measures/KPIs for the data governance program (i.e. metrics by use case that are relevant to business capabilities).
    • Data management:
      • Build your data glossary or catalog starting with identified and prioritized terms.
      • Define data domains.
    • Design and define the data governance operating model (oversight model definition, communication plan, internal marketing such as townhalls, formulate change management plan, RFP of data governance tool and technology options for supporting data governance and its administration).
    • Data policies and procedures:
      • Formulate, update, refresh, consolidate, rationalize, and/or retire data policies and procedures.
      • Define policy management and administration framework (i.e. roll-out, maintenance, updates, adherence, system to be used).
    • Conduct Info-Tech’s Data Culture Diagnostic or survey (across all levels of the organization).
    • Define and formalize the data literacy program (build modules, incorporate into LMS, plan lunch and learn sessions).
    • Data privacy and security: build data classification policy, define classification standards.
    • Enterprise projects and services: embed data governance in the organization’s PMO, conduct “Data Governance 101” for the PMO.

    Defining data governance roles and organizational structure at Organization

    The approach employed for defining the data governance roles and supporting organizational structure for .

    Key Considerations:

    • The data owner and data steward roles are formally defined and documented within the organization. Their involvement is clear, well-defined, and repeatable.
    • There are data owners and data stewards for each data domain within the organization. The data steward role is given to someone with a high degree of subject matter expertise.
    • Data owners and data stewards are effective in their roles by ensuring that their data domain is clean and free of errors and that they protect the organization against data loss.
    • Data owners and data stewards have the authority to make final decisions on data definitions, formats, and standard processes that apply to their respective data sets. Data owners and data stewards have authority regarding who has access to certain data.
    • Data owners and data stewards are not from the IT side of the organization. They understand the lifecycle of the data (how it is created, curated, retrieved, used, archived, and destroyed) and they are well-versed in any compliance requirements as it relates to their data.
    • The data custodian role is formally defined and is given to the relevant IT expert. This is an individual with technical administrative and/or operational responsibility over data (e.g. a DBA).
    • A data governance steering committee exists and is comprised of well-defined roles, responsibilities, executive sponsors, business representatives, and IT experts.
    • The data governance steering committee works to provide oversight and enforce policies, procedures, and standards for governing data.
    • The data governance working group has cross-functional representation. This comprises business and IT representation, as well as project management and change management where applicable: data stewards, data custodians, business subject matter experts, PM, etc.).
    • Data governance meetings are coordinated and communicated about. The meeting agenda is always clear and concise, and meetings review pressing data-related issues. Meeting minutes are consistently documented and communicated.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enable business capabilities with data governance role definitions.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Consider your technology options:

    Make the available data governance tools and technology work for you:

    • Data catalog
    • Business data glossary
    • Data lineage
    • Metadata management

    Logos of data governance tools and technology.

    These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.

    Make the data steward the catalyst for organizational change and driving data culture

    The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.

    Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.

    Because the data steward must enforce data processes and liaise with so many different people and departments within the organization, the data steward role should be their primary full-time job function – where possible.

    However, in circumstances where budget doesn’t allow a full-time data steward role, develop these skills within the organization by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.

    Info-Tech Tip

    A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organization believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.

    Changes to organizational data processes are inevitable; have a communication plan in place to manage change

    Create awareness of your data governance program. Use knowledge transfer to get as many people on board as possible.

    Data governance initiatives must contain a strong organizational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organization’s culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organization, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Info-Tech Insight

    Launching a data governance initiative is guaranteed to disrupt the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.

    Create a common data governance vision that is consistently communicated to the organization

    A data governance program should be an enterprise-wide initiative.

    To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.

    Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.

    The data governance program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data governance.
    • Brainstorm guiding principles for data and understand the overall value to the organization.

    Develop a compelling data governance communications plan to get all departmental lines of business on board

    A data governance program will impact all data-driven business units within the organization.

    A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.

    By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.

    A clear and concise communications strategy will raise the profile of data governance within the organization, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.

    A proactive communications plan will:

    • Assist in overcoming issues with data control, stalemates between stakeholder units, and staff resistance.
    • Provide a formalized process for implementing new policies, rules, guidelines, and technologies, and managing organizational data.
    • Detail data ownership and accountability for decision making, and identify and resolve data issues throughout the organization.
    • Encourage acceptance and support of the initiative.

    Info-Tech Tip

    Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardized data policies will help validate how data governance will benefit them and the organization.

    Leverage the data governance program to communicate and promote the value of data within the organization

    The data governance program is responsible for continuously promoting the value of data to the organization. The data governance program should seek a variety of ways to educate the organization and data stakeholders on the benefit of data management.

    Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.

    There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.

    To learn how to manage organizational change, refer to Info-Tech’s Master Organizational Change Management Practices.

    Understand what makes for an effective policy for data governance

    It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.

    Diagram of an effective policy for data governance

    The following are key elements of a good policy:

    Heading Descriptions
    Purpose Describes the factors or circumstances that mandate the existence of the policy. Also states the policy’s basic objectives and what the policy is meant to achieve.
    Scope Defines to whom and to what systems this policy applies. Lists the employees required to comply or simply indicates “all” if all must comply. Also indicates any exclusions or exceptions, i.e. those people, elements, or situations that are not covered by this policy or where special consideration may be made.
    Definitions Define any key terms, acronyms, or concepts that will be used in the policy. A standard glossary approach is sufficient.
    Policy Statements Describe the rules that comprise the policy. This typically takes the form of a series of short prescriptive and proscriptive statements. Sub-dividing this section into sub-sections may be required depending on the length or complexity of the policy.
    Non-Compliance Clearly describe consequences (legal and/or disciplinary) for employee non-compliance with the policy. It may be pertinent to describe the escalation process for repeated non-compliance.
    Agreement Confirms understanding of the policy and provides a designated space to attest to the document.

    Leverage myPolicies, Info-Tech’s web-based application for managing your policies and procedures

    Most organizations have problems with policy management. These include:

    1. Policies are absent or out of date
    2. Employees largely unaware of policies in effect
    3. Policies are unmonitored and unenforced
    4. Policies are in multiple locations
    5. Multiple versions of the same policy exist
    6. Policies managed inconsistently across different silos
    7. Policies are written poorly by untrained authors
    8. Inadequate policy training program
    9. Draft policies stall and lose momentum
    10. Weak policy support from senior management

    Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.

    Product Overview

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.

    Some key success factors for policy management include:

    • Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralized website.
    • Link this repository to other policies’ taxonomies of your organization. E.g. HR policies to provide a single interface for employees to access guidance across the organization.
    • Reassess policies annually at a minimum. myPolicies can remind you to update the organization’s policies at the appropriate time.
    • Make the repository searchable and easily navigable.
    • myPolicies helps you do all this and more.
    myPolicies logo myPolicies

    Enforce data policies to promote consistency of business processes

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organizations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organization’s data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Examples of Data Policies

    Trust

    • Data Cleansing and Quality Policy
    • Data Entry Policy

    Availability

    • Acceptable Use Policy
    • Data Backup Policy

    Security

    • Data Security Policy
    • Password Policy Template
    • User Authorization, Identification, and Authentication Policy Template
    • Data Protection Policy

    Compliance

    • Archiving Policy
    • Data Classification Policy
    • Data Retention Policy

    Leverage data management-related policies to standardize your data management practices

    Info-Tech’s Data Management Policy:

    This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organization. This policy applies to all critical data and to all staff who may be creators and/or users of such data.

    Info-Tech’s Data Entry Policy:

    The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organization. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.

    Info-Tech’s Data Provenance Policy:

    Create policies to keep your data's value, such as:

    • Only allow entry of data from reliable sources.
    • Employees entering and accessing data must observe requirements for capturing/maintaining provenance metadata.
    • Provenance metadata will be used to track the lifecycle of data from creation through to disposal.

    Info-Tech’s Data Integration and Virtualization Policy:

    This policy aims to assure the organization, staff, and other interested parties that data integration, replication, and virtualization risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualize data sets.

    Select the right mix of metrics to successfully supervise data policies and processes

    Policies are only as good as your level of compliance. Ensure supervision controls exist to oversee adherence to policies and procedures.

    Although they can be highly subjective, metrics are extremely important to data governance success.

    • Establishing metrics that measure the performance of a specific process or data set will:
      • Create a greater degree of ownership from data stewards and data owners.
      • Help identify underperforming individuals.
      • Allow the steering committee to easily communicate tailored objectives to individual data stewards and owners.
    • Be cautious when establishing metrics. The wrong metrics can have negative repercussions.
      • They will likely draw attention to an aspect of the process that doesn’t align with the initial strategy.
      • Employees will work hard and grow frustrated as their successes aren’t accurately captured.

    Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organization.

    • One of the most useful metrics for policies is currency. This tracks how up to date the policy is and how often employees are informed about the policy. Often, a policy will be introduced and then ignored. Policies must be continuously reviewed by management and employees.
    • Some other metrics include adherence (including performance in tests for adherence) and impacts from non-adherence.

    Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Establish data standards and procedures for use across all organizational lines of business

    A data governance program will impact all data-driven business units within the organization.

    • Data management procedures are the methods, techniques, and steps to accomplish a specific data objective. Creating standard data definitions should be one of the first tasks for a data governance steering committee.
    • Data moves across all departmental boundaries and lines of business within the organization. These definitions must be developed as a common set of standards that can be accepted and used enterprise wide.
    • Consistent data standards and definitions will improve data flow across departmental boundaries and between lines of business.
    • Ensure these standards and definitions are used uniformly throughout the organization to maintain reliable and useful data.

    Data standards and procedural guidelines will vary from company to company.

    Examples include:

    • Data modeling and architecture standards.
    • Metadata integration and usage procedures.
    • Data security standards and procedures.
    • Business intelligence standards and procedures.

    Info-Tech Tip

    Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.

    Changes to organizational data processes are inevitable; have a communications plan in place to manage change

    Create awareness of your data governance program, using knowledge transfer to get as many people on board as possible.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organization’s culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organization, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Data governance initiatives will very likely bring about a level of organizational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    Info-Tech Tip

    Launching a data governance program will bring with it a level of disruption to the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Picture of analyst

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Screenshot of example data governance strategy map.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.

    Screenshot of Data governance roadmap

    Formulate a Plan to Get to Your Target State

    Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    The First 100 Days as CDO

    Be the voice of data in a time of transformation.

    Research Contributors

    Name Position Company
    David N. Weber Executive Director - Planning, Research and Effectiveness Palm Beach State College
    Izabela Edmunds Information Architect Mott MacDonald
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group
    Valence Howden Principal Research Director, CIO Info-Tech Research Group

    Bibliography

    Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.

    Allott, Joseph, et al. “Data: The next wave in forestry productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.

    Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.

    Brence, Thomas. “Overcoming the Operationalization Challenge with Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.

    Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – a checklist for leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.

    Canadian Institute for Health Information. “Developing and implementing accurate national standards for Canadian health care information.” Canadian Institute for Health Information. Accessed 25 June 2021.

    Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.

    Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.

    Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.

    Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.

    Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.

    Diaz, Alejandro, et al. “Why data culture matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.

    Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian. Accessed 25 June 2021.

    Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020.

    Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.

    Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.

    Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.

    McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.

    NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.

    Olavsrud, Thor. “What is data governance? A best practices framework for managing data assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.

    Open Data Institute. “Introduction to data ethics and the data ethics canvas.” Open Data Institute, 2020. Accessed 25 June 2021.

    Open Data Institute. “The UK National Data Strategy 2020: doing data ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.

    Open Data Institute. “What is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.

    Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.

    Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.

    Petzold, Bryan, et al. “Designing data governance that delivers value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.

    Smaje, Kate. “How six companies are using technology and data to transform themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.

    Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.

    “The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.

    U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.

    Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.

    “What is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.

    Wikipedia. “RFM (market research).” Wikipedia. Accessed 25 June 2021.

    Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.

    Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.

    Improve IT Governance to Drive Business Results

    • Buy Link or Shortcode: {j2store}190|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $194,553 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT governance is the number-one predictor of value generated by IT, yet many organizations struggle to organize their governance effectively.
    • Current IT governance does not address the changing goals, risks, or context of the organization, so IT spend is not easily linked to value.
    • The right people are not making the right decisions about IT.

    Our Advice

    Critical Insight

    • Organizations do not have a governance framework in place that optimally aligns IT with the business objectives and direction.
    • Implementing IT governance requires the involvement of key business stakeholders who do not see IT’s value in corporate governance and strategy.
    • The current governance processes are poorly designed, making the time to decisions too long and driving non-compliance.

    Impact and Result

    • Use Info-Tech’s four-step process to optimize your IT governance framework.
    • Our client-tested methodology supports the enablement of IT-business alignment, decreases decision-making cycle times, and increases IT’s transparency and effectiveness in decisions around benefits realization, risks, and resources.
    • Successful completion of the IT governance redesign will result in the following outcomes:
      1. Align IT with the business context.
      2. Assess the current governance framework.
      3. Redesign the governance framework.
      4. Implement governance redesign.

    Improve IT Governance to Drive Business Results Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should redesign IT governance, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Align IT with the business context

    Align IT’s direction with the business using the Statement of Business Context.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 1: Align IT With the Business Context
    • Make the Case for an IT Governance Redesign
    • Stakeholder Power Map Template
    • IT Governance Stakeholder Communication Planning Tool
    • PESTLE Analysis Template
    • Business SWOT Analysis Template
    • Statement of Business Context Template

    2. Assess the current governance framework

    Evaluate the strengths and weaknesses of current governance using the Current State Assessment.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 2: Assess the Current Governance Framework
    • Current State Assessment of IT Governance

    3. Redesign the governance framework

    Build a redesign of the governance framework using the Future State Design template.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 3: Redesign the Governance Framework
    • Future State Design for IT Governance
    • IT Governance Terms of Reference

    4. Implement governance redesign

    Create an implementation plan to jump-start the communication of the redesign and set it up for success.

    • Redesign IT Governance to Drive Optimal Business Results – Phase 4: Implement Governance Redesign
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template
    • IT Governance Implementation Plan
    [infographic]

    Workshop: Improve IT Governance to Drive Business Results

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify the Need for Governance

    The Purpose

    Identify the need for governance in your organization and engage the leadership team in the redesign process.

    Key Benefits Achieved

    Establish an engagement standard for the leadership of your organization in the IT governance redesign.

    Activities

    1.1 Identify stakeholders.

    1.2 Make the case for improved IT governance.

    1.3 Customize communication plan.

    Outputs

    Stakeholder Power Map

    Make the Case Presentation

    Communication Plan

    2 Align IT With the Business Context

    The Purpose

    Create a mutual understanding with the business leaders of the current state of the organization and the state of business it is moving towards.

    Key Benefits Achieved

    The understanding of the business context will provide an aligned foundation on which to redesign the IT governance framework.

    Activities

    2.1 Review documents.

    2.2 Analyze frameworks.

    2.3 Conduct brainstorming.

    2.4 Finalize the Statement of Business Context.

    Outputs

    PESTLE Analysis

    SWOT Analysis

    Statement of Business Context

    3 Assess the Current Governance Framework

    The Purpose

    Establish a baseline of the current governance framework.

    Key Benefits Achieved

    Develop guidelines based off results from the current state that will guide the future state design.

    Activities

    3.1 Create committee profiles.

    3.2 Build governance structure map.

    3.3 Establish governance guidelines.

    Outputs

    Current State Assessment

    4 Redesign the Governance Framework

    The Purpose

    Redesign the governance structure and the committees that operate within it.

    Key Benefits Achieved

    Build a future state of governance where the relationships and processes that are built drive optimal business results.

    Activities

    4.1 Build governance structure map.

    4.2 Create committee profiles.

    Outputs

    Future State Design

    IT Governance Terms of Reference

    5 Implement Governance Redesign

    The Purpose

    Build a roadmap for implementing the governance redesign.

    Key Benefits Achieved

    Create a transparent and relationship-oriented implementation strategy that will pave the way for a successful redesign implementation.

    Activities

    5.1 Identify next steps for the redesign.

    5.2 Establish communication plan.

    5.3 Lead executive presentation.

    Outputs

    Implementation Plan

    Executive Presentation

    Further reading

    Improve IT Governance to Drive Business Results

    Avoid bureaucracy and achieve alignment with a minimalist approach.

    ANALYST PERSPECTIVE

    Governance optimization is achieved where decision making, authority, and context meet.

    "Governance is something that is done externally to IT and well as internally by IT, with the intention of providing oversight to direct the organization to meet goals and keep things on target.

    Optimizing IT governance is the most effective way to consistently direct IT spend to areas that provide the most value in producing or supporting business outcomes, yet it is rarely done well.

    IT governance is more than just identifying where decisions are made and who has the authority to make them – it must also provide the context and criteria under which decisions are made in order to truly provide business value" (Valence Howden, Director, CIO Practice Info-Tech Research Group)

    Our understanding of the problem

    This Research is Designed For:

    • CIOs
    • CTOs
    • IT Directors

    This Research Will Help You:

    • Achieve and maintain executive and business support for optimizing IT governance.
    • Optimize your governance structure.
    • Build high-level governance processes.
    • Build governance committee charters and set accountability for decision making.
    • Plan the transition to the optimized governance structure and processes.

    This Research Will Also Assist:

    • Executive Leadership
    • IT Managers
    • IT Customers
    • Project Managers

    This Research Will Help Them:

    • Improve alignment between business decisions and IT initiatives.
    • Establish a mechanism to validate, redirect, and reprioritize IT initiatives.
    • Realize greater value from more effective decision making.
    • Receive a better overall quality of service.

    Executive Summary

    Situation

    • IT governance is the #1 predictor of value generated by IT, yet many organizations struggle to organize their governance effectively.*
    • Current IT governance does not address the changing goals, risks, or context of the organization so IT spend is not easily linked to value.
    • The right people are not making the right decisions about IT.

    Complication

    • Organizations do not have a governance framework in place that optimally aligns IT with the business objectives and direction.
    • Implementing IT governance requires the involvement of key business stakeholders who do not see IT’s value in governance and strategy.
    • The current governance processes are poorly designed, creating long decision-making cycles and driving non-compliance with regulation.

    Resolution

    • Use Info-Tech’s four-step process for optimizing your IT governance framework. Our client-tested methodology supports the enablement of IT-business alignment, decreases decision-making cycle times, and increases IT’s transparency and effectiveness in making decisions around benefits realization, risks, and resources.
    • Successful completion of the IT governance redesign will result in the following outcomes:
      1. Align IT with the business context.
      2. Assess the current governance framework.
      3. Redesign the governance framework.
      4. Implement governance redesign.

    Info-Tech Insight

    • Establish IT-business fusion. In governance, alignment is not enough. Merge IT and the business through governance to ensure business success.
    • With great governance comes great responsibility. Involve relevant business leaders, who will be impacted by IT outcomes, to take on governing responsibility of IT.
    • Let IT manage and the business govern. IT governance should be a component of enterprise governance, allowing IT leaders to focus on managing.

    IT governance is...

    An enabling framework for decision-making context and accountabilities for related processes.

    A means of ensuring business-IT collaboration, leading to increased consistency and transparency in decision making and prioritization of initiatives.

    A critical component of ensuring delivery of business value from IT spend and driving high satisfaction with IT.

    IT governance is not...

    An annoying, finger-waving roadblock in the way of getting things done.

    Limited to making decisions about technology.

    Designed tacitly; it is purposeful, with business objectives in mind.

    A one-time project; you must review and revalidate the efficiency.

    Avoid common misconceptions of IT governance

    Don’t blur the lines between governance and management; each has a unique role to play. Confusing these results in wasted time and confusion around ownership.

    Governance

    A cycle of 'Governance Processes' and 'Management Processes'. On the left side of the cycle 'Governance Processes' begins with 'Evaluate', then 'Direct', then 'Monitor'. This leads to 'Management Processes' on the right side with 'Plan', 'Build', 'Run', and 'Monitor', which then feeds back into 'Evaluate'.

    Management

    IT governance sets direction through prioritization and decision making, and monitors overall IT performance.

    Governance aligns with the mission and vision of the organization to guide IT.

    Management is responsible for executing on, operating, and monitoring activities as determined by IT governance.

    Management makes decisions for implementing based on governance direction.

    The IT Governance Framework

    An IT governance framework is a system that will design structures, processes, authority definitions, and membership assignments that lead IT toward optimal results for the business.

    Governance is performed in three ways:
    1. Evaluate

      Governance ensures that business goals are achieved by evaluating stakeholder needs, criteria, metrics, portfolio, risk, and definition of value.
    2. Direct

      Governance sets the direction of IT by delegating priorities and determining the decisions that will guide the IT organization.
    3. Monitor

      Governance establishes a framework to monitor performance, compliance to regulation, and progress on expected outcomes.

    "Everyone needs good IT, but no one wants to talk about it. Most CFOs would rather spend time with their in-laws than in an IT steering-committee meeting. But companies with good governance consistently outperform companies with bad. Which group do you want to be in?" (Martha Heller, President, Heller Search Associates)

    Create impactful IT governance by embedding it within enterprise governance

    The business should engage in IT governance and IT should influence the direction of the business.

    Enterprise Governance

    IT Governance

    Authority for enterprise governance falls to the board and executive management.

    Responsibilities Include:
    • Provide strategic direction for the organization.
    • Ensure objectives are met.
    • Set the risk standards or profile.
    • Delegate resources responsibly.
    –› Engage in –›

    ‹– Influence ‹–

    Governance of IT is a component of enterprise governance.

    Responsibilities Include:
    • Build structure, authority, process, and membership designations in a governance framework.
    • Ensure the IT organization is aligned with business goals.
    • Influence the direction of the business to ensure business success.

    Identify signals of sub-optimal IT governance within any of these domains

    If you notice any of these signals, governance redesign is right for you!

    Inability to Realize Benefits

    1. IT is unable to articulate the value of its initiatives or spend.
    2. IT is regularly delegated unplanned projects.
    3. The is no standard approach to prioritization.
    4. Projects do not meet target metrics.

    Resource Misallocation

    1. Resources are wasted due to duplication or overlap in IT initiatives.
    2. IT projects fail at an unacceptable rate, leading to wasted resources.
    3. IT’s costs continue to increase without reciprocal performance increase.

    Misdiagnosed Risks

    1. Risk appetite is incorrectly identified or not identified at all.
    2. Disagreement on the approach to risk in the organization.
    3. Increasing rate of IT incidents related to risk.
    4. IT is failing to meet regulatory requirements.

    Dissatisfied Stakeholders

    1. There are no ways to measure stakeholder satisfaction with IT.
    2. Business strategies and IT strategies are misaligned.
    3. IT’s relationship with key stakeholders is unstable and there is a lack of mutual trust.

    A majority of organizations experience significant alignment gaps

    The majority of organizations and their key stakeholders experience highly visible gaps in the alignment of IT investments and organizational goals.

    There are two bars with percentages of their length marked out for different CXO responses. The possible responses are from '1, Critical Gap' to '7, No Gap'. The top bar says '57% of CXOs identify a major gap in IT's ability to support business goals', and shows 13% answered '1, Critical Gap', 22% answered '2', and 22% answered '3'. The bottom bar says '84% of CXOs often perceive that IT is investing in areas that do not support the business' and shows 38% answered '1, Critical Gap', 33% answered '2', and 13% answered '3'.

    88% of CIOs believe that their governance is not effective. (Info-Tech Diagnostics)

    Leverage governance as the catalyst for connecting IT and the business

    49% of firms are misaligned on current performance expectations for IT.

    • 49% Misaligned
    • 51% Aligned

    67% of firms are misaligned on the target role for IT.

    • 34% Highly Misaligned
    • 33% Somewhat Misaligned
    • 33% Aligned

    A well-designed IT governance framework will hep you to:

    1. Make sure IT keeps up with the evolving business context.
    2. Align IT with the mission and the vision of the organization.
    3. Optimize the speed and quality of decision making.
    4. Meet regulatory and compliance needs in the external environment.
    5. (Info-Tech Diagnostics)

    Align with business goals through governance to attain business-IT fusion

    Create a state of business-IT fusion, in which the two become one.

    Without business-IT fusion, IT will go in a different direction, leading to a divergence of purpose and outcomes. IT can transform into a fused partner of the business by ensuring that they govern toward the same goal.

    Firefighter
    • Delivers lower value
    • Duplication of effort
    • Unclear risk profile
    • High risk exposure
    Three sets of arrows, each pointing upward and arranged in an ascending stair pattern. The first, lowest set of arrows has a large blue arrow with a small green arrow veering off to the side, unaligned. The second, middle set of arrows has a large blue arrow with a medium green arrow overlaid on its center, somewhat aligned. The third, highest set of arrows has half of a large blue arrow, and the other half is a large green arrow, aligned. Business Partner
    • Increased speed of decision making
    • Aligned with business priorities
    • Optimized utility of people, financial, and time resources
    • Monitors and mitigates risk and compliance issues

    Redesign IT governance in accordance with COBIT and proven good practice

    Info-Tech’s approach to governance redesign is rooted in COBIT, the world-class and open-source IT governance standard.

    COBIT begins with governance, EDM – Evaluate, Direct, and Monitor.

    We build upon these standards with industry best practices and add a practical approach based on member feedback.

    This blueprint will help you optimize your governance framework.

    The upper image is a pyramid with 'Info-Tech Insights, Analysts, Experts, Clients' on top, 'IT Governance Best Practices' in the middle, and 'COBIT 5' on the bottom, indicating that Info-Tech's Governance guidance is based in COBIT 5. 'This project will focus on EDM01, Set/Maintain Governance Framework.'

    Use Info-Tech’s approach to implementing an IT governance redesign

    The four phases of Info-Tech’s governance redesign methodology will help you drive greater value for the business.

    1. Align IT With the Business Context
      Align IT’s direction with the business using the Statement of Business Context Template.
    2. Assess the Current Governance Framework
      Evaluate the strengths and weaknesses of current governance using the Current State Assessment of IT Governance.
    3. Redesign the Governance Framework
      Build a redesign of the governance framework using the Future State Design for IT Governance tool.
    4. Implement Governance Redesign
      Create an IT Governance Implementation Plan to jumpstart the communication of the redesign and set it up for success.
    5. Continuously assess your governance framework to ensure alignment.

    Leverage Info-Tech’s insights for an optimal redesign process

    Common Pitfalls

    Info-Tech Solutions

    Phase 1

    There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business. –›
    1. Make the case for a governance redesign.
    2. Create a custom communication plan to facilitate support.
    3. Establish a collectively agreed upon statement of business context.

    Phase 2

    Take a proactive approach to revising your governance framework. Understand why you are making decisions before actually making them. –›
    1. Conduct the IT governance current state assessment.
    2. Create governance guidelines for redesign.

    Phase 3

    Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required. –›
    1. Redesign the future state of IT governance in your organization.

    Phase 4

    Don’t overlook the politics and culture of your organization in redesigning your governance framework. –›
    1. Rationalize steps in an implementation plan.
    2. Outline a communication strategy to navigate culture and politics.
    3. Construct an executive presentation to facilitate transparency for the governing framework.

    Leverage both COBIT and Info-Tech-defined metrics to evaluate the success of your redesign

    These metrics will help you determine the extent to which your governance is supporting your business goals, and whether the governance in place promotes business-IT fusion.

    Benefits Realization

    1. Percent of IT-enabled investments where benefit realization is monitored through the full economic life. (COBIT-defined metric)
    2. Percent of enterprise strategic goals and requirements supported by IT strategic goals. (COBIT-defined metric)
    3. Percent of IT services where expected benefits are realized or exceeded. (COBIT-defined metric)

    Resources

    1. Satisfaction level of business and IT executives with IT-related costs and capabilities. (COBIT-defined metric)
    2. Average time to turn strategic IT objectives into an agreed-upon and approved initiative. (COBIT-defined metric)
    3. Number of deviations from resource utilization plan.

    Risks

    1. Number of security incidents causing financial loss, business disruption, or public embarrassment. (COBIT-defined metric)
    2. Number of issues related to non-compliance with policies. (COBIT-defined metric)
    3. Percentage of enterprise risk assessments that include IT-related risks. (COBIT-defined metric)
    4. Frequency with which the risk profile is updated. (COBIT-defined metric)

    Stakeholders

    1. Change in score of alignment with the scope of the planned portfolio of programs and services (using CIO-CXO Alignment Diagnostic).
    2. Percent of executive management roles with clearly defined accountabilities for IT decisions. (COBIT-defined metric)
    3. Percent of business stakeholders satisfied that IT service delivery meets agreed-upon service levels. (COBIT-defined metric)
    4. Percent of key business stakeholders involved in IT governance.

    Capture monetary value by establishing and monitoring key metrics

    While benefits of governance are often qualitative, the power of effective governance can be demonstrated through quantitative financial gains.

    Scenario 1 – Realizing Expected Gains

    Scenario 2 – Mitigating Unexpected Losses

    Metric

    Track the percentage of initiatives that provided expected ROI year over year. The optimization of the governance framework should generate an increase in this metric. Monitor this metric for continuous improvement opportunities. Track the financial losses related to non-compliance with policy or regulation. An optimized governance framework should better protect the organization against policy breach and mitigate the possibility and impact of “rogue” actions.

    Formula

    ROI of all initiatives / number of initiatives in year 2 – ROI of all initiatives / number of initiatives in year 1

    The expected result should be positive.

    Cost of non-compliance in year 2 – cost of non-compliance in year 1

    The expected result should be negative.

    Redesign IT governance to achieve optimal business outcomes

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Situation

    The IT governance had been structured based on regulations and had not changed much since it was put in place. However, a move to become an integration and service focused organization had moved the organization into the world of web services, Agile development, and service-oriented architecture.

    Complication

    The existing process was well defined and entrenched, but did not enable rapid decision making and Agile service delivery. This was due to the number of committees where initiatives were reviewed, made worse by their lack of approval authority. This led to issues moving initiatives forward in the timeframes required to meet clinician needs and committed governmental deadlines.

    In addition, the revised organizational mandate had created confusion regarding the primary purpose and function of the organization and impacted the ability to prioritize spend on a limited budget.

    To complicate matters further, there was political sensitivity tied to the membership and authority of different governing committees.

    Result:

    The CEO decided that a project would be initiated by the Enterprise Architecture Group, but managed by an external consultant to optimize and restructure the governance within the organization.

    The purpose of using the external consultant was to help remove internal politics from the discussion. This allowed the organization to establish a shared view of the organization’s revised mission and IT’s role in its execution.

    The exercise led to the removal of one governing committee and the merger of two others, modification to committee authority and membership, and a refined decision-making context that was agreed to by all parties.

    The redesigned governance process led to a 30% reduction in cycle time from intake to decision, and a 15% improvement in alignment of IT spend with strategic priorities.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Redesign IT Governance – project overview

    Align IT With the Business Context

    Assess the Current State

    Redesign Governance

    Implement Redesign

    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Identify Stakeholders
    1.2 Make the Case
    1.3 Present to Executives
    1.4 Customize Comm. Plan
    1.5 Review Documents
    1.6 Analyze Frameworks
    1.7 Conduct Brainstorming
    1.8 Finalize the SoBC
    2.1 Create Committee Profiles

    2.2 Build a Governance Structure Map

    2.3 Establish Governance Guidelines

    3.1 Build Governance Structure Map

    3.2 Create Committee Profiles

    3.3 Leverage Process Specific Governance Blueprints

    4.1 Identify Next Steps for the Redesign

    4.2 Establish Communication Plan

    4.3 Lead Executive Presentation

    Guided Implementations

    • Move towards gaining buy-in from the business if necessary. Then identify the major components of the SoBC.
    • Review SoBC and discuss a strategy to engage key stakeholders in the redesign.
    • Explore the process of identifying the four major elements of governance. Build guidelines for the future state.
    • Review the current state of governance and discuss the implications and guidelines.
    • Identify the changes that will need to be made.
    • Review redesigned structure and authority.
    • Review redesigned process and membership.
    • Discuss and review the implementation plan.
    • Prepare the presentation for the executives. Provide support on any final questions.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Align IT with the business context
    Module 2:
    Assess the current governance framework
    Module 3:
    Redesign the governance framework
    Module 4:
    Implement governance redesign
    Phase 1 Results:
    • Align IT’s direction with the business.
    Phase 2 Results:
    • Evaluate the strengths and weaknesses of current governance and build guidelines.
    Phase 3 Results:
    • Establish a redesign of the governance framework.
    Phase 4 Results:
    • Create an implementation plan for the communication of the redesign.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1

    Workshop Day 2

    Workshop Day 3

    Workshop Day 4

    Workshop Day 5

    Task – Identify the Need for Governance Task – Align IT with the Business Context Task – Assess the Current State Task – Redesign Governance Framework Task – Implement Governance Redesign

    Activities

    • 1.1 Identify Stakeholders
    • 1.2 Make the Case
    • 1.3 Present to Executives
    • 1.4 Customize Communication Plan
    • 2.1 Review Documents
    • 2.2 Analyze Frameworks
    • 2.3 Conduct Brainstorming
    • 2.4 Finalize the Statement of Business Context
    • 3.1 Create Committee Profiles
    • 3.2 Build Governance Structure Map
    • 3.3 Establish Governance Guidelines
    • 4.1 Build Governance Structure Map
    • 4.2 Create Committee Profiles
    • 4.3 Leverage Process Specific Governance Blueprints
    • 5.1 Identify Next Steps for the Redesign
    • 5.2 Establish Communication Plan
    • 5.3 Lead Executive Presentation

    Deliverables

    1. Make the Case Presentation
    2. Stakeholder Power Map Template
    3. Communication Plan
    1. PESTLE Analysis
    2. SWOT Analysis
    3. Statement of Business Context
    1. Current State Assessment
    1. Future State Design Tool
    2. IT Governance Terms of Reference
    1. Implementation Plan
    2. Executive Presentation

    Improve IT Governance to Drive Business Results

    PHASE 1

    Align IT With the Business Context

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Align IT With the Business Context

    Proposed Time to Completion: 2-4 weeks
    Step 1.1: Identify the Need for Governance Step 1.2: Create the Statement of Business Context
    Start with an analyst kick-off call:
    • Understand the core concepts of IT governance.
    • Create a strategy for key stakeholder support.
    • Identify key communication milestones.
    Review findings with analyst:
    • Identify and discuss the process of engaging senior leadership.
    • Review findings from business analysis.
    • Review diagnostic and interview outcomes.
    Then complete these activities…
    • Identify stakeholders.
    • Make the case to executives.
    • Build a communication plan.
    Then complete these activities…
    • Review business documents.
    • Review the PESTLE and SWOT analyses.
    • Analyze outcomes of CIO-CEO Alignment Diagnostic.
    • Complete the Statement of Business Context.
    With these tools & templates:
    • Make the Case for an IT Governance Redesign
    • Stakeholder Power Map Template
    • IT Governance Stakeholder Communication Planning Tool
    With these tools & templates:
    • PESTLE Analysis Template
    • Business SWOT Analysis Template
    • CIO-CEO Alignment Diagnostic
    • Statement of Business Context Template

    Phase 1: Align IT With the Business Context

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 1.1 Identify Stakeholders
    • 1.2 Customize Make the Case Presentation
    • 1.3 Present to Executives
    • 1.4 Customize Communication Plan
    • 1.5 Review Business Documents
    • 1.6 Analyze Business Frameworks
    • 1.7 Conduct Brainstorming Efforts
    • 1.8 Finalize the SoBC

    Outcomes:

    • Make the case for a governance redesign.
    • Create a custom communication plan to facilitate support for the redesign process.
    • Establish a collectively agreed upon statement of business context.

    Set up business-driven governance by gaining an understanding of the business context

    Fuse IT with the business by establishing a common context of what the business is trying to achieve. Align IT with the business by developing an understanding of the business state, creating a platform to build a well-aligned governance framework.

    "IT governance philosophies can no longer be a ‘black box’ … IT governance can no longer be ignored by senior executives." (Iskandar and Mohd Salleh, University of Malaya, International Journal of Digital Society)

    Info-Tech Insight

    Get consensus on the changing state of business. There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business.

    The source for the governance redesign directive will dictate the route for attaining leadership buy-in

    "Without an awareness of IT governance, there is no chance that it will be followed … The higher the percentage of managers who can describe your governance, the higher the governance performance." (Jeanne Ross, Director, MIT Center for Information Systems Research)

    The path you will choose for your governance buy-in tactics will be based on the original directive to redesign governance.

    Enterprise Directive.
    In the case that the redesign is an enterprise directive, jump directly to building a communication plan.

    IT Directive.
    In the case that the redesign is an IT directive, make the case to get the business on board.

    Use the Make the Case presentation template to get buy-in from the business

    Supporting Tool icon 1A Convince senior management to redesign governance

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders will be impacted or involved in the redesign process.
    2. Customize the Presentation
      Identify specific pain points regarding IT-business alignment.
    3. Present to Executives
      Present the make the case presentation.

    Info-Tech Best Practice

    Use the Make the Case customizable deliverable to lead a boardroom-quality presentation proving the specific need for senior executive involvement in the governance redesign.

    Determine which business stakeholders will be impacted or involved in the redesign process

    Associated Activity icon 1.1 Identify the stakeholders for the IT governance redesign

    It is vital to identify key business and IT stakeholders before the IT governance redesign has begun. Consider whose input and influence will be necessary in order to align with the business context and redesign the governance framework accordingly.

    Business

    • Shareholders
    • Board
    • Chief Executive Officer
    • –› Example: the CEO wants to know how IT will support the achievement of strategic corporate objectives.
    • Chief Financial Officer
    • Chief Operating Officer
    • Business Executives
    • Business Process Owners
    • Strategy Executive Committee
    • Chief Risk Officer
    • Chief Information Security Officer
    • Architecture Board
    • Enterprise Risk Committee
    • Head of Human Resources
    • Compliance
    • Audit

    IT

    • Chief Information Officer
    • –› Example: the CIO would like validation from the business with regards to prioritization criteria.
    • Head Architect
    • Head of Development
    • Head of IT Operations
    • Head of IT Administration
    • Service Manager
    • Information Security Manager
    • Business Continuity Manager
    • Privacy Officer

    External

    • Government Agency
    • –› Example: some governments mandate that organizations develop and implement an IT governance framework.
    • Audit Firm

    Build a power map to prioritize stakeholders

    Associated Activity icon 1.1 2-4 hours

    Stakeholders may have competing concerns – that is, concerns that cannot be addressed with one solution. The governance redesigner must prioritize their time to address the concerns of the stakeholders who have the most power and who are most impacted by the IT governance redesign.

    Draw a stakeholder power map to visualize the importance of various stakeholders and their concerns, and to help prioritize your time with those stakeholders.

    • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
    • Involvement: How interested is the stakeholder? How much involvement does the stakeholder have in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change the job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?
    A power map of stakeholders with two axes and four quadrants. The vertical axis is 'Low Power' on the bottom and 'High Power' on top. The horizontal axis is 'Low Involvement' on the left and 'High Involvement' on the right. The top left quadrant is labeled 'Keep satisfied' and contains 'CFO', a Strongly Impacted Resistor, and 'COO', a Weakly Impacted Resistor. The top right quadrant is labeled 'Key Players' and contains 'CIO' and 'CEO', both Strongly Impacted Supporters. The bottom left quadrant is labeled 'Minimal effort' and contains 'Marketing Head', a Weakly Impacted Neutral, and 'Production Head', a Moderately Impacted Neutral. The bottom right quadrant is labeled 'Keep informed' and contains 'Director of Ops', a Strongly Impacted Supporter, and 'Chief Architect', a Strongly Impacted Neutral.

    Download Info-Tech’s Stakeholder Power Map Template to help you visualize your key stakeholders.

    Build a power map to prioritize stakeholders

    Associated Activity icon 1.1

    It is important to identify who will be impacted and who has power, and the level of involvement they have in the governance redesign. If they have power, will be highly impacted, and are not involved in governance, you have already lost – because they will resist later. You need to get them involved early.

    • Focus on key players – relevant stakeholders who have high power, are highly impacted, and should have a high level of involvement.
    • Engage the stakeholders that are impacted most and have the power to impede the success of redesigning IT governance.
      • For example, if a CFO, who has the power to block project funding, is heavily impacted and not involved, the IT governance redesign success will be put at risk.
    • Some stakeholders may have influence over others so you should focus your efforts on the influencer rather than the influenced.
      • For example, if an uncooperative COO is highly influenced by the Director of Operations, it is recommended to engage the latter.

    The same power map of stakeholders with two axes and four quadrants, but with focus points and notes. The vertical axis is 'Low Power' on the bottom and 'High Power' on top. The horizontal axis is 'Low Involvement' on the left and 'High Involvement' on the right. The top left quadrant is labeled 'Keep satisfied' and contains 'CFO', a Strongly Impacted Resistor, and 'COO', a Weakly Impacted Resistor, as well as a dotted line moving 'CFO' to the top right quadrant with the note 'A) needs to be engaged'. The top right quadrant is labeled 'Key Players' and contains 'CIO' and 'CEO', both Strongly Impacted Supporters, as well as the new required position of 'CFO'. The bottom left quadrant is labeled 'Minimal effort' and contains 'Marketing Head', a Weakly Impacted Neutral, and 'Production Head', a Moderately Impacted Neutral. The bottom right quadrant is labeled 'Keep informed' and contains 'Director of Ops', a Strongly Impacted Supporter, and 'Chief Architect', a Strongly Impacted Neutral, as well as a line from 'Director of Ops' to 'COO' in the top left quadrant with a note that reads 'B) Influences'.

    Identify specific pain points regarding business-IT alignment

    Associated Activity icon 1.2 2-4 hours

    INPUT: Signal Questions, CIO-CXO Alignment Diagnostic

    OUTPUT: List of Categorized Pain Points

    Materials: Make the Case for an IT Governance Redesign

    Participants: Identified Key Business Stakeholders

    1. Consider Signals for Redesign
      Refer to the Executive Brief for questions to identify pain points related to governance.
      • Benefits Realization
      • Resources
      • Risks
      • Stakeholders
    2. Conduct CIO-CEO Alignment Diagnostic
      Assess the current state of alignment between the CIO and the major stakeholders of the organization.

    See the CEO-CIO Alignment Program for more information.

    Conduct the CEO-CIO Alignment Diagnostic

    Why CEO-CIO Alignment?

    The CEO-CIO Alignment Program helps you understand the gaps between what the CEO wants for IT and what the CIO wants for IT. The program will also evaluate the current state of IT, from a strategic and tactical perspective, based on the CEO’s opinion.

    The CEO-CIO Alignment Program helps to:

    • Evaluate how the executive leadership currently feels about the IT organization’s performance along the following dimensions:
      • IT budgeting and staffing
      • IT strategic planning
      • Degree of project success
      • IT-business alignment
    • Answer the question, “What does the CEO want from IT?”
    • Understand the CEO’s perception of and vision for IT in the business.
    • Define the current and target roles for IT. Understanding IT’s current and target roles, in the eyes of the CEO, is crucial to creating IT governance. By focusing the IT governance on achieving the target role, you will ensure that the senior leadership will support the implementation of the IT governance.

    To conduct the CEO-CIO Alignment Program, follow the steps outlined below.

    1. Select the senior business leader to participate in the program. While Info-Tech suggests that the CEO participate, you might have other senior stakeholders who should be involved.
    2. Send the survey link to your senior business stakeholder and ensure the survey’s completion.
    3. Complete your portion of the survey.
    4. Hold a meeting to discuss the results and document your findings.

    See the CEO-CIO Alignment Program for more information.

    Present the “Make the Case” for IT governance redesign

    Associated Activity icon 1.3 30 minutes

    1. Review Finalized Stakeholder List
      Consolidate a list of the most important and impactful stakeholders who need further convincing to participate in the governance redesign and implementation.
    2. Present the Deck
      Include the information gathered throughout the discovery into the presentation deck and hold a meeting to review the findings.

    Business

    • Shareholders
    • Board
    • Chief Executive Officer
    • Chief Financial Officer
    • Chief Operating Officer
    • Business Executives
    • Strategy Executive Committee
    • Chief Risk Officer
    • Architecture Board
    • Enterprise Risk Committee
    • Head of Human Resources
    • Compliance

    IT

    • Chief Information Officer

    External

    • Government Agency
    • Audit Firm

    Use the Make the Case for an IT Governance Redesign template for more information.

    Create a custom communication plan to facilitate support for the redesign process

    Supporting Tool icon 1B Create a plan to engage the key stakeholders

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders will be involved (refer to Activity 1.1).
    2. Customize Communication Plan
      Follow up with individual communication plans.

    Info-Tech Best Practice

    Create personal communication plans to provide individualized engagement, instead of assuming that everyone will respond to the same communication style.

    Download the IT Governance Stakeholder Communication Planning Tool for more information.

    Create a communication plan to engage key stakeholders

    Associated Activity icon 1.4 1 hour
    1. Input Stakeholders
      Determine which business stakeholders will be involved (refer to Activity 1.1). Then, insert their position on the power map, the rationale to inform them, the timing of communications, and what inputs they will be needed to provide.

      Stakeholder role

      Power map position

      Why inform them

      When to inform them

      What we need from them

      Chief Executive Officer
      Chief Financial Officer
      Chief Operating Officer
    2. Identify Communication Strategy
      Outline the most effective communication plan for that stakeholder. Identify how to best communicate to the stakeholders to make sure they are appropriately engaged in the redesign process.

      Vehicle

      Audience

      Purpose

      Frequency

      Owner

      Distribution

      Level of detail

      Status Report IT Managers Project progress and deliverable status Weekly CIO, John Smith Email Details for milestones, deliverables, budget, schedule, issues, next steps
      Status Report Marketing Manager Project progress Monthly CIO, John Smith Email High-level detail for major milestone update and impact to the marketing unit

    Establish a collectively agreed upon statement of business context (SoBC)

    Supporting Tool icon 1C Document the mutual understanding of the business context

    INSTRUCTIONS

    1. Review Business Documents
      Review business documents from broad areas of the business to assess the business context.
    2. Analyze Business Frameworks
      Analyze business frameworks to articulate the current and projected future business context.
    3. Brainstorm With Key Stakeholders
      Conduct stakeholder brainstorming efforts to gain insights from key business stakeholders.
    4. Finalize the SoBC
      Document and sign the SoBC with identified stakeholders.

    Info-Tech Best Practice

    Use the Statement of Business Context customizable deliverable as a point of reference that will guide the direction of the governance redesign.

    Use the Statement of Business Context to identify the critical information needed to guide governance

    Components of the SoBC

    1. Mission
      • Who are you as an organization?
      • Who are your internal and external customers?
      • What are your core business functions?

      Example (Higher Education)
      Nurture global leaders and provide avenues for intellectual exploration.
    2. Vision
      • Is your vision statement future-facing?
      • Is your vision statement concise?
      • Is your vision statement achievable?
      • Does your vision statement involve change?

      Example
      Be a catalyst for creating the future leaders of tomorrow through dynamic and immersive educational experiences. The university will be recognized for being a prestigious innovative research hub and educational institution.
    Sample of Info-Tech's Statement of Business Context Template with the Mission and Vision Statements.

    Use the Statement of Business Context to identify the critical information needed to guide governance (cont.)

    More Components of the SoBC

    1. Strategic Objectives
      • What are the strategic initiatives of the organization?
      • Do you have a roadmap to accomplish your mission?
      • What are the primary goals of senior leaders for the organization?

      Example
      1. Meeting government regulation
      2. Revenue generation
      3. Top research quality
      4. High teaching quality
    Sample of Info-Tech's Statement of Business Context Template with Strategic Objectives.
    1. State of Business
      • Consider what the current state and future state are.
      • How does the operating model used define the state?
      • How do industry trends shape the business?
      • What internal changes impact the business model?

      Example
      Our organization aims to make quick decisions and navigate the fast-paced industry with agility, uniting the development and operational sides of the business.
    Sample of Info-Tech's Statement of Business Context Template with State of the Business.

    Leverage core concepts to determine the direction of the organization’s state of the business

    1. Mission
    2. Vision
    3. Strategic Objectives
    –›
    1. State of Business

    2. Work through if your organization’s state is small vs. large, public vs. private, and lean vs. DevOps vs. traditional.

    Small

    IT team is 30 people or less.

    Large

    IT team is more than 30 people.

    Public

    Wholly or partly funded by the government.

    Private

    No government funding is provided.
    Lean: The business aims to eliminate any waste of resources (time, effort, or money) by removing steps in the business process that do not create value. Devops/Agile: Our organization aims to make quick decisions and navigate the fast-paced industry with agility. Uniting the development and operational sides of the business. Hierarchical: Departments in the organization are siloed by function. The organization is top-down and hierarchical, and takes more time with decision making.

    ‹– Multi-State (any combination) –›

    Review business documents to assess business context

    Associated Activity icon 1.5 2-4 hours

    INPUT: Strategic Documents, Financial Documents

    OUTPUT: Mission, Vision, Strategic Objectives

    Materials: Corporate Documents

    Participants: IT Governance Redesign Owner

    Start assessing the state of the business context by leveraging easily accessible information. Many organization have strategic plans, documents, and presentations that already include a large portion of the information for the SoBC – use these sources first.

    Instructions

    1. Strategic Documents
      Leverage your organization’s strategic documents to gain understanding of the business context.

    2. Documents to Review:
    • Corporate strategy document.
    • Business unit strategy documents.
    • Annual general reports.
  • Financial Documents
    Leverage your organization’s financial documents to gain understanding of the business context.

  • Documents to Review:
    • Look for large capital expenditures.
    • Review operating costs.
    • Business cases submitted.

    Review strategic planning documents

    Overview

    Some organizations (and business units) create an authoritative strategy document. These documents contain the organization’s corporate aspirations and outline initiatives, reorganizations, and shifts in strategy. Additionally, some documents contain strategic analysis (Porter’s Five Forces, etc.).

    Action

    • Read through any of the following:
      • Corporate strategy document
      • Business unit strategy documents
      • Annual general reports
    • Watch out for key future-looking words:
      • We will be…
      • We are planning to…

    Overt Statements

    • Corporate objectives and initiatives are often explicitly stated in these documents. Look for statements that begin with phrases such as “Our corporate objectives are…”
    • Remember that different organizations use different terminology – if you cannot find the word “goal” or “objective” then look for “pillar,” “imperative,” “theme,” etc.
    • Ask a business partner to assist if you need some help.

    Covert, Outdated, and Non-Existent Statements

    • Some corporate objectives and initiatives will be mentioned in passing and will require clarification, for example:
      “As we continue to penetrate new markets, we will be diversifying our manufacturing geography to simplify distribution.”
    • Some corporate strategies may be outdated and therefore of limited use for understanding the state of business – validate the statement to ensure it is up to date.
    • Some organizations lack a strategic plan altogether. Use stakeholder interviews to identify imperatives and validate conflicting statements before moving on.

    Review financial documentation

    Overview

    Departmental budgets highlight the new projects that will launch in the next fiscal year. The overwhelming majority of these projects will have IT implications. Additionally, identifying where the department is spending money will allow you to identify business unit initiatives and operational change.

    Action

    • Scan budgets:
      • Look for large capital expenditures
      • Review operating costs
      • Review business cases submitted
    • Look for abnormalities or changes:
      • What does an increase in spending mean?
      • Does IT need to change as a result?

    Capital Budgets

    • Capital expenditures are driven by projects, which map to corporate goals and initiatives.
    • Look for large capital expenditures and cross-reference the outflows with any project plans that have been collected.
    • If an expenditure cannot be explained by project plans, request additional information.

    Operating Budgets

    • Major changes to operating costs typically reflect changes to a business unit. Some of these changes affect IT capabilities and can be classified as corporate initiatives.
    • Changes that should be classified as corporate initiatives are expansion or contraction of a labor force, outsourcing initiatives, and significant process changes.
    • Changes that should not be classified as corporate initiatives are changes in third-party fees, consulting engagements, and changes caused by inflation or growth.

    Analyze business frameworks to articulate context

    Associated Activity icon 1.6 2-4 hours

    INPUT: Industry Research, Organizational Research, Analysis Templates

    OUTPUT: PESTLE and SWOT Analysis

    Materials: Computer or Whiteboards and Markers

    Participants: IT Governance Redesign Owner

    If corporate documents denoting the key components of the SoBC are not easily available, or do not provide all information required, refer to business analysis frameworks to discover internal and external trends that impact the mission, vision, strategic objectives, and state of the business.

    1. Conduct a PESTLE Analysis
      The PESTLE analysis will support the organization in identifying external factors that impact the business. Keep watch for trends and changes in the industry.
    2. Political

      Economic

      Social

      Technological

      Legal

      Environmental

    3. Conduct a SWOT Analysis
      The SWOT analysis will be more specific to the organization and the industry in which it operates. Identify the unique strengths, weaknesses, opportunities, and threats for your organization.
    4. Strengths

      Weaknesses

      Opportunities

      Threats

    Conduct a PESTLE analysis

    Associated Activity icon 1.6 Conduct a PESTLE analysis
    • Break participants into teams and divide the categories amongst them:
      • Political trends
      • Economic trends
      • Social trends
      • Technological trends
      • Legal trends
      • Environmental trends
    • Have each group identify relevant trends under their respective categories. You must relate each trend back to the business by considering:
      • How does this affect my business?
      • Why do we care?
    • Use the prompt questions on the next slide to help the brainstorming process.
    • Have each team present its list and have remaining teams give feedback and additional suggestions.

    Political. Examine political factors such as taxes, environmental regulations, and zoning restrictions.

    Economic Examine economic factors such as interest rates, inflation rate, exchange rates, the financial and stock markets, and the job market.

    Social. Examine social factors such as gender, race, age, income, disabilities, educational attainment, employment status, and religion.

    Technological. Examine technological factors such as servers, computers, networks, software, database technologies, wireless capabilities, and availability of software as a service.

    Legal. Examine legal factors such as trade laws, labor laws, environmental laws, and privacy laws.

    Environmental. Examine environmental factors such as green initiatives, ethical issues, weather patterns, and pollution.

    Download Info-Tech’s PESTLE Analysis Template to help get started.

    Review these questions to help you conduct a PESTLE analysis

    For each prompt below, always try to answer the question: how does this affect my business?

    Political

    • Will a change in government (at any level) affect your organization?
    • Do inter-government or trade relations affect you?
    • Are there shareholder needs or demands that must be considered?

    Economical

    • How are your costs changing (moving off-shore, fluctuations in markets, etc.)?
    • Do currency fluctuations have an effect on your business?
    • Can you attract and pay for top-quality talent (e.g. desirable location, reasonable cost of living, changes to insurance requirements)?

    Social

    • What are the demographics of your customers or employees?
    • What are the attitudes of your customers or staff (do they require social media, collaboration, transparency of costs, etc.)?
    • What is the general lifecycle of an employee (i.e. is there high turnover)?
    • Is there a market of qualified staff?
    • Is your business seasonal?

    Technological

    • Do you require constant technology upgrades (faster network, new hardware, etc.)?
    • What is the appetite for innovation within your industry or business?
    • Are there demands for increasing data storage, quality, BI, etc.?
    • Are you looking at cloud technologies?
    • What is the stance on “bring your own device”?
    • Are you required to do a significant amount of development work in-house?

    Legal

    • Are there changes to trade laws?
    • Are there changes to regulatory requirements, e.g. data storage policies or privacy policies?
    • Are there union factors that must be considered?

    Environmental

    • Is there a push towards being environmentally friendly?
    • Does the weather have any effect on your business (hurricanes, flooding, etc.)?

    Conduct a SWOT analysis on the business

    Associated Activity icon 1.6 Conduct a business SWOT analysis

    Break the group into two teams.

    Assign team A internal strengths and weaknesses.

    Assign team B external opportunities and threats.

    • Have the teams brainstorm items that fit in their assigned grids. Use the prompt questions on the next slide to help you with your SWOT analysis.
    • Pick someone from each group to fill in the grids on the whiteboard.
    • Conduct a group discussion about the items on the list. Identify implications for IT and opportunities to innovate as you did for the other business and external drivers.
    Helpful
    to achieve the objective
    Harmful
    to achieve the objective
    Internal Origin
    attributes of the organization
    Strength Weaknesses
    External Origin
    attributes of the environment
    Opportunities Threats

    Download Info-Tech’s Business SWOT Analysis Template to help get started.

    Review these questions to help you conduct your SWOT analysis on the business

    Strengths (Internal)

    • What competitive advantage does your organization have?
    • What do you do better than anyone else?
    • What makes you unique (human resources, product offering, experience, etc.)?
    • Do you have location advantages?
    • Do you have price, cost, or quality advantages?
    • Does your organizational culture offer an advantage (hiring the best people, etc.)?

    Weaknesses (Internal)

    • What areas of your business require improvement?
    • Are there gaps in capabilities?
    • Do you have financial vulnerabilities?
    • Are there leadership gaps (succession, poor management, etc.)?
    • Are there reputational issues?
    • Are there factors that are making you lose sales?

    Opportunities (External)

    • Are there market developments or new markets?
    • Industry or lifestyle trends, e.g. move to mobile?
    • Are there geographical changes in the market?
    • Are there new partnerships or M&A opportunities?
    • Are there seasonal factors that can be used to the advantage of the business?
    • Are there demographic changes that can be used to the advantage of the business?

    Threats (External)

    • Are there obstacles that the organization must face?
    • Are there issues with respect to sourcing of staff or technologies?
    • Are there changes in market demand?
    • Are your competitors making changes that you are not making?
    • Are there economic issues that could affect your business?

    Conduct brainstorming efforts to gain insights from key business stakeholders

    Associated Activity icon 1.7 2-4 hours

    INPUT: SoBC Template

    OUTPUT: Completed SoBC

    Materials: Computer, Phone, or Other Mechanism of Connection

    Participants: CEO, CFO, COO, CMO, CHRO, and Business Unit Owners

    There are two ways to gather primary knowledge on the key components of the SoBC:

    1. Stakeholder Interviews
      Approach each individual to have a conversation about the key components of the SoBC. Go through the SoBC and fill it in together.
    2. Stakeholder Survey
      In the case that you are in a very large organization, create a stakeholder survey. Input the key components of the SoBC into an online survey maker and send it off the key stakeholders.

    Use the SoBC as the guide to both the interview and the survey. Be clear about the purpose of understanding the business context when connecting with key business stakeholders to participate in the brainstorming. This is a perfect opportunity to establish or develop a relationship with the stakeholders who will need to buy into the redesigned governance framework since it will involve and impact them significantly.

    Go directly to the information source – the key stakeholders

    Overview

    Talking to key stakeholders will allow you to get a holistic view of the business strategy. You will be able to ask follow-up questions to get a better understanding of abstract or complex concepts. Interviews also allow you to have targeted discussions with specific stakeholders who have in-depth subject-matter knowledge.

    Action

    • Talk to key stakeholders:
      • Structure focused, i.e. CEO or CFO
      • Customer focused, i.e. CMO or Head of Sales
      • Operational focused, i.e. COO
      • Lower-level employees or managers
    • Listen for key pains that IT could alleviate.

    Overcome the Unstructured Nature of Interviews

    • Interviewees will often explicitly state objectives and initiatives.
    • However, interviews are less formal and less structured than objective-oriented strategy documents. Objectives are often stated using informal language.
      “We’re talking rev gen here. That’s the name of the game. If we can get a foothold in India, there’s huge upside potential.” (VP Marketing)
    • Further analysis might translate this into a corporate imperative: increase revenue by growing our market share in India to 8% by January of next year.
    • If an imperative is unclear, ask the stakeholder for more detail.
    • Understand how key stakeholders evaluate, direct, and monitor their own areas of the business; this will give you insight as to their style.

    Receive final sign-off to proceed with developing the IT governance redesign

    Associated Activity icon 1.8 30 minutes

    Document any project assumptions or constraints. Before proceeding with the IT governance activities, validate the statement of business context with senior stakeholders. When consensus has been reached, have them sign the final page of the document.

    How to ensure sign-off:

    • Schedule a meeting with the senior stakeholders and conduct a review of the document. This meeting presents a great opportunity to deliver your interpretation of management expectations and make any modifications.
    • Obtaining stakeholder approval in person ensures there is no miscommunication or misunderstandings around the tasks that need to be accomplished to develop a successful IT governance.
    • This is an iterative process; if senior stakeholders have concerns over certain aspects of the document, revise and review again.
    • Final sign-off should only take place when mutual understanding has been reached.

    Download the SoBC Template and complete for final approval.

    Info-Tech Tip

    In most circumstances, you should have the SoBC validated with the following stakeholders:

    • CIO
    • CEO
    • CFO
    • Business Unit Leaders

    Understand the business context to set the foundation for governance redesign

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    The new business direction to become an integrator shifted focus to faster software iteration and on enabling integration and translation technologies, while moving away from creating complete, top-to-bottom IT solutions to be leveraged by clinicians and patients.

    Internal to the IT organization, this created a different in perspective on what was important to prioritize: foundational elements, web services, development, or data compliance issues. There was no longer agreement on which initiatives should move forward.

    Solution

    A series of mandatory meetings were held with key decision makers and SMEs within the organization in order to re-orient everyone on the overall purpose, goals, and outcomes of the organization.

    All attendees were asked to identify what they saw as the mission and vision of the organization.

    Finally, clinicians and patient representatives were brought in to describe how they were going to use the services the organization was providing and how it would enable better patient outcomes.

    Results

    Identifying the purpose of the work the IT organization was doing and how the services were going to be used realigned the different perspectives in the context of the healthcare outcomes they enabled.

    This activity provided a unifying view of the purpose and the state of the business. Understanding the business context prepared the organization to move forward with the governance redesign.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    Sample of activity 1.1 'Determine which business stakeholders will be impacted or involved in the redesign process'. Identify Relevant Stakeholders

    Build a list of relevant stakeholders and identify their position on the stakeholder power map.

    1.4

    Sample of activity 1.4 'Create a communication plan to engage key stakeholders'. Communication Plan

    Build customized communication plans to engage the key stakeholders in IT governance redesign.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop

    Book a workshop with our Info-Tech analysts:

    1.7

    Sample of activity 1.7 'Review business documents to assess business context'. Gather Business Information

    Review business documents, leverage business analysis tools, and brainstorm with key executives to document the Statement of Business Context.

    1.8

    Sample of activity 1.8 'Receive final sign-off to proceed with developing the IT Governance redesign'. Finalize the Statement of Business Context

    Get final approval and acceptance on the Statement of Business Context that will guide your redesign.

    Improve IT Governance to Drive Business Results

    PHASE 2

    Assess the Current Governance Framework

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Assess the Current Governance Framework

    Proposed Time to Completion: 2 weeks
    Step 2.1: Outline the Current State AssessmentStep 2.2: Review the Current State Assessment
    Start with an analyst kick-off call:
    • Connect the current business state identified in Phase 1 with the current state of governance.
    • Identify the key elements of current governance.
    • Begin building the structure and committee profiles.
    Review findings with analyst:
    • Review the current governing bodies that were identified.
    • Review the current structure that was identified.
    • Determine the strengths, weaknesses, and guidelines from the implications in the current state assessment.
    Then complete these activities…
    • Identify stakeholders.
    • Make the case to executives.
    • Build a communication plan.
    Then complete these activities…
    • Create committee profiles.
    • Build governance structure map.
    With these tools & templates:
    • Current State Assessment of IT Governance
    With these tools & templates:
    • Current State Assessment of IT Governance

    Phase 2: Assess the Current Governance Framework

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 2.1 Create Committee Profiles
    • 2.2 Build a Governance Structure Map
    • 2.3 Establish Governance Guidelines

    Outcomes:

    • Use the Current State Assessment of IT Governance to determine governance guidelines.

    Info-Tech Insight

    Don’t be passive; take action! Take an active approach to revising your governance framework. Understand why you are making decisions before actually making them.

    Explore the current governance that exists within your organization

    Your current governance framework will give you a strong understanding of the way the key stakeholders in your business currently view IT governance.

    "Much of the focus of governance today has been on the questions:
    • Are we doing [things] the right way?
    • And are we getting them done well?"
    –› "We need to shift to…
    • Are we doing the right things?
    • Are we getting the benefits?
    • What are the outcomes?
    • What do we want to achieve?
    • How do we make intelligent decisions about what will help us achieve those outcomes?"
    (John Thorp, Author of The Information Paradox)

    Leverage this understanding of IT governance to determine where governance is occurring and how it transpires.

    Conduct a current state assessment

    Supporting Tool icon 2A Assess the current governance framework

    Use this tool to critically assess each governing body to determine the areas of improvement that are necessary in order to achieve optimal business results.

    1. Identify All Governing Bodies
      Some bodies govern intentionally, and some govern through habit and practice. Outline all bodies that take on an element of governance.
    2. Create a Governance Structure Map
      Configure the structural relationships for the governing bodies using the structure map.
    3. Reveal Strengths and Weaknesses
      Identify the strengths and weaknesses of the governance structure, authority definitions, processes, and membership.
    4. Establish Governance Guidelines
      Based on the SoBC, express clear and applicable guidelines to improve on the weaknesses while retaining the strengths of your governance framework.

    Download the Current State Assessment of IT Governance to work toward these outcomes

    Conduct a current state assessment to identify governance guidelines

    Supporting Tool icon 2A Assess the current governance framework

    How to use the Current State Assessment of IT Governance deliverable: Follow the steps below to create a cohesive understanding of the current state of IT governance and the challenges that the current system poses.

    Part A – Committee Profiles

    1. Identify Governing Bodies
    2. Leverage Committee Templates
    3. Create Committee Profiles
      Use the Committee Profile Template

    Part B – Structure Map

    1. Assess Inputs and Outputs to Express Structural Relationships
    2. Create Structure Map
      Use the Governance Structure Map

    Part C – Governance Guidelines

    1. Choose Operating Model Template
    2. Identify Strengths and Weaknesses
    3. Establish Governance Guidelines
      Use the Governance Guideline Template

    What makes up the “governance framework”?

    There are four major elements of the governance framework:

    1. Structure
      Structural relationships are shown by mapping the connections between committees.
    2. Authority
      Each committee will have a purpose and area of decision making that it is accountable for.
    3. Process
      The process includes the inputs, outputs, and activities required for the committee to function.
    4. Membership The individuals or roles who sit on each committee. Take into account members’ knowledge, capability, and political influence.

    Create governing board or committee profiles

    Supporting Tool icon 2A.1 Assess the current governance framework

    Part A – Committee Profiles

    1. Identify Governing Bodies

      Establish where governance happens and who is governing. For different organizations, the governance framework will contain a variety of governing bodies or people. Use a list format to identify governing bodies that exist in your organization.
    2. Leverage Committee Templates

      Use the templates provided. Create a profile for each governing body that currently operates in your IT governance framework as listed in step 1.
    3. Create Committee Profiles

      Identify what they are governing and how they are governing.
      Using the profiles created in step 2, identify each body’s membership roles, purpose, decision areas, inputs, and outputs. Refer to the example text in the template to guide you, but feel free to adjust the text to reflect the reality of your governing body. Screenshot of the 'Committee Template - Executive Management Committee'.
      Consider the following domains of governance:
      (refer to Executive Brief)
      • Benefits realization
      • Risks
      • Resources
      Refer to our examples for some common governing bodies.

    Consistently define the components of governance in the committee profiles

    Membership

    Membership Roles
    Insert information here that reflects who the individuals are that sit on that governing body and what their role is. Include other important information about the individuals’ knowledge, skills, or capabilities that are relevant.

    Authority

    Purpose
    Define why the committee was established in the first place.

    Decision Areas
    Explain the specific areas of decision making this group is responsible for overseeing.

    Process

    Inputs
    Consider the information and materials that are needed to make decisions.

    Outputs
    Describe the outcomes of the committee. Think about decisions that were made through the governance process.

    Screenshot of the components of governance section from the 'Committee Template'.

    Map out relationships on the Governance Map

    Supporting Tool icon 2A.2 Assess the current governance framework

    Part B – Structure Map

    Structure
    1. Assess Inputs and Outputs

      Governing Bodies

      Inputs

      Outputs

      Committee #1
      Committee #2
      Committee #3
      CFO
      IT Director
      CIO
      To understand relationships between governing bodies, list the inputs and outputs for each unique committee that rely on other committees in the table provided.
    2. Create Structure Map
      Sample of the 'Current State Structure Map'. Using the outline provided, create your own governance structure map to represent the way the governing bodies interact and feed into each other. This is crucial to ensure that the governing structure is streamlined. It will ensure that communication occurs efficiently and that there are no barriers to making decisions swiftly.

    Outline the governance structure in the governance structure map

    Associated Activity icon 2.2 30 minutes
    The 'Current State Structure Map' from the last slide, but with added description. There are three tiers of groups. At the bottom is 'Run', described as 'The lowest level of governance will be an oversight of more specific initiatives and capabilities within IT.' 'Design and Build', described as 'The second tier of groups will oversee prioritization of a certain area of governance as well as second-tier decisions that feed into strategic decisions.' At the top is 'Strategy', described as 'These groups will focus on decisions that directly connect to the strategic direction of the organization.' The specific groups laid out in the map are 'Risk and Compliance Committee' which straddle the line between 'Run' and 'Design and Build', 'Portfolio Review Board' and 'IT Steering Committee (ITSC)' both of which straddle the line between 'Design and Build' and 'Strategy', 'Executive Management Committee (EMC)' which is in 'Strategy', and 'Other' in all tiers.

    Identify strengths and weaknesses of the governance framework

    Supporting Tool icon 2A.3 Assess the current governance framework

    Part C – Governance Guidelines

    1. Choose Business State Template Choose the template that represents the identified future state of business in the Statement of Business Context. Mini sample of the 'State of Business' table from the 'Statement of Business Context'.
    2. Identify Strengths and Weaknesses Input the major strengths and weaknesses of your governance that were highlighted in the brainstorming activity. Mini sample of a Strengths and Weaknesses table.
    3. Establish Governance Guidelines Draw your own implications from the strength and weaknesses that will drive the design of your governance in its future state. These guidelines should be concise and easy to implement. Mini sample of an expanded Strengths and Weaknesses table including a row for 'Implication/Guideline'. Note: Refer to the example guidelines in the Current State Assessment of IT Governance after you have considered your own specific guidelines. The examples are supplementary for your convenience.

    Distinguish your business state from the others to ensure implications act as accurate guidelines

    Business State Options

    1

    Small

    IT team is 30 people or less.

    Large

    IT team is more than 30 people.

    2

    Public

    Wholly or partly funded by the government.

    Private

    No government funding is provided.

    3

    Lean: The business aims to eliminate any waste of resources (time, effort, or money) by removing steps in the business process that do not create value.Devops: Our organization aims to make quick decisions and navigate the fast-paced industry with agility. Uniting the development and operational sides of the business. Hierarchical: Departments in the organization are siloed by function. The organization is top-down and hierarchical, and takes more time with decision making.

    ‹– Multi-State (any combination) –›

    Multi-State Example A: If you are small organization that is publicly funded and you are shifting towards a lean methodology, combine the implications of all those groups in a way that fits your organization.

    Multi-State Example B: Your organization is shifting from a more traditional state of operating to combining the development and operations groups. Use hierarchical implications to govern one group and DevOps implications for the other.

    Identify strengths and weaknesses of the governance framework

    Associated Activity icon 2.3 2 hours

    INSTRUCTIONS

    1. Input Strengths of Governance
      Include useful components of the current framework; that may include elements that are operating well, fit the future state, or are required due to regulations or statutes.
    2. Determine Weaknesses and Challenges
      Discuss the pain points of the current governance framework by looking through the lenses of structure, authority, process, or membership.

    Consider:

    • Where is governance not meeting expectations?
    • Are we doing the right things?
    • Are we getting the benefits?
    • What are the outcomes?
    • What do we want to achieve?
    • How do we make intelligent decisions about what will help us achieve those outcomes?
    *Example

    Structure

    Authority

    Process

    Membership

    Strength

    • We must maintain a legal compliance committee due to the high level of legislation in the industry
    • The ITSC gathers and prioritizes investment options, saving time for the EMC
    • The EMC only make decisions on investments that are greater than $200,000
    • The legal board has a narrow focus, allowing it to maintain its necessary purpose efficiently
    • The information flow from ITSC to the EMC allows the EMC to spend their time effectively
    • The CIO sits on the EMC and the ITSC
    • The EMC is made up of senior leadership who have stakes in all areas of the business

    Weakness

    • Wrong number (too many/little groups)
    • Relationship is misaligned (input/output problems)
    • The tier it sits on the map is misguided
    • Duplication of the same tier of decisions in different groups
    • Approval for one specific topic occurs in more than one group
    • Lack of clarity in which group makes which decisions
    • Intake – where the information is coming from is the wrong source/inaccurate
    • Time to decision (too slow)
    • Poor results of governance (redoing projects, low value)
    • There is lack of knowledge in committee membership
    • Misplaced seniority (too Jr./Sr.)
    • Lack of representation in group (breadth across the business or depth of specific area)

    Derive governance implications from strengths and weaknesses

    Associated Activity icon 2.3 2-4 hours

    INSTRUCTIONS

    1. Copy and paste your strengths and weaknesses from part B into the template that reflects your business state.
    2. Draw your own implications from the strengths and weaknesses that will drive the design of your governance in its future state. These guidelines should be concise and practical.
    *Example

    Structure

    Authority

    Process

    Membership

    Strength

    Weakness

    Implication / Guideline

    • Make sure that the decision-making authority for most areas are at the lower tier
    • Governing bodies should be lower in the organization
    • One overarching governing body – directing priorities
    • High authority at a lower point of the organization
    • Highest tier is responsible for major budget shifts
    • High-level tier - reporting and feed in from lower level groups
    • Prioritization and sequencing occur at the mid-tier
    • Lowest governing tiers will have direct links to the customer to allow for interaction
    • Project or initiative owner as the leader of the body

    Note: Use the examples of guidelines provided in the Current State Assessment of IT Governance to help formulate your own.

    Conduct a current state assessment to identify guidelines for the future state of governance

    CASE STUDY

    Industry: Healthcare
    Source: Anonymous

    Challenge

    Over time, the organization had to create a large amount of governing committees and subcommittees in order to comply with governance frameworks applied to them and to meet regulatory compliance requirements.

    The current structure was no longer optimal to meet the newly identified mandate of the organization. However, the organization did not want to start from scratch and scrap the elements that worked, such as the dates and times that had been embedded into the organization.

    Solution

    A current state assessment was planned and executed in order to review what was currently being done and identify what could be retained and what should be added, changed, or removed to improve the governance outcomes.

    The scope involved examining how current and near-term governance needs were, or were not, met through the existing structure, bodies, and their processes.

    The organization investigated governance approaches of organizations with similar governance needs and with similar constraints to model their own.

    Results

    The outputs of this exercise included:

    • A list of effective practices and committee guidelines that could be leveraged with little to no change in the future state.
    • A list of opportunities to streamline the structure and processes.

    These guidelines were used to drive recommendations for improvements to the governance structures and processes in the organization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Sample of activity 2.1 'Outline the governance structure in the governance structure map'. Create Current State Structure and Profiles

    Take the time to clearly articulate the current governance framework of your organization. Outline the structure and build the committee profiles for the governing bodies in your organization.

    2.3

    Sample of activity 2.3 'Identify strengths and weaknesses of the governance framework'. Determine Strengths, Weaknesses, and Guidelines

    Evaluate the strengths of your governance framework, the weaknesses that it exhibits, and the guidelines that will help maintain the strengths and alleviate the pains.

    Improve IT Governance to Drive Business Results

    PHASE 3

    Redesign the Governance Framework

    Phase 3 Guided Implementation

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Redesign the Governance Framework

    Proposed Time to Completion: 4 weeks
    Step 3.1: Understand the Redesign Process Step 3.2: Review Governance Structure Step 3.3: Review Governance Committees
    Start with an analyst kick-off call:
    • Review the guidelines from the current state assessment.
    • Begin modifying the governance structure, authorities, processes, and memberships.
    Review findings with analyst:
    • Determine the impact of the guidelines on the structural layout of the framework.
    • Determine the impact of the guidelines on the authority element of the framework.
    Finalize phase deliverable:
    • Determine the impact of the guidelines on the processes within the framework.
    • Determine the impact of the guidelines on the membership element of the framework.
    Then complete these activities…
    • Break down guidelines to make sure they are actionable and realistic.
    • Identify what to add, modify, or remove.
    • Review additional sources of information.
    Then complete these activities…
    • Build and review the governance structure map.
    • Identify additions, changes, or reductions in governing bodies and their areas of authority.
    Then complete these activities…
    • Use the template provided to build committee profiles for each identified committee.
    • Identify the membership, purpose, decision areas, inputs, and outputs of each.
    • Build committee charters if needed.
    With these tools & templates:
    • Current State Assessment
    • Future State Design for IT Governance
    With these tools & templates:
    • Future State Design for IT Governance
    With these tools & templates:
    • Future State Design for IT Governance
    • IT Governance Terms of Reference

    Phase 3: Redesign the Governance Framework

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 3.1 Build a Governance Structure Map
    • 3.2 Create Committee Profiles
    • 3.3 Leverage Process-Specific Governance Blueprints

    Outcomes:

    • Use the Future State Design for IT Governance template to build the optimal governance framework for your organization.

    Info-Tech Insight

    Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required.

    Anticipate the outcomes of the Future State Design for IT Governance tool

    Supporting Tool icon 3A Redesign the governance frameworks

    Use this tool to guide your organization toward transformative outcomes gleaned from an optimized governance framework.

    1. Implement Structural Guidelines
      Determine what governing bodies to add, change, or remove from your governance structure.
    2. Create a Governance Structure Map
      Configure the structural relationships for the redesigned governing bodies using the structure map.
    3. Build Effective Committees
      Use the IT Governance Terms of Reference to build profiles for each newly created committee and to alter any existing committees.
    4. Determine Follow-up Governance Support
      Access external material on governance from other Info-Tech blueprints that will help with specific governance areas.

    Download the Future State Design for IT Governance template to work toward these outcomes.

    Use the Future State Design for IT Governance tool to create a custom governance framework for your organization

    Supporting Tool icon 3A Redesign the governance frameworks

    How to use the Future State Design for IT Governance deliverable: Follow the steps below to redesign the future state of IT governance. Use the guidelines to respond to challenges identified in the current governance framework based on the current state assessment.

    Part A – Structure Map

    Part B – Committee Profiles

    1a. Input Structural Guidelines 1b. Input Authority Guidelines 1a. Input Process Guidelines 1b. Input Member Guidelines
    2. Guiding Questions
    Do governing bodies operate at a tier that matches the guidelines?

    Do governing bodies focus on the decisions that align with the guidelines?
    2. Guiding Questions
    Do the process inputs and outputs reflect the structure and authority guidelines?

    Do governing bodies engage the right people who have the roles, capacity, and knowledge to govern?
    3. Add / Change (Tier/Authority) / Remove
    Governing Bodies – Structure
    3. Adapt / Refine
    Governing Bodies – Profiles
    4. Use the Structure Map to Show Redesign Use the IT Governance Terms of Reference for Redesign

    Connect key learnings to initiate governance redesign

    The future state design will reflect the state of business that was identified in Phase 1 along with the guidelines defined in Phase 2 to build a governance framework that promotes business-IT fusion.

    Statement of Business Context –› Current State Assessment

    Identified Future Business State

    Structure
    Authority

    Leverage the structure and authority guidelines to build the governance structure.

    Defined Governance Guidelines

    Process
    Membership

    Leverage the process and membership guidelines to build the governance committees.

    Future State Design

    Use structure and authority guidelines to build a new governance structure map

    Supporting Tool icon 3A.1 Redesign the governance frameworks

    Part A – Structure Map

    Structure
    Authority
    1a. Structural Guidelines1b. Authority Guidelines
    Input the guidelines from the current state assessment to guide the redesign.

    2. Leverage Guiding Questions

    Use the guiding questions provided to assess the needed changes.
    Guiding Questions


    Do governing bodies operate at a tier that matches the guidelines?


    Do governing bodies focus on the decisions that align with the guidelines?
    Build the “where/why” of governance. Consider at what tier each committee will reside and what area of governance will be part of its domain. Modify the current structure; do not start from scratch.

    3. Add / Change (Tier/Authority) / Remove

    Determine changes to structure or authority that will be occurring for each of the current governing bodies. Work within the current structure as much as possible.A mini sample of an 'Add/Change/Remove' table for governing bodies.

    4. Use the Structure Map to Show Redesign

    Create your own governance structure map to represent the way the governing bodies interact and feed into each other. A mini sample of the 'Current State Structure Map' from before.

    Maintain as much of the existing framework as possible in the redesign

    Associated Activity icon 3.1 2-4 hours

    Future State Design

    • Structure
    • Authority

    Info-Tech Best Practice

    Keep the number of added or removed committees as low as possible, while still optimizing. The less change to the structure, the easier it will be to implement.

    Refer to the example to help guide your committee redesign.

      Determine:
    1. Do the guidelines impact committees you already have? Will you have to modify the tier or the authority of those committees?
    2. Do the guidelines require you to build a new committee to meet needs?
    3. Do the guidelines require you to remove a committee that isn’t necessary?

    All Governing Bodies

    Add

    Change

    Remove

    ITSC Structure

    Authority
    Delegate the authority of portfolio investment decisions over $200K to this body
    Portfolio Review Board This committee no longer needs to exist since its authority of portfolio investment decisions over $200K has been redelegated
    Risk and Compliance Committee Create a new governing body to address increasing risk and compliance issues that face the organization

    Outline the new governance structure in the governance structure map in the Future State Design for IT Governance tool

    Associated Activity icon 3.1 The 'Current State Structure Map' from before, but with some abbreviated terms. There are three tiers of groups. At the bottom is 'Run', described as 'The lowest level of governance will be an oversight of more specific initiatives and capabilities within IT.' 'Design and Build', described as 'The second tier of groups will oversee prioritization of a certain area of governance as well as second-tier decisions that feed into strategic decisions.' At the top is 'Strategy', described as 'These groups will focus on decisions that directly connect to the strategic direction of the organization.' The specific groups laid out in the map are 'Risk and Compliance Committee' which straddle the line between 'Run' and 'Design and Build', 'Portfolio Review Board' and 'ITSC' both of which straddle the line between 'Design and Build' and 'Strategy', 'EMC' which is in 'Strategy', and 'Other' in all tiers.

    Use process and membership guidelines along with the IT Governance Terms of Reference to build committees

    Supporting Tool icon 3A.2 Redesign the governance frameworks

    Part B – Committee Profiles

    Process
    Membership
    1a. Process Guidelines 1b. Authority Guidelines
    Input the guidelines from the current state assessment to guide the redesign.

    2. Leverage Guiding Questions

    Use the guiding questions provided to assess the needed changes.
    Guiding Questions
    Do the process inputs and outputs reflect the structure and authority guidelines?

    Do governing bodies engage the right people who have the roles, capacity, and knowledge to govern?
    Build the “what/how” of governance. Build out the process and procedures that each committee will use.

    3. Adapt / Refine Governing Body Profiles

    Using your customized guidelines, create a profile for each committee.

    We have provided templates for some common committees. To make these committee profiles reflective of your organization, use the information you have gathered in your Current State Assessment of IT Governance guidelines.

    For a more detailed approach to building out specific charters for each committee refer to the IT Governance Terms of Reference.

    A mini sample of the 'Committee Template - Executive Management Committee'.

    A mini sample of the 'IT Governance Terms of Reference'.

    Use the IT Governance Terms of Reference to establish operational procedures for governing bodies

    Associated Activity icon 3.2 3-6 hours

    Future State Design

    • Process
    • Membership

    Info-Tech Best Practice

    The people on the committee matter. Governance committee membership does not have to correspond with the organizational structure, but it should correspond with the purpose and decision areas of the governance structure.

    Refer to the example to help guide your committee redesign.

      Determine:
    1. Do the guidelines alter the members needed to achieve the outcomes?
    2. Do the guidelines change the purpose and decision areas of the committee?
    3. How do the new structure’s guidelines impact the inputs and outputs of the governing body?

    Screenshot of the 'Committee Template - Executive Management Committee'.

    Add depth to the committee profiles using the IT Governance Terms of Reference

    Supporting Tool icon 3A.3 Redesign the governance frameworks

    Refer to the sections outlined below to build a committee charter for your governance committees. Four examples are provided in the tool and can be edited for your convenience. They are: Executive Management Committee, IT Steering Committee, Portfolio Review Board, and Risk and Compliance Committee.

    1. Purpose
    2. Goals
    3. Responsibilities
    4. Committee Members
    5. RACI
    6. Procedures
    7. Agenda

    Be sure to embed the domains of governance in the charters so that committees focus on the appropriate elements of benefits realization, risk optimization, and resource optimization.

    Download the IT Governance Terms of Reference for more in-depth committee charters.

    Three pillars of planning effective governance meetings

    The effectiveness of the governance is reliant on the ability to work within operational dependencies that will exist in the governance framework. Consider these questions to guide the duration, frequency, and sequencing of your governing body meetings.

    Frequency

    • What is the quantity of decisions that must be made?
    • Is a rapid or urgent response typically required?

    Duration

    • How long should your meeting run based on your meeting frequency and the volume of work to be accomplished?

    Sequencing

    • Are there other decisions that rely on the outcomes of this meeting?
    • Are there any decisions that must be made first for others to occur?
    A venn diagram of the three pillars of planning effective governance meetings, 'Frequency', 'Duration', and 'Sequencing'.

    Leverage process-specific governance blueprints

    Associated Activity icon 3.3

    If there are specific areas of IT governance that you require further support on, refer to Info-Tech’s library of DIY blueprints, Guided Implementations, and workshops for further support. We cover IT governance in the following areas:

    Enterprise Architecture Governance

    Service Portfolio Governance

    Security Governance

    Titlecard of 'Create a Right-Sized Enterprise Architecture Governance Framework' blueprint. Titlecard of 'Lead Strategic Decision Making With Service Portfolio Management' blueprint. Titlecard of 'Build a Security Governance and Management Plan' blueprint.

    Consider the challenges and solutions when identifying a multi-state reality for your business state

    A multi-state business will face unique challenges in navigating the redesign process with the goal of combining all related business states in governance.

    1. Divergent Governance Models
      Separate the governance groups that need to function differently, and bring them back together at the highest level.
    2. Reflecting the Organizational Structure
      Unlike single-state governance, multi-state organizations should model the governance framework in reflection of the organizational structure.
    3. Combining Implications
      Prioritize which implications are the most important and make sure they work first, then see what else fits (e.g. start with regulation, then insert lean guidelines).

    The multi-state business will not fit into one “box” – consider implications from the overlapping business states.

    As business needs change, ensure that you establish triggers to reassess the design of your governance framework.

    Leverage the outcomes of the Current State Assessment and Statement of Business Context to build the future state

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    Identifying the committees and processes that should be in place in the target state required a lot of different inputs.

    A number of high-profile senior management team members were still resistant to the overall idea of applying governance to their initiatives since they were clinician driven.

    The approach and target state, including the implementation plan, had to be approved and built out.

    Solution

    The information pulled together from the current state assessment, including best practices and jurisdictional scans, were tied together with the updated mandate and future state, and a list of recommended improvements were documented.

    The improvements were presented to the optimization committee and the governance committee members to ensure agreement on the approach and confirm the timeline for agreed improvements.

    Results

    A future state mapping of the new committee structure was created, as well as the revised membership requirements, responsibilities, and terms of reference.

    The approved recommendations were prioritized and turned into an implementation plan, with each improvement being assigned an owner who would be responsible for driving the effort to completion.

    Integration points in other processes, like SDLC, where change would be required were highlighted and included in the implementation plan.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Sample of activity 3.1 'Maintain as much of the existing framework as possible in the redesign'. Redesign the Governance Structure

    Identify committees that need to be added, ones that must be changed, and the no-longer-needed governing bodies in an optimized and streamlined structure. Draw it out in the governance structure map.

    3.2

    Sample of activity 3.2 'Utilize the IT Governance Terms of Reference to establish operational procedures for governing bodies'. Redesign the Governing Bodies

    Use the IT Governance Terms of Reference and the Committee Template to build a committee profile for each governing body identified. Use these activities to build out and establish the processes of the modified governing groups.

    Improve IT Governance to Drive Business Results

    PHASE 4

    Implement Governance Redesign

    Phase 4 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 4: Implement Governance Redesign

    Proposed Time to Completion: 2-3 weeks
    Step 4.1: Identify Steps for Implementation Step 4.2: Finalized Implementation Plan
    Start with an analyst kick-off call:
    • Identify major steps required to implement the governance redesign.
    • Outline the components and milestones of the implementation plan.
    • Review materials needed for the executive presentation.
    Review findings with analyst:
    • Review the major milestones identified in the implementation plan.
    • Discuss potential challenges and stakeholder objections.
    • Strategize for the executive presentation.
    Then complete these activities…
    • Then complete these activities…
    • Identify next steps for the redesign.
    • Establish a communication plan.
    Then complete these activities…
    • Review the implementation plan.
    • Assess any challenging milestones and build implementation strategies.
    • Finalize the executive presentation.
    With these tools & templates:
    • IT Governance Implementation Plan
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template
    With these tools & templates:
    • IT Governance Implementation Plan
    • Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template

    Phase 4: Implement Governance Redesign

    1 2 3 4
    Align IT With the Business Context Assess the Current Governance Framework Redesign the Governance Framework Implement Governance Redesign

    Activities:

    • 4.1 Identify Next Steps for the Redesign
    • 4.2 Establish a Communication Plan
    • 4.3 Lead the Executive Presentation

    Outcomes:

    • Rationalize steps in the Implementation Plan tool.
    • Construct an executive presentation to facilitate transparency for the governing framework.

    Anticipate and overcome implementation obstacles for the redesign

    Often high-level organizational changes create challenges. We will help you break down the barriers to optimal IT governance by addressing key obstacles.

    Key Obstacles

    Solutions

    Identifying Steps The prioritization must be driven by the common view of what is important for the organization to succeed. Prioritize the IT governance next steps according to the value they are anticipated to provide to the business.
    Communicating the Redesign The redesign of IT governance will bring impactful changes to diverse stakeholders across the organization. This phase will help you plan communication strategies for the different stakeholders.

    Info-Tech Insight

    Don’t overlook the politics and culture of your organization while redesigning your governance framework.

    Create an implementation roadmap to organize a plan for the redesign

    Supporting Tool icon 4A Create an implementation and communication plan

    INSTRUCTIONS

    1. Identify Tasks
      Decide on the order of tasks for your implementation plan. Consider the dependencies of actions and plan the sequence accordingly.
    2. Determine Communication Method
      Identify the most appropriate and impactful method of communicating at each milestone identified in step 1.

    Download the IT Governance Implementation Plan to organize your customized implementation and communication plan.

    Screenshot of a table in the 'IT Governance Implementation Plan'.

    Outline next steps for governance redesign

    Associated Activity icon 4.1

    INPUT: Tasks Identified in the Future State Design

    OUTPUT: Identified Tasks for Implementation as Well as the Audience

    Materials: N/A

    Participants: IT Governance Redesign Owner

    INSTRUCTIONS

    Keep these questions in mind as you analyze and assess what steps to take first in the redesign implementation.

    1. What needs to happen?
      Use the identified changes from the redesign as your guiding list of tasks that need to occur. If they are larger tasks, break them down into smaller parts to make the milestones more achievable.
    2. What are the dependencies?
      Throughout the implementation of the redesign, certain tasks will need to occur to enable other tasks to be performed. Make sure to clearly identify what dependencies exist in the implementation process and clearly identify the order of the tasks.
    3. Who do the changes impact?
      Consider the groups and individuals that will be impacted by changes to the governance framework. This includes key business stakeholders, IT leaders, members of governing boards, and anyone who provides an input or requires an output from one of the committees.

    Use a big-bang approach to implement the IT governance redesign

    While there are other methods to implementing change, the big-bang approach is the most effective for governance redesign and will maintain the momentum of the change as well as the support needed to make it successful.

    Phased

    Parallel

    Big Bang

    Implementation of redesign occurs in steps over a significant period of time.

    Three arrows, each beginning where the previous one ends, separated.

    Components of the redesign are brought into the governance framework, while maintaining some of the old components.

    Three arrows, each beginning slightly after the previous one begins, overlapping.

    Implementation of redesign occurs all at once. This requires significant preparation.

    One large arrow, spanning the length of the other grouped arrows, circled to emphasize.
    • Some committees will be operating under a new structure while others are not, which will undermine the changes being made.
    • This method proliferates a lack of transparency and trust.
    • Releasing IT governance in parallel leads to members sitting on too many boards and spending too much time on governance.
    • There will be a lack of clarity on a committee’s authority.
    • This approach will lead to consistency and transparency in the new process.
    • The change will be clear and fully embedded in the organization with stronger boundaries and well-defined expectations.

    Determine the most effective and impactful communication mediums for relevant stakeholders

    Associated Activity icon 4.2 1 hour

    INSTRUCTIONS

    1. Consider the Individual or Group
      Consider the group and individuals identified in step 4.1. Determine the most appropriate mechanism for communicating with that person or group. Keep in mind: If they are local, how much influence they have and if they are already engaged in the redesign process.
    2. Consider the Message
      The type of message that you are communicating will vary in impact and importance depending on the task. Make sure that the communication medium reflects your message. Keep in mind: If the you are communicating an important or more personal issue, the medium should be more personal as well.

    Screenshot of the same table in the 'IT Governance Implementation Plan'.

    Communicate the changes that result from the redesign

    Plan the message first, then deliver it to your stakeholders through the most appropriate medium to avoid message avoidance or confusion.

    Communication Medium

    Face-to-Face Communication

    Face-to-face communication helps to ensure that the audience is receiving and understanding a clear message, and allows them to voice their concerns and clarify any confusion or questions.

    • Use one-on-one meetings for key stakeholders and large organizational meetings to introduce large changes in the redesign.
    Emails

    Use email to communicate information to broad audiences. In addition, use email as the mass feedback mechanism.

    • Use email to follow up on meetings, or to invite people to next ones, but not as the sole medium of communication.
    Internal Website or Drive

    Use an internal website or drive as an information repository.

    • Store meeting minutes, policies, procedures, terms of reference, and feedback online to ensure transparency.

    Message Delivery

    1. Plan Your Message
      Emphasize what the audience really needs to know and how the change will impact them.
    2. Test Your Message
      If possible, test your communications with a small audience (2-3 people) first to get feedback and adjust messages before delivering them more broadly.
    3. Deliver and Repeat Your Message
      “Tell them what you’re going to tell them, then tell them, then tell them what you told them.”
    4. Gather Feedback and Evaluate Communications
      Evaluate the effectiveness of the communications (through surveys, stakeholder interviews, or metrics) to ensure the message was delivered and received successfully and communication goals were met.

    Construct an executive presentation to facilitate transparency for the governing framework

    Supporting Tool icon 4B Present the redesign to the key business stakeholders

    INSTRUCTIONS

    1. Identify Stakeholders
      Determine which business stakeholders have been the most involved in the redesign process.
    2. Customize Presentation
      Use the deliverables that you have built throughout this redesign to communicate the changes to the structure, authority, processes, and memberships in the governance framework.
    3. Present to Executives
      Present the executive presentation to the key business stakeholders who have been involved in the redesign process.

    Info-Tech best Practice

    Use the Executive Presentation customizable deliverable to lead a boardroom-quality presentation outlining the process and outcomes of the IT governance redesign.

    Present the executive presentation

    Associated Activity icon 4.3 1 hour

    INSTRUCTIONS

    1. Input SoBC Outcomes
      Input the outcomes of the SoBC. Specify the state of the business you have identified through the process of Phase 1.
    2. Input Current State Framework and Guidelines
      Input the outcomes of the current state assessment. Explain the process you used to identify the current governance framework and how you determined the strengths, weaknesses, and guidelines.
    3. Input Redesigned Governance Framework
      Input the governance redesign outcomes. Explain the process you used to modify and reconstruct the governance framework to drive optimal business results. Show the new structure and committee profiles.

    Use the Redesign IT Governance to Drive Optimal Business Results Executive Presentation Template for more information.

    Implement the governance redesign to optimize governance and, in turn, business results

    CASE STUDY

    Industry: Healthcare
    Source: Info-Tech

    Challenge

    Members of the project management group and in the larger SDLC process identified a lack of clarity on how to best govern active projects and initiatives that were moving through the governance process during the changes to the governance framework.

    These projects had already begun under the old frameworks and applying the redesigned governance framework would lead to work duplication and wasted time.

    Solution

    The organization decided that instead of applying the redesign to all initiatives across the organization, it would only be applied to new initiatives and ones that were still working within the first part of the “gating” process, where revised intake information could still be provided.

    Active initiatives that fell into the grandfathered category were identified and could proceed based on the old process. Yet, those that did not receive this status were provided carry-over lead time to revise their documentation during the changes.

    Results

    The implementation plan and timeframes were approved and an official change-over date identified.

    A communication plan was provided, including the grandfathered approach to be used with in-flight initiatives.

    A review cycle was also established for three months after launch to ensure the process was working as expected and would be repeated annually.

    The revised process improved the cycle time by 30% and improved the ability of the organization to govern high-speed requests and decisions.

    Summary of accomplishment

    Insights

    • IT governance requires business leadership.
      Instead of IT managing and governing IT, engage business leaders to take responsibility for governing IT.
    • With great governance comes great responsibility.
      Involve relevant business leaders, who will be impacted by IT outcomes, to share governing authority of IT.
    • Establish IT-business fusion.
      In governance, alignment is not enough. Merge IT and the business through governance to ensure business success.

    Knowledge Gained

    • There must be an active understanding of the current and future state of the business for governance to address the changing needs of the business.
    • Take a proactive approach to revising your governance framework. Understand why you are making decisions before actually making them.
    • Keep the current and future goals in sight to build an optimized governance framework that maintains the minimum bar of oversight required.

    Processes Optimized

    • EDM01 – Establishing a Governance Framework
    • Understanding the four elements of governance:
      • Structure
      • Authority
      • Process
      • Members
    • Embedding the benefits realization criteria, risk optimization, and resource optimization in governance.

    Deliverables Completed

    • Statement of Business Context
    • Current State Assessment of IT Governance
    • Future State Design for IT Governance
    • IT Governance Implementation Plan

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    4.1

    Sample of activity 4.1 'Outline next steps for governance redesign'. Build and Deploy the Implementation Plan

    Construct a list of tasks and consider the individuals or groups that those tasks will impact when implementing the governance redesign. Ensure consistent and transparent communication for successful outcomes.

    4.3

    Sample of activity 4.3 'Present the Executive Presentation'. Build the Executive Presentation

    Insert the state of business, current state, and future state design outcomes into a presentation to inform the key business stakeholders on the process and outcomes of the governance redesign.

    Research contributors and experts

    Deborah Eyzaguirre, IT Business Relationship Manager, UNT System

    Herbert Kraft, MIS Manager, Prairie Knights Casino

    Roslyn Kaman, CFO, Miles Nadal JCC

    Nicole Haggerty, Associate Professor of Information Systems, Ivey Business School

    Chris Austin, CTO, Ivey Business School

    Adriana Callerio, IT Director Performance Management, Molina Healthcare Inc.

    Joe Evers, Consulting Principal, JcEvers Consulting Corp

    Huw Morgan, IT Research Executive

    Joy Thiele, Special Projects Manager, Dunns Creek Baptist Church

    Rick Daoust, CIO, Cambrian College

    Related Info-Tech Research

    Bibliography

    A.T. Kearney. “The 7 Habits of Highly Effective Governance.” A.T. Kearney, 2008. Web. Nov. 2016.

    Bertolini, Phil. “The Transformational Effect of IT Governance.” Government Finance Review, Dec. 2012. Web. Nov. 2016.

    CGI. “IT Governance and Managed Services – Creative a win-win relationship” CGI Group Inc., 2015. Web. Dec. 2016.

    De Haes, Steven, and Wim Van Grembergen. “An Exploratory Study into the Design of an IT Governance Minimum Baseline through Delphi Research.” Communications of the Association for Information Systems: Vol. 22 , Article 24. 2008. Web. Nov. 2016.

    Deloitte LLP. “The Role of Senior Leaders in IT Governance.” The Wall Street Journal, 22 Jun. 2015. Web. Oct. 2016.

    Dragoon, Alice. “Four Governance Best Practices.” CIO From IDG, 15 Aug. 2003. Web. Dec. 2016.

    du Preez, Gert. “Company Size Matters: Perspectives on IT Governance.” PricewaterhouseCoopers, Aug. 2011. Web. Nov. 2016.

    Hagen, Christian, et. al. “Building a Capability-Driven IT Organization.” A.T. Kearney, Jun. 2011. Web. Nov. 2016.

    Heller, Martha. “Five Best Practices for IT Governance.” CFO.com, 27 Aug. 2012. Web. Oct. 2016.

    Hoch, Detlev, and Payan, Miguel. “Establishing Good IT Governance in the Public Sector.” McKinsey Dusseldorf, Mar. 2008. Web. Oct. 2016.

    Horne, Andrew, and Brian Foster. “IT Governance Is Killing Innovation.” Harvard Business Review, 22 Aug. 2013. Web. Dec. 2016.

    ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012. Web. Oct. 2016.

    IT Governance Institute. “An Executive View of IT Governance.” IT Governance Institute, in association with PricewaterhouseCoopers. 2009. Web. Nov. 2016.

    Bibliography continued

    IT Governance Institute. “IT Governance Roundtable: Defining IT Governance.” IT Governance Institute, 2009. Web. Nov. 2016.

    Macgregor, Stuart. “The linchpin between Corporate Governance and IT Governance.” The Open Group’s EA Forum Johannesburg and Cape Town, Nov. 2013. Web. Nov. 2016.

    Mallette, Debra. “Implementing IT Governance An Introduction.” ISACA San Francisco Chapter, 23 Sep. 2009. Web. Oct. 2016.

    Massachusetts Institute of Technology. “IT Governance Introduction.” MIT Centre for Information System Research, 2016. Web. Nov. 2016.

    Mueller, Lynn, et. al. “IBM IT Governance Approach – Business Performance through IT Execution.” IBM Redbooks, Feb. 2008. Web. Nov. 2016.

    National Computing Centre. “IT Governance: Developing a successful governance strategy.” The National Computing Centre, Nov. 2005. Web. Oct. 2016.

    Pittsburgh ISACA Chapter. “Practical Approach to COBIT 5.0.” Pittsburgh ISACA Chapter, 17 Sep. 2012. Web. Nov. 2016.

    PricewaterhouseCoopers. “Great by governance: Improve IT performance and Value While Managing Risks.” PricewaterhouseCoopers, Nov. 2014. Web. Dec. 2016.

    PricewaterhouseCoopers. “IT Governance in Practice: Insights from leading CIOs.” PricewaterhouseCoopers, 2006. Web. Nov. 2016.

    Routh, Richard L. “IT Governance Part 1 of 2.” Online video clip. YouTube. The Institute of CIO Excellence, 01 Aug. 2012. Web. Nov. 2016.

    Salleh, Noor Akma Mohd, et. al. “IT Governance in Airline Industry: A Multiple Case Study.” International Journal of Digital Society, Dec. 2010. Web. Nov. 2016.

    Bibliography continued

    Speckert, Thomas, et. al. “IT Governance in Organizations Facing Decentralization – Case Study in Higher Education.” Department of Computer and Systems Sciences. Stockholm University, 2014. Web. Nov. 2016.

    Thorp, John. The Information Paradox—Realizing the Business Benefits of Information Technology. Revised Edition, McGraw Hill, 2003 (written jointly with Fujitsu).

    Vandervost, Guido, et. al. “IT Governance for the CxO.” Deloitte, Nov. 2013. Web. Nov. 2016.

    Weill, Peter, and Jeanne W. Ross. “IT Governance: How Top Performers Manage IT Decision Rights for Superior Results.” Boston: Harvard Business School, 2004. Print. Oct. 2016.

    Wong, Daron, et. al. “IT Governance in Oil and Gas: CIO Roundtable, Priorities for Surviving and Thriving in Lean Times.” Online video clip. YouTube. IT Media Group, Jun. 2016. Web. Nov. 2016.

    Reduce Time to Consensus With an Accelerated Business Case

    • Buy Link or Shortcode: {j2store}286|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Business Analysis
    • Parent Category Link: /business-analysis
    • Enterprise application initiatives are complex, expensive, and require a significant amount of planning before initiation.
    • A financial business case is sometimes used to justify these initiatives.
    • Once the business case (and benefits therein) are approved, the case is forgotten, eliminating a critical check and balance of benefit realization.

    Our Advice

    Critical Insight

    1. Frame the conversation.

    Understand the audience and forum for the business case to best frame the conversation.

    2. Time-box the process of building the case.

    More time should be spent on performing the action rather than building the case.

    3. The business case is a living document.

    The business case creates the basis for review of the realization of the proposed business benefits once the procurement is complete.

    Impact and Result

    • Understand the drivers for decision making in your organization, and the way initiatives are evaluated.
    • Compile a compelling business case that provides decision makers with sufficient information to make decisions confidently.
    • Evaluate proposed enterprise application initiatives “apples-to-apples” using a standardized and repeatable methodology.
    • Provide a mechanism for tracking initiative performance during and after implementation.

    Reduce Time to Consensus With an Accelerated Business Case Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a business case for enterprise application investments, review Info-Tech’s methodology, and understand how we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather the required information

    Complete the necessary preceding tasks to building the business case. Rationalize the initiative under consideration, determine the organizational decision flow following a stakeholder assessment, and conduct market research to understand the options.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 1: Gather the Required Information
    • Business Case Readiness Checklist
    • Business Case Workbook
    • Request for Information Template
    • Request for Quotation Template

    2. Conduct the business case analysis

    Conduct a thorough assessment of the initiative in question. Define the alternatives under consideration, identify tangible and intangible benefits for each, aggregate the costs, and highlight any risks.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 2: Conduct the Business Case Analysis

    3. Make the case

    Finalize the recommendation based on the analysis and create a business case presentation to frame the conversation for key stakeholders.

    • Reduce Time to Consensus With an Accelerated Business Case – Phase 3: Make the Case
    • Full-Form Business Case Presentation Template
    • Summary Business Case Presentation Template
    • Business Case Change Log
    • Business Case Close-Out Form
    [infographic]

    Workshop: Reduce Time to Consensus With an Accelerated Business Case

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan for Business Case Development

    The Purpose

    Complete the necessary preceding tasks to building a strong business case.

    Key Benefits Achieved

    Alignment with business objectives.

    Stakeholder buy-in.

    Activities

    1.1 Map the decision flow in your organization.

    1.2 Define the proposed initiative.

    1.3 Define the problem/opportunity statement.

    1.4 Clarify goals and objectives expected from the initiative.

    Outputs

    Decision traceability

    Initiative summary

    Problem/opportunity statement

    Business objectives

    2 Build the Business Case Model

    The Purpose

    Put together the key elements of the business case including alternatives, benefits, and costs.

    Key Benefits Achieved

    Rationalize the business case.

    Activities

    2.1 Design viable alternatives.

    2.2 Identify the tangible and intangible benefits.

    2.3 Assess current and future costs.

    2.4 Create the financial business case model.

    Outputs

    Shortlisted alternatives

    Benefits tracking model

    Total cost of ownership

    Impact analysis

    3 Enhance the Business Case

    The Purpose

    Determine more integral factors in the business case such as ramp-up time for benefits realization as well as risk assessment.

    Key Benefits Achieved

    Complete a comprehensive case.

    Activities

    3.1 Determine ramp-up times for costs and benefits.

    3.2 Identify performance measures and tracking.

    3.3 Assess initiative risk.

    Outputs

    Benefits realization schedule

    Performance tracking framework

    Risk register

    4 Prepare the Business Case

    The Purpose

    Finalize the recommendation and formulate the business case summary and presentation.

    Key Benefits Achieved

    Prepare the business case presentation.

    Activities

    4.1 Choose the alternative to be recommended.

    4.2 Create the detailed and summary business case presentations.

    4.3 Present and incorporate feedback.

    4.4 Monitor and close out.

    Outputs

    Final recommendation

    Business case presentation

    Final sign-off

    Essentials of Vendor Management for Small Business

    • Buy Link or Shortcode: {j2store}229|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Each year, SMB IT organizations spend more money “outsourcing” tasks, activities, applications, functions, and other items.
    • Many SMBs lack the affordability of implementing a sophisticated vendor management initiative or office.
    • The increased spend and associated outsourcing leads to less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Our Advice

    Critical Insight

    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. There are commonalities among vendor management initiatives, but the key is to adapt vendor management principles to fit your needs, not the other way around.
    • All vendors are not of equal importance to an organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
    • Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally”, starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Impact and Result

    • Build and implement a vendor management initiative tailored to your environment.
    • Create a solid foundation to sustain your vendor management initiative as it evolves and matures.
    • Leverage vendor management-specific tools and templates to manage vendors more proactively and improve communication.
    • Concentrate your vendor management resources on the right vendors.
    • Build a roadmap and project plan for your vendor management journey to ensure you reach your destination.
    • Build collaborative relationships with critical vendors.

    Essentials of Vendor Management for Small Business Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand how changes in the vendor landscape and customer reliance on vendors have made a vendor management initiative indispensible.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    • Essentials of Vendor Management for Small Business – Phase 1: Plan
    • Phase 1 Small Business Tools and Templates Compendium

    2. Build

    This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    • Essentials of Vendor Management for Small Business – Phase 2: Build
    • Phase 2 Small Business Vendor Classification Tool
    • Phase 2 Small Business Risk Assessment Tool
    • Phase 2 Small Business Tools and Templates Compendium

    3. Run

    This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    • Essentials of Vendor Management for Small Business – Phase 3: Run

    4. Review

    This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    • Essentials of Vendor Management for Small Business – Phase 4: Review
    [infographic]

    Further reading

    Essentials of Vendor Management for Small Business

    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.


    EXECUTIVE BRIEF

    Analyst Perspective

    Vendor Management Challenge

    Small businesses are often challenged by the growth and complexity of their vendor ecosystem, including the degree to which the vendors control them. Vendors are increasing, obtaining more and more budget dollars, while funding for staff or headcount is decreasing as a result of cloud-based applications and an increase in our reliance on Managed Service Providers. Initiating a vendor management initiative (VMI) vs. creating a fully staffed vendor management office will get you started on the path of proactively controlling your vendors instead of consistently operating in a reactionary mode. This blueprint is designed with that very thought: to assist small businesses in creating the essentials of a vendor management initiative.

    This is a picture of Steve Jeffery

    Steve Jeffery
    Principal Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Each year, IT organizations "outsource" tasks, activities, functions, and other items. During 2021:

    • Spend on as-a-service providers increased 38% over 2020.*
    • Spend on managed service providers increased 16% over 2020.*
    • IT service providers increased their merger and acquisition numbers by 47% over 2020.*

    This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Common Obstacles

    As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don't have a VMI to help:

    • Ensure at least the expected value is achieved.
    • Improve on the expected value through performance management.
    • Significantly increase the expected value through a proactive VMI.

    Info-Tech's Approach

    Vendor Management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

    • Plan
    • Build
    • Run
    • Review

    The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and sets a solid foundation for its growth and maturity.

    Info-Tech Insight

    Vendor management is not a one-size-fits-all initiative. It must be configured:

    • For your environment, culture, and goals.
    • To leverage the strengths of your organization and personnel.
    • To focus your energy and resources on your critical vendors.

    Executive Summary

    Your challenge

    Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape.

    38%

    2021

    16%

    2021

    47%

    2021

    Spend on as-a-service providers

    Spend on managed services providers

    IT services merger & acquisition growth (transactions)

    Source: Information Services Group, Inc., 2022.

    Executive Summary

    Common obstacles

    When organizations execute, renew, or renegotiate a contract, there is an "expected value" associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

    A contract's realized value with and without a vendor management initiative

    This is an image of a bar graph showing the difference in value between those with and without a VMI, with and for those with a VMI, with Vendor Collaboration and with Vendor Performance Management. The data for those with a VMI have substantially more value.

    Source: Based on findings from Geller & Company, 2003.

    Executive Summary

    Info-Tech's approach

    A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

    This is an image of the 4 Step Vendor Management Process. The four steps are: 1. Plan; 2. Build; 3. Run; 4. Review.

    Info-Tech's methodology for creating and operating your vmi

    Phase 1 - Plan Phase 2 - Build Phase 3 - Run Phase 4 - Review
    Phase Steps

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    Phase Outcomes This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    Insight Summary

    Insight 1

    Vendor management is not "plug and play" – each organization's vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won't look exactly like another organization's. The key is to adapt vendor management principles to fit your needs.

    Insight 2

    All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization's investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Insight 3

    Having a solid foundation is critical to the VMI's ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates "informally", starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Blueprint benefits

    IT benefits

    • Identify and manage risk proactively.
    • Reduce costs and maximize value.
    • Increase visibility with your critical vendors.
    • Improve vendor performance.
    • Create a collaborative environment with key vendors.
    • Segment vendors to allocate resources more effectively and more efficiently.

    Business benefits

    • Improve vendor accountability.
    • Increase collaboration between departments.
    • Improve working relationships with your vendors.
    • Create a feedback loop to address vendor/customer issues before they get out of hand or are more costly to resolve.
    • Increase access to meaningful data and information regarding important vendors.

    Phase 1 - Plan

    Phase 1

    Phase 2 Phase 3 Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Organizing your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, and a desired future state for the VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Procurement/Sourcing
    • IT
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 1 – Plan

    Get Organized

    Phase 1 – Plan focuses on getting organized. Foundational elements (Mission Statement, Goals, Scope, Strengths and Obstacles, Roles and Responsibilities, and Process Mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of starting up your VMI and running it.

    Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to "the good stuff." To a certain extent, the process provided here is like building a house. You wouldn't start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

    Step 1.1 – Mission statement and goals

    Identify why the VMI exists and what it will achieve

    Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a Mission Statement and Goals. Although this is the easiest way to proceed, it is far from easy.

    The Mission Statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The Mission Statement should be no longer than one or two sentences.

    The complement to the Mission Statement is the list of goals for the VMI. Your goals should not be a reassertion of your Mission Statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

    Although the VMI's Mission Statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be reevaluated periodically using a SMART filter, and adjusted as needed.

    1.1.1 – Mission statement and goals

    20 – 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the reasons why the VMI will exist.
    2. Review external mission statements for inspiration.
    3. Review internal mission statements from other areas to ensure consistency.
    4. Draft and document your Mission Statement in the Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals.
    5. Continue brainstorming and identify the high-level goals for the VMI.
    6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
    7. Document your goals in the Phase 1 Tools and Templates Compendium– Tab 1.1 Mission Statement and Goals.
    8. Obtain signoff on the Mission Statement and goals from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission statements from other internal and external sources

    Output

    • Completed Mission Statement and Goals

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.1 Mission Statement and Goals

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.2 – Scope

    Determine what is in scope and out of scope for the VMI

    Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn't do, and the answers cannot always be found in the VMI's Mission Statement and Goals.

    One component of helping others understand the VMI landscape is formalizing the VMI Scope. The Scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI's territory begins and ends. Ultimately, this will help clarify the VMI's roles and responsibilities, improve workflow, and reduce errant assumptions.

    When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work). Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI Scope, and make sure executives and stakeholders are onboard with the final version.

    1.2.1 – Scope

    20 - 40 Minutes

    1. Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the activities and functions in scope and out of scope for the VMI.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all the in-scope items and then turn your attention to the out-of-scope items.
    2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope, but not both.
    3. Use the Phase 1 Tools and Templates Compendium – Tab 1.2 Scope to document the results.
    4. Obtain signoff on the Scope from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission Statement and Goals

    Output

    • Completed list of items in and out of scope for the VMI

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.2 Scope

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.3 – Strengths and obstacles

    Pinpoint the VMI's strengths and obstacles

    A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

    Your output will be two lists: the strengths associated with the VMI and the obstacles the VMI is facing. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

    The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

    For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

    As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

    1.3.1 – Strengths and obstacles

    20 - 40 Minutes

    Meet with the participants and use a brainstorming activity to list, on a whiteboard or flip chart, the VMI's strengths and obstacles.

    Be specific to avoid ambiguity and improve clarity.

    Go back and forth between strengths and obstacles as needed; it is not necessary to list all the strengths first and then all the obstacles.

    It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.

    Review the lists to make sure there is enough specificity.

    Determine how you will leverage each strength and how you will manage each obstacle.

    Use the Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles to document the results.

    Obtain signoff on the strengths and obstacles from stakeholders and executives as required.

    Input

    • Brainstorming
    • Mission Statement and Goals
    • Scope

    Output

    • Completed list of items impacting the VMI's ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

    Materials

    • Whiteboard/Flip Charts
    • Phase 1 Tools and Templates Compendium – Tab 1.3 Strengths and Obstacles

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Step 1.4 – Roles and responsibilities

    Obtain consensus on who is responsible for what

    One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI's Scope referenced in Step 1.2, but additional information is required to avoid stepping on each other's toes; many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or department). While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

    As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* Chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

    This step will lead your through the creation of an OIC* Chart to determine vendor management lifecycle roles and responsibilities. Afterward, you'll be able to say, "Oh, I see clearly who is involved in each part of the process and what their role is."

    *RACI – Responsible, Accountable, Consulted, Informed

    *RASCI – Responsible, Accountable, Support, Consulted, Informed

    *OIC – Owner, Informed, Contributor

    This is an image of a table, where the row headings are: Role 1-5, and the Column Headings are: Step 1-5.

    Step 1.4 – Roles and responsibilities (cont'd)

    Obtain consensus on who is responsible for what

    To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but don't let the chart get out of hand. For each role and step of the lifecycle, ask whether the entry is necessary; does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps. 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is "negotiate contract documents" sufficient or do you need negotiate the contract and negotiate the renewal? The answer will depend on your culture and environment but be wary of creating a spreadsheet that requires an 85-inch monitor to view it.

    After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

    • O – Owner – who owns the process; they may also contribute to it.
    • I – Informed – who is informed about the progress or results of the process.
    • C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

    This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

    1.4.1 – Roles and responsibilities

    1 – 6 hours

    1. Meet with the participants and configure the OIC Chart in the Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart.
      1. Review the steps or activities across the top of the chart and modify as needed.
      2. Review the roles listed along the left side of the chart and modify as needed.
    2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step, I for informed, or C for contributor. Use only one letter per cell.
    3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
    4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
    5. Obtain signoff on the OIC Chart from stakeholders and executives as required.

    Input

    • A list of activities or steps to complete a project starting with requirements gathering and ending with ongoing risk management.
    • A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project.

    Output

    • Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas.

    Materials

    • Phase 1 Tools and Templates Compendium – Tab 1.4 OIC Chart

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 1 Tools and Templates Compendium

    Phase 2 - Build

    Create and configure tools, templates, and processes

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activities:

    • Configuring and creating the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Human Resources
    • Legal
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 2 – Build

    Create and configure tools, templates, and processes

    Phase 2 – Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug and play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

    During this Phase you'll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you'll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

    Step 2.1 – Classification model

    Configure the COST vendor classification tool

    One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech's COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

    COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

    The easiest way to think of the COST model is as a 2 x 2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor's classification align with what is important to you and your organization. However, at this point in your VMI's maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get your started, and that is discussed on the activity slide associated with this Step 2.1.

    This is an image of the COST Vendor Classification Tool.

    Step 2.1 – Classification model (cont'd)

    Configure the COST vendor classification tool

    Common characteristics by vendor management category

    Operational

    Strategic
    • Low to moderate risk and criticality; moderate to high spend and switching costs
    • Product or service used by more than one area
    • Price is a key negotiation point
    • Product or service is valued by the organization
    • Quality or the perception of quality is a differentiator (i.e. brand awareness)
    • Moderate to high risk and criticality; moderate to high spend and switching costs
    • Few competitors and differentiated products and services
    • Product or service significantly advances the organization's vision, mission, and success
    • Well-established in their core industry

    Commodity

    Tactical
    • Low risk and criticality; low spend and switching costs
    • Product or service is readily available from many sources
    • Market has many competitors and options
    • Relationship is transactional
    • Price is the main differentiator
    • Moderate to high risk and criticality; low to moderate spend and switching costs
    • Vendor offerings align with or support one or more strategic objectives
    • Often IT vendors "outside" of IT (i.e. controlled and paid for by other areas)
    • Often niche or new vendors

    Source: Compiled in part from Guth, Stephen. "Vendor Relationship Management Getting What You Paid for (And More)." 2015.

    2.1.1 – Classification model

    15 – 30 Minutes

    1. Meet with the participants to configure the spend ranges in Phase 2 Vendor Classification Tool – Tab 1. Configuration for your environment.
    2. Collect your vendors and their annual spend to sort by largest to lowest.
    3. Update cells F14-J14 in the Classification Model based on your actual data.
      1. Cell F14 – Set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009, 850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
      2. Cell G14 – Set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
      3. Cell H14 – Set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
      4. Cells I14 and J14 – Divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
    4. Ignore the other variables at this time.

    Input

    • Phase 1 List of Vendors by Annual Spend

    Output

    • Configured Vendor Classification Tool

    Materials

    • Phase 2 Vendor Classification Tool – Tab 1. Configuration

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.2 – Risk assessment tool

    Identify risks to measure, monitor, and report on

    One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and others. However, security risk is the high-profile risk, and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

    Risk management is a program, not a project; there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

    While the VMI won't necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function (see Steps 2.12 and 3.8).

    At a minimum, your risk management strategy should involve:

    • Identifying the risks you want to measure and monitor.
    • Identifying your risk appetite (the amount of risk you are willing to live with).
    • Measuring, monitoring, and reporting on the applicable risks.
    • Developing and deploying a risk management plan to minimize potential risk impact.

    Vendor risk is a fact of life, but you do have options for how to handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

    2.2.1 – Risk assessment tool

    30 - 90 Minutes

    1. Meet with the participants to configure the risk indicators in Phase 2 Vendor Risk Assessment Tool – Tab 1. Set parameters for your environment.
    2. Review the risk categories and determine which ones you will be measuring and monitoring.
    3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
    4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
    5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

    Input

    • Scope
    • OIC Chart
    • Process Maps
    • Brainstorming

    Output

    • Configured Vendor Risk Assessment Tool

    Materials

    • Phase 2 Vendor Risk Assessment Tool – Tab 1. Set Parameters

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Vendor Classification Tool

    Step 2.3 – Scorecards and feedback

    Design a two-way feedback loop with your vendors

    A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

    Conceptually, a scorecard is similar to a school report card. At the end of a learning cycle, you receive feedback on how well you do in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some nuances and additional benefits and objectives when compared to a report card.

    Although scorecards can be used in a variety of ways, the focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

    This image contains a table with the score for objectives A-D. The scores are: A4, B3, C5, D4.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Anatomy

    The Info-Tech scorecard includes five areas:

    • Measurement categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what's important. Too many measurement categories make it difficult for the vendor to understand the expectations.
    • Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
    • Measurement category weights. Not all your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
    • Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
    • Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating, or other items that are relevant to the scorecard.

    An overall score is calculated based on the rating for each criteria and the measurement category weights.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Goals and objectives

    Scorecards can be used for a variety of reasons. Some of the common ones are:

    • Improving vendor performance.
    • Conveying expectations to the vendor.
    • Identifying and recognizing top vendors.
    • Increasing alignment between the parties.
    • Improving communication with the vendor.
    • Comparing vendors across the same criteria.
    • Measuring items not included in contract metrics.
    • Identifying vendors for "strategic alliance" consideration.
    • Helping the organization achieve specific goals and objectives.

    Identifying and resolving issues before they impact performance or the relationship.

    Identifying your scorecard drivers first will help you craft a suitable scorecard.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out, and containing meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

    Our recommendation of five categories is provided below. Choose three to five of the categories that help you accomplish your scorecard goals and objectives:

    1. Timeliness – Responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
    2. Cost – Total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
    3. Quality – Accuracy, completeness, mean time to failure, bugs, number of failures, etc.
    4. Personnel – Skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
    5. Risk – Adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

    Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Additional Considerations

    • Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between a 1, 2, 3, 4, and 5. Don't assume your "rating key" will be intuitive.
    • When assigning weights, don't go lower than 10% for any measurement category. If the weight is too low, it won't be relevant enough to have an impact on the total score. If it doesn't "move the needle", don't include it.
    • Final sign-off on the scorecard template should occur outside the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall, and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
    • You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: "The Pygmalion [E]ffect describes situations where someone's high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us."* Convey your expectations and let the vendors' competitive juices take over.
    • While creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors during vendor orientation (see Steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

    *Source: The Decision Lab, n.d.

    Step 2.3 – Scorecards and feedback (cont'd)

    Design a two-way feedback loop with your vendors

    Vendor Feedback

    After you've built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

    You may be tempted to create a formal scorecard for the vendor to use; avoid that temptation until later in your maturity or development of the VMI. You'll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

    For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful – information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

    Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don't be in a rush; as long as the informal method works, keep using it.

    2.3.1 – Scorecards and feedback

    30 – 60 Minutes

    1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
      1. What makes a vendor valuable to your organization?
      2. What differentiates a "good" vendor from a "bad" vendor?
      3. What items would you like to measure and provide feedback on to the vendor to improve performance, the relationship, risk, and other areas?
    2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
    3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors. Choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
    4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
    5. Document your results as you go in Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard.

    Input

    • Brainstorming

    Output

    • Configured Scorecard template

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Scorecard

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    2.3.2 – Scorecards and feedback

    15 to 30 Minutes

    1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
      1. Help you improve the relationship.
      2. Help you improve your processes or performance.
      3. Help you improve ongoing communication.
      4. Help you evaluate your personnel.
    2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
    3. Document both your brainstorming activity and your final results in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The results will be used in Steps 2.4 and 3.5.

    Input

    • Brainstorming

    Output

    • Feedback questions to include with the business alignment meeting agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.4 – Business alignment meeting agenda

    Craft an agenda that meets the needs of the VMI

    A business alignment meeting (BAM) is a multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional operational meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed, and other purposes are served. For example:

    • You can use the BAM to develop the relationship with the vendor's leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list.
    • You can learn about innovations the vendor is working on (without the meeting turning into a sales call).
    • You can address high-level performance trends and request corrective action as needed.
    • You can clarify your expectations.
    • You can educate the vendor about your industry, culture, and organization.
    • You can learn more about the vendor.

    As you build your BAM Agenda, someone in your organization may say, "Oh, that's just a quarterly business review (QBR) or top-to-top meeting." In most instances, an existing QBRs or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, procurement, or another department, "We're going to start running some QBRs for our strategic vendors." The typical response is, "There's no need; we already run QBRs/top-to-top meetings with our important vendors." This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI's needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

    BAMs are conducted at the vendor level, not the contract level. As a result, the frequency of the BAMs will depend on the vendor's classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

    • Commodity vendors – Not applicable
    • Operational vendors – Biannually or annually
    • Strategic vendors – Quarterly
    • Tactical vendors – Quarterly or biannually

    BAMs can help you achieve some additional benefits not previously mentioned:

    • Foster a collaborative relationship with the vendor.
    • Avoid erroneous assumptions by the parties.
    • Capture and provide a record of the relationship (and other items) over time.

    Step 2.4 – Business alignment meeting agenda (cont'd)

    Craft an agenda that meets the needs of the VMI

    As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

    BAM Agenda

    • Opening remarks
      • Welcome and introductions
      • Review of previous minutes
    • Active discussion
      • Review of open issues
      • Scorecard and feedback
      • Current status of projects to ensure situational awareness by the vendor
      • Roadmap/strategy/future projects
      • Accomplishments
    • Closing remarks
      • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
      • Recap
    • Adjourn

    2.4.1 – Business alignment meeting agenda

    20 – 45 Minutes

    1. Meet with the participants and review the sample agenda in Phase 2 Tools and Templates Compendium – Tab 2.4 BAM Agenda.
    2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
      1. Select the items from the sample agenda applicable to your situation.
      2. Add any items required based on your brainstorming.
      3. Add the feedback questions identified during Activity 2.3.2 and documented in Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback.
    3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
    4. Document the final BAM agenda in Phase 2 Tools and Templates Compendium –Tab 2.4 BAM Agenda.

    Input

    • Brainstorming
    • Phase 2 Tools and Templates Compendium – Tab 2.3 Feedback

    Output

    • Configured BAM agenda

    Materials

    • Phase 2 Tools and Templates Compendium – Tab2 .4 BAM Agenda

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.5 – Relationship alignment document

    Draft a document to convey important VMI information to your vendors

    Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.3]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other's expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the Relationship Alignment Document (RAD). Depending upon the Scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

    Early in the VMI's maturation, the easiest approach is to develop a short document (1 one page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on:

    1. What you believe is important for the vendors to understand.
    2. Any other similar information already provided to the vendors.

    The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. You may want vendors to know about your gift policy (e.g. employees may not accept vendor gifts above a nominal value, such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website's vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

    Info-Tech Insight

    The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

    2.5.1 – Relationship alignment document

    1 to 4 Hours

    1. Meet with the participants and review the RAD sample and checklist in Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc.
    2. Determine:
      1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
      2. The concepts you want to include in your RAD(s).
      3. The format for your RAD(s) – traditional, pamphlet, or other.
      4. Whether signoff or acknowledgement will be required by the vendors.
    3. Draft your RAD(s) and work with other internal areas, such as Marketing to create a consistent brand for the RADS, and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
    4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
    5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

    Input

    • Brainstorming
    • Vendor-facing documents, policies, and procedures

    Output

    • Completed Relationship Alignment Document(s)

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.5 Relationship Alignment Doc

    Participants

    • VMI team
    • Marketing, as needed
    • Legal, as needed

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.6 – Vendor orientation

    Create a VMI awareness process to build bridges with your vendors

    Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and "customers" (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations' VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

    Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

    • Orientation
    • Reorientation
    • Debrief

    Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Reorientation

    • Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for several reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:
    • There is a significant change in the vendor's products or services.
    • The vendor has been through a merger, acquisition, or divestiture.
    • A significant contract renewal/renegotiation has recently occurred.
    • Sufficient time has passed from orientation; commonly 2 to 3 years.
    • The vendor has been placed in a "performance improvement plan" or "relationship improvement plan" protocol.
    • Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
    • Substantial turnover has occurred at the vendor at the executive or account management level.
    • The vendor has changed vendor classification categories after the most current classification.
    • As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine the reorientation's scope, scale, and frequency.

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    Debrief

    To continue the analogy from orientation, debrief is like an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization - all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

    Similar to orientation and reorientation, debrief activities will be based on the vendor's classification category within the COST model. Strategic vendors don't go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

    The debrief should provide you with feedback on the vendor's experience with your organization and their participation in your VMI. Additionally, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

    End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don't burn bridges!

    Step 2.6 – Vendor orientation (cont'd)

    Create a VMI awareness process to build bridges with your vendors

    As you create your vendor orientation materials, focus on the message you want to convey.

    • For orientation and reorientation:
      • What is important to you that vendors need to know?
      • What will help the vendors understand more about your organization and your VMI?
      • What and how are you different from other organizations overall, and in your "industry"?
      • What will help them understand your expectations?
      • What will help them be more successful?
      • What will help you build the relationship?
    • For debrief:
      • What information or feedback do you want to obtain?
      • What information or feedback to you want to give?

    The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

    Step 2.7 – Three-year roadmap

    Plot your path at a high level

    1. The VMI exists in many planes concurrently:
    2. It operates both tactically and strategically.

    It focuses on different timelines or horizons (e.g., the past, the present, and the future). Creating a three-year roadmap facilitates the VMI's ability to function effectively across these multiple landscapes.

    The VMI roadmap will be influenced by many factors. The work product from Phase 1 – Plan, input from executives, stakeholders, and internal clients, and the direction of the organization are great sources of information as you begin to build your roadmap.

    To start, identify what you would like to accomplish in year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won't change during the first year of the VMI, but expectations are usually lower, and the short event horizon makes things more predictable during the year-1 ramp-up period.

    Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the year-1 plan into subsequent years and adds to the scope or maturity. For example, you may start year 1 with BAMs and scorecards for three of your strategic vendors; during year 2, you may increase that to five vendors; and during year 3, you may increase that to nine vendors. Or, you may not conduct any market research during year 1, waiting to add it to your roadmap in year 2 or 3 as you mature.

    Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

    2.7.1 – Three-year roadmap

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate year 1 of your three-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
    2. Review the VMI activities listed in Phase 2 Tools and Templates Compendium – Tab 2.7 Three-year roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
    3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
    4. Go back to the top of the list and add information as needed.
      1. For any year-1 or year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g., if a Year 2 activity will continue in year 3, put an X in year 3 as well).
      2. Use the comments column to provide clarifying remarks or additional insights related to your plans or "X's". For example, "Scorecards begin in year 1 with three vendors and will roll out to five vendors in year 2 and nine vendors in year 3."
    5. Obtain signoff from stakeholders, sponsors, and executives as needed.

    Input

    • Phase 1 work product
    • Steps 2.1 – 2.6 work product
    • Brainstorming

    Output

    • High level three-year roadmap for the VMI

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.7 Three-Year Roadmap

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.8 – 90-day plan

    Pave your short-term path with a series of detailed quarterly plans

    Now that you have prepared a three-year roadmap, it's time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

    The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

    Activities.

    • Tasks comprising each activity.
    • Who will be performing the tasks.
    • An estimate of the time required per person per task.
    • An estimate of the total time to achieve the activity.
    • A due date for the activity.
    • A priority of the activity.

    The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the three-year roadmap and the leadership team, as necessary.

    2.8.1 – 90-day plan

    45 – 90 Minutes

    1. Meet with the participants and decide how to coordinate the first "90-day" plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
    2. Looking at the year-1 section of the three-year roadmap, identify the activities that will be started during the next 90 days.
    3. Using the Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
      1. Activity description.
      2. Tasks required to complete the activity (be specific and descriptive).
      3. The people who will be performing each task.
      4. The estimated number of hours required to complete each task.
      5. The start date and due date for each task or the activity.
    4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
    5. Assign a priority to each Activity.

    Input

    • Three-Year Roadmap
    • Phase 1 work product
    • Steps 2.1 – 2.7 work product
    • Brainstorming

    Output

    • Detailed plan for the VMI for the next quarter or "90" days

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.8 90-Day Plan

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.9 – Quick wins

    Identify potential short-term successes to gain momentum and show value immediately

    As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

    As you evaluate your list of potential candidates, look for things that:

    • Are achievable within the stated timeline.
    • Don't require a lot of effort.
    • Involve stopping a certain process, activity, or task; this is sometimes known as a "stop doing stupid stuff" approach.
    • Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
    • Have a moderate to high impact or bolster the VMI's reputation.

    As you look for quick wins, you may find that everything you identify does not meet the criteria. That's okay; don't force the issue. Return your focus to the 90-day plan and three-year roadmap and update those documents if the brainstorming activity associated with Step 2.9 identified anything new.

    2.9.1 – Quick wins

    15 - 30 Minutes

    1. Meet with the participants and review the three-year roadmap and 90-day plan. Determine if any item on either document can be completed:
      1. Quickly (30 days or less).
      2. With minimal effort.
      3. To provide or show moderate to high levels of value or provide the VMI with momentum.
    2. Brainstorm to identify any other items that meet the criteria in step 1 above.
    3. Compile a comprehensive list of these items and select up to five to pursue.
    4. Document the list in the Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins.
    5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

    Input

    • Three-Year Roadmap
    • 90-Day Plan
    • Brainstorming

    Output

    • A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.9 Quick Wins

    Participants

    • VMI team

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Step 2.10 – Reports

    Construct your reports to resonate with your audience

    Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI's internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

    Before building a report, think about your intended audience:

    • What information are they looking for? What will help them understand the big picture?
    • What level of detail is appropriate, keeping in mind the audience may not be like-minded?
    • What items are universal to all the readers and what items are of interest to one or two readers?
    • How easy or hard will it be to collect the data? Who will be providing it, and how time consuming will it be?
    • How accurate, valid, and timely will the data be?
    • How frequently will each report need to be issued?

    Step 2.10 – Reports (cont'd)

    Construct your reports to resonate with your audience

    Use the following guidelines to create reports that will resonate with your audience:

    • Value information over data, but sometimes data does have a place in your report.
    • Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
    • Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
    • Send a draft report to the internal audience and seek feedback, keeping in mind you won't be able to cater to or please everyone.

    2.10.1 – Reports

    15 – 45 Minutes

    1. Meet with the participants and review the applicable work product from Phase 1 and Phase 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
    2. Determine which items will be reported and to whom (by category):
      1. Internally to personnel within the VMI.
      2. Internally to personnel outside the VMI.
      3. Externally to vendors.
    3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
    4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
    5. Document your final choices in Phase 2 Tools and Templates Compendium – Tab 2.10 Reports.

    Input

    • Brainstorming
    • Phase 1 work product
    • Steps 2.1 – 2.11 work product

    Output

    • A list of reports used by the VMI
    • For each report
      • The conceptual content
      • A list of who will receive or have access
      • A creation/distribution frequency

    Materials

    • Phase 2 Tools and Templates Compendium – Tab 2.10 Reports

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Download the Info-Tech Phase 2 Tools and Templates Compendium

    Phase 3 - Run

    Implement your processes and leverage your tools and templates

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Beginning to operate the VMI. The main outcomes from this phase are guidance and the steps required to initiate your VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 3 – Run

    Implement your processes and leverage your tools and templates

    All the hard work invested in Phase 1 – Plan and Phase 2 – Build begins to pay off in Phase 3 – Run. It's time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There's more hard work ahead, but the foundational elements are in place. This doesn't mean there won't be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

    Phase 3 – Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

    • Manage risk better.
    • Improve vendor performance.
    • Improve vendor relationships.
    • Identify areas where the parties can improve.
    • Improve communication between the parties.
    • Increase the value proposition with your vendors.

    Step 3.1 – Classify vendors

    Begin classifying your top 25 vendors by spend

    Step 3.1 sets the table for many of the subsequent steps in Phase 3 – Run. The results of your classification process will determine which vendors go through the scorecarding process (Step 3.2); which vendors participate in BAMs (Step 3.3), and which vendors you will devote relationship-building resources to (Step 3.6).

    As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

    1. Identify your top 25 vendors by spend.
    2. Run your top 10 vendors by spend through the classification model and review the results.
      1. If the results are what you expected and do not contain any significant surprises, go to 3. on the next page.
      2. If the results are not what you expected or do contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page - some legitimate results are unexpected, or are surprises based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

    Step 3.1 – Classify vendors (cont'd)

    Review your results and adjust the classification tool as needed

    1. Run your top 11-through-25 vendors by spend through the classification model and review the results. Identify any unexpected results. Determine if further configuration makes sense and repeat the process outlined in 2.b., previous page, as necessary. If no further modifications are required, continue to 4., below.
    2. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
      1. They may have questions and want to understand the process before approving the results.
      2. They may request that you move a vendor from one quadrant to another based on your organization's roadmap, the vendor's roadmap, or other information not available to you.
    3. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI's scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

    Step 3.1 – Classify vendors (cont'd)

    Finalize the results and update VMI tools and templates

    1. Update the vendor inventory tool (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the vendor inventory tool by classification status to see all the vendors in that category at once.
    2. Review your three-year roadmap (Step 2.9) and 90-day plans (Step 2.6) to determine if any modifications are needed to the activities and timelines.

    Additional classification considerations:

    • You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have many vendors, even 5% may be too many. the classification model is an objective start to the classification process, but common sense must prevail over the "math" at the end of the day.
    • At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can't handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI's rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

    Step 3.1 – Classify vendors (cont'd)

    Align your vendor strategy to your classification results

    As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all your vendors are of equal importance.

    Operational

    Strategic
    • Focus on spend containment
    • Concentrate on lowering total cost of ownership
    • Invest moderately in cultivating the relationship
    • Conduct BAMs biannually or annually
    • Compile scorecards quarterly or biannually
    • Identify areas for performance and cost improvement
    • Focus on value, collaboration, and alignment
    • Review market intelligence for the vendor's industry
    • Invest significantly in cultivating the relationship
    • Initiate executive-to-executive relationships
    • Conduct BAMs quarterly
    • Compile scorecards quarterly
    • Understand how the vendors view your organization

    Commodity

    Tactical
    • Investigate vendor rationalization and consolidation
    • Negotiate for the best-possible price
    • Leverage competition during negotiations
    • Streamline the purchasing and payment process
    • Allocate minimal VMI resources
    • Assign the lowest priority for vendor management metrics
    • Conduct risk assessments biannually or annually
    • Cultivate a collaborative relationship based on future growth plans or potential with the vendor
    • Conduct BAMs quarterly or biannually
    • Compile scorecards quarterly
    • Identify areas of performance improvement
    • Leverage innovation and creative problem solving

    Step 3.1 – Classify vendors (cont'd)

    Be careful when using the word "partner" with your strategic and other vendors

    For decades, vendors have used the term "partner" to refer to the relationship they have with their clients and customers. This is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms "partner" and "partnership", let's evaluate them through two more objective, less cynical lenses.

    If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

    What about a "business" partnership — one that doesn't involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

    • Trust and transparent communication exist.
    • You have input into the vendor's roadmap for products and services.
    • The vendor is aligned with your desired outcomes and helps you achieve success.
    • You and the vendor are accountable for actions and inactions, with both parties being at risk.
    • There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
    • The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
    • You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
    • The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
    • Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

    Step 3.1 – Classify vendors (cont'd)

    Understand the implications and how to leverage the words "partner" and "partnership"

    By now you might be thinking, "What's all the fuss? Why does it matter?" At Info-Tech, we've seen firsthand how referring to the vendor as a partner can have the following impact:

    • Confidences are disclosed unnecessarily.
    • Negotiation opportunities and leverage are lost.
    • Vendors no longer have to earn the customer's business.
    • Vendor accountability is missing due to shared responsibilities.
    • Competent skilled vendor resources are assigned to other accounts.
    • Value erodes over time since contracts are renewed without being competitively sourced.
    • One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

    Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: be strategic in how you refer to vendors and know the risks.

    Step 3.2 – Compile scorecards

    Begin scoring your top vendors

    The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprised of sub-teams where necessary.

    The VMI will compile the scores, calculate the final results, and aggregate all the comments into one scorecard. There are two common ways to approach this task:

    1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you need it; you'll need time to compile, calculate, and aggregate.
    2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

    Step 3.2 – Compile scorecards (cont'd)

    Gather input from stakeholders and others impacted by the vendors

    Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure he right mix of data is provided. For example:

    • If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
    • If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
    • If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

    Where one person is contributing exclusively to limited criteria, make it easy for them to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus as a group.

    After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

    Make sure your process timeline has a buffer built in. You'll be sending the final scorecard to the vendor three to five days before the BAM, and you'll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other "priorities" will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared, due to things beyond its control.

    Step 3.3 – Conduct business alignment meetings

    Determine which vendors will participate and how long the meetings will last

    At their core, BAMs aren't that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs. Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

    Who

    Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time you'll add vendors until all your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all your strategic, tactical, and operational vendors.

    Duration

    Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 minutes to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Identify who will be invited and send out invitations

    Invitations

    Set up a recurring meeting whenever possible. Changes will be inevitable but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won't change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is usually sufficient, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor's leadership team (and maybe yours as well!).

    Invitees

    Internal invitees should include those with a vested interest in the vendor's performance and the relationship. Other functional areas may be invited based on need or interest. Be careful the attendee list doesn't get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

    From the vendor's side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the product or service delivery area is a good choice. Bottom line: get as high into the vendor's organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Prepare for the Meetings and Maintain Control

    Preparation

    Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior, as well.

    Decide who will run the meeting. Some customers like to lead, and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

    Make sure the vendor knows what materials they should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don't want the vendor to be caught off guard and unable to discuss a matter of importance to you.

    Running the BAM

    Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor's, not IT's, not Procurement's or Sourcing's. Don't let anyone hijack it.

    Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

    Remember, this is not a sales call, and it is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

    Step 3.3 – Conduct business alignment meetings (cont'd)

    Follow these additional guidelines to maximize your meetings

    More leading practices

    • Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
    • Publish the meeting minutes on a timely basis (within 48 hours).
    • Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
    • Meet internally immediately beforehand to prepare – don't go in cold. Review the agenda and the roles and responsibilities for the attendees.
    • Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

    Final thoughts

    • When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
    • Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
    • Use inclusive language and avoid language that puts the vendor on the defensive.
    • Make sure that your meetings are not focused exclusively on the negative, but don't paint a rosy picture where one doesn't exist.
    • A vendor that is doing well should be commended. This is an important part of relationship building.

    Step 3.4 – Work the 90-day plan

    Monitor your progress and share your results

    Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won't take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn't created in vain.

    1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
    2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
    3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of hiccup along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
    4. Report on progress every week and hold people accountable for their assignments and contributions.
    5. Take the 90-day plan seriously and treat it as you would any significant project. This is part of the VMI's branding and image.

    Step 3.5 – Manage the three-year roadmap

    Keep an eye on the future since it will feed the present

    The three-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three "crystal balls" attempting to tell you what the future holds. The vision for year 1 may be clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and year 2 becomes year 1.

    To help navigate through the roadmap and maximize its potential, follow these principles:

    • Manage each year of the roadmap differently.
      • Review the year-1 map each quarter to update your 90-day plans (See steps 2.10 and 3.4).
      • Review the year-2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of year 2 will be 6 months or 12 months away from the beginning of year 2, and time moves quickly.
      • Review the year-3 map annually, and determine what needs to be added, changed, or deleted. Each time you review year 3, it will be a "new" year 3 that needs to be built.
    • Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
    • Validate all modifications with leadership and stakeholders before updating the three-year roadmap to ensure internal alignment.

    Step 3.6 – Develop/improve vendor relationships

    Drive better performance through better relationships

    One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don't happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

    In many respects, the VMI should mirror a vendor's sales organization by establishing relationships at multiple levels within the vendor organizations, not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

    Business relationships are comprised of many components, not all of which must be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:

    • Focusing your energies on strategic vendors first and then tactical and operational vendors.
    • Being transparent and honest in your communications.
    • Continuously building trust by being responsive and honoring commitments (timely).
    • Creating a collaborative environment and build upon common ground.
    • Thanking the vendor when appropriate.
    • Resolving disputes early, avoiding the "blame game", and being objective when there are disagreements.

    Phase 4 - Review

    Keep your VMI up to date and running smoothly

    Phase 1

    Phase 2Phase 3Phase 4

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    2.1 Classification Model

    2.2 Risk Assessment Tool

    2.3 Scorecards and Feedback

    2.4 Business Alignment Meeting Agenda

    2.5 Relationship Alignment Document

    2.6 Vendor Orientation

    2.7 3-Year Roadmap

    2.8 90-Day Plan

    2.9 Quick Wins

    2.10 Reports

    3.1 Classify Vendors

    3.2 Compile Scorecards

    3.3 Conduct Business Alignment Meetings

    3.4 Work the 90-Day Plan

    3.5 Manage the 3-Year Roadmap

    3.6 Develop/Improve Vendor Relationships

    4.1 Incorporate Leading Practices

    4.2 Leverage Lessons Learned

    4.3 Maintain Internal Alignment

    This phase will walk you through the following activity:

    • Helping the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Vendor Management Initiative Basics for the Small/Medium Businesses

    Phase 4 – Review

    Keep your VMI up to date and running smoothly

    As the adage says, "The only thing constant in life is change." This is particularly true for your VMI. It will continue to mature, people inside and outside of the VMI will change, resources will expand or contract from year to year, your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you'll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person's health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up-to-date and running smoothly takes hard work.

    Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

    Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won't happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, not reactive!

    Step 4.1 – Incorporate leading practices

    Identify and evaluate what external VMIs are doing

    The VMI's world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we're looking at you COVID and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

    At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

    Step 4.1 – Incorporate leading practices (cont'd)

    Update your VMI based on your research

    • A simple approach for incorporating leading practices into your regular review process is set out below:
    • Research:
      • What other VMIs in your industry are doing.
      • What other VMIs outside your industry are doing.
      • Vendor management in general.
    • Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
    • Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
    • Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

    Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit in your culture and environment; in other instances, you will elect not to implement them at all (in any form).

    Step 4.2 – Leverage lessons learned

    Tap into the collective wisdom and experience of your team members

    There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4 - Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

    • Documented institutional wisdom and knowledge normally found only in the team members' brains.
    • The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
    • Improved methodologies, tools, processes, procedures, skills, and relationships.

    Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is deposited in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular input meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics; timeliness of the deposits is a crucial element.

    Step 4.2 – Leverage lessons learned (cont'd)

    Create a library to share valuable information across the team

    Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes, as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

    • A brief description of the situation and outcome.
    • What went well (if anything) and why did it go well?
    • What didn't go well (if anything) and why didn't it go well?
    • What would/could you do differently next time?
    • A synopsis of the lesson(s) learned.

    Info-Tech Insights

    The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

    the lessons learned process should be blameless. The goal is to share insightful information, not to reward or punish people based on outcomes or results.

    Step 4.3 – Maintain internal alignment

    Review the plans of other internal areas to stay in sync

    Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI's alignment within the enterprise helps reduce any breakdowns that could derail the organization.

    To ensure internal alignment:

    • Review the key components of the applicable materials from Phase 1 - Plan and Phase 2 - Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience's interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
    • Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don't have access.
      • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
      • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
      • The organization itself.
    • Create and vet a list of modifications to the VMI and obtain approval.
    • Develop a plan for making the necessary changes.

    Summary of Accomplishment

    Problem solved

    Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is it's scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

    Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization's investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

    At the heart of a good VMI is the relationship component. Don't overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

    Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    Contact your account representative for more information

    workshops@infotech.com
    1-888-670-8889

    Related Info-Tech Research

    Prepare for Negotiations More Effectively
    Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

    Understand Common IT Contract Provisions to Negotiate More Effectively
    Info-Tech's guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

    Capture and Market the ROI of Your VMO
    Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech's tools and templates help you account for the contributions made by your VMO.

    Bibliography

    Slide 5 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 6 – ISG Index 4Q 2021, Information Services Group, Inc., 2022.

    Slide 7 – Geller & Company. "World-Class Procurement — Increasing Profitability and Quality." Spend Matters. 2003. Web. Accessed 4 Mar. 2019.

    Slide 26 – Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print. Protiviti. Enterprise Risk Management. Web. 16 Feb. 2017.

    Slide 34 – "Why Do We Perform Better When Someone Has High Expectations of Us?" The Decision Lab. Accessed January 31, 2022.

    Slide 56 - Top 10 Tips for Creating Compelling Reports," October 11, 2019, Design Eclectic. Accessed March 29, 2022.

    Slide 56 – "Six Tips for Making a Quality Report Appealing and Easy To Skim," Agency for Health Research and Quality. Accessed March 29, 2022.

    Slide 56 –Tucker, Davis. Marketing Reporting: Tips to Create Compelling Reports, March 28, 2020, 60 Second Marketer. Accessed March 29, 2022.

    Proactively Identify and Mitigate Vendor Risk

    • Buy Link or Shortcode: {j2store}227|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • IT priorities are focused on daily tasks, pushing risk management to secondary importance and diverging from a proactive environment.
    • IT leaders are relying on an increasing number of third-party technology vendors and outsourcing key functions to meet the rapid pace of change within IT.
    • Risk levels can fluctuate over the course of the partnership, requiring manual process checks and/or automated solutions.

    Our Advice

    Critical Insight

    • Every IT vendor carries risks that have business implications. These legal, financial, security, and operational risks could inhibit business continuity and IT can’t wait until an issue arises to act.
    • Making intelligent decisions about risks without knowing what their financial impact will be is difficult. Risk impact must be quantified.
    • You don’t know what you don’t know, and what you don’t know, can hurt you. To find hidden risks, you must use a structured risk identification method.

    Impact and Result

    • A thorough risk assessment in the selection phase is your first line of defense. If you follow the principles of vendor risk management, you can mitigate collateral losses following an adverse event.
    • Make a conscious decision whether to accept the risk based on time, priority, and impact. Spend the required time to correctly identify and enact defined vendor management processes that determine spend categories and appropriately evaluate potential and preferred suppliers. Ensure you accurately assess the partnership potential.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s most significant risks before they happen.

    Proactively Identify and Mitigate Vendor Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to create a vendor risk management program that minimizes your organization’s vulnerability and mitigates adverse scenarios.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review vendor risk fundamentals and establish governance

    Review IT vendor risk fundamentals and establish a risk governance framework.

    • Proactively Identify and Mitigate Vendor Risk – Phase 1: Review Vendor Risk Fundamentals and Establish Governance
    • Vendor Risk Management Maturity Assessment Tool
    • Vendor Risk Management Program Manual
    • Risk Event Action Plan

    2. Assess vendor risk and define your response strategy

    Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.

    • Proactively Identify and Mitigate Vendor Risk – Phase 2: Assess Vendor Risk and Define Your Response Strategy
    • Vendor Classification Model Tool
    • Vendor Risk Profile and Assessment Tool
    • Risk Costing Tool
    • Risk Register Tool

    3. Monitor, communicate, and improve IT vendor risk process

    Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.

    • Proactively Identify and Mitigate Vendor Risk – Phase 3: Monitor, Communicate, and Improve IT Vendor Risk Process
    • Risk Report
    [infographic]

    Workshop: Proactively Identify and Mitigate Vendor Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Prepare for the Workshop

    The Purpose

    To prepare the team for the workshop.

    Key Benefits Achieved

    Avoids delays and interruptions once the workshop is in progress.

    Activities

    1.1 Send workshop agenda to all participants.

    1.2 Prepare list of vendors and review any contracts provided by them.

    1.3 Review current risk management process.

    Outputs

    All necessary participants assembled

    List of vendors and vendor contracts

    Understanding of current risk management process

    2 Review Vendor Risk Fundamentals and Establish Governance

    The Purpose

    Review IT vendor risk fundamentals.

    Assess current maturity and set risk management program goals.

    Engage stakeholders and establish a risk governance framework.

    Key Benefits Achieved

    Understanding of organizational risk culture and the corresponding risk threshold.

    Obstacles to effective IT risk management identified.

    Attainable goals to increase maturity established.

    Understanding of the gap to achieve vendor risk readiness.

    Activities

    2.1 Brainstorm vendor-related risks.

    2.2 Assess current program maturity.

    2.3 Identify obstacles and pain points.

    2.4 Develop risk management goals.

    2.5 Develop key risk indicators (KRIs) and escalation protocols.

    2.6 Gain stakeholders’ perspective.

    Outputs

    Vendor risk management maturity assessment

    Goals for vendor risk management

    Stakeholders’ opinions

    3 Assess Vendor Risk and Define Your Response Strategy

    The Purpose

    Categorize vendors.

    Prioritize assessed risks.

    Key Benefits Achieved

    Risk events prioritized according to risk severity – as defined by the business.

    Activities

    3.1 Categorize vendors.

    3.2 Map vendor infrastructure.

    3.3 Prioritize vendors.

    3.4 Identify risk contributing factors.

    3.5 Assess risk exposure.

    3.6 Calculate expected cost.

    3.7 Identify risk events.

    3.8 Input risks into the Risk Register Tool.

    Outputs

    Vendors classified and prioritized

    Vendor risk exposure

    Expected cost calculation

    4 Assess Vendor Risk and Define Your Response Strategy (continued)

    The Purpose

    Determine risk threshold and contract clause relating to risk prevention.

    Identify and assess risk response actions.

    Key Benefits Achieved

    Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.

    Risk response strategies have been identified for all key risks.

    Authoritative risk response recommendations can be made to senior leadership.

    Activities

    4.1 Determine the threshold for (un)acceptable risk.

    4.2 Match elements of the contract to related vendor risks.

    4.3 Identify and assess risk responses.

    Outputs

    Thresholds for (un)acceptable risk

    Risk responses

    5 Monitor, Communicate, and Improve IT Vendor Risk Process

    The Purpose

    Communicate top risks to management.

    Assign accountabilities and responsibilities for risk management process.

    Establish monitoring schedule.

    Key Benefits Achieved

    Risk monitoring responsibilities are established.

    Transparent accountabilities and established ongoing improvement of the vendor risk management program.

    Activities

    5.1 Create a stakeholder map.

    5.2 Complete RACI chart.

    5.3 Establish the reporting schedule.

    5.4 Finalize the vendor risk management program.

    Outputs

    Stakeholder map

    Assigned accountability for risk management

    Established monitoring schedule

    Risk report

    Vendor Risk Management Program Manual

    Cost-Optimize Your Security Budget

    • Buy Link or Shortcode: {j2store}250|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $2,078 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • The security budget has been slashed and the team needs to do more with less.
    • Mitigating risk is still the top priority, only now we need to reassess effectiveness and efficiency to ensure we are getting the greatest level of protection for the least amount of money.

    Our Advice

    Critical Insight

    A cost-optimized security budget is one that has the greatest impact on risk for the least amount of money spent.

    Impact and Result

    • Focus on business needs and related risks. Review the risk-reduction efficacy of your people, processes, and technology and justify what can be cut and what must stay.
    • Info-Tech will guide you through this process, and by the end of this blueprint you will have a cost-optimized security budget and an executive presentation to explain your revised spending.

    Cost-Optimize Your Security Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should cost-optimize your security budget, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Cost-optimize your technology and managed services

    This phase will help you assess the efficacy of your current technology and service providers.

    • Threat and Risk Assessment Tool
    • In-House vs. Outsourcing Decision-Making Tool

    2. Cost-optimize your staffing

    This phase will help you assess if layoffs are necessary.

    • Security Employee Layoff Selection Tool

    3. Cost-optimize your security strategy

    This phase will help you revise the pending process-based initiatives in your security strategy.

    • Security Cost Optimization Workbook
    • Security Cost Optimization Executive Presentation
    [infographic]

    Negotiate SaaS Agreements That Are Built to Last

    • Buy Link or Shortcode: {j2store}137|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $72,298 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Internal stakeholders usually have different – and often conflicting – needs and expectations that require careful facilitation and management.
    • SaaS solutions bring forth a unique form of “switching costs” that can make a decision to migrate solutions financially, technically, and politically painful.

    Our Advice

    Critical Insight

    • Conservatively, it’s possible to save 5% of the overall IT budget through comprehensive software and SaaS contract review.
    • Focus on the terms and conditions, not just the price.
    • Learning to negotiate is crucial.

    Impact and Result

    • Take control of your SaaS contract negotiations from the beginning.
    • Look at your contract holistically to find cost savings.
    • Guide communication between vendors and your organization for the duration of contract negotiations.
    • Redline the terms and conditions of your SaaS contract.
    • Prioritize crucial terms and conditions to negotiate.

    Negotiate SaaS Agreements That Are Built to Last Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to redline and negotiate a SaaS agreement, review Info-Tech’s methodology, and understand the different ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Gather requirements

    Build and manage the stakeholder team, and then document the business use case.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 1: Gather Requirements
    • RASCI Chart
    • Vendor Communication Management Plan
    • Software Business Use Case Template
    • SaaS TCO Calculator

    2. Redline contract

    Redline the proposed SaaS contract.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 2: Redline Contract
    • SaaS Terms and Conditions Evaluation Tool

    3. Negotiate contract

    Create a thorough negotiation plan.

    • Negotiate SaaS Agreements That Are Built to Last – Phase 3: Negotiate Contract
    • SaaS Contract Negotiation Terms Prioritization Checklist
    • Controlled Vendor Communications Letter
    • Key Vendor Fiscal Year End Calendar
    • Contract Negotiation Tactics Playbook
    [infographic]

    Workshop: Negotiate SaaS Agreements That Are Built to Last

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect and Review Data

    The Purpose

    Assemble documentation.

    Key Benefits Achieved

    Understand current position before going forward.

    Activities

    1.1 Assemble existing contracts.

    1.2 Document their strategic and tactical objectives.

    1.3 Identify current status of the vendor relationship and any historical context.

    1.4 Clarify goals for ideal future state.

    Outputs

    Business Use Case.

    2 Define the Business Use Case and Build a Stakeholder Team

    The Purpose

    Define the business use case and build a stakeholder team.

    Key Benefits Achieved

    Create a business use case to document functional and non-functional requirements.

    Build an internal cross-functional stakeholder team to negotiate the contract.

    Activities

    2.1 Establish a negotiation team and define roles.

    2.2 Write a communication plan.

    2.3 Complete a business use case.

    Outputs

    RASCI Matrix

    Communications Plan

    SaaS TCO Calculator

    Business Use Case

    3 Redline the Contract

    The Purpose

    Examine terms and conditions and prioritize for negotiation.

    Key Benefits Achieved

    Discover cost savings.

    Improve agreement terms.

    Prioritize terms for negotiation.

    Activities

    3.1 Review general terms and conditions.

    3.2 Review license and application specific terms and conditions.

    3.3 Match to business and technical requirements.

    3.4 Redline the agreement.

    Outputs

    SaaS Terms and Conditions Evaluation Tool

    SaaS Contract Negotiation Terms Prioritization Checklist

    4 Build a Negotiation Strategy

    The Purpose

    Create a negotiation strategy.

    Key Benefits Achieved

    Controlled communication established.

    Negotiation tactics chosen.

    Negotiation timeline plotted.

    Activities

    4.1 Review vendor and application specific negotiation tactics.

    4.2 Build negotiation strategy.

    Outputs

    Contract Negotiation Tactics Playbook

    Controlled Vendor Communications Letter

    Key Vendor Fiscal Year End Calendar

    Leverage Big Data by Starting Small

    • Buy Link or Shortcode: {j2store}201|cart{/j2store}
    • member rating overall impact: 7.0/10 Overall Impact
    • member rating average dollars saved: 3 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • The desire for rapid decision making is increasing and the complexity of data sources is growing; business users want access to several new data sources, but in a way that is controlled and easily consumable.
    • Organizations may understand the transformative potential of a big data initiative, but struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of that ecosystem may cause a paralysis for organizations.

    Our Advice

    Critical Insight

    • Big data is simply data. With technological advances, what was once considered big data is now more approachable for all organizations irrespective of size.
    • The variety element is the key to unlocking big data value. Drill down into your specific use cases more effectively by focusing on what kind of data you should use.
    • Big data is about deep analytics. Deep doesn’t mean difficult. Visualization of data, integrating new data, and understanding associations are ways to deepen your analytics.

    Impact and Result

    • Establish a foundational understanding of what big data entails and what the implications of its different elements are for your organization.
    • Confirm your current maturity for taking on a big data initiative, and make considerations for core data management practices in the context of incorporating big data.
    • Avoid boiling the ocean by pinpointing use cases by industry and functional unit, followed by identifying the most essential data sources and elements that will enable the initiative.
    • Leverage a repeatable pilot project framework to build out a successful first initiative and implement future projects en-route to evolving a big data program.

    Leverage Big Data by Starting Small Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should leverage big data, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Undergo big data education

    Build a foundational understanding of the current big data landscape.

    • Leverage Big Data by Starting Small – Phase 1: Undergo Big Data Education

    2. Assess big data readiness

    Appraise current capabilities for handling a big data initiative and revisit the key data management practices that will enable big data success.

    • Leverage Big Data by Starting Small – Phase 2: Assess Big Data Readiness
    • Big Data Maturity Assessment Tool

    3. Pinpoint a killer big data use case

    Armed with Info-Tech’s variety dimension framework, identify the top use cases and the data sources/elements that will power the initiative.

    • Leverage Big Data by Starting Small – Phase 3: Pinpoint a Killer Big Data Use Case
    • Big Data Use-Case Suggestion Tool

    4. Structure a big data proof-of-concept project

    Leverage a repeatable framework to detail the core components of the pilot project.

    • Leverage Big Data by Starting Small – Phase 4: Structure a Big Data Proof-of-Concept Project
    • Big Data Work Breakdown Structure Template
    • Data Scientist
    • Big Data Cost/Benefit Tool
    • Big Data Stakeholder Presentation Template
    • Big Data Communication Tracking Template
    [infographic]

    Workshop: Leverage Big Data by Starting Small

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Undergo Big Data Education

    The Purpose

    Understand the basic elements of big data and its relationship to traditional business intelligence.

    Key Benefits Achieved

    Common, foundational knowledge of what big data entails.

    Activities

    1.1 Determine which of the four Vs is most important to your organization.

    1.2 Explore new data through a social lens.

    1.3 Brainstorm new opportunities for enhancing current reporting assets with big data sources.

    Outputs

    Relative importance of the four Vs from IT and business perspectives

    High-level improvement ideas to report artifacts using new data sources

    2 Assess Your Big Data Readiness

    The Purpose

    Establish an understanding of current maturity for taking on big data, as well as revisiting essential data management practices.

    Key Benefits Achieved

    Concrete idea of current capabilities.

    Recommended actions for developing big data maturity.

    Activities

    2.1 Determine your organization’s current big data maturity level.

    2.2 Plan for big data management.

    Outputs

    Established current state maturity

    Foundational understanding of data management practices in the context of a big data initiative

    3 Pinpoint Your Killer Big Data Use Case

    The Purpose

    Explore a plethora of potential use cases at the industry and business unit level, followed by using the variety element of big data to identify the highest value initiative(s) within your organization.

    Key Benefits Achieved

    In-depth characterization of a pilot big data initiative that is thoroughly informed by the business context.

    Activities

    3.1 Identify big data use cases at the industry and/or departmental levels.

    3.2 Conduct big data brainstorming sessions in collaboration with business stakeholders to refine use cases.

    3.3 Revisit the variety dimension framework to scope your big data initiative in further detail.

    3.4 Create an organizational 4-column data flow model with your big data sources/elements.

    3.5 Evaluate data sources by considering business value and risk.

    3.6 Perform a value-effort assessment to prioritize your initiatives.

    Outputs

    Potential big data use cases

    Potential initiatives rooted in the business context and identification of valuable data sources

    Identification of specific data sources and data elements

    Characterization of data sources/elements by value and risk

    Prioritization of big data use cases

    4 Structure a Big Data Proof-of-Concept Project

    The Purpose

    Put together the core components of the pilot project and set the stage for enterprise-wide support.

    Key Benefits Achieved

    A repeatable framework for implementing subsequent big data initiatives.

    Activities

    4.1 Construct a work breakdown structure for the pilot project.

    4.2 Determine your project’s need for a data scientist.

    4.3 Establish the staffing model for your pilot project.

    4.4 Perform a detailed cost/benefit analysis.

    4.5 Make architectural considerations for supporting the big data initiative.

    Outputs

    Comprehensive list of tasks for implementing the pilot project

    Decision on whether or not a data scientist is needed, and where data science capabilities will be sourced

    RACI chart for the project

    Big data pilot cost/benefit summary

    Customized, high-level architectural model that incorporates technologies that support big data

    Into the Metaverse

    • Buy Link or Shortcode: {j2store}95|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Define the metaverse.
    • Understand where Meta and Microsoft are going and what their metaverse looks like today.
    • Learn about other solution providers implementing the enterprise metaverse.
    • Identify risks in deploying metaverse solutions and how to mitigate them.

    Our Advice

    Critical Insight

    • A metaverse experience must combine the three Ps: user presence is represented, the world is persistent, and data is portable.

    Impact and Result

    • Understand how Meta and Microsoft define the Metaverse and the coming challenges that enterprises will need to solve to harness this new digital capability.

    Into the Metaverse Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Into the Metaverse – A deck that examines how IT can prepare for the new digital world

    Push past the hype and understand what the metaverse really means for IT.

    • Into the Metaverse Storyboard

    Infographic

    Further reading

    Into the Metaverse

    How IT can prepare for the new digital world.

    Analyst Perspective

    The metaverse is still a vision of the future.

    Photo of Brian Jackson, Research Director, CIO, Info-Tech Research Group.

    On October 28, 2021, Mark Zuckerberg got up on stage and announced Facebook's rebranding to Meta and its intent to build out a new business line around the metaverse concept. Just a few days later, Microsoft's CEO Satya Nadella put forward his own idea of the metaverse at Microsoft Ignite. Seeing two of Silicon Valley's most influential companies pitch a vision of avatar-driven virtual reality collaboration sparked our collective curiosity. At the heart of it lies the question, "What is the metaverse, anyway?“

    If you strip back the narrative of the companies selling you the solutions, the metaverse can be viewed as technological convergence. Years of development on mixed reality, AI, immersive digital environments, and real-time communication are culminating in a totally new user experience. The metaverse makes the digital as real as the physical. At least, that's the vision.

    It will be years yet before the metaverse visions pitched to us from Silicon Valley stages are realized. In the meantime, understanding the individual technologies contributing to that vision can help CIOs realize business value today. Join me as we delve into the metaverse.

    Brian Jackson
    Research Director, CIO
    Info-Tech Research Group

    From pop culture to Silicon Valley

    Sci-fi visionaries are directly involved in creating the metaverse concept

    The term “metaverse” was coined by author Neal Stephenson in the 1992 novel “Snow Crash.” In the novel, main character Hiro Protagonist interacts with others in a digitally defined space. Twenty-five years after its release, the cult classic is influential among Silicon Valley's elite. Stephenson has played some key roles in Silicon Valley firms. He became the first employee at Blue Origin, the space venture founded by Jeff Bezos, in 2006, and later became chief futurist at augmented reality firm Magic Leap in 2014. Stephenson also popularized the Hindu concept "avatar" in his writing, paving the way for people to embody digitally rendered models to participate in the metaverse (Vanity Fair, 2017).

    Even earlier concepts of the metaverse were examined in the 1980s, with William Gibson’s “Neuromancer” exploring the same idea as cyberspace. Gibson's novel was influenced by his time in Seattle, where friend and Microsoft executive Eileen Gunn took him to hacker bars where he'd eavesdrop on "the poetics of the technological subculture" (Medium, 2022). Other visions of a virtual reality mecca were brought to life in the movies, including the 1982 Disney release “Tron,” the 1999 flick “The Matrix,” and 2018’s “Ready Player One.”

    There's a common set of traits among these sci-fi narratives that help us understand what Silicon Valley tech firms are now set to commercialize: users interact with one another in a digitally rendered virtual world, with a sense of presence provided through the use of a head-mounted display.

    Cover of the book Snow Crash by Neal Stephenson.

    Image courtesy nealstephenson.com

    Meta’s view of the metaverse

    CEO Mark Zuckerberg rebranded Facebook to make his intent clear

    Mark Zuckerberg is all in on the metaverse, announcing October 28, 2021, that Facebook would be rebranded to Meta. The new brand took effect on December 1, and Facebook began trading under the new stock ticker MVRS on certain exchanges. On February 15, 2022, Zuckerberg announced at a company meeting that his employees will be known as Metamates. The company's new values are to live in the future, build awesome things, and focus on long-term impact. Its motto is simply "Meta, Metamates, me" (“Out With the Facebookers. In With the Metamates,” The New York Times, 2022).

    Meta's Reality Labs division will be responsible for developing its metaverse product, using Meta Quest, its virtual reality head-mounted displays. Meta's early metaverse environment, Horizon Worlds, rolled out to Quest users in the US and Canada in early December 2021. This drove a growth in its monthly user base by ten times, to 300,000 people. The product includes Horizon Venues, tailored to attending live events in VR, but not Horizon Workrooms, a VR conferencing experience that remains invite-only. Horizon Worlds provides users tools to construct their own 3D digital environments and had been used to create 10,000 separate worlds by mid-February 2022 (“Meta’s Social VR Platform Horizon Hits 300,000 Users,“ The Verge, 2022).

    In the future, Meta plans to amplify the building tools in its metaverse platform with generative AI. For example, users can give speech commands to create scenes and objects in VR. Project CAIRaoke brings a voice assistant to an augmented reality headset that can help users complete tasks like cooking a stew. Zuckerberg also announced Meta is working on a universal speech translator across all languages (Reuters, 2022).

    Investment in the metaverse:
    $10 billion in 2021

    Key People:
    CEO Mark Zuckerberg
    CTO Andrew Bosworth
    Chief Product Officer Chris Cox

    (Source: “Meta Spent $10 Billion on the Metaverse in 2021, Dragging Down Profit,” The New York Times, 2022)

    Microsoft’s view of the metaverse

    CEO Satya Nadella showcased a mixed reality metaverse at Microsoft Ignite

    In March 2021 Microsoft announced Mesh, an application that allows organizations to build out a metaverse environment. Mesh is being integrated into other Microsoft hardware and software, including its head-mounted display, the HoloLens, a mixed reality device. The Mesh for HoloLens experience allows users to collaborate around digital content projected into the real world. In November, Microsoft announced a Mesh integration with Microsoft Teams. This integration brings users into an immersive experience in a fully virtual world. This VR environment makes use of AltspaceVR, a VR application Microsoft first released in May 2015 (Microsoft Innovation Stories, 2021).

    Last Fall, Microsoft also announced it is rebranding its Dynamics 365 Connected Store solution to Dynamics 365 Connected Spaces, signaling its expansion from retail to all spaces. The solution uses cognitive vision to create a digital twin of an organization’s physical space and generate analytics about people’s behavior (Microsoft Dynamics 365 Blog, 2021).

    In the future, Microsoft wants to make "holoportation" a part of its metaverse experience. Under development at Microsoft Research, the technology captures people and things in photorealistic 3D to be projected into mixed reality environments (Microsoft Research, 2022). It also has plans to offer developers AI-powered tools for avatars, session management, spatial rendering, and synchronization across multiple users. Open standards will allow Mesh to be accessed across a range of devices, from AR and VR headsets, smartphones, tablets, and PCs.

    Microsoft has been developing multi-user experiences in immersive 3D environments though its video game division for more than two decades. Its capabilities here will help advance its efforts to create metaverse environments for the enterprise.

    Investment in the metaverse:
    In January 2022, Microsoft agreed to acquire Activision Blizzard for $68.7 billion. In addition to acquiring several major gaming studios for its own gaming platforms, Microsoft said the acquisition will play a key role in the development of its metaverse.

    Key People:
    CEO Satya Nadella
    CEO of Microsoft Gaming Phil Spencer
    Microsoft Technical Research Fellow Alex Kipman

    Current state of metaverse applications from Meta and Microsoft

    Meta

    • Horizon Worlds (formerly Facebook Horizon). Requires an Oculus Rift S or Quest 2 headset to engage in an immersive 3D world complete with no-code building tools for users to construct their own environments. Users can either interact in the space designed by Meta or travel to other user-designed worlds through the plaza.
    • Horizon Workrooms (beta, invite only). An offshoot of Horizon Worlds but more tailored for business collaboration. Users can bring in their physical desks and keyboards and connect to PC screens from within the virtual setting. Integrates with Facebook’s Workplace solution.

    Microsoft

    • Dynamics 365 Connected Spaces (preview). Cognitive vision combined with surveillance cameras provide analytics on people's movement through a facility.
    • Mesh for Microsoft Teams (not released). Collaborate with your colleagues in a virtual reality space using personalized avatars. Use new 2D and 3D meeting experiences.
    • Mesh App for HoloLens (preview). Interact with colleagues virtually in a persistent digital environment that is overlaid on top of the real world.
    • AltspaceVR. A VR space accessible via headset or desktop computer that's been available since 2015. Interact through use of an avatar to participate in daily events

    Current providers of an “enterprise metaverse”

    Other providers designing mixed reality or digital twin tools may not have used the “metaverse” label but provide the same capabilities via platforms

    Logo for NVIDIA Omniverse. Logo for TeamViewer.
    NVIDIA Omniverse
    “The metaverse for engineers,” Omniverse is a developer toolset to allow organizations to build out their own unique metaverse visions.
    • Omniverse Nucleus is the platform database that allows clients to publish digital assets or subscribe to receive changes to them in real-time.
    • Omniverse Connectors are used to connect to Nucleus and publish or subscribe to individual assets and entire worlds.
    • NVIDIA’s core physics engine provides a scalable and physically accurate world simulation.
    TeamViewer’s Remote as a Service Platform
    Initially focusing on providing workers remote connectivity to work desktops, devices, and robotics, TeamViewer offers a range of software as a service products. Recent acquisitions to this platform see it connecting enterprise workflows to frontline workers using mixed reality headsets and adding more 3D visualization development tools to create digital twins. Clients include Coca-Cola and BMW.

    “The metaverse matters in the future. TeamViewer is already making the metaverse tangible in terms of the value that it brings.” (Dr. Hendrik Witt, Chief Product Officer, TeamViewer)

    The metaverse is a technological convergence

    The metaverse is a platform combining multiple technologies to enable social and economic activity in a digital world that is connected to the physical world.

    A Venn diagram with four circles intersecting and one circle unconnected on the side, 'Blockchain, Emerging'. The four circles, clock-wise from top, are 'Artificial Intelligence', 'Real-Time Communication', 'Immersive Digital Space', and 'Mixed Reality'. The two-circle crossover sections, clock-wise from top-right are AI + RTC: 'Smart Agent-Facilitated Communication', RTC + IDS: 'Avatar-Based Social Interaction', IDS + MR: 'Digital Immersive UX', and MR + AI: 'Perception AI'. There are only two three-circle crossover sections labelled, AI + RTC + MR: 'Generative Sensory Environments' and RTC + IDS + MR: 'Presence'. The main cross-section is 'METAVERSE'.

    Info-Tech Insight

    A metaverse experience must combine the three P’s: user presence is represented, the world is persistent, and data is portable.

    Mixed reality provides the user experience (UX) for the metaverse

    Both virtual and augmented reality will be part of the picture

    Mixed reality encompasses both virtual reality and augmented reality. Both involve allowing users to immerse themselves in digital content using a head-mounted device or with a smartphone for a less immersive effect. Virtual reality is a completely digital world that is constructed as separate from the physical world. VR headsets take up a user's entire field of vision and must also have a mechanism to allow the user to interact in their virtual environment. Augmented reality is a digital overlay mapped on top of the real world. These headsets are transparent, allowing the user to clearly see their real environment, and projects digital content on top of it. These headsets must have a way to map the surrounding environment in 3D in order to project digital content in the right place and at the right scale.

    Meta’s Plans

    Meta acquired virtual reality developer Oculus VR Inc. and its set of head-mounted displays in 2014. It continues to develop new hardware under the Oculus brand, most recently releasing the Oculus Quest 2. Oculus Quest hardware is required to access Meta's early metaverse platform, Horizon Worlds.

    Microsoft’s Plans

    Microsoft's HoloLens hardware is a mixed reality headset. Its visor that can project digital content into the main portion of the user's field of vision and speakers capable of spatial audio. The HoloLens has been deployed at enterprises around the world, particularly in scenarios where workers typically have their hands busy. For example, it can be used to view digital schematics of a machine while a worker is performing maintenance or to allow a remote expert to "see through the eyes" of a worker.

    Microsoft's Mesh metaverse platform, which allows for remote collaboration around digital content, was demonstrated on a HoloLens at Microsoft Ignite in November 2021. Mesh is also being integrated into AltspaceVR, an application that allows companies to hold meetings in VR with “enterprise-grade security features including secure sign-ins, session management and privacy compliance" (Microsoft Innovation Stories, 2021).

    Immersive digital environments provide context in the metaverse

    The interactive environment will be a mix of digital and physical worlds

    If you've played a video game in the past decade, you've experienced an immersive 3D environment, perhaps even in a multiplayer environment with many other users at the same time. The video game industry grew quickly during the pandemic, with users spending more time and money on video games. Massive multiplayer online games like Fortnite provide more than a gaming environment. Users socialize with their friends and attend concerts featuring famous performers. They also spend money on different appearances or gestures to express themselves in the environment. When they are not playing the game, they are often watching other players stream their experience in the game. In many ways, the consumer metaverse already exists on platforms like Fortnite. At the same time, gaming developers are improving the engines for these experiences and getting closer to approximating the real world both visually and in terms of physics.

    In the enterprise space, immersive 3D environments are also becoming more popular. Manufacturing firms are building digital twins to represent entire factories, modeling their real physical environments in digital space. For example, BMW’s “factory of the future” uses NVIDIA Omniverse to create a digital twin of its assembly system, simulated down to the detail of digital workers. BMW uses this simulation to plan reconfiguration of its factory to accommodate new car models and to train robots with synthetic data (“NVIDIA Omniverse,” NVIDIA, 2021).

    Meta’s Plans

    Horizon Workrooms is Meta's business-focused application of Horizon Worlds. It facilitates a VR workspace where colleagues can interact with others’ avatars, access their computer, use videoconferencing, and sketch out ideas on a whiteboard. With the Oculus Quest 2 headset, passthrough mode allows users to add their physical desk to the virtual environment (Oculus, 2022).

    Microsoft’s Plans

    AltspaceVR is Microsoft's early metaverse environment and it can be accessed with Oculus, HTC Vive, Windows Mixed Reality, or in desktop mode. Separately, Microsoft Studios has been developing digital 3D environments for its Xbox video game platform for yeas. In January 2022, Microsoft acquired games studio Activision Blizzard for $68.7 billion, saying the games studio would play a key role in the development of the metaverse.

    Real-time communications allow for synchronous collaboration

    Project your voice to a room full of avatars for a presentation or whisper in someone’s ear

    If the metaverse is going to be a good place to collaborate, then communication must feel as natural as it does in the real world. At the same time, it will need to have a few more controls at the users’ disposal so they can focus in on the conversation they choose. Audio will be a major part of the communication experience, augmented by expressive avatars and text.

    Mixed reality headsets come with integrated microphones and speakers to enable voice communications. Spatial audio will also be an important component of voice exchange in the metaverse. When you are in a videoconference conversation with 50 participants, every one of those people will sound as though they are sitting right next to you. In the metaverse, each person will sound louder or quieter based on how distant their avatar is from you. This will allow large groups of people to get together in one digital space and have multiple conversations happening simultaneously. In some situations, there will also be a need for groups to form a “party” as they navigate the metaverse, meaning they would stay linked through a live audio connection even if their avatars were not in the same digital space. Augmented reality headsets also allow remote users to “see through the eyes” of the person wearing the headset through a front-facing camera. This is useful for hands-on tasks where expert guidance is required.

    People will also need to communicate with people not in the metaverse. More conventional videoconference windows or chat boxes will be imported into these environments as 2D panels, allowing users to integrate them into the context of their digital space.

    Meta’s Plans

    Facebook Messenger is a text chat and video chat application that is already integrated into Facebook’s platform. Facebook also owns WhatsApp, a messaging platform that offers group chat and encrypted messaging.

    Microsoft’s Plans

    Microsoft Teams is Microsoft’s application that combines presence-based text chat and videoconferencing between individuals and groups. Dynamics 365 Remote Assist is its augmented reality application designed for HoloLens wearers or mobile device users to share their real-time view with experts.

    Generative AI will fill the metaverse with content at the command of the user

    No-code and low-code creation tools will be taken to the next level in the metaverse

    Metaverse platforms provide users with no-code and low-code options to build out their own environments. So far this looks like playing a game of Minecraft. Users in the digital environment use native tools to place geometric shapes and add textures. Other metaverse platforms allow users to design models or textures with tools outside the platform, often even programming behaviors for the objects, and then import them into the metaverse. These tools can be used effectively, but it can be a tedious way to create a customized digital space.

    Generative AI will address that by taking direction from users and quickly generating content to provide the desired metaverse setting. Generative AI can create content that’s meaningful based on natural inputs like language or visual information. For example, a user might give voice commands to a smart assistant and have a metaverse environment created or take photos of a real-world object from different angles to have its likeness digitally imported.

    Synthetic data will also play a role in the metaverse. Instead of relying only on people to create a lot of relevant data to train AI, metaverse platform providers will also use simulated data to provide context. NVIDIA’s Omniverse Replicator engine provides this capability and can be used to train self-driving cars and manipulator robots for a factory environment (NVIDIA Newsroom, 2021).

    Meta’s Plans

    Meta is planning to use generative AI to allow users to construct their VR environments. It will allow users to describe a world to a voice assistant and have it created for them. Users could also speak to each other in different languages with the aid of a universal translator. Separately, Project CAIRaoke combines cognitive vision with a voice assistant to help a user cook dinner. It keeps track of where the ingredients are in the kitchen and guides the user through the steps (Reuters, 2022).

    Microsoft’s Plans

    Microsoft Mesh includes AI resources to help create natural interactions through speech and vision learning models. HoloLens 2 already uses AI models to track users’ hands and eye movements as well as map content onto the physical world. This will be reinforced in the cloud through Microsoft Azure’s AI capabilities (Microsoft Innovation Stories, 2021).

    Blockchain will provide a way to manage digital identity and assets across metaverse platforms

    Users will want a way to own their metaverse identity and valued digital possessions

    Blockchain technology provides a decentralized digital ledger that immutably records transactions. A specific blockchain can either be permissioned, with one central party determining who gets access, or permissionless, in which anyone with the means can transact on the blockchain. The permissionless variety emerged in 2008 as the foundation of Bitcoin. It's been a disruptive force in the financial industry, with Bitcoin inspiring a long list of offshoot cryptocurrencies, and now even central banks are examining moving to a digital currency standard.

    In the past couple of years, blockchain has spurred a new economy around digital assets. Smart contracts can be used to create a token on a blockchain and bind it to a specific digital asset. These assets are called non-fungible tokens (NFTs). Owners of NFTs can prove their chain of ownership and sell their tokens to others on a variety of marketplaces.

    Blockchain could be useful in the metaverse to track digital identity, manage digital assets, and enable data portability. Users could register their own avatars as NFTs to prove they are the real person behind their digital representation. They may also want a way to verify they own a virtual plot of land or demonstrate the scarcity of the digital clothing they are wearing in the metaverse. If users want to leave a certain metaverse platform, they could export their avatar and digital assets to a digital wallet and transfer them to another platform that supports the same standards.

    In the past, centralized platforms that create economies in a virtual world were able to create digital currencies and sell specific assets to users without the need for blockchain. Second Life is a good example, with Linden Labs providing a virtual token called Linden Dollars that users can exchange to buy goods and services from each other within the virtual world. Second Life processes 345 million transactions a year for virtual goods and reports a GDP of $650 million, which would put it ahead of some countries (VentureBeat, 2022). However, the value is trapped within Second Life and can't be exported elsewhere.

    Meta’s Plans

    Meta ended its Diem project in early 2022, winding down its plan to offer a digital currency pegged to US dollars. Assets were sold to Silvergate Bank for $182 million. On February 24, blockchain developer Atmos announced it wanted to bring the project back to life. Composed of many of the original developers that created Diem while it was still a Facebook project, the firm plans to raise funds based on the pitch that the new iteration will be "Libra without Facebook“ (CoinDesk, 2022).

    Microsoft’s Plans

    Microsoft expanded its team of blockchain developers after its lead executive in this area stated the firm is closely watching cryptocurrencies and NFTs. Blockchain Director York Rhodes tweeted on November 8, 2021, that he was expanding his team and was interested to connect with candidates "obsessed with Turing complete, scarce programmable objects that you can own & transfer & link to the real world through a social contract.”

    The enterprise metaverse holds implications for IT across several functional areas

    Improve maturity in these four areas first

    • Infrastructure & Operations
      • Lay the foundation
    • Security & Risk
      • Mitigate the risks
    • Apps
      • Deploy the precursors
    • Data & BI
      • Prepare to integrate
    Info-Tech and COBIT5's IT Management & Governance Framework with processes arranged like a periodic table. Highlighted process groups are 'Infrastructure & Operations', 'Security & Risk', 'Apps', and 'Data & BI'.

    Infrastructure & Operations

    Make space for the metaverse

    Risks

    • Network congestion: Connecting more devices that will be delivering highly graphical content will put new pressures on networks. Access points will have more connections to maintain and transit pathways more bandwidth to accommodate.
    • Device fragmentation: Currently many different vendors are selling augmented reality headsets used in the enterprise, including Google, Epson, Vuzix, and RealWear. More may enter soon, creating various types of endpoints that have different capabilities and different points of failure.
    • New workflows: Enterprises will only be able to benefit from deploying mixed reality devices if they're able to make them very useful to workers. Serving up relevant information in the context of a hands-free interface will become a new competency for enterprises to master.

    Mitigations

    • Dedicated network: Some companies are avoiding the congestion issue by creating a separate network for IoT devices on different infrastructure. For example, they might complement the Wi-Fi network with a wireless network on 5G or LoRaWAN standards.
    • Partner with systems integrators: Solutions vendors bringing metaverse solutions to the enterprise are already working with systems integrator partners to overcome integration barriers. These vendors are solving the problems of delivering enterprise content to a variety of new mixed reality touchpoints and determining just the right information to expose to users, at the right time.

    Security & Risk

    Mitigate metaverse risks before they take root

    Risks

    • Broader attack surface: Adding new mixed reality devices to the enterprise network will create more potential points of ingress for a cyberattack. Previous enterprise experiences with IoT in the enterprise have seen them exploited as weak points and used to create botnets or further infiltrate company networks.
    • More data in transit: Enterprise data will be flowing between these new devices and sometimes outside the company firewall to remote connections. Data from industrial IoT could also be integrated into these solutions and exposed.
    • New fraud opportunities: When Web 1.0 was first rolling out, not every company was able to secure the rights to the URL address matching its brand. Those not quick enough on the draw saw "domain squatters" use their brand equity to negotiate for a big pay day or, worse yet, to commit fraud. With blockchain opening up similar new digital real estate in Web3, the same risk arises.

    Mitigations

    • Mobile device management (MDM): New mixed reality headsets can be secured using existing MDM solutions on the market.
    • Encryption: Encrypting data end to end as it flows between IoT devices ensures that even if it does leak, it's not likely to be useful to a hacker.
    • Stake your claim: Claiming your brand's name in new Web3 domains may seems tedious, but it is likely to be cheap and might save you a headache down the line.

    Apps

    Deploy to your existing touchpoints

    Risks

    • Learning curves: Using new metaverse applications to complete tasks and collaborate with colleagues won’t be a natural progression for everyone. New headsets, gesture-based controls, and learning how to navigate the metaverse will present hurdles for users to overcome before they can be productive.
    • Is there a dress code in the metaverse? Avatars in the metaverse won’t necessarily look like the people behind the controls. What new norms will be needed to ensure avatars are appropriate for a work setting?
    • Fragmentation: Metaverse experiences are already creating islands. Users of Horizon Worlds can’t connect with colleagues using AltspaceVR. Similar to the challenges around different videoconferencing software, users could find they are divided by applications.

    Mitigations

    • Introduce concepts over time: Ask users to experiment with meeting in a VR context in a small group before expanding to a companywide conference event. Or have them use a headset for a simple video chat before they use it to complete a task in the field.
    • Administrative controls: Ensure that employees have some boundaries when designing their avatars, enforced either through controls placed on the software or through policies from HR.
    • Explore but don’t commit: It’s early days for these metaverse applications. Explore opportunities that become available through free trials and new releases to existing software suites but maintain flexibility to pivot should the need arise.

    Data & BI

    Deploy to your existing touchpoints

    Risks

    • Interoperability: There is no established standard for digital objects or behaviors in the metaverse. Meta and Microsoft say they are committed to open standards that will ensure portability of data across platforms, but how that will be executed isn’t clear yet.
    • Privacy: Sending data to another platform carries risks that it will be exfiltrated and stored elsewhere, presenting some challenges for companies that need to be compliant with legislation such as GDPR.
    • High-fidelity models: 3D models with photorealistic textures will come with high CPU requirements to render properly. Some head-mounted displays will run into limitations.

    Mitigations

    • Adopt standard interfaces: Using open APIs will be the most common path to integrating enterprise systems to metaverse applications.
    • Maintain compliance: The current approach enterprises take to creating data lakes and presenting them to platforms will extend to the metaverse. Building good controls and anonymizing data that resides in these locations will enable firms to interact in new platforms and remain compliant.
    • Right-sized rendering: Providing enough data to a device to make it useful without overburdening the CPU will be an important consideration. For example, TeamViewer uses polygon reduction to display 3D models on lower-powered head-mounted displays.

    More Info-Tech research to explore

    CIO Priorities 2022
    Priorities to compete in the digital economy.

    Microsoft Teams Cookbook
    Recipes for best practices and use cases for Microsoft Teams.

    Run Better Meetings
    Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

    Double Your Organization’s Effectiveness With a Digital Twin
    Digital twin: A living, breathing reflection.

    Contributing experts

    Photo of Dr. Hendrik Witt, Chief Product Officer, TeamViewer

    Dr. Hendrik Witt
    Chief Product Officer,
    TeamViewer

    Photo of Kevin Tucker, Principal Research Director, Industry Practice, INFO-TECH RESEARCH GROUP

    Kevin Tucker
    Principal Research Director, Industry Practice,
    INFO-TECH RESEARCH GROUP

    Bibliography

    Cannavò, Alberto, and F. Lamberti. “How Blockchain, Virtual Reality and Augmented Reality Are Converging, and Why.” IEEE Consumer Electronics Magazine, vol. 10, no. 5, Sept. 2020, pp. 6-13. IEEE Xplore. Web.

    Culliford, Elizabeth. “Meta’s Zuckerberg Unveils AI Projects Aimed at Building Metaverse Future.” Reuters, 24 Feb. 2022. Web.

    Davies, Nahla. “Cybersecurity and the Metaverse: Pioneering Safely into a New Digital World.” GlobalSign Blog, 10 Dec. 2021. GlobalSign by GMO. Web.

    Doctorow, Cory. “Neuromancer Today.” Medium, 10 Feb. 2022. Web.

    Heath, Alex. “Meta’s Social VR Platform Horizon Hits 300,000 Users.” The Verge, 17 Feb. 2022. Web.

    “Holoportation™.” Microsoft Research, 22 Feb. 2022. Microsoft. Accessed 3 March 2022.

    Isaac, Mike. “Meta Spent $10 Billion on the Metaverse in 2021, Dragging down Profit.” The New York Times, 2 Feb. 2022. Web.

    Isaac, Mike, and Sheera Frenkel. “Out With the Facebookers. In With the Metamates.” The New York Times, 15 Feb. 2022. Web.

    Langston, Jennifer. “‘You Can Actually Feel like You’re in the Same Place’: Microsoft Mesh Powers Shared Experiences in Mixed Reality.” Microsoft Innovation Stories, 2 Mar. 2021. Microsoft. Web.

    “Maple Leaf Sports & Entertainment and AWS Team Up to Transform Experiences for Canadian Sports Fans.” Amazon Press Center, 23 Feb. 2022. Amazon.com. Accessed 24 Feb. 2022. Web.

    Marquez, Reynaldo. “How Microsoft Will Move To The Web 3.0, Blockchain Division To Expand.” Bitcoinist.com, 8 Nov. 2021. Web.

    Metinko, Chris. “Securing The Metaverse—What’s Needed For The Next Chapter Of The Internet.” Crunchbase News, 6 Dec. 2021. Web.

    Metz, Rachel Metz. “Why You Can’t Have Legs in Virtual Reality (Yet).” CNN, 15 Feb. 2022. Accessed 16 Feb. 2022.

    “Microsoft to Acquire Activision Blizzard to Bring the Joy and Community of Gaming to Everyone, across Every Device.” Microsoft News Center, 18 Jan. 2022. Microsoft. Web.

    Nath, Ojasvi. “Big Tech Is Betting Big on Metaverse: Should Enterprises Follow Suit?” Toolbox, 15 Feb. 2022. Accessed 24 Feb. 2022.

    “NVIDIA Announces Omniverse Replicator Synthetic-Data-Generation Engine for Training AIs.” NVIDIA Newsroom, 9 Nov. 2021. NVIDIA. Accessed 9 Mar. 2022.

    “NVIDIA Omniverse - Designing, Optimizing and Operating the Factory of the Future. 2021. YouTube, uploaded by NVIDIA, 13 April 2021. Web.

    Peters, Jay. “Disney Has Appointed a Leader for Its Metaverse Strategy.” The Verge, 15 Feb. 2022. Web.

    Robinson, Joanna. The Sci-Fi Guru Who Predicted Google Earth Explains Silicon Valley’s Latest Obsession.” Vanity Fair, 23 June 2017. Accessed 13 Feb. 2022.

    Scoble, Robert. “New Startup Mixes Reality with Computer Vision and Sets the Stage for an Entire Industry.” Scobleizer, 17 Feb. 2022. Web.

    Seward, Zack. “Ex-Meta Coders Raising $200M to Bring Diem Blockchain to Life: Sources.” CoinDesk, 24 Feb. 2022. Web.

    Shrestha, Rakesh, et al. “A New Type of Blockchain for Secure Message Exchange in VANET.” Digital Communications and Networks, vol. 6, no. 2, May 2020, pp. 177-186. ScienceDirect. Web.

    Sood, Vishal. “Gain a New Perspective with Dynamics 365 Connected Spaces.” Microsoft Dynamics 365 Blog, 2 Nov. 2021. Microsoft. Web.

    Takahashi, Dean. “Philip Rosedale’s High Fidelity Cuts Deal with Second Life Maker Linden Lab.” VentureBeat, 13 Jan. 2022 Web.

    “TeamViewer Capital Markets Day 2021.” TeamViewer, 10 Nov. 2021. Accessed 22 Feb. 2022.

    VR for Work. Oculus.com. Accessed 1 Mar. 2022.

    Wunderman Thompson Intelligence. “New Trend Report: Into the Metaverse.” Wunderman Thompson, 14 Sept. 2021. Accessed 16 Feb. 2022.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}219|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
    • Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Impact and Result

    • Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Strategic Risk Impacts to Your Organization Deck – Use the research to better understand the negative impacts of vendor actions on your strategic plans.

    Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Strategic Risk Impacts on Your Organization Storyboard

    2. What If Vendor Strategic Impact Tool – Use this tool to help identify and quantify the strategic impacts of negative vendor actions

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Strategic Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Strategic Risk Impacts on Your Organization

    The world is in a perpetual state of change. Organizations need to build adaptive resiliency into their strategic plans to adjust to ever-changing market dynamics.

    Analyst perspective

    Organizations need to build flexible resiliency into their strategic plans to be able to adjust to ever-changing market dynamics.

    This is a picture of Frank Sewell, Research Director, Vendor Management at Info-Tech Research Group

    Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.

    Frank Sewell,
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.

    A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.

    Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.

    Info-Tech Insight

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    This image depicts a cube divided into six different coloured sections. The sections are labeled: Financial; Reputational; Operational; Strategic; Security; Regulatory & Compliance.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Strategic risk impacts

    Potential losses to the organization due to risks to the strategic plan

    • In this blueprint, we’ll explore strategic risks (risks to the Strategic Plans of the organization) and their impacts.
    • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to correct strategic plans.
    This image depicts a cube divided into six different coloured sections. The section labeled Strategic is highlighted.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.

    When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    62%

    of IT professionals are more concerned about being a victim of ransomware than they were a year ago.

    82%

    of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.

    89%

    of organizations invested in web conferencing technology to facilitate collaboration.

    Source: Info-Tech Tech Trends Survey 2022

    Strategic risks on a global scale

    Odds are at least one of these is currently affecting your strategic plans

    • Vendor Acquisitions
    • Global Pandemic
    • Global Shortages
    • Gas Prices
    • Poor Vendor Performance
    • Travel Bans
    • War
    • Natural Disasters
    • Supply Chain Disruptions
    • Security Incidents

    Make sure you have the right people at the table to identify and plan to manage impacts.

    Identify & manage strategic risks

    Global Pandemic

    Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.

    Vendor Acquisitions

    The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.

    Global Shortages

    Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.

    What to look for in vendors

    Identify strategic risk impacts

    • A vendor acquires many smaller, seemingly irrelevant IT products. Suddenly their revenue model includes aggressive license compliance audits.
      • Ensure that your installed software meets license compliance requirements with good asset management practices.
      • Monitor the market for such acquisitions or news of audits hitting companies.
    • A vendor changes their primary business model from storage and hardware to becoming a self-proclaimed “professional services guru,” relying almost entirely on their name recognition to build their marketing.
      • Be wary of self-proclaimed experts and review their successes and failures with other organizations before adopting them into your business strategy.
      • Review the backgrounds their “experts” have and make sure they have the industry and technical skill sets to perform the services to the required level.

    Not preparing for your growth can delay your goals

    Why can’t I get a new laptop?

    For example:

    • An IT professional services organization plans to take advantage of the growing work-from-home trend to expand its staff by 30% over the coming year.
    • Logically, this should include a review of the necessary tasks involved, including onboarding.
      • Suppose the company does not order enough equipment in preparation to cover the new staff plus routine replacement. In that case, this will delay the output of the new team members immeasurably as they wait for their company equipment and will delay existing staff whose equipment breaks, preventing them from getting back to work efficiently.

    Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.

    When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.

    Strategic risks

    Poor or uninformed business decisions can lead to organizational strategic failures

    • Supply chain disruptions and global shortages
      • Geopolitical disruptions and natural disasters have caused unprecedented interruptions to business. Incorporate forecasting of product and ongoing business continuity planning into your strategic plans to adapt as events unfold.
    • Poor vendor performance
      • Consider the impact of a vendor that fails to perform midway through the implementation. Organizations need to be able to manage the impact of replacing that vendor and cutting their losses rather than continuing to throw good money away after bad performance.
    • Vendor acquisitions
      • A lot of acquisition is going on in the market today. Large companies are buying competitors and either imposing new terms on customers or removing the competing products from the market. Prepare options for any strategy tied to a niche product.

    It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.

    Info-Tech Insight
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Prepare your strategic risk management for success

    Due diligence will enable successful outcomes

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess strategic risk

    1. Review Organizational Strategy
      Understand the organizational strategy to prepare for the “What If” game exercise.
    2. Identify & Understand Potential Strategic Risks
      Play the “What If” game with the right people at the table.
    3. Create a Risk Profile Packet for Leadership
      Pull all the information together in a presentation document.
    4. Validate the Risks
      Work with leadership to ensure that the proposed risks are in line with their thoughts.
    5. Plan to Manage the Risks
      Lower the overall risk potential by putting mitigations in place.
    6. Communicate the Plan
      It is important not only to have a plan but also to socialize it in the organization for awareness.
    7. Enact the Plan
      Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Insight summary

    Insight 1

    Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
    Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?

    Insight 2

    Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
    For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.

    Insight 3

    Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
    Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.

    Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.

    Identifying strategic risk

    Who should be included in the discussion

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from operational experts at your organization will enhance the long-term potential for success of your strategies.
    • Involving those who directly manage vendors and understand the market will aid operational experts in determining the forward path for relationships with your current vendors and identifying new emerging potential strategic partners.

    Review your strategic plans for new risks and evolving likelihood on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.

    See the blueprint Build an IT Risk Management Program

    Managing strategic risk impacts

    What can we realistically do about the risks?

    • Review business continuity plans and disaster recovery testing.
    • Institute proper contract lifecycle management.
    • Re-evaluate corporate policies frequently.
    • Develop IT governance and change control.
    • Ensure strategic alignment in contracts.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your strategic plans for new risks and evolving likelihood.
      • Risk = Likelihood x Impact (R=L*I)
        • Impact (I) tends to remain the same and be well understood, while Likelihood (L) turns out to be highly variable.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your strategy based on the lessons.

    Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.

    Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and improve our plans going forward.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Strategic Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Strategic Risk Impact Tool

    Input Output
    • List of identified potential risk scenarios scored by likelihood and financial impact
    • List of potential management of the scenarios to reduce the risk
    • Comprehensive strategic risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Strategic Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    Case Study

    Airline Industry Strategic Adaptation

    Industry: Airline

    Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices

    • In 2019 the airline industry yielded record profits of $35.5 billion.
    • In 2020 the pandemic devastated the industry with losses around $371 billion.
    • The industry leaders engaged experts to conduct a study on how the pandemic impacted them and propose measures to ensure the survival of their industry in the future after the pandemic.
    • They determined that “[p]recise decision-making based on data analytics is essential and crucial for an effective Covid-19 airline recovery plan.”

    Results

    The pandemic prompted systemic change to the overall strategic planning of the airline industry.

    Summary

    Be vigilant and adaptable to change

    • Organizations need to learn how to assess the likelihood of potential risks in the changing global world.
    • Those organizations that incorporate adaptive risk management processes can prepare their strategic plans for greater success.
    • Bring the right people to the table to outline potential risks in the market.
    • Socialize the risk management process throughout the organization to heighten awareness and enable employees to help protect the strategic plan.
    • Incorporate lessons learned from incidents into your risk management process to build better plans for future issues.

    Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.

    Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    This image contains a screenshot from Info-Tech's Identify and Manage Financial Risk Impacts on Your Organization.
    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Reduce Agile Contract Risk

    This image contains a screenshot from Info-Tech's Identify and Reduce Agile Contract Risk
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Build an IT Risk Management Program

    This image contains a screenshot from Info-Tech's Build an IT Risk Management Program
    • Transform your ad hoc IT risk management processes into a formalized, ongoing program, and increase risk management success.
    • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s greatest risks before they occur.
    • Involve key stakeholders including the business senior management team to gain buy-in and to focus on IT risks most critical to the organization.

    Bibliography

    Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.

    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.

    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Research Contributors and Experts

    • Frank Sewell
      Research Director, Info-Tech Research Group
    • Steven Jeffery
      Principal Research Director, Info-Tech Research Group
    • Scott Bickley
      Practice Lead, Info-Tech Research Group
    • Donna Glidden
      Research Director, Info-Tech Research Group
    • Phil Bode
      Principal Research Director, Info-Tech Research Group
    • David Espinosa
      Senior Director, Executive Services, Info-Tech Research Group
    • Rick Pittman
      Vice President, Research, Info-Tech Research Group
    • Patrick Philpot
      CISSP
    • Gaylon Stockman
      Vice President, Information Security
    • Jennifer Smith
      Senior Director

    We may not be able to show you this

    We may not be able to show you this just yet.
    Our deeper, more detailed content is reserved for Tymans Group clients. 

    If you are interested in retaining our services or would really like access, please contact us. 

    Tame the Project Backlog

    • Buy Link or Shortcode: {j2store}439|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • Unmanaged project backlogs can become the bane of IT departments, tying IT leaders and PMO staff down to an ever-growing receptacle of project ideas that provides little by way of strategic value and that typically represents a lack of project intake and approval discipline.
    • Decision makers frequently use the backlog to keep the peace. Lacking the time to assess the bulk of requests, or simply wanting to avoid difficult conversations with stakeholders, they “approve” everything and leave it to IT to figure it out.
    • As IT has increasing difficulty assessing – let alone starting – any of the projects in the backlog, stakeholder relations suffer. Requestors view inclusion in the backlog as a euphemism for “declined,” and often characterize the backlog as the place where good project ideas go to die.
    • Faced with these challenges, you need to make your project backlog more useful and reliable. The backlog may contain projects worth doing, but in its current untamed state, you have difficulty discerning, let alone capitalizing upon, those instances of value.

    Our Advice

    Critical Insight

    • Project backlogs are an investment and need to be treated as such. Incurring a cost impact that can be measured in terms of time and money, the backlog needs to be actively managed to ensure that you’re investing wisely and getting a good return in terms of strategic value and project throughput.
    • Unmanageable project backlogs are rooted in bad habits and poorly-defined processes. Identifying the sources that fuel backlog growth is key to long-term success. Unless the problem is addressed at the root, any gains made in the near-term will simply fade away as old, unhealthy habits re-emerge and take hold.
    • Backlog management should facilitate executive awareness about the status of backlog items as new work is being approved. In the long run, this ongoing executive engagement will not only help to keep the backlog manageable, but it will also help to bring more even workloads to IT project staff.

    Impact and Result

    • Keep the best, forget the rest. Develop a near-term approach to limit the role of the backlog to include only those items that add value to the business.
    • Shine a light. Improve executive visibility into the health and status of the backlog so that the backlog is taken into account when decision makers approve new work.
    • Evolve the organizational culture. Effectively employ organizational change management practices to evolve the culture that currently exists around the project backlog in order to ensure customer-service needs are more effectively addressed.
    • Ensure long-term sustainability. Institute processes to make sure that your list of pending projects – should you still require one after implementing this blueprint – remains minimal, maintainable, and of high value.

    Tame the Project Backlog Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how a more disciplined approach to managing your project backlog can help you realize increased value and project throughput.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a project backlog battle plan

    Calculate the cost of the project backlog and assess the root causes of its unmanageability.

    • Tame the Project Backlog – Phase 1: Create a Backlog Battle Plan
    • Project Backlog ROI Calculator

    2. Execute a near-term backlog cleanse

    Increase the manageability of the backlog by updating stale requests and removing dead weight.

    • Tame the Project Backlog – Phase 2: Execute a Near-Term Backlog Cleanse
    • Project Backlog Management Tool
    • Project Backlog Stakeholder Communications Template

    3. Ensure long-term backlog manageability

    Develop and maintain a manageable backlog growth rate by establishing disciplined backlog management processes.

    • Tame the Project Backlog – Phase 3: Ensure Long-Term Backlog Manageability
    • Project Backlog Operating Plan Template
    • Project Backlog Manager
    [infographic]

    Workshop: Tame the Project Backlog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Create a Project Backlog Battle Plan

    The Purpose

    Gauge the manageability of your project backlog in its current state.

    Calculate the total cost of your project backlog investments.

    Determine the root causes that contribute to the unmanageability of your project backlog.

    Key Benefits Achieved

    An understanding of the organizational need for more disciplined backlog management.

    Visibility into the costs incurred by the project backlog.

    An awareness of the sources that feed the growth of the project backlog and make it a challenge to maintain.

    Activities

    1.1 Calculate the sunk and marginal costs that have gone into your project backlog.

    1.2 Estimate the throughput of backlog items.

    1.3 Survey the root causes of your project backlog.

    Outputs

    The total estimated cost of the project backlog.

    A project backlog return-on-investment score.

    A project backlog root cause analysis.

    2 Execute a Near-Term Project Backlog Cleanse

    The Purpose

    Identify the most organizationally appropriate goals for your backlog cleanse.

    Pinpoint those items that warrant immediate removal from the backlog and establish a game plan for putting a bullet in them.

    Communicate backlog decisions with stakeholders in a way that minimizes friction and resistance. 

    Key Benefits Achieved

    An effective, achievable, and organizationally right-sized approach to cleansing the backlog.

    Criteria for cleanse outcomes and a protocol for carrying out the near-term cleanse.

    A project sponsor outreach plan to help ensure that decisions made during your near-term cleanse stick. 

    Activities

    2.1 Establish roles and responsibilities for the near-term cleanse.

    2.2 Determine cleanse scope.

    2.3 Develop backlog prioritization criteria.

    2.4 Prepare a communication strategy.

    Outputs

    Clear accountabilities to ensure the backlog is effectively minimized and outcomes are communicated effectively.

    Clearly defined and achievable goals.

    Effective criteria for cleansing the backlog of zombie projects and maintaining projects that are of strategic and operational value.

    A communication strategy to minimize stakeholder friction and resistance.

    3 Ensure Long-Term Project Backlog Manageability

    The Purpose

    Ensure ongoing backlog manageability.

    Make sure the executive layer is aware of the ongoing status of the backlog when making project decisions.

    Customize a best-practice toolkit to help keep the project backlog useful. 

    Key Benefits Achieved

    A list of pending projects that is minimal, maintainable, and of high value.

    Executive engagement with the backlog to ensure intake and approval decisions are made with a view of the backlog in mind.

    A backlog management tool and processes for ongoing manageability. 

    Activities

    3.1 Develop a project backlog management operating model.

    3.2 Configure a project backlog management solution.

    3.3 Assign roles and responsibilities for your long-term project backlog management processes.

    3.4 Customize a project backlog management operating plan.

    Outputs

    An operating model to structure your long-term strategy around.

    A right-sized management tool to help enable your processes and executive visibility into the backlog.

    Defined accountabilities for executing project backlog management responsibilities.

    Clearly established processes for how items get in and out of the backlog, as well as for ongoing backlog review.

    Implement Your Negotiation Strategy More Effectively

    • Buy Link or Shortcode: {j2store}225|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Forty-eight percent of CIOs believe their budgets are inadequate.
    • CIOs and IT departments are getting more involved with negotiations to reduce costs and risk.
    • Not all negotiators are created equal, and the gap between a skilled negotiator and an average negotiator is not always easy to identify objectively.
    • Skilled negotiators are in short supply.

    Our Advice

    Critical Insight

    • Preparation is critical for the success of your negotiation, but you cannot prepare for every eventuality.
    • Communication is the heart and soul of negotiations, but what is being “said” is only part of the picture.
    • Skilled negotiators separate themselves based on skillsets, and outcomes alone may not provide an accurate assessment of a negotiator.

    Impact and Result

    Addressing and managing critical negotiation elements helps:

    • Improve negotiation skills.
    • Implement your negotiation strategy more effectively.
    • Improve negotiation results.

    Implement Your Negotiation Strategy More Effectively Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create and follow a scalable process for preparing to negotiate with vendors, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. During

    Throughout this phase, ten essential negotiation elements are identified and reviewed.

    • Implement Your Negotiation Strategy More Effectively – Phase 1: During
    • During Negotiations Tool
    [infographic]

    Workshop: Implement Your Negotiation Strategy More Effectively

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 12 Steps to Better Negotiation Preparation

    The Purpose

    Improve negotiation skills and outcomes.

    Understand how to use the Info-Tech During Negotiations Tool.

    Key Benefits Achieved

    A better understanding of the subtleties of the negotiation process and an identification of where the negotiation strategy can go awry.

    The During Negotiation Tool will be reviewed and configured for the customer’s environment (as applicable).

    Activities

    1.1 Manage six key items during the negotiation process.

    1.2 Set the right tone and environment for the negotiation.

    1.3 Focus on improving three categories of intangibles.

    1.4 Improve communication skills to improve negotiation skills.

    1.5 Customize your negotiation approach to interact with different personality traits and styles.

    1.6 Maximize the value of your discussions by focusing on seven components.

    1.7 Understand the value of impasses and deadlocks and how to work through them.

    1.8 Use concessions as part of your negotiation strategy.

    1.9 Identify and defeat common vendor negotiation ploys.

    1.10 Review progress and determine next steps.

    Outputs

    Sample negotiation ground rules

    Sample vendor negotiation ploys

    Sample discussion questions and evaluation matrix

    Get Started With Artificial Intelligence

    • Buy Link or Shortcode: {j2store}345|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $24,469 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • It is hard to not hear about how AI is revolutionizing the world. Across all industries, new applications for AI are changing the way humans work and how we interact with technologies that are used in modern organizations.
    • It can be difficult to see the specific applications of AI for your business. With all of the talk about the AI revolution, it can be hard to tie the rapidly changing and growing field of AI to your industry and organization and to determine which technologies are worth serious time and investment, and which ones are too early and not worth your time.

    Our Advice

    Critical Insight

    • AI is not a magic bullet. Instead, it is a tool for speeding up data-driven decision making. A more appropriate term for current AI technology is data-enabled, automated, adaptive decision support. Use when appropriate.
    • Garbage in, garbage out still applies to AI ‒ and it is even more relevant! AI technology has its foundations in data. Lots of it. Relevant, accurate, and timely data is essential to the effective use of AI.
    • AI is a rapidly evolving field – and this means that you can learn from others more effectively. Using a use case-based approach, you can learn from the successes and failures of others to more rapidly narrow down how AI can show value for you.

    Impact and Result

    • Understand what AI really means in practice.
    • Learn what others are doing in your industry to leverage AI technologies for competitive advantage.
    • Determine the use cases that best apply to your situation for maximum value from AI in your environment.
    • Define your first AI proof-of-concept (PoC) project to start exploring what AI can do for you.
    • Separate the signal from the noise when wading through the masses of marketing material around AI.

    Get Started With Artificial Intelligence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to get up to speed with the rapid changes in AI technologies taking over the world today, review Info-Tech’s methodology, and understand the four ways we can support you on your AI journey.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Explore the possibilities

    Understand what AI really is in the modern world and how AI technologies impact the business functions.

    • Get Started With Artificial Intelligence – Phase 1: Explore the Possibilities

    2. Learn from your peers and give your AI a purpose

    Develop a good understanding of where AI is delivering value in your industry and other verticals. Determine the top three business goals to get value from your AI and give your AI a purpose.

    • Get Started With Artificial Intelligence – Phase 2: Learn From Your Peers and Give Your AI a Purpose

    3. Select your first AI PoC

    Brainstorm your AI PoC projects, prioritize and sequence your AI ideas, select your first AI PoC, and create a minimum viable business case for this use case.

    • Get Started With Artificial Intelligence – Phase 3: Select Your First AI PoC
    • Idea Reservoir Tool
    • Minimum Viable Business Case Document
    • Prototyping Workbook
    [infographic]

    Modernize Your Microsoft Licensing for the Cloud Era

    • Buy Link or Shortcode: {j2store}304|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $102,414 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Microsoft licensing is complicated. Often, the same software can be licensed a number of ways. It’s difficult to know which edition and licensing model is best.
    • Licensing and features often change with the release of new software versions, compounding the problem by making it difficult to stay current.
    • In tough economic times, IT is asked to reduce capital and operating expenses wherever possible. As one of the top five expense items in most enterprise software budgets, Microsoft licensing is a primary target for cost reduction.

    Our Advice

    Critical Insight

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented needs will be your best asset in navigating Microsoft licensing and negotiating your agreement.
    • Beware the bundle. Be aware when purchasing the M365 suite that there is no way out. Negotiating a low price is critical, as all leverage swings to Microsoft once it is on your agreement.
    • If the cloud doesn’t fit, be ready to pay up or start making room. Microsoft has drastically reduced discounting for on-premises products, support has been reduced, and product rights have been limited. If you are planning to remain on premises, be prepared to pay up.

    Impact and Result

    • Understand what your organization needs and what your business requirements are. It’s always easier to purchase more later than try to reduce your spend.
    • Complete cost calculations carefully, as the cloud might end up costing significantly more for the desired feature set. However, in some scenarios, it may be more cost efficient for organizations to license in the cloud.
    • If there are significant barriers to cloud adoption, discuss and document them. You’ll need this documentation in three years when it’s time to renew your agreement.

    Modernize Your Microsoft Licensing for the Cloud Era Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Modernize Your Microsoft Licensing Deck – A deck to help you build a strategy for your Microsoft licensing renewal.

    This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.

    • Modernize Your Microsoft Licensing for the Cloud Era – Phases 1-4

    2. Microsoft Cloud Products Cost Modeler – A tool to model estimated costs for Microsoft's cloud products.

    The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.

    • Microsoft Cloud Products Cost Modeler

    3. Microsoft Licensing Purchase Reference Guide - A template to capture licensing stakeholder information, proposed changes to licensing, and negotiation items.

    The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.

    • Microsoft Licensing Purchase Reference Guide

    4. Negotiation Timeline for Microsoft – A template to navigate your negotiations with Microsoft.

    This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.

  • 6-12 months
  • Less than 3 months
    • Negotiation Timeline for Microsoft – Visio
    • Negotiation Timeline for Microsoft – PDF

    5. Effective Licensing Position Tool – A template to help you create an effective licensing position and determine your compliance position.

    This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).

    • Effective Licensing Position Tool
    [infographic]

    Build a More Effective Brand Architecture

    • Buy Link or Shortcode: {j2store}571|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Neglecting to maintain the brand architecture can have the following consequences:

    • Inconsistent branding across product lines, services, and marketing communications.
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.

    Our Advice

    Critical Insight

    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Impact and Result

    Establishing and upholding a well-defined brand architecture is critical to achieve:

    • Easy recognition and visibility
    • Consistent branding
    • Operational efficiency
    • Customer loyalty
    • Ability to easily adapt to changes
    • Competitive differentiation
    • Distinctive brand image
    • Business success

    Build a More Effective Brand Architecture Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a More Effective Brand Architecture Storyboard – Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    We recommend a two-step approach that involves defining or reimagining the brand architecture. This means choosing the right strategy by analyzing the current brand portfolio, identifying the core brand elements, and determining and developing the structure that fits with the brand and business goals. A well-thought-out brand architecture also facilitates the integration of new brands and new product launches.

    • Build a More Effective Brand Architecture Storyboard

    2. Brand Architecture Strategy Template – The brand architecture template is a tool for creating a coherent brand identity.

    Create a brand identity that helps you launch new products and services, prepare for acquisitions, and modify your brand strategy. Allocate resources more effectively and identify new opportunities for growth. A brand architecture can provide insights into how different brands fit together and contribute to the overall brand strategy.

    • Brand Architecture Strategy Template

    Infographic

    Workshop: Build a More Effective Brand Architecture

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Brand Mind Mapping

    The Purpose

    The brand mind mapping workshop is an exercise that helps with visualizing brand architecture and improving coherence and effectiveness in brand portfolio management.

    Key Benefits Achieved

    This exercise can help businesses:

    Allocate their resources more effectively.

    Identify new opportunities for growth.

    Gain a competitive advantage in their market.

    Activities

    1.1 Brand Mind Mapping

    Outputs

    Visual representation of the brand architecture and its various components

    Further reading

    Build a More Effective Brand Architecture

    Strategically optimize your portfolio to increase brand recognition and value.

    Analyst perspective

    Brand Architecture

    Nathalie Vezina, Marketing Research Director, SoftwareReviews Advisory

    Nathalie Vezina
    Marketing Research Director
    SoftwareReviews Advisory

    This blueprint highlights common brand issues faced by companies, such as inconsistencies in branding and sub-branding due to absent or inadequate planning and documentation or non-compliance with the brand architecture. It emphasizes the importance of aligning or modifying the company's brand strategy with the existing architecture to create a consistent brand when launching new products, services, or divisions or preparing for acquisitions.

    Changing the brand architecture can be challenging, as it often requires significant resources, time, and effort. Additionally, there may be resistance from stakeholders who have become attached to the existing brand architecture and may not see the value in making changes. However, it's important for companies to address suboptimal brand architecture to ensure consistency and clarity in brand messaging and support business growth and success.

    This blueprint guides brand leaders on building and updating their brand architecture for optimal clarity, consistency, adaptability, and efficiency.

    Executive summary

    Your Challenge Common Obstacles SoftwareReviews’ Approach
    A company's brand architecture can help brand managers build a stronger brand that supports the company's goals and increases brand value. Failing to maintain the brand architecture can have the following consequences:
    • Inconsistent branding across product lines, services, and marketing communications
    • Employee confusion regarding product lines, services, and brand structure.
    • Difficulties in launching new products or services or integrating acquired brands.
    • Poor customer experience in navigating the website or understanding the offerings.
    • Inability to differentiate from competitors.
    • Weak brand equity and a lack of brand loyalty.
    Establishing and maintaining a clear brand architecture can pose significant issues for brand leaders. Despite these obstacles, defining the brand architecture can yield substantial benefits for businesses. Common constraints are:
    • Lack of knowledge on the subject, resulting in difficulties securing buy-in from stakeholders.
    • Siloed teams and competing priorities.
    • Limited resources and time constraints.
    • Resistance to change from employees or customers.
    • Inconsistent execution and adherence to brand guidelines.
    • Lack of communication and coordination when acquiring new brands.
    With focused and effective efforts and guidance, brand leaders can define or reimagine their brand architecture. Developing and maintaining a clear and consistent brand architecture involves:
    • Defining the brand architecture strategy.
    • Analyzing the current brand portfolio and identifying the core brand elements.
    • Determining and developing the proper brand structure.
    • Updating brand guidelines and messaging.
    • Rolling out the brand architecture across touchpoints and assets.
    • Facilitating the integration of new brands.
    • Monitoring and adjusting the architecture as needed for relevance to business goals.

    "[B]rand architecture is like a blueprint for a house...the foundation that holds all the pieces together, making sure everything fits and works seamlessly."
    Source: Verge Marketing

    The basics of brand architecture

    The significance of brand hierarchy organization

    Brand architecture is the hierarchical organization and its interrelationships. This includes shaping the brand strategy and structuring the company's product and service portfolio.

    A well-designed brand architecture helps buyers navigate a company's product offerings and creates a strong brand image and loyalty.

    A company's brand architecture typically includes three levels:

    • Master or parent brand
    • Sub-brands
    • Endorsed brands

    Choosing the right architecture depends on business strategy, products and services, and target audience. It should be reviewed periodically as the brand evolves, new products and services are launched, or new brands are acquired.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Enhancing a company's brand hierarchy for better business outcomes

    Maximize brand strategy with a well-defined and managed brand architecture.

    Align brand architecture with business goals
    A well-defined brand architecture aligned with business objectives contributes to building brand recognition, facilitating brand extension, and streamlining brand portfolio management. In addition, it improves marketing effectiveness and customer experience.
    With a clear and consistent brand architecture, companies can strengthen their brand equity, increase awareness and loyalty, and grow in their competitive environment.

    Effectively engage with the desired buyers
    A clear and consistent brand architecture enables companies to align their brand identity and value proposition with the needs and preferences of their target audience, resulting in increased customer loyalty and satisfaction.
    Establishing a unique market position and reinforcing brand messaging and positioning allows companies to create a more personalized and engaging customer experience, driving business growth.

    Maintain a competitive edge
    An effective brand architecture allows companies to differentiate themselves from their competitors by establishing their unique position in the market. It also provides a structured framework for introducing new products or services under the same brand, leveraging the existing one.
    By aligning their brand architecture with their business objectives, companies can achieve sustainable growth and outperform their competitors in the marketplace.

    "A well-defined brand architecture provides clarity and consistency in how a brand is perceived by its audience. It helps to create a logical framework that aligns with a brand's overall vision and objectives."
    Source: LinkedIn

    Pitfalls of neglecting brand guidelines

    Identifying the negative effects on business and brand value.

    Deficient brand architecture can manifest in various ways.

    Here are some common symptoms:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line

    Brand architecture helps to ensure that your company's brands are aligned with your business goals and objectives, and that they work together to create a cohesive and consistent brand image.

    The most common obstacles in developing and maintaining a clear brand architecture

    Establishing and maintaining a clear brand architecture requires the commitment of the entire organization and a collaborative effort.

    Lack of stakeholder buy-in > Resistance to change

    Siloed teams > Inconsistent execution

    Limited resources > Lack of education and communication

    Types of brand architectures

    Different approaches to structuring brand hierarchy

    Brand architecture is a framework that encompasses three distinct levels, each comprising a different type of branding strategy.

    Types of brand architectures

    Examples of types of brand architectures

    Well-known brands with different brand and sub-brands structures

    Examples of types of brand architectures

    Pros and cons of each architecture types

    Different approaches to organizing a brand portfolio

    The brand architecture impacts the cohesiveness, effectiveness, and market reach. Defining or redefining organization changes is crucial for company performance.

    Branded House Endorsed Brands House of Brands
    Other Designations
    • "Monolithic brands"
    • "Sub-brands"
    • "Freestanding brands"
    Description
    • Single brand name for all products/services
    • Creates a unique and powerful image that can easily be identified
    • The master brand name endorses a range of products/services marketed under different sub-brands
    • Decentralized brands
    • Can target diverse markets with separate brand names for each product/service
    Marketing & Comms
    • Highly efficient
    • Eliminates split branding efforts by product/service
    • Product differentiation and tailoring messages to specific customer segments are limited
    • Each brand has its unique identity
    • Benefit from the support and resources of the master brand
    • Allows for unique branding and messaging per products/services for specific customer segments
    • Can experiment with different offerings and strategies
    Impact on Sales
    • Good cross-selling opportunities by leveraging a strong brand name
    • Benefit from the master brand's credibility, building customer trust and increasing sales
    • Tailored marketing to specific segments can increase market share and profitability
    • Creates competitive advantage and builds loyalty
    Cost Effectiveness
    • Cost-effective
    • No separate branding efforts per product/service
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    • Lack of economy of scale
    • Fragmentation of resources and duplication of effort
    Reputation and Image
    • More control over the brand image, messages, and perception, leading to strong recognition
    • Increased vulnerability to negative events can damage the entire brand, products/services offered
    • Mitigated risk, protecting the master brand's reputation and financial performance
    • Negative events with one brand can damage the master and other brands, causing a loss of credibility
    • Reduced risk, safeguarding the master brand's reputation and financial performance
    • Each brand builds its own equity, enhancing the company's financial performance and value
    Consistency
    • Ensures consistency with the company's brand image, values, and messaging
    • Helps build trust and loyalty
    • Inconsistent branding and messaging can cause confusion and misunderstandings
    • Unclear link between master/endorsed brands
    • Reduces trust and brand loyalty
    • Difficult to establish a clear and consistent corporate identity
    • Can reduce overall brand recognition and loyalty

    Brand naming decision tree

    Create a naming process for brand alignment and resonance with the target audience

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Brand naming decision tree

    To ensure a chosen name is effective and legally/ethically sound, consider the ease of pronunciation/spelling, the availability for registration of brand/domain name, any negative connotations/associations in any language/culture, and potential legal/ethical issues.

    Advantages of defining brand architecture

    Maximize your brand potential with a clear architecture strategy.

    Clear offering

    Adaptability

    Consistent branding

    Competitive differentiation

    Operational efficiency

    Strong brand identity

    Customer loyalty

    Business success

    "Responding to external influences, all brands must adapt and change over time. A clear system can aid in managing the process, ensuring that necessary changes are implemented effectively and efficiently."
    Source: The Branding Journal

    SoftwareReviews' brand architecture creation methodology

    Develop and Implement a Robust Brand Architecture

    Phase Steps

    Step 1 Research and Analysis
    1.1 Define brand architecture strategy
    1.2 Brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcomes
    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments are made on an ongoing basis for consistency and relevance to business goals

    Insight summary

    Brand Architecture: Organize and manage your portfolio of brands
    Brand architecture is the way a company organizes and manages its portfolio of brands to achieve strategic goals. It encompasses the relationships between brands, from sub-brands to endorsed brands to independent brands, and how they interact with each other and with the master brand. With a clear brand architecture, businesses can optimize their portfolio, enhance their competitive position, and achieve sustainable growth and success in the long run.

    Aligning brand architecture to business strategy
    Effective brand architecture aligns with the company's business strategy, marketing objectives, and customer needs. It provides clarity and coherence to the brand portfolio, helps customers navigate product offerings, and maximizes overall equity of the brand.

    Choosing between three types of brand architecture
    A company's choice of brand architecture depends on factors like product range, target markets, and strategic objectives. Each approach, Branded House, Endorsed, or House of Brands, has its own pros and cons, and the proper option relies on the company's goals, resources, and constraints.

    A logical brand hierarchy for more clarity
    The order of importance of brands in the portfolio, including the relationships between the master and sub-brands, and the positioning of each in the market is fundamental. A clear and logical hierarchy helps customers understand the value proposition of each brand and reduces confusion.

    A win-win approach
    Clear brand architecture can help customers easily navigate and understand the product offering, reinforce the brand identity and values, and improve customer loyalty and retention. Additionally, it can help companies optimize their marketing strategies, streamline their product development and production processes, and maximize their revenue and profitability.

    Brand architecture, an ongoing process
    Brand architecture is not a one-time decision but an ongoing process that requires regular review and adjustment. As business conditions change, companies may need to revise their brand portfolio, brand hierarchy, or brand extension and acquisition strategies to remain competitive and meet customer needs.

    Brand architecture creation tools

    This blueprint comes with tools to help you develop your brand architecture.

    Brand Architecture Toolkit

    This kit includes a Brand Architecture Mini-Audit, a Brand Architecture template, and templates for Brand Matrix, Ecosystem, and Development Strategy.

    Use this kit to develop a strong brand architecture that aligns with your business goals, clarifies your brand portfolio, and enhances overall brand equity.

    Brand Architecture Toolkit

    Brand Architecture

    Develop a robust brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    "A brand architecture is the logical, strategic, and relational structure for your brands, or put another way, it is the entity's 'family tree' of brands, sub-brands, and named products."
    Source: Branding Strategy Insider

    Consequences of Neglected Brand Guidelines

    When a company neglects its brand architecture and guidelines, it can result in a number of negative consequences, such as:

    • Lack of clarity around the brand's personality and values
    • Inconsistent messaging and branding
    • Inability to differentiate from competitors
    • Weak brand identity
    • Confusion among customers and employees
    • Difficulty launching new products/services or integrating acquired brands
    • Lack of recognition and trust from consumers, leading to potential negative impacts on the bottom line.

    Benefits of SoftwareReviews' Methodology

    By following SoftwareReviews' methodology to develop and maintain a brand architecture, businesses can:

    • Establish a unique market position and stand out from competitors
    • Ensure that marketing efforts are focused and effective
    • Create personalized and engaging customer experiences
    • Reinforce messaging and positioning
    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness

    Marq, formerly Lucidpress, surveyed over 400 brand management experts and found that "if the brand was consistent, revenue would increase by 10-20%."

    Methodology for Defining Brand Architecture

    Who benefits from this research?

    This research is designed for:

    • Organizations that value their brand and want to ensure that it is communicated effectively and consistently across all touchpoints.
    • Business owners, marketers, brand managers, creative teams, and anyone involved in the development and implementation of brand strategy.

    This research will also assist:

    • Sales and customer experience teams
    • Channel partners
    • Buyers

    This research will help you:

    • Establish a unique market position and stand out from competitors.
    • Create a more personalized and engaging customer experience.
    • Ensure that marketing efforts are focused and effective.
    • Reinforce brand messaging and positioning.

    This research will help them:

    • Increase customer loyalty and satisfaction
    • Build brand recognition and awareness
    • Drive business growth and profitability.

    SoftwareReviews offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
    Included Within Advisory Membership Optional Add-Ons

    Guided Implementation

    What does a typical GI on this topic look like?

    Research & Analysis
    Call #1: Discuss brand architecture strategy (define objectives, scope and stakeholders). Call #3: Identify core brand components and ensure they align with the brand strategy. Call #5: Develop or update brand guidelines. Optional Calls:
    • Brand Diagnostic
    • Brand Strategy and Tactics
    • Brand Voice Guidelines
    • Asset Creation and Management
    • Brand Messaging
    Call #2: Conduct a brand audit. Call #4: Define and document the brand hierarchy. Call #6: Roll out the brand architecture and monitoring.

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews Marketing Analyst to help implement our best practices in your organization.

    Your engagement managers will work with you to schedule analyst calls.

    Brand Mind Mapping Workshop Overview

    Total duration: 3-4 hours

    Activities
    Visually map out the different elements of your brand portfolio, including corporate brands, sub-brands, product brands, and their relationships with each other.

    The workshop also aims to explore additional elements, such as brand expansions, acquisitions, and extensions, and brand attributes and positioning.

    Deliverables
    Get a mind map that represents the brand architecture and its various components, which can be used to evaluate and improve the overall coherence and effectiveness of the brand portfolio. The mind map can also provide insights into how different brands fit together and contribute to the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template, slides 7 and 8

    Brand Mind Mapping

    Contact your account representative for more information
    workshops@infotech.com | 1-888-670-8889

    Get started!

    Develop a brand architecture that supports your business goals, clarifies your brand portfolio, and enhances your overall brand equity.

    Develop and Implement a Robust Brand Architecture

    Step 1 Research and Analysis
    1.1 Define architecture strategy
    1.2 Perform brand audit
    1.3 Identify brand core elements

    Step 2 Development and Implementation
    2.1 Determine brand hierarchy
    2.2 Develop or update brand guidelines
    2.3 Roll out brand architecture

    Phase Outcome

    • Brand current performance is assessed
    • Issues are highlighted and can be addressed
    • Brand structure is developed and implemented across touchpoints and assets
    • Adjustments made on an ongoing basis for consistency and relevance to business goals

    Develop and implement a robust brand architecture

    Steps 1.1, 1.2 & 1.3 Define architecture strategy, audit brand, and identify core elements.

    Total duration: 2.5-4.5 hours

    Objective
    Define brand objectives (hierarchy, acquired brand inclusion, product distinction), scope, and stakeholders. Analyze the brand portfolio to identify gaps or inconsistencies. Identify brand components (name, logo, tagline, personality) and align them with the brand and business strategy.

    Output
    By completing these steps, you will assess your current brand portfolio and evaluate its consistency and alignment with the overall brand strategy.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Diagnose Brand Health to Improve Business Growth Blueprint (optional)
    • Brand Awareness Strategy Template (optional)

    1.1 Define Brand Architecture Strategy
    (60-120 min.)

    Define

    Define brand objectives (hierarchy, inclusion of an acquired brand, product distinction), scope, and stakeholders.

    1.2 Conduct Brand Audit
    (30-60 min.)

    Assess

    Assess the state of your brand architecture using the "Brand architecture mini-audit checklist," slide 9 of the Brand Architecture Strategy Template. Check the boxes that correspond to the state of your brand architecture. Those left unchecked represent areas for improvement.

    For a more in-depth analysis of your brand performance, follow the instructions and use the tools provided in the Diagnose Brand Health to Improve Business Growth blueprint (optional).

    1.3 Identify Core Brand Elements
    (60-90 min.)

    Identify

    Define brand components (name, logo, tagline, personality). Align usage with strategy. You can develop your brand strategy, if not already existing, using the Brand Awareness Strategy Template (optional).

    Tip!

    Continuously monitor and adjust your brand architecture - it's not static and should evolve over time. You can also adapt your brand strategy as needed to stay relevant and competitive.

    Develop and implement a robust brand architecture

    Steps 2.1. 2.2 & 2.3 Develop brand hierarchy, guidelines, and rollout architecture.

    Total duration: 3.5-5.5 hours

    Objective
    Define your brand structure and clarify the role and market position of each. Create concise brand expression guidelines, implement them across all touchpoints and assets, and adjust as needed to stay aligned with your business goals.

    Output
    This exercise will help you establish and apply your brand structure, with a plan for ongoing updates and adjustments to maintain consistency and relevance.

    Participants

    • Business owners
    • Head of Branding and anyone involved with the brand strategy

    Tools

    • Brand Architecture Template
    • Brand Voice Guidelines
    • Brand Messaging Template
    • Asset Creation and Management List Template

    2.1 Determine Brand Hierarchy
    (30-60 min.)

    Analyze & Document

    In the Brand Architecture Strategy Template, complete the brand matrix, ecosystem, development strategy matrix, mind mapping, and architecture, to develop a strong brand architecture that aligns with your business goals and clarifies your brand portfolio and market position.

    2.2 Develop/Update Brand Guidelines
    (120-180 min.)

    Develop/Update

    Develop (or update existing) clear, concise, and actionable brand expression guidelines using the Brand Voice Guidelines and Brand Messaging Template.

    2.2 Rollout Brand Architecture
    Preparation (60-90 min.)

    Create & Implement

    Use the Asset Creation and Management List Template to implement brand architecture across touchpoints and assets.

    Monitor and Adjust

    Use slide 8, "Brand Strategy Development Matrix," of the Brand Architecture Strategy Template to identify potential and future brand development strategies to build or enhance your brand based on your current brand positioning and business goals. Monitor, and adjust as needed, for relevance to the brand and business strategy.

    Tip!

    Make your brand architecture clear and simple for your target audience, employees, and stakeholders. This will avoid confusion and help your audience understand your brand structure.

    Prioritizing clarity and simplicity will communicate your brand's value proposition effectively and create a strong brand that resonates with your audience and supports your business goals.

    Related SoftwareReviews research

    Diagnose Brand Health to Improve Business Growth

    Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix them.

    • Increase brand awareness and equity.
    • Build trust and improve customer retention and loyalty.
    • Achieve higher and faster growth.

    Accelerate Business Growth and Valuation by Building Brand Awareness

    Successfully build awareness and help the business grow. Stand out from the competition and continue to grow in a sustainable way.

    • Get a clear understanding of the buyer's needs and your key differentiator.
    • Achieve strategy alignment and readiness.
    • Create and manage assets.

    Bibliography

    "Brand Architecture: Definition, Types, Strategies, and Examples." The Branding Journal, 2022.

    "Brand Architecture: What It Is and How to Build Your Brand's Framework." HubSpot, 2021.

    "Brand Architecture Framework." Verge Marketing, 2021.

    "Brand consistency-the competitive advantage and how to achieve it." Marq/Lucidpress, 2021.

    "Building brands for growth: A fresh perspective." McKinsey & Company. Accessed on 31 March 2023.

    Daye, Derrick. "Brand Architecture Strategy Guide." Branding Strategy Insider, The Blake Project, 13 May 2021.

    Todoran, Adrian. "Choosing the Perfect Brand Architecture Strategy for Your Business." LinkedIn, 2023.

    Implement a Social Media Program

    • Buy Link or Shortcode: {j2store}560|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • IT is being caught in the middle of various business units, all separately attempting to create, staff, implement, and instrument a social media program.
    • Requests for procuring social media tools and integrating with CRM systems are coming from all directions, with no central authority governing a social media program or coordinating business goals.
    • Public Relations and Corporate Communications groups have been acting as the first level of response to social media channels since the company’s first Twitter account went live, but the volume of inquiries received through social channels has become too great for these groups to continue in a first responder role.

    Our Advice

    Critical Insight

    • Social media immaturity is an opportunity for IT leadership. As with so many of the “next new things,” IT has an opportunity to help the business understand social media technologies, trends, and risks, and coordinate efforts to approach social media as a united company.
    • Social media maturity must reach the Social Media Steering Committee stage before major investments in technology can proceed. As with all business initiatives, technology automation decisions cannot be made without respect to organizational and process maturity. Social media strategy stakeholders must join together and form a steering committee to create policies and procedures, govern strategy, develop workflows, and facilitate technology selection processes. IT not only belongs on such a steering committee, but it can also be instrumental in the formation of it.
    • Info-Tech’s research repeatedly indicates that the greatest return from social media investments is in the customer service domain, by reacting to incoming social inquiries and proactively listening to social conversations for product and service inquiry opportunities. This means CRM integration is essential to long-term social media program success.

    Impact and Result

    • Assess your organization’s social maturity to know where to begin and where to go in implementation of a social media program.
    • Form a social media steering committee to bring order to chaos among different business units.
    • Develop comprehensive workflows to categorize and prioritize inquiries, and then route them to the appropriate part of the business for resolution.
    • Consider creating one or more physical social media command centers to process large volumes of social inquiries more efficiently and monitor real-time social media metrics to improve critical response times.

    Implement a Social Media Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess your organization's social maturity

    Know where to begin and where to go in implementation of a social media program.

    • Storyboard: Implement a Social Media Program
    • Social Media Maturity Assessment Tool

    2. Form a social media steering committee

    Bring order to chaos among different business units.

    • Social Media Steering Committee Charter Template
    • Social Media Acceptable Use Policy
    • Blogging and Microblogging Guidelines Template

    3. Consider creating one or more physical social media command centers

    Process large volumes of social inquiries more efficiently, and monitor real-time social media metrics to improve critical response times.

    • Social Media Representative
    • Social Media Manager
    [infographic]

    Take Advantage of Big Tech Layoffs

    • Buy Link or Shortcode: {j2store}573|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select

    Tech layoffs have been making the news over the past year, with thousands of Big Tech employees having been laid off. After years of record low unemployment in IT, many leaders are looking to take advantage of these layoffs to fill their talent gaps.

    However, IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations, or dive in and secure great talent to execute today on strategic needs. This research is designed to help those IT leaders who are looking to take advantage employee effective talents to secure talent.

    • With the impact of the economic slowdown still unknown, the first question IT leaders need to ask is whether now is the time to act.
    • Even with these layoffs, IT unemployment rates are at record lows, with many organizations continuing to struggle to attract talent. While these layoffs have opened a window, IT leaders need to act quickly to secure great talent.

    Our Advice

    Critical Insight

    The “where has the talent gone?” puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn’t sustainable. This correction won’t impact unemployment numbers in the short term – the job force is just in flux right now.

    Impact and Result

    This research is designed to help IT leaders understand the talent market and to provide winning tactics to those looking to take advantage of the layoffs to fill their hiring needs.

    Take Advantage of Big Tech Layoffs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Advantage of Big Tech Layoffs Storyboard – A snapshot of the current talent market in IT and quick tactics IT leaders can employ to improve their hiring process to find and attract tech talent.

    Straightforward tactics you can execute to successfully recruit IT staff impacted by layoffs.

    • Take Advantage of Big Tech Layoffs Storyboard

    2. IT Talent Acquisition Optimization Tool – Use this tool to document the current and future talent acquisition process.

    To hire efficiently, create a clear, consistent talent acquisition process. The IT Talent Acquisition Process Optimization Tool will help to:

  • Map out the current talent acquisition workflow
  • Identify areas of opportunity and potential gaps in the current process
    • IT Talent Acquisition Optimization Tool
    [infographic]

    Further reading

    Take Advantage of Big Tech Layoffs

    Simple tactics to secure the right talent in times of economic uncertainty.

    Why are the layoffs making the news?

    After three years of record low unemployment rates in IT and organizations struggling to hire IT talent into their organization, the window appears to be opening with tens of thousands layoffs from Big Tech employers.

    Big brand organizations such as Microsoft, Alphabet, Amazon, Twitter, Netflix, and Meta have been hitting major newswires, but these layoffs aren't exclusive to the big names. We've also seen smaller high-growth tech organizations following suit. In fact, in 2022, it's estimated that there were more than 160,997 layoffs across over 1,045 tech organizations. This trend has continued into 2023. By mid-February 2023, there were already 108,754 employees laid off at 385 tech companies (Layoffs.fyi).(1)

    While some of these layoffs have been openly connected to economic slowdown, others are pointing to the layoffs being a correction for over-hiring during the pandemic. It is also important to note that many of these workers were not IT employees, as these organizations also saw cuts across other areas of the business such as sales, marketing, recruitment, and operations.

    (1)This global database is constantly being updated, and these numbers are changing on an ongoing basis. For up-to-date statistics, see https://layoffs.fyi

    While tech layoffs have been making the news, so far many of these layoffs have been a correction to over-hiring, with most employees laid off finding work, if they want it, within three months.

    IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations or dive in and secure great talent to execute today on strategic needs.

    This research is designed to help IT leaders understand the talent market and provide winning strategies to those looking to take advantage of the layoffs to fill their hiring needs.

    Three key drivers for Big Tech layoffs

    Economic uncertainty

    Globally, economists are predicting an economic slowdown, though there is not a consistent prediction on the impact. We have seen an increase in interest rates and inflation, as well as reduced investment budgets.

    Over-hiring during the pandemic

    High growth and demand for digital technologies and services during the early pandemic led to over-hiring in the tech industry. Many organizations overestimated the future demand and had to rebalance staffing as a result.

    New automation investments

    Many tech organizations that have conducted layoffs are still in a growth mindset. This is demonstrated though new tech investments by these companies in products like chatbots and RPA to semi-automate processes to reduce the need for certain roles.

    Despite layoffs, the labor market remains competitive

    There were at least 160,997 layoffs from more than 1,045 tech companies last year (2022). (Layoffs.fyi reported as of Feb 21/2023)

    But just because Big Tech is laying people off doesn't mean the IT job market has cooled.

    Between January and October 2022 technology- focused job postings rose 25% compared to the same period in 2021, and there were more than 375,000 tech jobs posted in October of 2022.
    (Dice: Tech Jobs Report.)

    Info-Tech Insight

    The "where has the talent gone?" puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn't sustainable. This correction won't impact unemployment numbers in the short term – the job force is just in flux right now.

    So far, many of the layoffs have been a market correction

    Tech Layoffs Since COVID-19

    This is an image of a combo line graph plotting the number of tech layoffs from Q1 2020 to Q4 2022.

    Source: Layoffs.fyi - Tech Layoff Tracker and Startup Layoff Lists

    Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    This is an image of a bar graph plotting Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    Source: Yahoo Finance. Q4 '19 to Q3 '22

    Tech Layoffs between 2020 Q3- 2022 Q1 remained very low across the sector. In fact, outside of the initial increase at the start of the pandemic, layoffs have remained at historic low levels of around 1% (HBR, 2023). While the layoffs look significant in isolation, when you compare these numbers to pandemic hiring and growth for these organizations, the figures are relatively small.

    The first question IT leaders need to ask is whether now is the time to act

    The big gamble many CIOs face is whether to strike now to secure talent or to wait to better understand the impact of the recession. While two-thirds of IT professionals are still expecting their budgets to increase in 2023, CIOs must account for the impact of inflation and the recession on their IT budgets and staffing decisions (see Info-Tech's CEO-CIO Alignment Program).

    Ultimately, while unemployment is low today, it's common to see unemployment numbers drop right before a recession. If that is the case, then we will see more talent entering the market, possibly at more competitive salaries. But organizations that wait to hire risk not having the staff they need to execute on their strategy and finding themselves in a hiring freeze. CIOs need to decide on how to approach the economic uncertainty and where to place their bets.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    This is an image of anticipated changes to IT spending compared to 2022 for the following categories: Decrease of more than 30%; Decrease between 16-30%; Decrease between 6-15%; Decrease between 1-5%; No Change; Increase between 1-5%; Increase between 6-15%; Increase between 16-30%; Increase of more than 30%

    Info-Tech's CEO-CIO Alignment Program

    Organizations ready to take advantage will need to act fast when layoffs happen

    Organizations looking to fill hiring needs or grow their IT/digital organization will need to be strategic and efficient when it comes to recruitment. Regardless of the number of layoffs, it continues to be an employee market when it comes to IT roles.

    While it is likely that the recession will impact unemployment rates, so far, the market remains hot, and the number of open roles continues to grow. This means that organizations that want to take advantage need to act quickly when news hits.

    Leaders not only need to compete with other organizations for talent, but the other challenge hiring organizations will need to compete with is that many in tech received generous severance packages and will be considering taking time off. To take advantage, leaders need to establish a plan and a clear employee value proposition to entice these highly skilled workers to get off the bench.

    Why you need to act fast:

    • Unemployment rates remain low:
      • Tech unemployment's rates in the US dropped to 1.5% in January 2023 (CompTIA), compared to overall unemployment which is at 3.4% in the US as of January 2023 (Yahoo Finance). While the layoffs look significant, we can see that many workers have been rehired into the labor market.
    • Long time-to-hire results in lost candidates:
      • According to Info-Tech's IT Talent Trend Report, 58% of IT leaders report time-to-hire is longer than two months. This timing increases for tech roles which require unique skills or higher seniority. IT leaders who can increase the timeline for their requirement process are much more likely to be able to take advantage of tech layoffs.

    IT must take a leading role in IT recruitment to take advantage of layoffs

    A personal connection is the differentiator when it comes to talent acquisition

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and the effectiveness of this process in the IT department. The more involved they are, the higher the effectiveness.(1)

    More IT leadership involvement

    An image of two upward facing arrows. The left arrow is faded purple, and the right arrow is dark purple.

    Higher recruitment effectiveness

    Involved leaders see shorter times to hire

    There is a statistically significant relationship between IT leadership involvement in the talent acquisition process and time to fill vacant positions. The more involved they are, the shorter the time to hire.(2)

    Involved leaders are an integral part of effective IT departments

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and overall IT department effectiveness. Those that are more involved have higher levels of effectiveness.(3)

    Increased IT Leadership in Recruitment Is Directly Correlated to Recruitment Effectiveness.

    This is an image of a combo bar graph plotting Overall Effectiveness for IT leadership involvement in recruitment.

    Focus your layoff recruitment strategy on critical and strategic roles

    If you are ready to take advantage of tech layoffs, focus hiring on critical and strategic roles, rather than your operational backfills. Roles related to security, cloud migration, data and analytics, and digital transformation are more likely to be shielded from budget cuts and are logical areas to focus on when looking to recruit from Big Tech organizations.

    Additionally, within the IT talent market, scarcity is focused in areas with specialized skill sets, such as security and architecture, which are dynamic and evolving faster than other skill sets. When looking to recruit in these areas, it's critical that you have a targeted recruitment approach; this is why tech layoffs represent a strong opportunity to secure talent in these specialized areas.

    ROLES DIFFICULT TO FILL

    An image of a bar graph plotting roles by difficulty to fill.

    Info-Tech Talent Trends 2022 Survey

    Four quick tactics to take advantage of Big Tech layoffs

    TALENT ACQUISITION PROCESS TO TAKE ADVANTAGE OF LAYOFFS

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following four steps: 1 Prepare organization and job ads for recruitment.  2 Actively track and scan for layoff activity.  3 Prioritize and screen candidates using salary benchmarks and keywords.  4 Eliminate all unnecessary hiring process steps.

    Guided Implementation

    What does a typical GI on this topic look like?

    Step 1 Step 2 Step 3 Step 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: IT job ad review.

    Call #4: Identify screening and sourcing opportunities.

    Call #5: Review your IT talent acquisition process.

    Call #3: Employee value proposition review.

    Call #7: Refine your talent acquisition process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Tactics to take advantage of tech layoffs

    Activities

    1.1 Spot check your employee value proposition
    1.2 Update job advertisements
    1.3 Document your talent acquisition process
    1.4 Refine your talent acquisition process

    This step involves the following participants:

    • IT executive leadership
    • IT hiring manager
    • Human resources
    • Marketing/public relations

    Outcomes of this step

    Streamlined talent acquisition process tailored to take advantage of tech layoffs.

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following fo steps: 1 Prepare organization and job ads for recrtment.  2 Actively track and scan for layoff aivity.  3 Prioritize and screen candidates using salary benchmarks and kwords.  4 Eliminate all unnecessary hiring process steps.

    Requisition: update job ads and secure approval to hire

    Critical steps:

    1. Ensure you have secured budget and hiring approval.
    2. Identify an IT recruitment partner within the IT organization who will be accountable for working with HR throughout the process and who will actively track and scan for recruitment opportunities.
    3. Update your IT job descriptions.
    4. Spot check your employee value proposition (EVP) to appeal to targeted candidates (Exercise 1.1).
    5. Write employee job ads for relevant skills and minimum viable experience (Exercise 1.2).
    6. Work with HR to develop your candidate outreach messages – ensure that your outreach is empathetic, aligns with your EVP, and focuses on welcoming them to apply to a role.

    The approval process to activate a requisition can be one of the longest stages in the talent acquisition process. Ensure all your roles are up to date and approved so you can trigger outreach as soon as news hits; otherwise, you'll be late before you've even begun.

    Your employee value proposition (EVP) is a key tool for attracting and retaining talent

    Any updates to your EVP need to be a genuine reflection of the employee experience at your organization – and should resonate internally and externally.

    Internal (retention) perspective: These characteristics help to retain new and existing talent by ensuring that new hires' expectations are met and that the EVP is experienced throughout the organization.

    External (attraction) perspective: These characteristics help to attract talent and are targeted so the right candidates are motivated to join, while those who aren't a good fit will self-select out.

    McLean & Company's Employee Value Proposition Framework

    This is an image of McLean & Company's Employee Value Proposition Framework.  It is divided into Retain and Attract.  under Retain, are the following three headings: Aligned; Accurate; Aspirational.  Under Attract are: Compelling; Clear; Comprehensive.

    Source: McLean & Company

    1.1 Spot check your EVP

    1-3 hours

    1. Review your existing IT employee value proposition. If you do not have an EVP, see Info-Tech's comprehensive research Improve the IT Recruitment Process to draft a new EVP.
    2. Invite a representative group of employees to participate in a working group to improve your employee value proposition. Ask each participant to brainstorm the top five things they value most about working at the organization.
    3. Consider the following categories: work environment, career advancement, benefits, and ESG and diversity impact. Brainstorm as a group if there is anything unique your organization offers with regard to these categories.
    4. Compare your notes to your existing EVP, identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the categories above. Remove any statements that no longer speak to who you are as an organization or what you offer.

    Input

    • Existing employee value proposition
    • Employee Engagement Surveys (If Available)

    Output

    • Updated employee value proposition

    Materials

    • Whiteboard/flip charts
    • Job ad template

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    Four critical factors considered by today's job seeker

    1. Be specific about remote work policies: Include verbiage about whether there is an option to work hybrid or remote. 81% of job seekers stated that whether a job is remote, hybrid, or in-person was a top factor in whether they'd accept an offer (Benefits Canada, 2022).
    2. Career advancement and stability: "37% of Gen Z employees and 25% of millennial employees are currently looking for a job that offers career progression transparency — or, in other words, a job with clear opportunities for growth. This is significantly higher than our findings for older generations Gen X (18%) and baby boomers (7%)," (Lattice, 2021).
    3. Unique benefits: Consider your unique benefits – it's not the Big Tech "fun perks" like slides and ping pong that drive interest. Employees are increasingly looking for roles with long-term benefits programs. 90% of job seekers consider higher pension contributions to be a key factor, and 85% are considering bonuses/profit sharing" (Benefits Canada, 2022). Candidates may accept lower total compensation in exchange for flexibility, culture, work/life balance that was lacking in the start-up scene or the mega-vendors' fast-paced world.
    4. ESG and diversity impact: Include details of how the candidate will make a societal impact through their role, and how the company is acting on climate and sustainability. "Nearly two in five [Gen Z's and millennials] say they have rejected a job or assignment because it did not align with their values," (Deloitte Global, 2022).

    Update or establish job ads for candidate outreach

    Take the time up front to update your IT job descriptions and to write effective job advertisements. A job advertisement is an external-facing document that advertises a position with the intent of attracting job applicants. It contains key elements from the job description as well as information on the organization and its EVP. A job description informs a job ad, it doesn't replace it.
    When updating job descriptions and job ads, it's critical that your requirements are an accurate representation of what you need in the position. For the job ads especially, focus on the minimum requirements for the role, highlight your employee value proposition, and ensure that they are using inclusive language.
    Don't be lulled into using a job description as a posting when there's a time crunch to fill a position – use your preparation time to complete this key step.

    Three tips to consider when building a job ad

    Include the minimum desired requirements

    Include the required skills, responsibilities, and certifications required. Instead of looking for a unicorn, look for what you need and a demonstrated ability to learn. 70% of business executives say they are getting creative about sourcing for skills rather than just considering job experience (Deloitte Insights, 2022).

    Strategically include certifications

    When including certifications, ensure you have validated the process to be certified – i.e. if you are hiring for a role with 3-5 years' experience, ensure that the certification does not take 5-10 years of experience be eligible.

    Use inclusive language

    Consider having a review group within your IT organization to ensure the language is inclusive, that the responsibilities don't read as overly complex, and that it is an accurate representation of the organization's culture.

    1.2 Update or build job ads

    1-3 hours

    1. Begin with a copy of the job ad you are looking to fill, if you haven't begun to draft the role, start with Info-Tech's Job Description Library and Info-Tech's Job Ad Template.
    2. Review the job accountabilities, rank each responsibility based on its importance and volume of work. Determine if there are any responsibilities that are uncommon to be executed by the role and remove unnecessary responsibilities.
    3. For each of the job accountabilities, identify if there is a level of experience, knowledge or competency that would be the minimum bar for a candidate. Remove technical skills, specific technologies, and competencies that aren't directly relevant to the role, responsibilities or values.
    4. Review the education and requirements, and ensure that any certification or educational background is truly needed or suggested.
    5. Use the checklist on the following tab to review and update your job ad.

    Input

    • Job description
    • Employee value proposition
    • Job ad template

    Output

    • Completed job ad

    Materials

    • Whiteboard/flip charts
    • Web share

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    1.2 Job ad checklist:

    A job ad needs to be two things: effective and inclusive.

    Effective

    The job ad does include:

    The organization's logo.
    Description of the organization.
    Information about benefits.
    A link to the organization's website and social media platforms.
    Steps in the application process and what candidates can expect.

    The job ad:

    Paints an accurate picture of key aspects of the role.
    Tells a story to show potential candidates how the role and organization will fit into their career path (outlines potential career paths, growth opportunities, training, etc.).
    Does not contain too many details and tasks that would overwhelm applicants.
    Highlights the employer brand in a manner that conveys the EVP and markets the organization to attract potential applicants.
    Includes creative design or formatting to make the ad stand out.
    The job ad speaks to the audience by using targeted language (e.g. using creative language when recruiting for a creative role).
    The job ad has been reviewed by HR, Marketing, PR.

    Inclusive

    The job ad does NOT include:

    Industry jargon or abbreviations that are not spelled out.
    Personality characteristics and unnecessary adjectives that would deter qualified candidates (e.g. extroverted, aggressive, competitive).
    A list of specific academic disciplines or schools, GPA requirements, or inflated degree requirements.

    The job ad:

    Uses gender-neutral language and does not contain terms that indicate traits that are typically associated with a specific gender.
    Can be viewed and applications can be completed on mobile devices.
    Focuses on results, day-to-day requirements, competencies, and transferrable skills.
    Includes design that is accessible (e.g. alternative text is provided for images, clear posting structure with headings, color is not used to convey information).

    Sourcing: Set up news trackers and review layoff source lists

    • Set up news and social media trackers to track layoff updates, and ensure you have an IT staff member on standby to complete a more detailed opportunity analysis when layoffs happen.
    • Use layoff source lists such as Layoffs.fyi to actively track organizations that have laid people off, noting the industry, location, and numbers in order to identify potential candidates. Limit your future analysis to locations that would be geographically possible to hire from.
    • Review open-source lists of laid-off employees to quickly identify potential candidates for your organization.
    • Many organizations that have completed layoffs have established outplacement programs to help laid-off staff find new roles. Set a plan in motion with HR to reach out to organizations once a layoff has occurred to understand their layoff support program.

    The key to successful sourcing is for IT to take an active role in identifying which organizations impacted by layoffs would be a good fit, and to quickly respond by searching open-source lists and LinkedIn to reach out potential candidates.

    Consider leveraging open-source lists

    Layoffs.fyi has been tracking and reporting on layoffs since the start of COVID-19. While they are not an official source of information, the site has more than a million views per month and is a strong starting point for IT leaders looking to source candidates from tech layoffs beyond the big organizations that are making the news.

    The site offers a view of companies with layoffs by location, industry, and the source of the info. Additionally, it often lists the names and contact information of laid-off employees, which you can leverage to start your deeper LinkedIn outreach or candidate screening.

    This is an image of two screenshots of open source lists from Layoffs.fyi

    Screenshots from Layoffs.fyi.

    Screening: Prioritize by considering salary benchmarks and keywords

    • Determine a set of consistent pre-screening questions to leverage while screening candidates, which every candidate must answer, including knockout questions.
    • Prioritize by going for salary ranges you can afford: It is important to be aware of what companies are paying within the tech arena, so you know if your salary bands are within a competitive range.
    • Pre-screen resumes using appropriate keywords that are critical for the role, and widen the terms if you do not have enough candidates. Given the pool you are looking to recruit from, consider removing criteria specifically related to education or certifications; instead, prioritize skills and on-the-job experience.

    Screening is one of the most time-consuming stages of the TA process. For each open position, it can take 23 hours to screen resumes (Toolbox, 2021). In fact, 52% of TA leaders believe that screening candidates from a large pool of applicants is the hardest part of recruitment (Ideal, 2021).

    Compensation comparison reports

    Keep in mind that the market may be shifting rapidly as layoffs proliferate, so what the data shows, particularly on free-to-use sites with little data-checking, may not be current and may be overstated. Info-Tech does not provide salary analysis; however, there are publicly available reports and online websites with self-reported data.

    This list contains several market data sources for the tech industry, which may be a good starting point for comparison. Info-Tech is not affiliated with or endorsing any of these market data sources.

    Aon Global Cyber Security Compensation and Talent Survey
    Aon – Radford Surveys Radford Global Technology Survey
    Culpepper Comprehensive Compensation Survey Solution for Technology-Focused Companies
    Modis 2022 IT Compensation Guide
    Motion Recruitment 2023 Tech Salary Guide
    Mondo 2022 Salary Guide for roles & jobs across the technology, creative & digital marketing industries.
    Willis Towers Watson Willis Towers Watson Data Services - Artificial Intelligence and Digital Talent
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - Canada
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - U.S.
    Michael Page Salary Guide 2022 for the Greater Toronto Area Technology Industry
    Willis Towers Watson Willis Towers Watson Data Services - Tech, Media, and Gaming
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - U.S.
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - U.S.

    Work with your HR partner to streamline your talent acquisition process

    A slow talent acquisition process presents multiple risks to your ability to recruit. Candidates are likely having multiple hiring conversations, and you could lose a good candidate just by being slower than another organization. Additionally, long hiring processes are also an indicator of a high level of bureaucracy in an organization, which may turn off tech candidates who are used to faster-paced decision making.

    Reducing your time-to-hire needs to be a strategic priority, and companies that manage to do this are reaping the benefits: There is a statistically significant relationship between time to fill vacant positions and overall IT department effectiveness. The shorter the time to fill a position, the higher the effectiveness (Bika, 2019).

    Key Considerations for Optimizing your Talent Acquisition Process

    Key Considerations for Optimizing your Talent Acquisition Process

    Review the end-to-end experience

    50%

    of job seekers surveyed had "declined a job offer due to poor [candidate] experience," (Echevarria, 2020).

    Reduce the time to hire

    55%

    "of candidates believe that it should take one to two weeks from the first interview to being offered the job," (Duszyński, 2021).

    Be clear on Timelines

    83%

    "of candidates say it would greatly improve the overall experience if employers provided a clear timeline of the hiring process," (Miller, n.d.).

    Time to hire: Identify solutions to drive efficient hiring

    1. Document all steps between screening and hiring and remove any unnecessary steps.
    2. Create clearly defined interview guides to ensure consistent questioning by interviewers.
    3. Enable hiring managers to schedule their own interviews.
    4. Determine who needs to approve an offer. Streamline the number of approvals, if possible.
    5. Eliminate unnecessary background checks. Many companies have eliminated reference checks, for example, after determining that it was it was not adding value to their decision.
    6. Identify and track key metrics across your talent acquisition process.

    It is critical to partner with your HR department on optimizing this process, as they are typically the process owners and will have deep knowledge of the rationale for decisions. Together, you can identify some opportunities to streamline the process and improve the time to hire.

    4.1 Document your TA process

    1-3 hours

    1. If you have a documented talent acquisition process, begin with that; if not, open the IT Talent Acquisition Process Optimization Tool and map the stages of the talent acquisition process with your HR leader. Stages are the top level in the process (e.g. requisition, sourcing, screening).
    2. Identify all the stakeholders involved in IT talent acquisition and document these in the tool.
    3. Next, identify the steps required for each stage. These are more detailed actions that together will complete the stage (e.g. enter requisition into ATS, intake meeting). Ask subject matter experts to add steps to their portion of the process and document these in the cells.
    4. For each step in the stage, record the time required and the number of people who are involved.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Download the IT Talent Acquisition Process Optimization Tool

    Example of steps in each stage of the TA process

    Activities

    Requisition

    Source

    Screen

    Interview & Assess

    Offer

    Background Check

    Vacancy identified Posted on website Resumes screened in system Interviews scheduled Offer letter drafted Reference checks conducted
    Requisition submitted Posted on job boards Resume screened by recruited First round interviews Offer letter sent Medical checks conducted
    Requisition approved Identification of layoff sources Resumed reviewed by hiring manager Assessment Negotiations Other background checks conducted
    Job description updated Review layoff source lists Screening calls Second round interview First date confirmed
    Job ad updated Screening questions developed Candidates selected
    Intake meeting

    4.2 Refine your TA process

    1-3 hours

    1. Collectively identify any:
      1. Inconsistent applications: Activities that are done differently by different participants.
      2. Bottlenecks: A place in the process where activity is constrained and holds up next steps.
      3. Errors: When a mistake occurs requiring extra time, resources, or rework.
      4. Lack of value: An activity that adds little to no value (often a legacy activity).
    2. Work with HR to identify any proposed solutions to improve consistency, reduce bottlenecks, errors, or eliminate steps that lack value. Document your proposed solutions in tab 3 of the IT Talent Acquisition Optimization Tool.
    3. Identify any new steps needed that would drive greater efficiency, including the tactics suggested in this research. Document any proposed solutions in tab 3.
    4. For each proposed solution, evaluate the general level of effort and impact required to move forward with that solution and select the appropriate classification from the drop-down.
    5. Determine if you will move forward with the proposed solution at this time. Update the TA workflow with your decisions.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Use Info-Tech's IT Talent Acquisition Optimization Tool to document current challenges & target solutions.

    Map your process and identify opportunities to streamline

    This is an image of the talent aquisitions workflow page from Info-Tech's Map your process and identify opportunities to streamline

    Brainstorm and select solutions to improve your process

    This is an image of the Effort Analysis page from Info-Tech's Brainstorm and select solutions to improve your process

    Key considerations when optimizing your process

    • Put yourself in each stakeholder's shoes (candidate, HR, hiring manager). Think through what they need from the process.
    • Challenge assumptions and norms. It can be tempting to get caught up in "how we do it today." Think beyond how it is today.
    • Question timing of activities and events. Identify if they are occurring when they need to.
    • Rebalance work to align with priorities. Identify if work can be redistributed or condensed to use time more efficiently.
    • Distinguish when consistency will add value and when there should be process flexibility.
    • Question the value. For each activity, ask "What value does this activity add?"

    Select metrics to measure Talent Acquisition process improvement

    METRICS INFORMATION
    Metric Definition Calculation
    Average applicants per posting The average number of applicants received per post. Number of applications / Number of postings
    Average number of interviews for open job positions Average number of interviews for open job positions. Total number of interviews / Total number of open job positions
    Average external time to fill Average number of calendar days from when the requisition is issued to when a candidate accepts the position from outside the organization. External days to fill / External candidates
    Pipeline throughput Percentage of candidates advancing through to the next stage. (Number of candidates in chosen stage / Number of candidates in preceding stage) * 100
    External offer acceptance rate Percentage of job offers extended to external candidates that were accepted. (Number of job offers that are accepted / Number of job offers extended) * 100
    Percentage of target group hired The percentage of a target group that was hired. Number of FTE hired / Target number of FTE to be hired
    Average time to hire Average number of calendar days between first contact with the candidate and when they accept the offer. Sum of number of days between first contact and offer acceptance / External candidates
    Quality of hire Percentage of new hires achieving a satisfactory appraisal at their first assessment. New hires who achieve a satisfactory rating at their first appraisal / Total number of new hires
    Vacancy rate Percentage of positions being actively recruited for at the end of the reporting period. Count of vacant positions / (Headcount + Vacant positions)

    Bibliography

    "81% of Employees Factoring Hybrid Work Into Job Search: Survey." BenefitsCanada.com, 16 June 2022.
    Andre, Louie. "40 Notable Candidate Experience Statistics: 2023 Job Application Trends & Challenges." Financesonline.Com, 15 Mar. 2023.
    Bika, Nikoletta. "Key Hiring Metrics: Useful Benchmarks for Tech Roles." Recruiting Resources: How to Recruit and Hire Better, 10 Jan. 2019.
    "Bureau of Labor Statistics Labor Market Revisions Contribute to Conflicting Signals in Latest Tech Employment Data, CompTIA Analysis Finds." CompTIA, 3 Feb. 2023. Press release.
    Byrnes, Amy. "ICIMS Insights Workforce Report: Time to Press the Reset Button?" ICIMS | The Leading Cloud Recruiting Software, 1 Dec. 2022.
    Cantrell, Sue, et al. "The Skills-Based Organization: A New Operating Model for Work and the Workforce." Deloitte Insights, 8 Sept. 2022.
    deBara, Deanna. "Top Findings from Lattice's Career Progression Survey." Lattice, 13 Sept. 2021. Accessed 16 Feb. 2023.
    Duszyński, Maciej. "Candidate Experience Statistics (Survey of 1,000+ Americans)." Zety, 14 Oct. 2019.
    Duszyński, Maciej. "Candidate Experience Statistics." Zety, 2021.
    Echevarria, Desiree. "2020 Candidate Experience Report." Career Plug, 17 Mar. 2021.
    Ghosh, Prarthana. "Candidate Screening and Selection Process: The Complete Guide for 2021." Spiceworks, 26 Feb. 2021. Accessed 22 Jun. 2021
    "Introduction - Dice Tech Job Report: Tech Hiring Trends by Location, Industry, Role and Skill." Accessed 16 Feb. 2023.
    Lee, Roger. "Tech Layoff Tracker and Startup Layoff Lists." Layoffs.fyi. Accessed 16 Feb. 2023.
    Miller, Kandace. "Candidate Experience And Engagement Metrics You Should Be Tracking." ConveyIQ, n.d. Accessed 16 Feb. 2023.
    Min, Ji-A. "Resume Screening: A How-To Guide for Recruiters." Ideal, 15 Mar. 2021. Web.
    Palmeri, Shelby. "2023 Candidate Experience Research: Strategies for Recruiting." CareerPlug, 6 Feb. 2023.
    Semenova, Alexandra. "Jobs Report: U.S. Economy Adds 517,000 Jobs in January, Unemployment Rate Falls to 3.4% as Labor Market Stuns." Yahoo!Finance, 3 Feb. 2023.
    Sozzi, Brian. "Big Tech Layoffs: What Companies Such as Amazon and Meta Have in Common." Yahoo!News, 6 Feb. 2023.
    Tarki, Atta. "Despite Layoffs, It's Still a Workers' Labor Market." Harvard Business Review, 30 Jan. 2023.
    The Deloitte Global 2022 Gen Z and Millennial Survey. Deloitte Global, 2022. Accessed 16 Feb. 2023.
    "Uncover the Employee Value Proposition." McLean & Company, 21 Jun. 2022. Accessed 22 Feb. 2023.

    Select and Prioritize Digital Initiatives

    • Buy Link or Shortcode: {j2store}102|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    • If selection criteria are not identified and well defined, then digital initiatives risk being misprioritized or, worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Our Advice

    Critical Insight

    Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins. CIOs must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.

    Impact and Result

    By using an appropriate selection process, CIOs can prioritize the digital initiatives that will matter most to the organization and drive business value.

    Select and Prioritize Digital Initiatives Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select and Prioritize Digital Initiatives Storyboard – A step-by-step document that walks you through how to prepare an IT department to embrace innovation and support the organization’s digital initiatives.

    Part of Info-Tech’s seven-phase approach for aligning IT with the business’ digital strategy, this deck focuses the core and enabling initiatives that define IT’s innovation goals. By the end of this deck, the IT leader will have a roadmap of prioritized initiatives that enable the organization’s digital business initiatives.

    • Select and Prioritize Digital Initiatives Storyboard
    [infographic]

    Further reading

    Select and Prioritize Digital Initiatives

    Build your digital investment business case.

    Info-Tech Research Group

    Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
    35,000 members sharing best practices you can leverage. Millions spent annually developing tools and templates. Leverage direct access to over 100 analysts as an extension of your team. Use our massive database of benchmarks and vendor assessments. Get up to speed in a fraction of the time.

    Key Concepts

    Digital initiative

    A project – or a group of interdependent projects – whose primary purpose is to enable digital technologies and/or digital business models. These technologies and models may be net new to the organization, or they may be existing ones that are optimized and improved by the initiative itself.

    The feasibility of any initiative is gauged by answering:

    • What amount of return on investment (ROI) or value does it bring to the organization?
    • What level of complexity does it pose to project execution?
    • To what extent does it solve a problem or leverage an opportunity?
    • To what degree is it aligned with digital business goals?

    Digital strategy

    The plan to deploy existing/emerging technologies to look at developing new products and services, new business models, and operational efficiency to meet or exceed performance targets.

    IT strategy

    The plan for deploying and maintaining applications, hardware, infrastructure, and IT services that support the business goals in a secure/regulatory-compliant manner to ensure reliability.

    Digital transformation

    Digital transformation is an at-scale change program – planned and executed over a finite time period – with the aspiration of creating material and sustainable improvement in the performance of an organization. Techniques include deploying a programmatic approach to innovation along with enabling technologies, capabilities, and practices that drive efficiency and create new products, markets, and business models.

    Your Challenge

    • Once the scope of the digital strategy and its goals are finalized, the heavy lifting begins.
    • The CIO must prepare for this change by evaluating opportunities and prioritizing which will become digital initiatives.
    • But where to start with prioritization? What should the selection criteria be?
    • To answer these all-important questions, the CIO must identify what success actually looks like.

    Common Obstacles

    • If selection criteria are not identified and well-defined, then digital initiatives risk being neglected or worse yet, incorrectly labelled as having high ROI.
    • Like any other project, net-new digital initiatives must be triaged according to the value they bring to the organization.
    • Just as importantly, the complexity of each initiative must also be weighed as a critical factor of success.

    Solution

    • Determine and set your selection criteria by leveraging the matrix provided in this deck.
    • Evaluate each proposed initiative against this repeatable process in order to test your assumptions.
    • Develop a business case for each high priority digital initiative that captures its benefits and business value.
    • Assemble your prioritized list of digital initiatives to present to stakeholders.

    Info-Tech Insight

    The business has embarked on its digital transformation journey. As CIO, you are being relied on to help triage what is most important – initiatives that will move the needle to achieve and fulfill the digital goals and ambitions of the organization.

    Analyst Perspective

    Prioritization follows ideation, and it’s not always easy.

    Ross Armstrong

    Your stakeholders have spent considerable time and effort identifying and articulating a digital business strategy. Now that ideas have turned into opportunities, the CIO must prioritize those opportunities as actual initiatives. Where to begin?

    Your first task is to identify the criteria that will be used to conduct prioritization activities. These criteria should be immutable and rigorously applied.

    Your second task will be to develop business cases for each opportunity that passes muster. But don’t worry, you won’t need an MBA to get the job done properly.

    Ross Armstrong

    Principal Research Director
    Info-Tech Research Group

    Info-Tech’s digital transformation journey

    Info-Tech’s digital transformation journey: 1 - Visualize the art of the digitally possible, 2 - Evolve your digital business strategy, 3 - Execute with confidence

    Info-Tech's digital transformation journey for industry members. Table shows the stakeholders, advisory support and deliverables for each industry members

    By now, you have established your current strategic context

    You have reviewed trends to reimagine the future of your industry and undertaken a digital maturity assessment to validate your business objectives and innovation goals. Now you need to evolve the current scope of your digital vision and opportunities.

    • Phase 1.1: Industry Trends Report

    • Phase 1.2: Digital Maturity Assessment

    • Phase 2.1: Zero In on Business Objectives

    By this point you have leveraged industry roundtables to better understand the art of the possible – exploring global trends, shifts in market forces or industry, customer needs, emerging technologies, and economic forecasts and creating opportunities out of these disruptions.

    In Phase 2.1, you identified your business and innovation goals and documented your current capabilities, prioritized for transformation.

    Business and innovation goals have been established through stakeholder interviews and business document review.

    Current capabilities have been prioritized for transformation and heat mapped.

    You have also formalized your digital strategy

    Throughout the course of Phase 2.2, you identified new digital opportunities, identified the business capabilities required to capitalize those opportunities, and updated the digital goals of your organization, accordingly.

    An example of a formalized digital strategy from Phase 2.2.

    The end result of this exercise is a new goals cascade that aligns digital goals and capabilities with those of the business. Digital initiatives were also identified but not yet selected or prioritized for execution at the project level.

    Now you will select and prioritize digital initiatives

    The goal of this phase is to ensure that initiatives that are green-lit for execution have been successfully assessed against your chosen criteria and that the business case for each initiative is firmly established and documented.

    Info-Tech’s digital transformation journey for industry members.

    There are three key activities outlined here that describe the actions that can be undertaken by industry members to help select and prioritize digital initiatives for the business.

    1. Identify your selection criteria

    2. Evaluate initiatives against criteria

    3. Determine a prioritized list of initiatives

    Info-Tech’s approach

    1

    Identify your selection criteria

    • Define what viability actually looks like.
    • Conduct an evaluation session to test your assumptions
    2

    Evaluate initiatives against criteria

    • Evaluate and validate an initiative to determine its viability.
    • Map the benefits and value proposition for each initiative.
    • Build a business case and profile for each selected initiative.
    3

    Determine a prioritized list of initiatives

    • Finalize your initiatives list and compile all relevant information.
    • Communicate the list to stakeholders.

    Step 1: Identify Your Selection Criteria

    Understand which conditions must be met in order to turn an opportunity into a digital initiative.

    Step 1: Identify Your Selection Criteria

    Step 1

    Identify Your Selection Criteria

    1.1

    Define what "viable" looks like

    Set criteria types and thresholds.

    It is impossible to gauge whether or not an opportunity is worthwhile if you don’t have a yardstick to measure it by. However, what is viable for one organization in a particular industry may not be viable for a company elsewhere.

    Consider:
    • Use the criteria already set forth in this deck.
    • If for any reason you cannot use these criteria, work with stakeholders to establish viability factors that suit both the business and IT.
    Avoid:
    • Vague language when establishing your own criteria.
    • Ambiguity in both measures and their definitions. Be crystal clear.

    1.2

    Conduct an evaluation session

    Test your assumptions by piloting prioritization.

    Select an initiative from one of the opportunity profiles from Phase 2.2 and run it through the selection criteria. From there, determine if your assumptions are sound. If not, tweak the criteria and test again until all stakeholders have confidence in the process.

    Consider:
    • Most if not all projects must go through the IT project management office (PMO) or project management leader, so why not create a “digital-only” track for digital business initiatives?
    • Which digital initiatives also represent a sound strategic fit to the organization?
    • Have we undertaken previous projects that are similar? Were those successful? Why or why not?
    Avoid:
    • Making too many initiatives high priority. IT resources are limited, so be ruthless.
    • Taking on too many initiatives at once. Most IT organizations can only work on a small number at any given time.

    Use these selection criteria to prioritize initiatives

    Ideas matter, but not all ideas are created equal. Now that you have elicited ideas and identified opportunities, discuss the assumptions, risks, and benefits associated with each proposed digital business initiative.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Prioritize opportunities into initiatives

    Recall that the opportunities identified in Phase 2.2 also became proposed digital initiatives demonstrated in your goals cascade.

    In your discussion, evaluate each opportunity through a matrix to create tension between value and complexity or other dimensions. Capture the information based on measurable business benefits-realization; risks or considerations; assumptions; and competencies, talent, and assets needed to deliver.

    Prioritize opportunities into Initiatives. For example: new digital products and services, intelligent fleet management via automation, ERP automation etc.

    Leverage opportunity profiles from your digital strategy

    To start, take one of the opportunity profiles you created in Phase 2.2, Build Your Digital Vision and Strategy, and use it throughout the following steps. Once done, repeat with the next opportunity profile until all have been vetted against criteria. If you did not use Info-Tech’s approach, simply use whatever list of digital business opportunities provided to you from stakeholders.

    Robotic process automation Template.

    Prioritization Criteria

    Run each initiative through the following evaluation criteria. When finished, any opportunities that appear in the top left quadrant (high value/low complexity) are now your highest priority digital initiatives.

    Instructions:

    Assign each initiative a letter. As you decide on each one, move a copy of the circled letter to its appropriate place on the 2x2 selection matrix.

    List of digital opportunities.

    Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Info-Tech Insight

    Evaluation should be based on the insights from analysis across all criteria. Leverage group discussion to help contextualize and challenge assumptions when validating opportunities.

    Digital initiative ≠ IT project

    Every idea is a good one, unless you need one that works. What “works” as a digital initiative is not the same thing as a straightforward IT project that would be typically managed by a project manager or PMO. These latter projects will be addressed in Phase 3.1 of the digital journey.

    Opportunities and business needs > Business model > Impact > Mandatory > Innovation path forward

    Digital Track

    Focus: Transform the business and operations

    1. Problem may not be well defined.
    2. “Initiative” is not clear.
    3. Based on market research, customer needs, trend analysis, and economic forecast, risk to the business if fit-for-purpose initiative is not identified.
    4. Previous delivery results not as expected, or uncertain how to continue the project.
    5. Highly complex with significant impact to transform the business or operations.
    6. Execution approach is not clear.
    7. Capabilities may not exist within IT.

    IT PMO

    1. Emerging technology trends create opportunities to modernize IT, not transform business.
    2. Problem is well defined and understood.
    3. Initiative is clearly identified.
    4. New IT project.
    5. Can be complex but does not transform the business.
    6. Standard PMP approach is a good fit.
    7. Capabilities exist to execute within IT.
    8. Software vendor or systems integrator is initiative provider.

    Step 2: Evaluate Initiatives Against Criteria

    Ruthlessly prioritize which opportunities will deliver the greatest business value and pose the best chance of success.

    Step 2: Evaluate initiatives against criteria.

    Step 2

    Evaluate Initiatives Against Criteria

    2.1

    Evaluate and validate

    Evaluate and validate (or invalidate) opportunities.

    Now that you have tested and refined the selection criteria, take each opportunity profile from Phase 2.2 and run it through its paces. Once plotted on the 2x2 matrix, you will have a clear and concise view of high priority digital initiatives.

    Consider:
    • What are the timing, relevance, and impact of each initiative being evaluated?
    • What are the merits of each opportunity?
    • What are the extent and reach of their impacts?
    Avoid:
    • Guesswork. Stick with what you know based on the available information and data at hand.

    2.2

    Determine benefits

    Document benefits and value proposition.

    Identify and determine the benefits of each high priority initiative, including the benefit type (e.g. observable, financial, etc.). In addition, discuss and articulate the value proposition for each high priority initiative.

    Consider:
    • Tangible and intangible benefits.
    • Creating a vision statement for each initiative selected as high priority.
    Avoid:
    • Don’t reach too much when identifying benefits. Be realistic.

    2.3

    Make your case

    Build a business case for each initiative.

    Once you have enunciated the value and benefits of each high priority initiative, create a business case and profile for each one that includes known costs, risks, and so on. These materials will be crucial for project execution and IT capability planning in Phase 2.3 of your digital journey.

    Consider:
    • All forms of costs, both in terms of time, labor, and physical assets and resources.
    • Stick with a short-form business case for now to save time. You can always expand it into full-form business case later on, if necessary.
    Avoid:
    • Generalities. Be conservative in your estimates and keep them grounded in what has transpired in past initiatives at the organization.

    Exemplar: Prioritization criteria

    Your prioritization matrix should look something like this. Initiatives B and C will now have short-form business cases developed for them. Initiatives in the “Should Plan” quadrant can be dealt with later.

    List of initiatives for digital opportunities. Complexity versus Impact. Shows initiatives that have a business Must Prioritize (High value/low complexity), Should Plan (High value/high complexity), Could Have (Low Value/ Low complexity), and Don't need (Low value/high complexity)

    Draw information from the opportunity profiles

    You created opportunity profiles in Phase 2.2 to clarify, validate and evaluate specific ideas for digital initiatives. In these profiles, you considered the timing, relevance, and impact of those opportunities.

    Some prioritized initiatives will have an immediate and significant impact on your business. Some may have a significant impact, but on a longer timeline. Understanding this is important context for your overall digital business strategy.

    Above all, you must be able to communicate to stakeholders how the newly prioritized digital initiatives are relevant to driving the strategic growth of the business.

    Start by elucidating further on initiative benefits and business value as outlined in the opportunity profile. This will become crucial for completing your next step – building a short-form business case for each prioritized initiative.

    Robotics Process Automation Template. Benefits and outcomes as well as incremental value are highlighted. The next slide is a template for the short-form business case, while the slides after that contain instructions on how to fill out each section of the business case.

    Short-Form Business Case Template

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Prepare your business case for each initiative

    Tasks:

    1. On a whiteboard, draw the visual initiative canvas supplied below.
    2. For each prioritized initiative, leverage its opportunity profile (if used) to list the resulting customer or stakeholder products/services and its pain relievers and gain creators in the associated sections of the canvas.
    3. Ensure that the top pains, gains, and jobs are addressed by products/services, pain relievers, and gain creators.
    4. Use this information as a basis for further exercises in this section, such as defining benefits, articulating value proposition and vision, and cost estimates.
    Initiative canvas example.

    Input

    • The initiative’s opportunity profile from Phase 2.2 of the Digital Journey series (if used)

    Output

    • Short-form initiative business case

    Materials

    • Whiteboard and markers

    Participants

    • Opportunity owner
    • Opportunity group/team

    Expand on the key benefits of each initiative

    Business cases are not just a vehicle with which to acquire resources for investments, they are a mechanism that helps ensure the benefits of an investment are realized. To accomplish this, a business case must have a set of clearly defined benefits, combined with an understanding of how they will be measured and an explicitly stated beneficiary who can corroborate that the benefit has been realized.

    What is a benefit?

    Benefits are the advantages, or outcomes, that specific groups or individuals realize as a result of the proposed initiative’s implementation.

    Initiative inputs

    Initiative inputs are the time, resources, and scope dedicated to the endeavor of implementing an initiative.

    Benefits of initiative and initiative inputs diagram.

    Identify how to measure benefit achievement

    Benefits are realized when an organization either starts doing something new, stops doing something, or improves the way something is already being done. The impact of these changes must be measured in order to determine whether the change is positive and if the case warrants more resources in order to scale.

    Types of benefits

    • Observable: These are measured by opinion or judgement.
    • Measurable: These can be identified when there is an existing measure in place for the benefit (or when one can be easily created).
    • Quantifiable: Similar to measurable benefits; however, these benefits additionally feature size or magnitude (if it can be reliably estimated).
    • Financial: These are benefits that can be communicated in monetary terms. A benefit should only be classified as financial when sufficient evidence is available to show that the stated value is likely to be achieved.

    Benefit owners and responsibilities

    1. Each benefit should have assigned to it an explicit owner who gains an advantage as a result of the initiative’s implementation.
    2. For most benefits, the owner will be the primary beneficiary of the initiative.
    3. These individuals are the ones who must corroborate that a benefit has been realized.
    4. Assigning an owner to each benefit will foster a sense of accountability in terms of benefits realization and will also create a traceable path that helps track the success of the initiative.

    Complete the benefits section of the business case

    Tasks:

    1. Use the Short-Form Business Case Template included in this deck.
    2. Arrange a meeting with the key beneficiary or beneficiaries of your initiative. Refer back to the benefits and outcomes section of the initiative’s opportunity profile (if used) as a starting point.
    3. Clearly define what the key benefits of your initiative will be and list them in the Short-Form Business Case Template.
    4. Assign an owner to each benefit – the individual who will corroborate that the benefit has accrued.
    5. Come to a mutual agreement with the beneficiaries as to whether each benefit is:
      • Financial
      • Quantifiable
      • Measurable
      • Observable
    6. Discuss and list the methods that will be used to measure each benefit and list them in the Short-Form Business Case Template.

    Input

    • Key benefits of the initiative, how they will be measured, and who owns the benefits

    Output

    • Completed benefits section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Key beneficiary

    Craft value proposition and vision statements

    The way one articulates the value an initiative provides is just as important as the initiative itself. Use the previous exercises as inputs to craft a statement that reflects the value your initiative will provide, but also describes how the initiative will create value. Specifically, a value proposition should answer the following questions:

    1. Who is the initiative for?
    2. What is the initiative?
    3. What does the initiative do?
    4. How is the initiative different from others?

    Complete value prop and vision statement sections of the business case

    Tasks:

    1. Having already completed the benefits section of the Short-Form Business Case Template, turn your attention to the value proposition section.
    2. Using your problem and initiative canvases, in addition to the benefits section, craft a value proposition statement that answers the following questions in one or two sentences:
      • Who is the initiative for?
      • What is the initiative?
      • What does the initiative do?
      • How is the initiative different?
    3. Input the value proposition statement into the value proposition section of the Short-Form Business Case Template.

    Input

    • Initiative canvas
    • Benefits section of the Short-Form Business Case Template

    Output

    • Completed value proposition section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Identify initiative steps and add to business case

    Tasks:

    Turn your attention to the roadmap section of the Short-Form Business Case Template and fill it in through the following steps:

    1. Select which scope, resource, and/or time reduction tactics to apply given the context of the project.
    2. Use the test, run, gauge, and collect framework supplied, unless you elect to generate your own project phases. If that is the case, ensure that phases are mutually exclusive and completely exhaustive (MECE).
    3. For each phase, supply a brief description of the activities to be undertaken for that phase.
    4. Map the benefits to be accrued within each phase.
    5. For each phase, supply a set of two to three potential factors that create risk toward the benefits listed.
    6. For each risk, supply a mitigation tactic that could be employed to diffuse the risk or to mitigate it completely.

    Input

    • Project benefits
    • Scope, resource, and time reduction tactics

    Output

    • Roadmap section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner

    Fill out the cost section of the business case

    Tasks:

    1. Having already completed the roadmap part of the Short-Form Business Case Template, turn your attention to the cost section.
    2. Use the scope, resource, and time reduction tactics and roadmap to estimate the cost necessary to execute the project. Remember that costs are a factor of the resources required and the cost type.
      • Resources:
        • Hardware
        • Software
        • Human
        • Network and communications
        • Facilities
      • Cost Types:
        • Acquisition
        • Operation
        • Growth and change
    3. Complete the cost section of the Short-Form Business Case Template with the cost estimate for the project.

    Input

    • Roadmap
    • Scope, resource, and time reduction tactics

    Output

    • Cost section of the Short-Form Business Case Template

    Materials

    • Short-Form Business Case Template

    Participants

    • Opportunity owner
    • Opportunity group/team

    Exemplar: Short-Form Business Case

    Short form business case template. Shows value proposition, initiative benefits and initiative roadmap.

    Step 3: Determine a Prioritized List of Initiatives

    Green-light opportunities for digital investment and create your list of high-priority digital initiatives.

    Step 3: Determine a prioritized list of initiatives.

    Step 3

    Determine a Prioritized List of Initiatives

    3.1

    Compile information

    Finalize your list of high priority initiatives.

    This list should also include the short-form business cases that you completed in the previous step. This compilation of initiative information will be used in the next phase of your digital journey and is critical for its successful completion.

    Consider:
    • Checking your work. Does it ring true? Does it create excitement? People will be working on these initiatives in the near future, so it’s ideal if they feel good about the outcomes.
    • Integrating with your IT strategy, if you have one. These digital initiatives will figure prominently in the fiscal quarters to come.
    Avoid:
    • Dramatic effect. While you want stakeholders and IT staff to be enthusiastic about the work ahead, don’t dress up the initiatives as something they’re not.

    3.2

    Communicate

    It’s time to communicate with stakeholders.

    By now you should have a relatively short yet potent list of digital business initiatives – plus a business case for each – that has been thoroughly vetted and prioritized. Stakeholders are eager to learn more about these initiatives, though the details that matter most may differ from stakeholder to stakeholder.

    Consider:
    • Socializing the business cases before formally presenting to stakeholders for approval.
    • You will want to first elicit feedback and make any recommended changes to messaging.
    • Tailoring your message depending on stakeholder type, their priorities and concerns, and so on.
    Avoid:
    • Sugar coating. Many, if not all, of these stakeholders have the authority to invalidate or disapprove any business case that fails to pass muster. Give it to them straight.

    Compile your prioritized initiatives

    There are two follow-up actions to do with your newly prioritized list of digital initiative business cases: present them to stakeholders for approval and then add them to your IT strategic roadmap.

    Compile prioritized initiatives. Present to stakeholders and then add them to your IT strategic roadmap.

    Present business cases to stakeholders

    For most high-profile digital business initiatives, the short-form business case will not be the first time stakeholders hear about them. By this point, securing approval should only be a formality if the initiative has been effectively socialized beforehand. If this is not the case, one must build an adequate understanding of the stakeholder landscape and then use this understanding to effectively present business cases for digital initiative and receive approval to proceed with them.

    Gauge the importance of various stakeholders and tailor your message according to their concerns and the requirements of their role. Consider the following important questions about each stakeholder:

    • Authority: How much influence does the stakeholder have? Enough to drive the initiative forward?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the initiative already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the initiative? Neutral? A resistor?

    Develop a stakeholder map

    A stakeholder map helps visualize the importance of various stakeholders and their concerns so you can prioritize your time according to those stakeholders who are most impacted by a digital initiative, as well as those who have the authority to green-light them.

    1. Evaluate each stakeholder in terms of authority, involvement, impact, and support, as discussed in the previous slide.
    2. Map each stakeholder to an area on the right template (slide four) based upon the level of their authority and involvement (high or low).
      • Vary the size of the circle to distinguish stakeholders that are highly impacted by the IT strategy from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
    3. Ask yourself if the stakeholder map looks accurate. Is there someone who has no involvement in digital initiatives, but should?
      • A) For example, if a CFO who has the authority to disapprove project funding is heavily impacted and not involved, the success of the business cases will be put at risk.
    4. Draw a dotted circle to show where that stakeholder needs to be located (increased involvement and support), and an arrow with a dotted line to signify the needed change. Some stakeholders may have influence over others.
      • B) For example, a COO who highly values the opinion of the director of operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Focus on key players: Relevant stakeholders who have high power are highly impacted and should have high involvement. Engage the stakeholders that are impacted most and have the authority to influence digital initiatives and approve business cases.

    Stakeholder map. Authority versus involvement of key players.

    Summary of key insights

    By now, you should have a firm understanding of the principles and desired actions, behaviors, and outcomes that have been presented in this methodology. Furthermore:

    1. Prioritization of digital opportunities can be a relatively straightforward task as long as the correct stakeholders are involved and use a common and agreed upon set of criteria.
    2. Developing a business case for a digital initiative in an agile manner need not be a grueling exercise provided that a vetted and repeatable process is used.
    3. Above all, remember that this is a journey. Going from an intangible (macro-trend, problem, or opportunity) to a tangible (actual project or initiative) does not happen all at once.

    Related Info-Tech Research

    Understand Industry Trends

    Assess how the external environment presents opportunities or threats to your organization.

    Build a Business-Aligned IT Strategy

    Align with the business by creating an IT strategy that documents the business context, key initiatives, and a strategic roadmap.

    Define Your Digital Business Strategy

    Design a strategy that applies innovation to your business model, streamlines and transforms processes, and makes use of technologies to enhance interactions with customers and employees.

    Research Contributors and Experts

    Ross Armstrong

    Ross Armstrong

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Ross Armstrong is a Principal Research Director in the CIO Advisory practice at Info-Tech Research Group, covering the areas of IT strategic planning, digital strategy, digital transformation, and IT innovation.

    Ross has worked in a variety of public and private sector industries including automotive, IT, mobile/telecom, and higher education. All of his roles over the years have centered around data-driven market research – in pursuit of insightful and successful product development and product management – at their core.

    In addition to his long tenure as an Info-Tech Research Group analyst, Ross has worked in research and product innovation positions at Autodata initiatives (J.D. Power), BlackBerry, and Ivey Business School (Western University).

    Ross holds a Master of Arts degree in English Language and Literature from Western University (UWO) and has served as an advisory board member for a number of not-for-profit and educational institutions.

    Joanne Lee

    Joanne Lee

    Principal Research Director, CIO Advisory
    Info-Tech Research Group

    Joanne is an executive with over 25 years of experience providing leadership in digital technology and management consulting across both public and private entities from initiative delivery to organizational redesign across BC, Ontario, and Globally.

    A Director within KPMG’s CIO Advisory Management Consulting services and practice lead for Digital Health in BC, Joanne has led various client engagements from ERP Cloud Strategy, IT Operating Models, Data and Analytics maturity, to process redesign. More recently, Joanne was the Chief Program Officer and Executive Director responsible for leading the implementation of a $450M technology and business transformation initiative across 13 hospitals and community services for one of the largest health authorities in BC.

    A former clinician, Joanne has held progressive leadership roles in healthcare with accountabilities across IT operations and service management, data analytics, project management office (PMO), clinical informatics, and privacy and contract management. Joanne is passionate about connecting people, concepts, and capital.

    Bibliography

    “AI: From Data to ROI.” Cognizant, September 2020. Accessed November 2022.

    Bughin, Jacques, et al. “The Case for Digital Reinvention.” McKinsey Quarterly, February 2017. Accessed November 2022.

    “The Business Case for Digital Transformation.” CPA Canada, June 2021. Accessed November 2022.

    “The Case for Digital Transformation.” The National Center for the Middle Market, Ohio State University, 2020. Accessed October 2022.

    “Digital Transformation in Government Case Study.” Ionology, April 2020. Accessed October 2022.

    Louis, Peter, et al. “Internet of Things – From Buzzword to Business Case.” Siemens, 11 January 2021. Accessed December 2022.

    Miesen, Nick. “Case Studies of Digital Transformations in Process and Aerospace Industries.” Jugaad, 2018. Accessed November 2022.

    Proff, Harald, and Claudia Bittrich. “The Digital Business Case - Done Right!” Deloitte, August 2019. Accessed October 2022.

    “Propelling an Aerospace Innovator.” Accenture, 2021. Accessed October 2022.

    Schmidt-Subramanian, Maxie. “The ROI of CX Transformation.” Forrester, 15 August 2019. Accessed November 2022.

    Ward, John, et al. “Building Better Business Cases for IT Investments.” California Management Review, Sept. 2007. Web.

    Gain Real Insights with a Social Analytics Program

    • Buy Link or Shortcode: {j2store}561|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Social media is wildly popular with consumers and as a result, many businesses are starting to develop a presence on social media services like Facebook and Twitter. However, many businesses still struggle with understanding how to leverage consumer insights from these services to drive business decisions. They’re intimidated by the sheer volume of social data, and aren’t sure what to do about it.
    • Companies that do have an analytics program are often operating it on an ad-hoc basis rather than making an effort to integrate social insights with existing sourcing of consumer data. In doing this, they’re failing to make holistic decisions and missing out on valuable consumer and competitive insights.

    Our Advice

    Critical Insight

    • Social analytics are indispensable in gaining real-time insights across marketing, sales, and customer service. SMBs can use social analytics to gain valuable consumer insights at a significantly lower expense than traditional forms of market research.
    • The greatest value from social analytics comes when organizations marry social data sources with other forms of customer information, such as point-of-sale data, customer surveys, focus groups, and psychographic profiles.
    • Social analytics must be integrated with your broader BI program for maximum effect. Consider creating a Customer Insights Center of Excellence (CICOE) to serve as a one-stop shop for both traditional and social customer analytics.
    • IT has an invaluable role to play in helping to govern and manage the analytics program. A best-of-breed Social Media Management Platform is the key enabling technology for conducting analytics, and IT must assist with selection, implementation and operation of this solution.
    • Internal social analytics is an emerging field that allows you to gauge the sentiment of your employees, while turbocharging ideation and feedback processes. Social networking analysis is particularly valuable for internal analysis.

    Impact and Result

    • Understand the value of a social analytics program and the various departmental use cases – how social analytics improves decision making and boosts critical KPIs like revenue attainment and customer satisfaction.
    • Determine the different social metrics (such as sentiment and frequency analysis) your business should be tracking and how to turn metrics into deep consumer insights.
    • Follow a step-by-step guide for successfully executing a social analytics program across your organization.
    • Roll out an internal analytics program to gauge the sentiment of your employees, improve engagement, and understand informal influencer networks.

    Gain Real Insights with a Social Analytics Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine the organization’s use cases

    Decide which functional areas in the organization will benefit the most from using social data, and create use cases accordingly.

    • Storyboard: Gain Real Insights with a Social Analytics Program

    2. Define and interpret metrics

    Identify and evaluate key social analytics metrics and understand the importance of combining multiple metrics to get the most out of the analytics program.

    • Social Analytics Maturity Assessment

    3. Execute the social analytics program

    Leverage a cross-departmental Social Media Steering Committee and evaluate SMMPs and other social analytics tools.

    • Social Analytics Specialist
    • Social Analytics Business Plan

    4. Leverage internal social analytics

    Identify specific uses of internal social analytics: crowd-sourcing ideation, harvesting employee feedback, and rewarding internal brand advocates.

    [infographic]

    Implement a New IT Organizational Structure

    • Buy Link or Shortcode: {j2store}276|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $30,999 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Organizational Design
    • Parent Category Link: /organizational-design
    • Organizational design implementations can be highly disruptive for IT staff and business partners. Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.
    • CIOs walk a tightrope as they manage the operational and emotional turbulence while aiming to improve business satisfaction within IT. Failure to achieve balance could result in irreparable failure.

    Our Advice

    Critical Insight

    • Mismanagement will hurt you. The majority of IT organizations do not manage organizational design implementations effectively, resulting in decreased satisfaction, productivity loss, and increased IT costs.
    • Preventing mismanagement is within your control. 72% of change management issues can be directly improved by managers. IT leaders have a tendency to focus their efforts on operational changes rather than on people.

    Impact and Result

    Leverage Info-Tech’s organizational design implementation process and deliverables to build and implement a detailed transition strategy and to prepare managers to lead through change.

    Follow Info-Tech’s 5-step process to:

    1. Effect change and sustain productivity through real-time employee engagement monitoring.
    2. Kick off the organizational design implementation with effective communication.
    3. Build an integrated departmental transition strategy.
    4. Train managers to effectively lead through change.
    5. Develop personalized transition plans.

    Implement a New IT Organizational Structure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how you should implement a new organizational design, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a change communication strategy

    Create strategies to communicate the changes to staff and maintain their level of engagement.

    • Implement a New Organizational Structure – Phase 1: Build a Change Communication Strategy
    • Organizational Design Implementation FAQ
    • Organizational Design Implementation Kick-Off Presentation

    2. Build the organizational transition plan

    Build a holistic list of projects that will enable the implementation of the organizational structure.

    • Implement a New Organizational Structure – Phase 2: Build the Organizational Transition Plan
    • Organizational Design Implementation Project Planning Tool

    3. Lead staff through the reorganization

    Lead a workshop to train managers to lead their staff through the changes and build transition plans for all staff members.

    • Implement a New Organizational Structure – Phase 3: Lead Staff Through the Reorganization
    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Stakeholder Engagement Plan Template
    • Organizational Design Implementation Transition Plan Template
    [infographic]

    Workshop: Implement a New IT Organizational Structure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Your Change Project Plan

    The Purpose

    Create a holistic change project plan to mitigate the risks of organizational change.

    Key Benefits Achieved

    Building a change project plan that encompasses both the operational changes and minimizes stakeholder and employee resistance to change.

    Activities

    1.1 Review the new organizational structure.

    1.2 Determine the scope of your organizational changes.

    1.3 Review your MLI results.

    1.4 Brainstorm a list of projects to enable the change.

    Outputs

    Project management planning and monitoring tool

    McLean Leadership Index dashboard

    2 Finalize Change Project Plan

    The Purpose

    Finalize the change project plan started on day 1.

    Key Benefits Achieved

    Finalize the tasks that need to be completed as part of the change project.

    Activities

    2.1 Brainstorm the tasks that are contained within the change projects.

    2.2 Determine the resource allocations for the projects.

    2.3 Understand the dependencies of the projects.

    2.4 Create a progress monitoring schedule.

    Outputs

    Completed project management planning and monitoring tool

    3 Enlist Your Implementation Team

    The Purpose

    Enlist key members of your team to drive the implementation of your new organizational design.

    Key Benefits Achieved

    Mitigate the risks of staff resistance to the change and low engagement that can result from major organizational change projects.

    Activities

    3.1 Determine the members that are best suited for the team.

    3.2 Build a RACI to define their roles.

    3.3 Create a change vision.

    3.4 Create your change communication strategy.

    Outputs

    Communication strategy

    4 Train Your Managers to Lead Through Change

    The Purpose

    Train your managers who are more technically focused to handle the people side of the change.

    Key Benefits Achieved

    Leverage your managers to translate how the organizational change will directly impact individuals on their teams.

    Activities

    4.1 Conduct the manager training workshop with managers.

    4.2 Review the stakeholder engagement plans.

    4.3 Review individual transition plan template with managers.

    Outputs

    Conflict style self-assessments

    Stakeholder engagement plans

    Individual transition plan template

    5 Build Your Transition Plans

    The Purpose

    Complete transition plans for individual members of your staff.

    Key Benefits Achieved

    Create individual plans for your staff members to ease the transition into their new roles.

    Activities

    5.1 Bring managers back in to complete transition plans.

    5.2 Revisit the new organizational design as a source of information.

    5.3 Complete aspects of the templates that do not require staff feedback.

    5.4 Discuss strategies for transitioning.

    Outputs

    Individual transition plan template

    Further reading

    Implement a New IT Organizational Structure

    Prioritize quick wins and critical services during IT org changes.

    This blueprint is part 3/3 in Info-Tech’s organizational design program and focuses on implementing a new structure

    Part 1: Design Part 2: Structure Part 3: Implement
    IT Organizational Architecture Organizational Sketch Organizational Structure Organizational Chart Transition Strategy Implement Structure
    1. Define the organizational design objectives.
    2. Develop strategically-aligned capability map.
    3. Create the organizational design framework.
    4. Define the future state work units.
    5. Create future state work unit mandates.
    1. Assign work to work units (accountabilities and responsibilities).
    2. Develop organizational model options (organizational sketches).
    3. Assess options and select go-forward model.
    1. Define roles by work unit.
    2. Create role mandates.
    3. Turn roles into jobs.
    4. Define reporting relationships between jobs.
    5. Define competency requirements.
    1. Determine number of positions per job.
    2. Conduct competency assessment.
    3. Assign staff to jobs.
    1. Form OD implementation team.
    2. Develop change vision.
    3. Build communication presentation.
    4. Identify and plan change projects.
    5. Develop organizational transition plan.
    1. Train managers to lead through change.
    2. Define and implement stakeholder engagement plan.
    3. Develop individual transition plans.
    4. Implement transition plans.
    Risk Management: Create, implement, and monitor risk management plan.
    HR Management: Develop job descriptions, conduct job evaluation, and develop compensation packages.

    Monitor and Sustain Stakeholder Engagement →

    The sections highlighted in green are in scope for this blueprint. Click here for more information on designing or on structuring a new organization.

    Our understanding of the problem

    This Research is Designed For:

    • CIOs

    This Research Will Help You:

    • Effectively implement a new organizational structure.
    • Develop effective communications to minimize turnover and lost productivity during transition.
    • Identify a detailed transition strategy to move to your new structure with minimal interruptions to service quality.
    • Train managers to lead through change and measure ongoing employee engagement.

    This Research Will Also Assist:

    • IT Leaders

    This Research Will Help Them:

    • Effectively lead through the organizational change.
    • Manage difficult conversations with staff and mitigate staff concerns and turnover.
    • Build clear transition plans for their teams.

    Executive summary

    Situation

    • Organizational Design (OD) projects are typically undertaken in order to enable organizational priorities, improve IT performance, or to reduce IT costs. However, due to the highly disruptive nature of the change, only 25% of changes achieve their objectives over the long term. (2013 Towers Watson Change and Communication ROI Survey)

    Complication

    • OD implementations can be highly disruptive for IT staff and business partners. Without a structured approach, IT leaders may experience high turnover, decreased productivity, and resistance to the change.
    • CIOs walk a tightrope as they manage the operational and emotional turbulence while aiming to improve business satisfaction within IT. Failure to achieve balance could result in irreparable failure.

    Resolution

    • Leverage Info-Tech’s organizational design implementation process and deliverables to build and implement a detailed transition strategy and to prepare managers to lead through change. Follow Info-Tech’s 5-step process to:
      1. Effect change and sustain productivity through real-time employee engagement monitoring.
      2. Kick off the organizational design implementation with effective communication.
      3. Build an integrated departmental transition strategy.
      4. Train managers to effectively lead through change.
      5. Develop personalized transition plans.

    Info-Tech Insight

    1. Mismanagement will hurt you. The majority of IT organizations do not manage OD implementations effectively, resulting in decreased satisfaction, productivity loss, and increased IT costs.
    2. Preventing mismanagement is within your control. 72% of change management issues can be directly improved by managers. (Abilla, 2009) IT leaders have a tendency to focus their efforts on operational changes rather than on people. This is a recipe for failure.

    Organizational Design Implementation

    Managing organizational design (OD) changes effectively is critical to maintaining IT service levels and retaining top talent throughout a restructure. Nevertheless, many organizations fail to invest appropriate consideration and resources into effective OD change planning and execution.

    THREE REASONS WHY CIOS NEED TO EFFECTIVELY MANAGE CHANGE:

    1. Failure is the norm; not the exception. According to a study by Towers Watson, only 55% of organizations experience the initial value of a change. Even fewer organizations, a mere 25%, are actually able to sustain change over time to experience the full expected benefits. (2013 Towers Watson Change and Communication ROI Survey)
    2. People are the biggest cause of failure. Organizational design changes are one of the most difficult types of changes to manage as staff are often highly resistant. This leads to decreased productivity and poor results. The most significant people challenge is the loss of momentum through the change process which needs to be actively managed.
    3. Failure costs money. Poor IT OD implementations can result in increased turnover, lost productivity, and decreased satisfaction from the business. Managing the implementation has a clear ROI as the cost of voluntary turnover is estimated to be 150% of an employee’s annual salary. (Inc)

    86% of IT leaders believe organization and leadership processes are critical, yet the majority struggle to be effective

    PERCENTAGE OF IT LEADERS WHO BELIEVE THEIR ORGANIZATION AND LEADERSHIP PROCESSES ARE HIGHLY IMPORTANT AND HIGHLY EFFECTIVE

    A bar graph, with the following organization and leadership processes listed on the Y-axis: Human Resources Management; Leadership, Culture, Values; Organizational Change Management; and Organizational Design. The bar graph shows that over 80% of IT leaders rate these processes as High Importance, but less than 40% rate them as having High Effectiveness.

    GAP BETWEEN IMPORTANCE AND EFFECTIVENESS

    Human Resources Management - 61%

    Leadership, Culture, Values - 48%

    Organizational Change Management - 55%

    Organizational Design - 45%

    Note: Importance and effectiveness were determined by identifying the percentage of individuals who responded with 8-10/10 to the questions…

    • “How important is this process to the organization’s ability to achieve business and IT goals?” and…
    • “How effective is this process at helping the organization to achieve business and IT goals?”

    Source: Info-Tech Research Group, Management and Governance Diagnostic. N=22,800 IT Professionals

    Follow a structured approach to your OD implementation to improve stakeholder satisfaction with IT and minimize risk

    • IT reorganizations are typically undertaken to enable strategic goals, improve efficiency and performance, or because of significant changes to the IT budget. Without a structured approach to manage the organizational change, IT might get the implementation done, but fail to achieve the intended benefits, i.e. the operation succeeds, but the patient has died on the table.
    • When implementing your new organizational design, it’s critical to follow a structured approach to ensure that you can maintain IT service levels and performance and achieve the intended benefits.
    • The impact of organizational structure changes can be emotional and stressful for staff. As such, in order to limit voluntary turnover, and to maintain productivity and performance, IT leaders need to be strategic about how they communicate and respond to resistance to change.

    TOP 3 BENEFITS OF FOLLOWING A STRUCTURED APPROACH TO IMPLEMENTING ORGANIZATIONAL DESIGN

    1. Improved stakeholder satisfaction with IT. A detailed change strategy will allow you to successfully transition staff into new roles with limited service interruptions and with improved stakeholder satisfaction.
    2. Experience minimal voluntary turnover throughout the change. Know how to actively engage and minimize resistance of stakeholders throughout the change.
    3. Execute implementation on time and on budget. Effectively managed implementations are 65–80% more likely to meet initial objectives than those with poor organizational change management. (Boxley Group, LLC)

    Optimize your organizational design implementation results by actively preparing managers to lead through change

    IT leaders have a tendency to make change even more difficult by focusing on operations rather than on people. This is a recipe for failure. People pose the greatest risk to effective implementation and as such, IT managers need to be prepared and trained on how to lead their staff through the change. This includes knowing how to identify and manage resistance, communicating the change, and maintaining positive momentum with staff.

    Staff resistance and momentum are the most challenging part of leading through change (McLean & Company, N=196)

    A bar graph with the following aspects of Change Management listed on the Y-Axis, in increasing order of difficulty: Dealing with Technical Issues; Monitoring metrics to measure progress; Amending policies and processes; Coordinating with stakeholders; Getting buy-in from staff; Maintaining a positive momentum with staff.

    Reasons why change fails: 72% of failures can be directly improved by the manager (shmula)

    A pie chart showing the reasons why change fails: Management behavior not supportive of change = 33%; Employee resistance to change = 39%; Inadequate resources or budget = 14%; and All other obstacles = 14%.

    Leverage organizational change management (OCM) best practices for increased OD implementation success

    Effective change management correlates with project success

    A line graph, with Percent of respondents that met or exceeded project objectives listed on the Y-axis, and Poor, Fair, Good, and Excellent listed on the X-axis. The line represents the overall effectiveness of the change management program, and as the value on the Y-axis increases, so does the value on the X-axis.

    Source: Prosci. From Prosci’s 2012 Best Practices in Change Management benchmarking report.

    95% of projects with excellent change management met or EXCEEDED OBJECTIVES, vs. 15% of those with poor OCM. (Prosci)

    143% ROI on projects with excellent OCM. In other words, for every dollar spent on the project, the company GAINS 43 CENTS. This is in contrast to 35% ROI on projects with poor OCM. (McKinsey)

    Info-Tech’s approach to OD implementation is a practical and tactical adaptation of several successful OCM models

    BUSINESS STRATEGY-ORIENTED OCM MODELS. John Kotter’s 8-Step model, for instance, provides a strong framework for transformational change but doesn’t specifically take into account the unique needs of an IT transformation.

    GENERAL-PURPOSE OCM FRAMEWORKS such as ACMP’s Standard for Change Management, CMI’s CMBoK, and Prosci’s ADKAR model are very comprehensive and need to be configured to organizational design implementation-specific initiatives.

    COBIT MANAGEMENT PRACTICE BAI05: MANAGE ORGANIZATIONAL CHANGE ENABLEMENT follows a structured process for implementing enterprise change quickly. This framework can be adapted to OD implementation; however, it is most effective when augmented with the people and management training elements present in other frameworks.

    References and Further Reading

    Tailoring a comprehensive, general-purpose OCM framework to an OD implementation requires familiarity and experience. Info-Tech’s OD implementation model adapts the best practices from a wide range of proven OCM models and distills it into a step-by-step process that can be applied to an organizational design transformation.

    The following OD implementation symptoms can be avoided through structured planning

    IN PREVIOUS ORGANIZATIONAL CHANGES, I’VE EXPERIENCED…

    “Difficultly motivating my staff to change.”

    “Higher than average voluntary turnover during and following the implementation.”

    “An overall sense of staff frustration or decreased employee engagement.”

    “Decreased staff productivity and an inability to meet SLAs.”

    “Increased overtime caused by being asked to do two jobs at once.”

    “Confusion about the reporting structure during the change.”

    “Difficulty keeping up with the rate of change and change fatigue from staff.”

    “Business partner dissatisfaction about the change and complaints about the lack of effort or care put in by IT employees.”

    “Business partners not wanting to adjust to the change and continuing to follow outdated processes.”

    “Decrease in stakeholder satisfaction with IT.”

    “Increased prevalence of shadow IT during or following the change.”

    “Staff members vocally complaining about the IT organization and leadership team.”

    Follow this blueprint to develop and execute on your OD implementation

    IT leaders often lack the experience and time to effectively execute on organizational changes. Info-Tech’s organizational design implementation program will provide you with the needed tools, templates, and deliverables. Use these insights to drive action plans and initiatives for improvement.

    How we can help

    • Measure the ongoing engagement of your employees using Info-Tech’s MLI diagnostic. The diagnostic comes complete with easily customizable reports to track and act on employee engagement throughout the life of the change.
    • Use Info-Tech’s customizable project management tools to identify all of the critical changes, their impact on stakeholders, and mitigate potential implementation risks.
    • Develop an in-depth action plan and transition plans for individual stakeholders to ensure that productivity remains high and that service levels and project expectations are met.
    • Align communication with real-time staff engagement data to keep stakeholders motivated and focused throughout the change.
    • Use Info-Tech’s detailed facilitation guide to train managers on how to effectively communicate the change, manage difficult stakeholders, and help ensure a smooth transition.

    Leverage Info-Tech’s customizable deliverables to execute your organizational design implementation

    A graphic with 3 sections: 1.BUILD A CHANGE COMMUNICATION STRATEGY; 2.BUILD THE ORGANIZATIONAL TRANSITION PLAN; 3.1 TRAIN MANAGERS TO LEAD THROUGH CHANGE; 3.2 TRANSITION STAFF TO NEW ROLES. An arrow emerges from point one and directs right, over the rest of the steps. Text above the arrow reads: ONGOING ENGAGEMENT MONITORING AND COMMUNICATION. Dotted arrows emerge from points two and three directing back toward point one. Text below the arrow reads: COMMUNICATION STRATEGY ITERATION.

    CUSTOMIZABLE PROJECT DELIVERABLES

    1. BUILD A CHANGE COMMUNICATION STRATEGY

    • McLean Leadership Index: Real-Time Employee Engagement Dashboard
    • Organizational Design
    • Implementation Kick-Off Presentation
    • Organizational Design Implementation FAQ

    2. BUILD THE ORGANIZATIONAL TRANSITION PLAN

    • Organizational Design Implementation Project Planning Tool

    3.1 TRAIN MANAGERS TO LEAD THROUGH CHANGE

    3.2 TRANSITION STAFF TO NEW ROLES

    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Transition Plan Template

    Leverage Info-Tech’s tools and templates to overcome key engagement program implementation challenges

    KEY SECTION INSIGHTS:

    BUILD A CHANGE COMMUNICATION STRATEGY

    Effective organizational design implementations mitigate the risk of turnover and lost productivity through ongoing monitoring and managing of employee engagement levels. Take a data-driven approach to managing engagement with Info-Tech’s real-time MLI engagement dashboard and adjust your communication and implementation strategy before engagement risks become issues.

    BUILD THE ORGANIZATIONAL TRANSITION PLAN

    Your organizational design implementation is made up of a series of projects and needs to be integrated into your larger project schedule. Too often, organizations attempt to fit the organizational design implementation into their existing schedules which results in poor resource planning, long delays in implementation, and overall poor results.

    LEAD STAFF THROUGH THE REORGANIZATION

    The majority of IT managers were promoted because they excelled at the technical aspect of their job rather than in people management. Not providing training is setting your organization up for failure. Train managers to effectively lead through change to see a 72% decrease in change management issues. (Abilla, 2009)

    METRICS:

    1. Voluntary turnover: Conduct an exit interview with all staff members during and after transition. Identify any staff members who cite the change as a reason for departure. For those who do leave, multiply their salary by 1.5% (the cost of a new hire) and track this over time.
    2. Business satisfaction trends: Conduct CIO Business Vision one year prior to the change vs. one year after change kick-off. Prior to the reorganization, set metrics for each category for six months after the reorganization, and one year following.
    3. Saved development costs: Number of hours to develop internal methodology, tools, templates, and process multiplied by the salary of the individual.

    Use this blueprint to save 1–3 months in implementing your new organizational structure

    Time and Effort Using Blueprint Without Blueprint
    Assess Current and Ongoing Engagement 1 person ½ day – 4 weeks 1–2 hours for diagnostic set up (allow extra 4 weeks to launch and review initial results). High Value 4–8 weeks
    Set Up the Departmental Change Workbooks 1–5 people 1 day 4–5 hours (varies based on the scope of the change). Medium Value 1–2 weeks
    Design Transition Strategy 1–2 people 1 day 2–10 hours of implementation team’s time. Medium Value 0–2 weeks
    Train Managers to Lead Through Change 1–5 people 1–2 weeks 1–2 hours to prepare training (allow for 3–4 hours per management team to execute). High Value 3–5 weeks

    These estimates are based on reviews with Info-Tech clients and our experience creating the blueprint.

    Totals:

    Workshop: 1 week

    GI/DIY: 2-6 weeks

    Time and Effort Saved: 8-17 weeks

    CIO uses holistic organizational change management strategies to overcome previous reorganization failures

    CASE STUDY

    Industry: Manufacturing

    Source: Client interview

    Problem

    When the CIO of a large manufacturing company decided to undertake a major reorganization project, he was confronted with the stigma of a previous CIO’s attempt. Senior management at the company were wary of the reorganization since the previous attempt had failed and cost a lot of money. There was major turnover since staff were not happy with their new roles costing $250,000 for new hires. The IT department saw a decline in their satisfaction scores and a 10% increase in help desk tickets. The reorganization also cost the department $400,000 in project rework.

    Solution

    The new CIO used organizational change management strategies in order to thoroughly plan the implementation of the new organizational structure. The changes were communicated to staff in order to improve adoption, every element of the change was mapped out, and the managers were trained to lead their staff through the change.

    Results

    The reorganization was successful and eagerly adopted by the staff. There was no turnover after the new organizational structure was implemented and the engagement levels of the staff remained the same.

    $250,000 - Cost of new hires and salary changes

    10% - Increase in help desk tickets

    $400,000 - Cost of project delays due to the poorly effective implementation of changes

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Implement a New Organizational Structure

    3. Lead Staff Through the Reorganization
    1. Build a Change Communication Strategy 2. Build the Organizational Transition Plan 3.1 Train Managers to Lead Through Change 3.2 Transition Staff to New Roles
    Best-Practice Toolkit

    1.1 Launch the McLean Leadership Index to set a baseline.

    1.2 Establish your implementation team.

    1.3 Build your change communication strategy and change vision.

    2.1 Build a holistic list of change projects.

    2.2 Monitor and track the progress of your change projects.

    3.1.1 Conduct a workshop with managers to prepare them to lead through the change.

    3.1.2 Build stakeholder engagement plans and conduct conflict style self-assessments.

    3.2.1 Build transition plans for each of your staff members.

    3.2.2 Transition your staff to their new roles.

    Guided Implementations
    • Set up your MLI Survey.
    • Determine the members and roles of your implementation team.
    • Review the components of a change communication strategy.
    • Review the change dimensions and how they are used to plan change projects.
    • Review the list of change projects.
    • Review the materials and practice conducting the workshop.
    • Debrief after conducting the workshop.
    • Review the individual transition plan and the process for completing it.
    • Final consultation before transitioning staff to their new roles.
    Onsite Workshop Module 1: Effectively communicate the reorganization to your staff. Module 2: Build the organizational transition plan. Module 3.1: Train your managers to lead through change. Module 3.2: Complete your transition plans

    Phase 1 Results:

    • Plans for effectively communicating with your staff.

    Phase 2 Results:

    • A holistic view of the portfolio of projects required for a successful reorg

    Phase 3.1 Results:

    • A management team that is capable of leading their staff through the reorganization

    Phase 3.2 Results:

    • Completed transition plans for your entire staff.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Build Your Change Project Plan

    1.1 Review the new organizational structure.

    1.2 Determine the scope of your organizational changes.

    1.3 Review your MLI results.

    1.4 Brainstorm a list of projects to enable the change.

    Finalize Change Project Plan

    2.1 Brainstorm the tasks that are contained within the change projects.

    2.2 Determine the resource allocation for the projects.

    2.3 Understand the dependencies of the projects.

    2.4 Create a progress monitoring schedule

    Enlist Your Implementation Team

    3.1 Determine the members that are best suited for the team.

    3.2 Build a RACI to define their roles.

    3.3 Create a change vision.

    3.4 Create your change communication strategy.

    Train Your Managers to Lead Through Change

    4.1 Conduct the manager training workshop with managers.

    4.2 Review the stakeholder engagement plans.

    4.3 Review individual transition plan template with managers

    Build Your Transition Plans

    5.1 Bring managers back in to complete transition plans.

    5.2 Revisit new organizational design as a source for information.

    5.3 Complete aspects of the template that do not require feedback.

    5.4 Discuss strategies for transitioning.

    Deliverables
    1. McLean Leadership Index Dashboard
    2. Organizational Design Implementation Project Planning Tool
    1. Completed Organizational Design Implementation Project Planning Tool
    1. Communication Strategy
    1. Stakeholder Engagement Plans
    2. Conflict Style Self-Assessments
    3. Organizational Design Implementation Transition Plan Template
    1. Organizational Design Implementation Transition Plan Template

    Phase 1

    Build a Change Communication Strategy

    Build a change communication strategy

    Outcomes of this Section:

    • Launch the McLean Leadership Index
    • Define your change team
    • Build your reorganization kick-off presentation and FAQ for staff and business stakeholders

    This section involves the following participants:

    • CIO
    • IT leadership team
    • IT staff

    Key Section Insight:

    Effective organizational design implementations mitigate the risk of turnover and lost productivity through ongoing monitoring of employee engagement levels. Take a data-driven approach to managing engagement with Info-Tech’s real-time MLI engagement dashboard and adjust your communication and implementation strategy in real-time before engagement risks become issues.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Build a Change Communication Strategy

    Proposed Time to Completion (in weeks): 1-6 weeks

    Step 1.1: Launch Your McLean Leadership Index Survey

    Start with an analyst kick off call:

    • Discuss the benefits and uses of the MLI.
    • Go over the required information (demographics, permissions, etc.).
    • Set up a live demo of the survey.

    Then complete these activities…

    • Launch the survey with your staff.
    • Have a results call with a member of the Info-Tech staff.

    With these tools & templates:

    McLean Leadership Index

    Step 1.2: Establish Your Implementation Team

    Review findings with analyst:

    • Review what members of your department should participate.
    • Build a RACI to determine the roles of your team members.

    Then complete these activities…

    • Hold a kick-off meeting with your new implementation team.
    • Build the RACI for your new team members and their roles.

    Step 1.3: Build Your Change Communication Strategy

    Finalize phase deliverable:

    • Customize your reorganization kick-off presentation.
    • Create your change vision. Review the communication strategy.

    Then complete these activities…

    • Hold your kick-off presentation with staff members.
    • Launch the reorganization communications.

    With these tools & templates:

    • Organizational Design Implementation Kick-Off Presentation
    • Organizational Design Implementation FAQ

    Set the stage for the organizational design implementation by effectively introducing and communicating the change to staff

    Persuading people to change requires a “soft,” empathetic approach to keep them motivated and engaged. But don’t mistake “soft” for easy. Managing the people and communication aspects around the change are amongst the toughest work there is, and require a comfort and competency with uncertainty, ambiguity, and conflict.

    Design Engagement Transition
    Communication

    Communication and engagement are the chains linking your design to transition. If the organizational design initiative is going to be successful it is critical that you manage this effectively. The earlier you begin planning the better. The more open and honest you are about the change the easier it will be to maintain engagement levels, business satisfaction, and overall IT productivity.

    Kick-Off Presentation Inputs

    • LAUNCH THE MCLEAN LEADERSHIP INDEX
    • IDENTIFY YOUR CHANGE TEAM
    • DETERMINE CHANGE TEAM RESPONSIBILITIES
    • DEVELOP THE CHANGE VISION
    • DEFINE KEY MESSAGES AND GOALS
    • IDENTIFY MAJOR CHANGES
    • IDENTIFY KEY MILESTONES
    • BUILD AND MAINTAIN A CHANGE FAQ

    Use the MLI engagement dashboard to measure your current state and the impact of the change in real-time

    The McLean Leadership Index diagnostic is a low-effort, high-impact program that provides real-time metrics on staff engagement levels. Use these insights to understand your employees’ engagement levels throughout the organizational design implementation to measure the impact of the change and to manage turnover and productivity levels throughout the implementation.

    WHY CARE ABOUT ENGAGEMENT DURING THE CHANGE? ENGAGED EMPLOYEES REPORT:

    39% Higher intention to stay at the organization.

    29% Higher performance and increased likelihood to work harder and longer hours. (Source: McLean and Company N=1,308 IT Employees)

    Why the McLean Leadership Index?

    Based on the Net Promoter Score (NPS), the McLean Leadership Index is one question asked monthly to assess engagement at various points in time.

    Individuals responding to the MLI question with a 9 or 10 are your Promoters and are most positive and passionate. Those who answer 7 or 8 are Passives while those who answer 0 to 6 are Detractors.

    Track your engagement distribution using our online dashboard to view MLI data at any time and view results based on teams, locations, manager, tenure, age, and gender. Assess the reactions to events and changes in real-time, analyze trends over time, and course-correct.

    Dashboard reports: Know your staff’s overall engagement and top priorities

    McLean Leadership Index

    OVERALL ENGAGEMENT RESULTS

    You get:

    • A clear breakdown of your detractors, passives, and promotors.
    • To view results by team, location, and individual manager.
    • To dig deeper into results by reviewing results by age, gender, and tenure at the organization to effectively identify areas where engagement is weak.

    TIME SERIES TRENDS

    You get:

    • View of changes in engagement levels for each team, location, and manager.
    • Breakdown of trends weekly, monthly, quarterly, and yearly.
    • To encourage leaders to monitor results to analyze root causes for changes and generate improvement initiatives.

    QUALITATIVE COMMENTS

    You get:

    • To view qualitative comments provided by staff on what is impacting their engagement.
    • To reply directly to comments without impacting the anonymity of the individuals making the comments.
    • To leverage trends in the comments to make changes to communication approaches.

    Launch the McLean Leadership Index in under three weeks

    Info-Tech’s dedicated team of program managers will facilitate this diagnostic program remotely, providing you with a convenient, low-effort, high-impact experience.

    We will guide you through the process with your goals in mind to deliver deep insight into your successes and areas to improve.

    What You Need To Do:

    1. Contact Info-Tech to launch the program and test the functionality in a live demo.
    2. Identify demographics and set access permissions.
    3. Complete manager training with assistance from Info-Tech Advisors.
    4. Participate in a results call with an Info-Tech Advisor to review results and develop an action plan.

    Info-Tech’s Program Manager Will:

    1. Collect necessary inputs and generate your custom dashboard.
    2. Launch, maintain, and support the online system in the field.
    3. Send out a survey to 25% of the staff each week.
    4. Provide ongoing support over the phone, and the needed tools and templates to communicate and train staff as well as take action on results.

    Explore your initial results in a one-hour call with an Executive Advisor to fully understand the results and draw insights from the data so you can start your action plan.

    Start Your Diagnostic Now

    We'll help you get set up as soon as you're ready.

    Start Now

    Communication has a direct impact on employee engagement; measure communication quality using your MLI results

    A line graph titled: The impact of manager communication on employee engagement. The X-axis is labeled from Strongly Disagree to Strongly Agree, and the Y-axis is labeled: Percent of Engaged Respondents. There are 3 colour-coded lines: dark blue indicates My manager provides me with high-quality feedback; light blue indicates I clearly understand what is expected of me on the job; and green indicates My manager keeps me well informed about decisions that affect me. The line turns upward as it moves to the right of the graph.

    (McLean & Company, 2015 N=17,921)

    A clear relationship exists between how effective a manager’s communication is perceived to be and an employee’s level of engagement. If engagement drops, circle back with employees to understand the root causes.

    Establish an effective implementation team to drive the organizational change

    The implementation team is responsible for developing and disseminating information around the change, developing the transition strategy, and for the ongoing management of the changes.

    The members of the implementation team should include:

    • CIO
    • Current IT leadership team
    • Project manager
    • Business relationship managers
    • Human resources advisor

    Don’t be naïve – building and executing the implementation plan will require a significant time commitment from team members. Too often, organizations attempt to “fit it in” to their existing schedules resulting in poor planning, long delays, and overall poor results. Schedule this work like you would a project.

    TOP 3 TIPS FOR DEFINING YOUR IMPLEMENTATION TEAM

    1. Select a Project Manager. Info-Tech strongly recommends having one individual accountable for key project management activities. They will be responsible for keeping the project on time and maintaining a holistic view of the implementation.
    2. Communication with Business Partners is Critical. If you have Business Relationship Managers (BRMs), involve them in the communication planning or assign someone to play this role. You need your business partners to be informed and bought in to the implementation to maintain satisfaction.
    3. Enlist Your “Volunteer Army.” (Kotter’s 8 Principles) If you have an open culture, Info-Tech encourages you to have an extended implementation team made up of volunteers interested in supporting the change. Their role will be to support the core group, assist in planning, and communicate progress with peers.

    Determine the roles of your implementation team members

    1.1 30 Minutes

    Input

    • Implementation team members

    Output

    • RACI for key transition elements

    Materials

    • RACI chart and pen

    Participants

    • Core implementation committee
    1. Each member should be actively engaged in all elements of the organizational design implementation. However, it’s important to have one individual who is accountable for key activities and ensures they are done effectively and measured.
    2. Review the chart below and as a group, brainstorm any additional key change components.
    3. For each component listed below, identify who is Accountable, Responsible, Consulted, and Informed for each (suggested responsibility below).
    CIO IT Leaders PM BRM HR
    Communication Plan A R R R C
    Employee Engagement A R R R C

    Departmental Transition Plan

    R A R I R
    Organizational Transition Plan R R A I C
    Manager Training A R R I C

    Individual Transition Plans

    R A R I I
    Technology and Logistical Changes R R A I I
    Hiring A R I I R
    Learning and Development R A R R R
    Union Negotiations R I I I A
    Process Development R R A R I

    Fast-track your communication planning with Info-Tech’s Organizational Design Implementation Kick-Off Presentation

    Organizational Design Implementation Kick-Off Presentation

    Communicate what’s important to your staff in a simple, digestible way. The communication message should reflect what is important to your stakeholders and what they want to know at the time.

    • Why is this change happening?
    • What are the goals of the reorganization?
    • What specifically is changing?
    • How will this impact me?
    • When is this changing?
    • How and where can I get more information?

    It’s important that the tone of the meeting suits the circumstances.

    • If the reorganization is going to involve lay-offs: The meeting should maintain a positive feel, but your key messages should stress the services that will be available to staff, when and how people will be communicated with about the change, and who staff can go to with concerns.
    • If the reorganization is to enable growth: Focus on celebrating where the organization is going, previous successes, and stress that the staff are critical in enabling team success.

    Modify the Organizational Design ImplementationKick-Off Presentation with your key messages and goals

    1.2 1 hour

    Input

    • New organizational structure

    Output

    • Organizational design goal statements

    Materials

    • Whiteboard & marker
    • ODI Kick-off Presentation

    Participants

    • OD implementation team
    1. Within your change implementation team, hold a meeting to identify and document the change goals and key messages.
    2. As a group, discuss what the key drivers were for the organizational redesign by asking yourselves what problem you were trying to solve.
    3. Select 3–5 key problem statements and document them on a whiteboard.
    4. For each problem statement, identify how the new organizational design will allow you to solve those problems.
    5. Document these in your Organizational Design Implementation Kick-Off Presentation.

    Modify the presentation with your unique change vision to serve as the center piece of your communication strategy

    1.3 1 hour

    Input

    • Goal statements

    Output

    • Change vision statement

    Materials

    • Sticky notes
    • Pens
    • Voting dots

    Participants

    • Change team
    1. Hold a meeting with the change implementation team to define your change vision. The change vision should provide a picture of what the organization will look like after the organizational design is implemented. It should represent the aspirational goal, and be something that staff can all rally behind.
    2. Hand out sticky notes and ask each member to write down on one note what they believe is the #1 desired outcome from the organizational change and one thing that they are hoping to avoid (you may wish to use your goal statements to drive this).
    3. As a group, review each of the sticky notes and group similar statements in categories. Provide each individual with 3 voting dots and ask them to select their three favorite statements.
    4. Select your winning statements in teams of 2–3. Review each statement and as a team work to strengthen the language to ensure that the statement provides a call to action, that it is short and to the point, and motivational.
    5. Present the statements back to the group and select the best option through a consensus vote.
    6. Document the change vision in your Organizational Design Implementation Kick-Off Presentation.

    Customize the presentation identifying key changes that will be occurring

    1.4 2 hours

    Input

    • Old and new organizational sketch

    Output

    • Identified key changes that are occurring

    Materials

    • Whiteboard
    • Sticky notes & Pens
    • Camera

    Participants

    • OD implementation team
    1. On a whiteboard, draw a high-level picture of your previous organizational sketch and your new organizational sketch.
    2. Using sticky notes, ask individuals to highlight key high-level challenges that exist in the current model (consider people, process, and technology).
    3. Consider each sticky note, and highlight and document how and where your new sketch will overcome those challenges and the key differences between the old structure and the new.
    4. Take a photo of the two sketches and comments, and document these in your Organizational Design Implementation Kick-Off Presentation.

    Modify the presentation by identifying and documenting key milestones

    1.5 1 hour

    Input

    • OD implementation team calendars

    Output

    • OD implementation team timeline

    Materials

    • OD Implementation Kick-Off Presentation

    Participants

    • OD implementation team
    1. Review the timeline in the Organizational Design Implementation Kick-Off Presentation. As a group, discuss the key milestones identified in the presentation:
      • Kick-off presentation
      • Departmental transition strategy built
      • Organizational transition strategy built
      • Manager training
      • One-on-one meetings with staff to discuss changes to roles
      • Individual transition strategy development begins
    2. Review the timeline, and keeping your other commitments in mind, estimate when each of these tasks will be completed and update the timeline.

    Build an OD implementation FAQ to proactively address key questions and concerns about the change

    Organizational Design Implementation FAQ

    Leverage this template as a starting place for building an organizational design implementation FAQ.

    This template is prepopulated with example questions and answers which are likely to arise.

    Info-Tech encourages you to use the list of questions as a basis for your FAQ and to add additional questions based on the changes occurring at your organization.

    It may also be a good idea to store the FAQ on a company intranet portal so that staff has access at all times and to provide users with a unique email address to forward questions to when they have them.

    Build your unique organizational design implementation FAQ to keep staff informed throughout the change

    1.6 1 hour + ongoing

    Input

    • OD implementation team calendars

    Output

    • OD implementation team timeline

    Materials

    • OD Implementation Kick-Off Presentation

    Participants

    • OD implementation team
    1. Download a copy of the Organizational Design Implementation FAQ and as a group, review each of the key questions.
    2. Delete any questions that are not relevant and add any additional questions you either believe you will receive or which you have already been asked.
    3. Divide the questions among team members and have each member provide a response to these questions.
    4. The CIO and the project manager should review the responses for accuracy and ensure they are ready to be shared with staff.
    5. Publish the responses on an IT intranet site and make the location known to your IT staff.

    Dispelling rumors by using a large implementation team

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    When rumors of the impending reorganization reached staff, there was a lot of confusion and some of the more vocal detractors in the department enforced these rumors.

    Staff were worried about changes to their jobs, demotions, and worst of all, losing their jobs. There was no communication from senior management to dispel the gossip and the line managers were also in the dark so they weren’t able to offer support.

    Staff did not feel comfortable reaching out to senior management about the rumors and they didn’t know who the change manager was.

    Solution

    The CIO and change manager put together a large implementation team that included many of the managers in the department. This allowed the managers to handle the gossip through informal conversations with their staff.

    The change manager also built a communication strategy to communicate the stages of the reorganization and used FAQs to address the more common questions.

    Results

    The reorganization was adopted very quickly since there was little confusion surrounding the changes with all staff members. Many of the personnel risks were mitigated by the communication strategy because it dispelled rumors and took some of the power away from the vocal detractors in the department.

    An engagement survey was conducted 3 months after the reorganization and the results showed that the engagement of staff had not changed after the reorganization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1a: Launch the MLI Dashboard (Pre-Work)

    Prior to the workshop, Info-Tech’s advisors will work with you to launch the MLI diagnostic to understand the overall engagement levels of your organization.

    1b: Review Your MLI Results

    The analysts will facilitate several exercises to help you and your team identify your current engagement levels, and the variance across demographics and over time.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1: Define Your Change Team Responsibilities

    Review the key responsibilities of the organizational design implementation team and define the RACI for each individual member.

    1.3: Define Your Change Vision and Goals

    Identify the change vision statement which will serve as the center piece for your change communications as well as the key message you want to deliver to your staff about the change. These messages should be clear, emotionally impactful, and inspirational.

    1.4: Identify Key Changes Which Will Impact Staff

    Collectively brainstorm all of the key changes that are happening as a result of the change, and prioritize the list based on the impact they will have on staff. Document the top 10 biggest changes – and the opportunities the change creates or problems it solves.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.5: Define the High-Level Change Timeline

    Identify and document the key milestones within the change as a group, and determine key dates and change owners for each of the key items. Determine the best way to discuss these timelines with staff, and whether there are any which you feel will have higher levels of resistance.

    1.5: Build the FAQ and Prepare for Objection Handling

    As a group, brainstorm the key questions you believe you will receive about the change and develop a common FAQ to provide to staff members. The advisor will assist you in preparing to manage objections to limit resistance.

    Phase 2

    Build The Organizational Transition Plan

    Build the organizational transition plan

    Outcomes of this section:

    • A holistic list of projects that will enable the implementation of the organizational structure.
    • A schedule to monitor the progress of your change projects.

    This section involves the following participants:

    • CIO
    • Reorganization Implementation Team

    Key Section Insight:

    Be careful to understand the impacts of the change on all groups and departments. For best results, you will need representation from all departments to limit conflict and ensure a smooth transition. For large IT organizations, you will need to have a plan for each department/work unit and create a larger integration project.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Build the Organizational Transition Plan

    Proposed Time to Completion (in weeks): 2-4 weeks

    Step 2.1: Review the Change Dimensions and How They Are Used to Plan Change Projects

    Start with an analyst kick off call:

    • Review the purpose of the kick-off meeting.
    • Review the change project dimensions.
    • Review the Organizational Design Implementation Project Planning Tool.

    Then complete these activities…

    • Conduct your kick-off meeting.
    • Brainstorm a list of reorganization projects and their related tasks.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool

    Step 2.2: Review the List of Change Projects

    Review findings with analyst:

    • Revisit the list of projects and tasks developed in the brainstorming session.
    • Assess the list and determine resourcing and dependencies for the projects.
    • Review the monitoring process.

    Then complete these activities…

    • Complete the Organizational Design Implementation Project Planning Tool.
    • Map out your project dependencies and resourcing.
    • Develop a schedule for monitoring projects.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool

    Use Info-Tech’s Organizational Design Implementation Project Planning Tool to plan and track your reorganization

    • Use Info-Tech’s Organizational Design Implementation Project Planning Tool to document and track all of the changes that are occurring during your reorganization.
    • Automatically build Gantt charts for all of the projects that are being undertaken, track problems in the issue log, and monitor the progress of projects in the reporting tab.
    • Each department/work group will maintain its own version of this tool throughout the reorganization effort and the project manager will maintain a master copy with all of the projects listed.
    • The chart comes pre-populated with example data gathered through the research and interview process to help generate ideas for your own reorganization.
    • Review the instructions at the top of each work sheet for entering and modifying the data within each chart.

    Have a short kick-off meeting to introduce the project planning process to your implementation team

    2.1 30 minutes

    Output

    • Departmental ownership of planning tool

    Materials

    • OD Implementation Project Planning Tool

    Participants

    • Change Project Manager
    • Implementation Team
    • Senior Management (optional)
    1. The purpose of this kick-off meeting is to assign ownership of the project planning process to members of the implementation team and to begin thinking about the portfolio of projects required to successfully complete the reorganization.
    2. Use the email template included on this slide to invite your team members to the meeting.
    3. The topics that need to be covered in the meeting are:
      • Introducing the materials/templates that will be used throughout the process.
      • Assigning ownership of the Organizational Design Implementation Project Planning Tool to members of your team.
        • Ownership will be at the departmental level where each department or working group will manage their own change projects.
      • Prepare your implementation team for the next meeting where they will be brainstorming the list of projects that will need to be completed throughout the reorganization.
    4. Distribute/email the tools and templates to the team so that they may familiarize themselves with the materials before the next meeting.

    Hello [participant],

    We will be holding our kickoff meeting for our reorganization on [date]. We will be discussing the reorganization process at a high level with special attention being payed to the tools and templates that we will be using throughout the process. By the end of the meeting, we will have assigned ownership of the Project Planning Tool to department representatives and we will have scheduled the next meeting where we’ll brainstorm our list of projects for the reorganization.

    Consider Info-Tech’s four organizational change dimensions when identifying change projects

    CHANGE DIMENSIONS

    • TECHNOLOGY AND LOGISTICS
    • COMMUNICATION
    • STAFFING
    • PROCESS

    Technology and Logistics

    • These are all the projects that will impact the technology used and physical logistics of your workspace.
    • These include new devices, access/permissions, new desks, etc.

    Communication

    • All of the required changes after the reorganization to ongoing communications within IT and to the rest of the organization.
    • Also includes communication projects that are occurring during the reorganization.

    Staffing

    • These projects address the changes to your staff’s roles.
    • Includes role changes, job description building, consulting with HR, etc.

    Process

    • Projects that address changes to IT processes that will occur after the reorganization.

    Use these trigger questions to help identify all aspects of your coming changes

    STAFFING

    • Do you need to hire short or long-term staff to fill vacancies?
    • How long does it typically take to hire a new employee?
    • Will there be staff who are new to management positions?
    • Is HR on board with the reorganization?
    • Have they been consulted?
    • Have transition plans been built for all staff members who are transitioning roles/duties?
    • Will gaps in the structure need to be addressed with new hires?

    COMMUNICATION

    • When will the change be communicated to various members of the staff?
    • Will there be disruption to services during the reorganization?
    • Who, outside of IT, needs to know about the reorganization?
    • Do external communications need to be adjusted because of the reorganization? Moving/centralizing service desk, BRMs, etc.?
    • Are there plans/is there a desire to change the way IT communicates with the rest of the organization?
    • Will the reorganization affect the culture of the department? Is the new structure compatible with the current culture?

    Use these trigger questions to help identify all aspects of your coming changes (continued)

    TECHNOLOGY AND LOGISTICS

    • Will employees require new devices in their new roles?
    • Will employees be required to move their workspace?
    • What changes to the workspace are required to facilitate the new organization?
    • Does new furniture have to be purchased to accommodate new spaces/staff?
    • Is the workspace adequate/up to date technologically (telephone network, Wi-Fi coverage, etc.)?
    • Will employees require new permissions/access for their changing roles?
    • Will permissions/access need to be removed?
    • What is your budget for the reorganization?
    • If a large geographical move is occurring, have problems regarding geography, language barriers, and cultural sensitivities been addressed?

    PROCESS

    • What processes need to be developed?
    • What training for processes is required?
    • Is the daily functioning of the IT department predicted to change?
    • Are new processes being implemented during the reorganization?
    • How will the project portfolio be affected by the reorganization?
    • Is new documentation required to accompany new/changing processes?

    Brainstorm the change projects to be carried out during the reorganization for your team/department

    2.2 3 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Before the meeting, distribute the list of trigger questions presented on the two previous slides to prepare your implementation team for the brainstorming session.
    2. Begin the meeting by dividing up your implementation team into the departments/work groups that they represent (and have ownership of the tool over).
    3. Distribute a different color of sticky notes to each team and have them write out each project they can think of for each of the change planning dimensions (Staffing, Communication, Process and Technology/Logistics) using the trigger questions.
    4. After one hour, ask the groups to place the projects that they brainstormed onto the whiteboard divided into the four change dimensions.
    5. Discuss the complete list of projects on the board.
      • Remove projects that are listed more than once since some projects will be universal to some/all departments.
      • Adjust the wording of projects for the sake of clarity.
      • Identify projects that are specific to certain departments.
    6. Document the list of high-level projects on tab 2 “Project Lists” within the OD Implementation Project Planning Tool after the activity is complete.

    Prioritize projects to assist with project planning modeling

    Prioritization is the process of ranking each project based on its importance to implementation success. Hold a meeting for the implementation team and extended team to prioritize the project list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation teams will use these priority levels to ensure efforts are targeted towards the proper projects. A simple way to do this for your implementation is to use the MoSCoW Model of Prioritization to effectively order requirements.

    The MoSCoW Model of Prioritization

    MUST HAVE - Projects must be implemented for the organizational design to be considered successful.

    SHOULD HAVE - Projects are high priority that should be included in the implementation if possible.

    COULD HAVE - Projects are desirable but not necessary and could be included if resources are available.

    WON'T HAVE - Projects won’t be in the next release, but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Keep the following criteria in mind as you determine your priorities

    Effective Prioritization Criteria

    Criteria Description
    Regulatory & Legal Compliance These requirements will be considered mandatory.
    Policy or Contract Compliance Unless an internal policy or contract can be altered or an exception can be made, these projects will be considered mandatory.
    Business Value Significance Give a higher priority to high-value projects.
    Business Risk Any project with the potential to jeopardize the entire project should be given a high priority and implemented early.
    Implementation Complexity Give a higher priority to quick wins.
    Alignment with Strategy Give a higher priority to requirements that enable the corporate strategy and IT strategy.
    Urgency Prioritize projects based on time sensitivity.
    Dependencies A project on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it.
    Funding Availability Do we have the funding required to make this change?

    Prioritize the change projects within your team/department to be executed during the reorganization

    2.3 3 hours

    Input

    • Organizational Design Implementation Project Planning Tool

    Output

    • Prioritized list of projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • Extended Implementation Team
    1. Divide the group into their department teams. Draw 4 columns on a whiteboard, including the following:
      • Must have
      • Should have
      • Could have
      • Won’t have
    2. As a group, review each project and collaboratively identify which projects fall within each category. You should have a strong balance between each of the categories.
    3. Beginning with the “must have” projects, determine if each has any dependencies. If any of the projects are dependent on another, add the dependency project to the “must have” category. Group and circle the dependent projects.
    4. Continue the same exercise with the “should have” and “could have” options.
    5. Record the results on tab “2. Project List” of the Organizational Design Implementation Project Planning Tool using the drop down option.

    Determine resource availability for completing your change projects

    2.4 2 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Divide the group into their department teams to plan the execution of the high-level list of projects developed in activity 2.2.
    2. Review the list of high-level projects and starting with the “must do” projects, consider each in turn and brainstorm all of the tasks required to complete these projects. Write down each task on a sticky note and place it under the high-level project.
    3. On the same sticky note as the task, estimate how much time would be required to complete each task. Be realistic about time frames since these projects will be on top of all of the regular day-to-day work.
    4. Along with the time frame, document the resources that will be required and who will be responsible for the tasks. If you have a documented Project Portfolio, use this to determine resourcing.
    5. After mapping out the tasks, bring the group back together to present their list of projects, tasks, and required resources.
      • Go through the project task lists to make sure that nothing is missed.
      • Review the timelines to make sure they are feasible.
      • Review the resources to ensure that they are available and realistic based on constraints (time, current workload, etc.).
      • Repeat the process for the Should do and Could do projects.
    1. Document the tasks and resources in tab “3. Task Monitoring” in the OD Implementation Project Planning Tool after the activity is complete.

    Map out the change project dependencies at the departmental level

    2.5 2 hours

    Input

    • Constructive group discussion

    Output

    • Thorough list of all reorganization projects

    Materials

    • Whiteboard, sticky notes
    • OD Implementation Project Planning Tool

    Participants

    • Implementation Team
    • CIO
    • Senior Management
    1. Divide the group into their department teams to map the dependencies of their tasks created in activity 2.3.
    2. Take the project task sticky notes created in the previous activity and lay them out along a timeline from start to finish.
    3. Determine the dependencies of the tasks internal to the department. Map out the types of dependencies.
      • Finish to Start: Preceding task must be completed before the next can start.
      • Start to Start: Preceding task must start before the next task can start.
      • Finish to Finish: Predecessor must finish before successor can finish.
      • Start to Finish: Predecessor must start before successor can finish.
    4. Bring the group back together and review each group’s timeline and dependencies to make sure that nothing has been missed.
    5. As a group, determine whether there are dependencies that span the departmental lists of projects.
    6. Document all of the dependencies within the department and between departmental lists of projects and tasks in the OD Implementation Project Planning Tool.

    Amalgamate all of the departmental change planning tools into a master copy

    2.6 3 hours

    Input

    • Department-specific copies of the OD Implementation Project Planning Tool

    Output

    • Universal list of all of the change projects

    Materials

    • Whiteboard and sticky notes

    Participants

    • Implementation Project Manager
    • Members of the implementation team for support (optional)
    1. Before starting the activity, gather all of the OD Implementation Project Planning Tools completed at the departmental level.
    2. Review each completed tool and write all of the individual projects with their timelines on sticky notes and place them on the whiteboard.
    3. Build timelines using the documented dependencies for each department. Verify that the resources (time, people, physical) are adequate and feasible.
    4. Combine all of the departmental project planning tools into one master tool to be used to monitor the overall status of the reorganization. Separate the projects based on the departments they are specific to.
    5. Finalize the timeline based on resource approval and using the dependencies mapped out in the previous exercise.
    6. Approve the planning tools and store them in a shared drive so they can be accessed by the implementation team members.

    Create a progress monitoring schedule

    2.7 1 hour weekly

    Input

    • OD Implementation Project Planning Tools (departmental & organizational)

    Output

    • Actions to be taken before the next pulse meeting

    Participants

    • Implementation Project Manager
    • Members of the implementation team for support
    • Senior Management
    1. Hold weekly pulse meetings to keep track of project progress.
    2. The agenda of each meeting should include:
      • Resolutions to problems/complications raised at the previous week’s meeting.
      • Updates on each department’s progress.
      • Raising any issues/complications that have appeared that week.
      • A discussion of potential solutions to the issues/complications.
      • Validating the work that will be completed before the next meeting.
      • Raising any general questions or concerns that have been voiced by staff about the reorganization.
    3. Upload notes from the meeting about resolutions and changes to the schedules to the shared drive containing the tools.
    4. Increase the frequency of the meetings towards the end of the project if necessary.

    Building a holistic change plan enables adoption of the new organizational structure

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    The CIO was worried about the impending reorganization due to problems that they had run into during the last reorganization they had conducted. The change management projects were not planned well and they led to a lot of uncertainty before and after the implementation.

    No one on the staff was ready for the reorganization. Change projects were completed four months after implementation since many of them had not been predicted and cataloged. This caused major disruptions to their user services leading to drops in user satisfaction.

    Solution

    Using their large and diverse implementation team, they spent a great deal of time during the early stages of planning devoted to brainstorming and documenting all of the potential change projects.

    Through regular meetings, the implementation team was able to iteratively adjust the portfolio of change projects to fit changing needs.

    Results

    Despite having to undergo a major reorganization that involved centralizing their service desk in a different state, there were no disruptions to their user services.

    Since all of the change projects were documented and completed, they were able to move their service desk staff over a weekend to a workspace that was already set up. There were no changes to the user satisfaction scores over the period of their reorganization.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.2 Brainstorm Your List of Change Projects

    Review your reorganization plans and facilitate a brainstorming session to identify a complete list of all of the projects needed to implement your new organizational design.

    2.5 Map Out the Dependencies and Resources for Your Change Projects

    Examine your complete list of change projects and determine the dependencies between all of your change projects. Align your project portfolio and resource levels to the projects in order to resource them adequately.

    Phase 3

    Lead Staff Through the Reorganization

    Train managers to lead through change

    Outcomes of this Section:

    • Completed the workshop: Lead Staff Through Organizational Change
    • Managers possess stakeholder engagement plans for each employee
    • Managers are prepared to fulfil their roles in implementing the organizational change

    This section involves the following participants:

    • CIO
    • IT leadership team
    • IT staff

    Key Section Insight:

    The majority of IT managers were promoted because they excelled at the technical aspect of their job rather than in people management. Not providing training is setting your organization up for failure. Train managers to effectively lead through change to see a 72% decrease in change management issues. (Source: Abilla, 2009)

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Train Managers to Lead Through Change

    Proposed Time to Completion (in weeks): 1-2 weeks

    Step 3.1: Train Your Managers to Lead Through the Change

    Start with an analyst kick off call:

    • Go over the manager training workshop section of this deck.
    • Review the deliverables generated from the workshop (stakeholder engagement plan and conflict style self-assessment).

    Then complete these activities…

    • Conduct the workshop with your managers.

    With these tools & templates:

    • Organizational Design Implementation Manager Training Guide
    • Organizational Design Implementation Stakeholder Engagement Plan Template

    Step 3.2: Debrief After the Workshop

    Review findings with analyst:

    • Discuss the outcomes of the manager training.
    • Mention any feedback.
    • High-level overview of the workshop deliverables.

    Then complete these activities…

    • Encourage participants to review and revise their stakeholder engagement plans.
    • Review the Organizational Design Implementation Transition Plan Template and next steps.

    Get managers involved to address the majority of obstacles to successful change

    Managers all well-positioned to translate how the organizational change will directly impact individuals on their teams.

    Reasons Why Change Fails

    EMPLOYEE RESISTANCE TO CHANGE - 39%

    MANAGEMENT BEHAVIOR NOT SUPPORTIVE OF CHANGE - 33%

    INADEQUATE RESOURCE OR BUDGET - 14%

    OTHER OBSTACLES - 14%

    72% of change management issues can be directly improved by management.

    (Source: shmula)

    Why are managers crucial to organizational change?

    • Managers are extremely well-connected.
      • They have extensive horizontal and vertical networks spanning the organization.
      • Managers understand the informal networks of the organization.
    • Managers are valuable communicators.
      • Managers have established strong relationships with employees.
      • Managers influence the way staff perceive messaging.

    Conduct a workshop with managers to help them lead their teams through change

    Organizational Design Implementation Manager Training Guide

    Give managers the tools and skills to support their employees and carry out difficult conversations.

    Understand the role of management in communicating the change

    Understand reactions to change

    Resolve conflict

    Respond to FAQs

    Monitor and measure employee engagement

    Prepare managers to effectively execute their role in the organizational change by running a 2-hour training workshop.

    Complete the activities on the following slides to:

    • Plan and prepare for the workshop.
    • Execute the group exercises.
    • Help managers develop stakeholder engagement plans for each of their employees.
    • Initiate the McLean Leadership Index™ survey to measure employee engagement.

    Plan and prepare for the workshop

    3.1 Plan and prepare for the workshop.

    Output

    • Workshop participants
    • Completed workshop prep

    Materials

    • Organizational Design Implementation Manager Training Guide

    Instructions

    1. Create a list of all managers that will be responsible for leading their teams through the change.
    2. Select a date for the workshop.
      • The training session will run approximately 2 hours and should be scheduled within a week of when the implementation plan is communicated organization-wide.
    3. Review the material outlined in the presentation and prepare the Organizational Design Implementation Manager Training Guide for the workshop:
      • Copy and print the “Pre-workshop Facilitator Instructions” and “Facilitator Notes” located in the notes section below each slide.
      • Revise frequently asked questions (FAQs) and responses.
      • Delete instruction slides.

    Invite managers to the workshop

    Workshop Invitation Email Template

    Make necessary modifications to the Workshop Invitation Email Template and send invitations to managers.

    Hi ________,

    As you are aware, we are starting to roll out some of the initiatives associated with our organizational change mandate. A key component of our implementation plan is to ensure that managers are well-prepared to lead their teams through the transition.

    To help you proactively address the questions and concerns of your staff, and to ensure that the changes are implemented effectively, we will be conducting a workshop for managers on .

    While the change team is tasked with most of the duties around planning, implementing, and communicating the change organization-wide, you and other managers are responsible for ensuring that your employees understand how the change will impact them specifically. The workshop will prepare you for your role in implementing the organizational changes in the coming weeks, and help you refine the skills and techniques necessary to engage in challenging conversations, resolve conflicts, and reduce uncertainty.

    Please confirm your attendance for the workshop. We look forward to your participation.

    Kind regards,

    Change team

    Prepare managers for the change by helping them build useful deliverables

    ODI Stakeholder Engagement Plan Template & Conflict Style Self-Assessment

    Help managers create useful deliverables that continue to provide value after the workshop is completed.

    Workshop Deliverables

    Organizational Design Implementation Stakeholder Engagement Plan Template

    • Document the areas of change resistance, detachment, uncertainty, and support for each employee.
    • Document strategies to overcome resistance, increase engagement, reduce uncertainty, and leverage their support.
    • Create action items to execute after the workshop.

    Conflict Style Self-Assessment

    • Determine how you approach conflicts.
    • Analyze the strengths and weaknesses of this approach.
    • Identify ways to adopt different conflict styles depending on the situation.

    Book a follow-up meeting with managers and determine which strategies to Start, Stop, or Continue

    3.2 1 hour

    Output

    • Stakeholder engagement templates

    Materials

    • Sticky notes
    • Pen and paper

    Participants

    • Implementation Team
    • Managers
    1. Schedule a follow-up meeting 2–3 weeks after the workshop.
    2. Facilitate an open conversation on approaches and strategies that have been used or could be used to:
      • Overcome resistance
      • Increase engagement
      • Reduce uncertainty
      • Leverage support
    3. During the discussion, document ideas on the whiteboard.
    4. Have participants vote on whether the approaches and strategies should be started, stopped, or continued.
      • Start: actions that the team would like to begin.
      • Stop: actions that the team would like to stop.
      • Continue: actions that work for the team and should proceed.
    5. Encourage participants to review and revise their stakeholder engagement plans.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1 The Change Maze

    Break the ice with an activity that illustrates the discomfort of unexpected change, and the value of timely and instructive communication.

    3.2 Perform a Change Management Retrospective

    Leverage the collective experience of the group. Share challenges and successes from previous organizational changes and apply those lessons to the current transition.

    3.3 Create a Stakeholder Engagement Plan

    Have managers identify areas of resistance, detachment, uncertainty, and support for each employee and share strategies for overcoming resistance and leveraging support to craft an action plan for each of their employees.

    3.4 Conduct a Conflict Style Self-Assessment

    Give participants an opportunity to better understand how they approach conflicts. Administer the Conflict Style Self-Assessment to identify conflict styles and jumpstart a conversation about how to effectively resolve conflicts.

    Transition your staff to their new roles

    Outcomes of this Section:

    • Identified key responsibilities to transition
    • Identified key relationships to be built
    • Built staff individual transition plans and timing

    This section involves the following participants:

    • All IT staff members

    Key Section Insight

    In order to ensure a smooth transition, you need to identify the transition scheduled for each employee. Knowing when they will retire and assume responsibilities and aligning this with the organizational transition will be crucial.

    Phase 3b outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3b: Transition Staff to New Roles

    Proposed Time to Completion (in weeks): 2-4

    Step 4.1: Build Your Transition Plans

    Start with an analyst kick off call:

    • Review the Organizational Design Implementation Transition Plan Template and its contents.
    • Return to the new org structure and project planning tool for information to fill in the template.

    Then complete these activities…

    • Present the template to your managers.
    • Have them fill in the template with their staff.
    • Approve the completed templates.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool
    • Organizational Design Implementation Transition Plan Template

    Step 4.2: Finalize Your Transition Plans

    Review findings with analyst:

    • Discuss strategies for timing the transition of your employees.
    • Determine the readiness of your departments for transitioning.

    Then complete these activities…

    • Build a transition readiness timeline of your departments.
    • Move your employees to their new roles.

    With these tools & templates:

    • Organizational Design Implementation Project Planning Tool
    • Organizational Design Implementation Transition Plan Template

    Use Info-Tech’s transition plan template to map out all of the changes your employees will face during reorganization

    Organizational Design Implementation Transition Plan Template

    • Use Info-Tech’s Organizational Design Implementation Transition Plan Template to document (in consultation with your employees) all of the changes individual staff members need to go through in order to transition into their new roles.
    • It provides a holistic view of all of the changes aligned to the change planning dimensions, including:
      • Current and new job responsibilities
      • Outstanding projects
      • Documenting where the employee may be moving
      • Technology changes
      • Required training
      • New relationships that need to be made
      • Risk mitigation
    • The template is designed to be completed by managers for their direct reports.

    Customize the transition plan template for all affected staff members

    4.1 30 minutes per employee

    Output

    • Completed transition plans

    Materials

    • Individual transition plan templates (for each employee)

    Participants

    • Implementation Team
    • Managers
    1. Implementation team members should hold one-on-one meetings with the managers from the departments they represent to go through the transition plan template.
    2. Some elements of the transition plan can be completed at the initial meeting with knowledge from the implementation team and documentation from the new organizational structure:
      • Employee information (except for the planned transition date)
      • New job responsibilities
      • Logistics and technology changes
      • Relationships (recommendations can be made about beneficial relationships to form if the employee is transitioning to a new role)
    3. After the meeting, managers can continue filling in information based on their own knowledge of their employees:
      • Current job responsibilities
      • Outstanding projects
      • Training (identify gaps in the employee’s knowledge if their role is changing)
      • Risks (potential concerns or problems for the employee during the reorganization)

    Verify and complete the individual transition plans by holding one-on-one meetings with the staff

    4.2 30 minutes per employee

    Output

    • Completed transition plans

    Materials

    • Individual transition plan templates (for each employee)

    Participants

    • Managers
    • Staff (Managers’ Direct Reports)
    1. After the managers complete everything they can in the transition plan templates, they should schedule one-on-one meetings with their staff to review the completed document to ensure the information is correct.
    2. Begin the meeting by verifying the elements that require the most information from the employee:
      • Current job responsibilities
      • Outstanding projects
      • Risks (ask about any problems or concerns they may have about the reorganization)
    3. Discuss the following elements of the transition plan to get feedback:
      • Training (ask if there is any training they feel they may need to be successful at the organization)
      • Relationships (determine if there are any relationships that the employee would like to develop that you may have missed)
    4. Since this may be the first opportunity that the staff member has had to discuss their new role (if they are moving to one), review their new job title and new job responsibilities with them. If employees are prepared for their new role, they may feel more accountable for quickly adopting the reorganization.
    5. Document any questions that they may have so that they can be answered in future communications from the implementation team.
    6. After completing the template, managers will sign off on the document in the approval section.

    Validate plans with organizational change project manager and build the transition timeline

    4.3 3 hours

    Input

    • Individual transition plans
    • Organizational Design Implementation Project Planning Tool

    Output

    • Timeline outlining departmental transition readiness

    Materials

    • Whiteboard

    Participants

    • Implementation Project Manager
    • Implementation Team
    • Managers
    1. After receiving all of the completed individual transition plan templates from managers, members of the implementation team need to approve the contents of the templates (for the departments that they represent).
    2. Review the logistics and technology requirements for transition in each of the templates and align them with the completion dates of the related projects in the Project Planning Tool. These dates will serve as the earliest possible time to transition the employee. Use the latest date from the list to serve as the date that the whole department will be ready to transition.
    3. Hand the approved transition plan templates and the dates at which the departments will be ready for transitioning to the Implementation Project Manager.
    4. The Project Manager needs to verify the contents of the transition plans and approve them.
    5. On a calendar or whiteboard, list the dates that each department will be ready for transitioning.
    6. Review the master copy of the Project Planning Tool. Determine if the outstanding projects limit your ability to transition the departments (when they are ready to transition). Change the ready dates of the departments to align with the completion dates of those projects.
    7. Use these dates to determine the timeline for when you would like to transition your employees to their new roles.

    Overcoming inexperience by training managers to lead through change

    CASE STUDY

    Industry: Manufacturing

    Source: CIO

    Challenge

    The IT department had not undergone a major reorganization in several years. When they last reorganized, they experienced high turnover and decreased business satisfaction with IT.

    Many of the managers were new to their roles and only one of them had been around for the earlier reorganization. They lacked experience in leading their staff through major organizational changes.

    One of the major problems they faced was addressing the concerns, fears, and resistance of their staff properly.

    Solution

    The implementation team ran a workshop for all of the managers in the department to train them on the change and how to communicate the impending changes to their staff. The workshop included information on resistance and conflict resolution.

    The workshop was conducted early on in the planning phases of the reorganization so that any rumors or gossip could be addressed properly and quickly.

    Results

    The reorganization was well accepted by the staff due to the positive reinforcement from their managers. Rumors and gossip about the reorganization were under control and the staff adopted the new organizational structure quickly.

    Engagement levels of the staff were maintained and actually improved by 5% immediately after the reorganization.

    Voluntary turnover was minimal throughout the change as opposed to the previous reorganization where they lost 10% of their staff. There was an estimated cost savings of $250,000–$300,000.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.2.1 Build Your Staff Transition Plan

    Review the contends of the staff transition plan, and using the organizational change map as a guide, build the transition schedule for one employee.

    3.2.1 Review the Transition Plan With the Transition Team

    Review and validate the results for your transition team schedule with other team members. As a group, discuss what makes this exercise difficult and any ideas for how to simplify the exercise.

    Works cited

    American Productivity and Quality Center. “Motivation Strategies.” Potentials Magazine. Dec. 2004. Web. November 2014.

    Bersin, Josh. “Time to Scrap Performance Appraisals?” Forbes Magazine. 5 June 2013. Web. 30 Oct 2013.

    Bridges, William. Managing Transitions, 3rd Ed. Philadelphia: Da Capo Press, 2009.

    Buckley, Phil. Change with Confidence – Answers to the 50 Biggest Questions that Keep Change Leaders up at Night. Canada: Jossey-Bass, 2013.

    “Change and project management.” Change First. 2014. Web. December 2009. <http://www.changefirst.com/uploads/documents/Change_and_project_management.pdf>.

    Cheese, Peter, et al. “Creating an Agile Organization.” Accenture. Oct. 2009. Web. Nov. 2013.

    Croxon, Bruce et al. “Dinner Series: Performance Management with Bruce Croxon from CBC's 'Dragon's Den.'” HRPA Toronto Chapter. Sheraton Hotel, Toronto, ON. 12 Nov. 2013. Panel discussion.

    Culbert, Samuel. “10 Reasons to Get Rid of Performance Reviews.” Huffington Post Business. 18 Dec. 2012. Web. 28 Oct. 2013. <http://www.huffingtonpost.com/samuel-culbert/performance-reviews_b_2325104.html>.

    Denning, Steve. “The Case Against Agile: Ten Perennial Management Objections.” Forbes Magazine. 17 Apr. 2012. Web. Nov. 2013.

    Works cited cont.

    “Establish A Change Management Structure.” Human Technology. Web. December 2014.

    Estis, Ryan. “Blowing up the Performance Review: Interview with Adobe’s Donna Morris.” Ryan Estis & Associates. 17 June 2013. Web. Oct. 2013. <http://ryanestis.com/adobe-interview/>.

    Ford, Edward L. “Leveraging Recognition: Noncash incentives to Improve Performance.” Workspan Magazine. Nov 2006. Web. Accessed May 12, 2014.

    Gallup, Inc. “Gallup Study: Engaged Employees Inspire Company Innovation.” Gallup Management Journal. 12 Oct. 2006. Web. 12 Jan 2012.

    Gartside, David, et al. “Trends Reshaping the Future of HR.” Accenture. 2013. Web. 5 Nov. 2013.

    Grenville-Cleave, Bridget. “Change and Negative Emotions.” Positive Psychology News Daily. 2009.

    Heath, Chip, and Dan Heath. Switch: How to Change Things When Change Is Hard. Portland: Broadway Books. 2010.

    HR Commitment AB. Communicating organizational change. 2008.

    Keller, Scott, and Carolyn Aiken. “The Inconvenient Truth about Change Management.” McKinsey & Company, 2009. <http://www.mckinsey.com/en.aspx>.

    Works cited cont.

    Kotter, John. “LeadingChange: Why Transformation Efforts Fail.” Harvard Business Review. March-April 1995. <http://hbr.org>.

    Kubler-Ross, Elisabeth and David Kessler. On Grief and Grieving: Finding the Meaning of Grief Through the Five Stages of Loss. New York: Scribner. 2007.

    Lowlings, Caroline. “The Dangers of Changing without Change Management.” The Project Manager Magazine. December 2012. Web. December 2014. <http://changestory.co.za/the-dangers-of-changing-without-change-management/>.

    “Managing Change.” Innovative Edge, Inc. 2011. Web. January 2015. <http://www.getcoherent.com/managing.html>.

    Muchinsky, Paul M. Psychology Applied to Work. Florence: Thomson Wadsworth, 2006.

    Nelson, Kate and Stacy Aaron. The Change Management Pocket Guide, First Ed., USA: Change Guides LLC, 2005.

    Nguyen Huy, Quy. “In Praise of Middle Managers.” Harvard Business Review. 2001. Web. December 2014. <https://hbr.org/2001/09/in-praise-of-middle-managers/ar/1>

    “Only One-Quarter of Employers Are Sustaining Gains From Change Management Initiatives, Towers Watson Survey Finds.” Towers Watson. August 2013. Web. January 2015. <http://www.towerswatson.com/en/Press/2013/08/Only-One-Quarter-of-Employers-Are-Sustaining-Gains-From-Change-Management>.

    Shmula. “Why Transformation Efforts Fail.” Shmula.com. September 28, 2009. <http://www.shmula.com/why-transformation-efforts-fail/1510/>

    Design an Enterprise Architecture Strategy

    • Buy Link or Shortcode: {j2store}580|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $63,181 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The enterprise architecture (EA) team is constantly challenged to articulate the value of its function.
    • The CIO has asked the EA team to help articulate the business value the team brings.
    • Traceability from the business goals and vision to the EA contributions often does not exist.
    • Also, clients often struggle with complexity, priorities, and agile execution.

    Our Advice

    Critical Insight

    • EA can deliver many benefits to an organization. However, to increase the likelihood of success, the EA group needs to deliver value to the business and cannot be seen solely as IT.
    • Support from the organization is needed.
    • An EA strategy anchored in a value proposition will ensure that EA focuses on driving the most critical outcomes in support of the organization’s enterprise strategy.
    • As agility is not just for project execution, architects need to understand ways to deliver their guidance to influence project execution in real time, to enable the enterprise agility, and to enhance their responsiveness to changing conditions.

    Impact and Result

    • Create an EA value proposition based on enterprise needs that clearly articulates the expected contributions of the EA function.
    • Establish the EA fundamentals (vision and mission statement, goals and objectives, and principles) needed to position the EA function to deliver the promised value proposition.
    • Identify the services that EA has to provide to the organization to deliver on the promised value proposition.

    Design an Enterprise Architecture Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design an Enterprise Architecture Strategy Deck – A guide to help you define services that your EA function will provide to the organization.

    Establish an effective EA function that will realize value for the organization with an EA strategy.

    • Design an Enterprise Architecture Strategy – Phases 1-4

    2. EA Function Strategy Template – A communication tool to secure the approval of the EA strategy from organizational stakeholders.

    Use this template to document the outputs of the EA strategy and to communicate the EA strategy for approval by stakeholders.

    • EA Function Strategy Template

    3. Stakeholder Power Map Template – A template to help visualize the importance of various stakeholders and their concerns.

    Identify and prioritize the stakeholders that are important to your IT strategy development effort.

    • Stakeholder Power Map Template

    4. PESTLE Analysis Template – A template to help you complete and document a PESTLE analysis.

    Use this template to analyze the effect of external factors on IT.

    • PESTLE Analysis Template

    5. EA Value Proposition Template – A template to communicate the value EA can provide to the organization.

    Use this template to create an EA value proposition that explicitly communicates to stakeholders how an EA function can contribute to addressing their needs.

    • EA Value Proposition Template

    6. EA Goals and Objectives Template – A template to identify the EA goals that support the identified promises of value from the EA value proposition.

    Use this template to help set goals for your EA function based on the EA value proposition and identify objectives to measure the progression towards those EA goals.

    • EA Goals and Objectives Template

    7. EA Principles Template – A template to identify the universal EA principles relevant to your organization.

    Use this template to define relevant universal EA principles and create new EA principles to guide and inform IT investment decisions.

    • EA Principles Template – EA Strategy

    8. EA Service Planning Tool – A template to identify the EA services your organization will provide to deliver on the EA value proposition.

    Use this template to identify the EA services relevant to your organization and then define how those services will be accessed.

    • EA Service Planning Tool
    [infographic]

    Workshop: Design an Enterprise Architecture Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Map the EA Contributions to Business Goals

    The Purpose

    Show an example of traceability.

    Key Benefits Achieved

    Members have a real-world example of traceability between business goals and EA contributions.

    Activities

    1.1 Start from the business goals of the organization.

    1.2 Document business and IT drivers.

    1.3 Identify EA contributions that help achieve the business goals.

    Outputs

    Business goals documented.

    Business and IT drivers documented.

    Identified EA contributions and traced them to business goals.

    2 Determine the Role of the Architect in the Agile Ceremonies of the Organization

    The Purpose

    Create an understanding about role of architect in Agile ceremonies.

    Key Benefits Achieved

    Understanding of the role of the EA architect in Agile ceremonies.

    Activities

    2.1 Document the Agile ceremony used in the organization (based on SAFe or other Agile approaches).

    2.2 Determine which ceremonies the system architect will participate in.

    2.3 Determine which ceremonies the solution architect will participate in.

    2.4 Determine which ceremonies the enterprise architect will participate in.

    2.5 Determine architect syncs, etc.

    Outputs

    Documented the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).

    Determined which ceremonies the system architect will participate in.

    Determined which ceremonies the solution architect will participate in.

    Determined which ceremonies the enterprise architect will participate in.

    Determined architect syncs, etc.

    Further reading

    Design an Enterprise Architecture Strategy

    Develop a strategy that fits the organization’s maturity and remains adaptable to unforeseen future changes.

    EXECUTIVE BRIEF

    Build a right-size enterprise architecture strategy

    Enterprise Architecture Strategy

    Business & IT Strategy
    • Organizational Goals and Objectives
    • Business Drivers
    • Environment and Industry Trends
    • EA Capabilities and Services
    • Business Architecture
    • Data Architecture
    • Application Architecture
    • Integration Architecture
    • Innovation
    • Roles and Organizational Structure
    • Security Architecture
    • Technology Architecture
    • Integration Architecture
    • Insight and Knowledge
    • EA Operating Model
    Unlock the Value of Architecture
    • Increased Business and IT Alignment
    • Robust, Flexible, Scalable, Interoperable, Extensible and Reliable Solutions
    • Timely/Agile Service Delivery and Operations
    • Cost-Effective Solutions
    • Appropriate Risk Management to Address the Risk Appetite
    • Increased Competitive Advantage
    Current Environment
    • Business and IT Challenges
    • Opportunities
    • Enterprise Architecture Maturity

    Enterprise Architecture – Thought Model

    A thought model built around 'Enterprise Architecture', represented by a diagram on a cross-section of a ship which will be explained in the next slide. It begins with an arrow that says 'Organizational goals are the driving force and the ultimate goal' pointing to a bubble titled 'Organization' containing 'Analysis', 'Decisions', 'Actions'. An blue arrow on the right side with one '$' is labelled 'Iterations' and connects 'Organization' to 'Enterprise Architecture', 'Enterprise architecture creates new business value'. A green arrow on the left side with five '$' is labelled 'Goals' and connects back to 'Organization'. A the bottom, a bubble titled 'External forces, pressures, trends, data, etc.' has a blue arrow on the right side with one '$' connecting back to 'Enterprise Architecture'. Another blue arrow representing an output is labelled 'Outcomes' and originates from 'Enterprise Architecture'.

    Enterprise Architecture Capabilities

    A diagram on a cross-section of a ship representing 'Enterprise Architecture', including a row of process arrows beneath the ship pointing forward all labelled 'Agile iteration' and one airborne arrow above the stern pointing forward labelled 'Business Strategy'. Overlaid on the ship, starting at the back, are 'EA Strategy', 'EA Operating Model', 'Enterprise Principles, Methods, etc.', 'Foundational enterprise decisions: Business, Data/Apps, Technology, Integration, Security', 'Enterprise Reference Architecture', 'Goals, Value Chain, Capability, Business Processes', 'Enterprise Governance (e.g., Standard Mgmt.)', 'Domain Arch', 'Data & App Architecture', 'Security Architecture', 'Infrastructure: Cloud, Hybrid, etc.', at the very front is 'Implementation', and running along the bottom from back to front is 'Operations, Monitoring, and Continuous Improvement'.

    Analyst Perspective

    Enterprise architecture (EA) needs to be right-sized for the needs of the organization.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group

    Enterprise architecture is NOT a one-size-fits-all endeavor. It needs to be right-sized to the needs of the organization.

    Enterprise architects are boots on the ground and part of the solution; in addition, they need to have a good understanding of the corporate strategy, vision, and goals and have a vested interest on the optimization of the outcomes for the enterprise. They also need to anticipate the moves ahead, to be able to determine future trends and how they will impact the enterprise.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Analyst Perspective

    EA provides business options based on a deep understanding of the organization.

    “Enterprise architects need to think about and consider different areas of expertise when formulating potential business options. By understanding the context, the puzzle pieces can combine to create a positive business outcome that aligns with the organization’s strategies. Sometimes there will be missing pieces; leveraging what you know to create an outline of the pieces and collaborating with others can provide a general direction.”

    Jean Bujold
    Senior Workshop Delivery Director
    Info-Tech Research Group

    “The role of enterprise architecture is to eliminate misalignment between the business and IT and create value for the organization.”

    Reddy Doddipalli
    Senior Workshop Director, Research
    Info-Tech Research Group

    “Every transformation journey is an opportunity to learn: ‘Tell me and I forget. Teach me and I remember. Involve me and I learn.’ Benjamin Franklin.”

    Graham Smith
    Senior Lead Enterprise Architect and Independent Consultant

    Develop an enterprise architecture strategy that:

    • Helps the organization make decisions that are hard to change in a complex environment.
    • Fits the current organization’s maturity and remains flexible and adaptable to unforeseen future changes.

    Executive Summary

    Your Challenge

    We need to make decisions today for an unknown future. Decisions are influenced by:

    • Changes in the environment you operate in.
    • Complexity of both the business and IT landscapes.
    • IT’s difficulty in keeping up with business demands and remaining agile.
    • Program/project delivery pressure and long-term planning needs.
    • Other internal and external factors affecting your enterprise.

    Common Obstacles

    Decisions are often made:

    • Without a clear understanding of the business goals.
    • Without a holistic understanding; sometimes in conflict with one another.
    • That hinder the continuity of the organization.
    • That prevent value optimization at the enterprise level.

    The more complex an organization, the more players involved, the more difficult it is to overcome these obstacles.

    Info-Tech’s Approach

    • Is a holistic, top-down approach, from the business goals all the way to implementation.
    • Has EA act as the canary in the coal mine. EA will identify and mitigate risks in the organization.
    • Enables EA to provide an essential service rather than be an isolated kingdom or an ivory tower.
    • Acknowledges that EA is a balancing act among competing demands.
    • Makes decisions using guiding principles and guardrails, to create a flexible architecture that can evolve and expand, enabling enterprise agility.

    Info-Tech Insight

    There is no “right architecture” for organizations of all sizes, maturities, and cultural contexts. The value of enterprise architecture can only be measured against the business goals of a single organization. Enterprise architecture needs to be right-sized for your organization.

    Info-Tech insight summary on arch. agility

    Continuous innovation is of paramount importance in achieving and maintaining competitive advantage in the marketplace.

    Business engagement

    It is important to trace architectural decisions to business goals. As business goals evolve, architecture should evolve as well.

    As new business input is provided during Agile cycles, architecture is continuously evolving.

    EA fundamentals

    EA fundamentals will shape how enterprise architects think and act, how they engage with the organization, what decisions they make, etc.

    Start small and lean and evolve as needed.

    Continuously align strategy with delivery and operations.

    Architects should establish themselves as business partners as well as implementation/delivery leaders.

    Enterprise services

    Definitions of enterprise services should start from the business goals of the organization and the capabilities IT needs to perform for the organization to survive in the marketplace.

    Continuous delivery and continuous innovation are the two facets of architecture.

    Tactical insight

    Your current maturity should be reflected as a baseline in the strategy.

    Tactical insight

    Take Agile/opportunistic steps toward your strategic North star.

    Tactical insight

    EA services differ based on goals, maturity, and the Agile appetite of the enterprise.

    From the best industry experts

    “The trick to getting value from enterprise architecture is to commit to the long haul.”

    Jeanne W. Ross, MIT CISR
    Co-author of Enterprise Architecture as Strategy: Creating a Foundation for Business Execution,
    Harvard Business Press, 2006.

    Typical EA maturity stages

    A line chart that moves through multiple stages titled 'Enterprise Architecture Maturity Stages (MIT CISR)' The five stages of the chart, starting on the left, are 'Business Silos', 'Standardized Technology', 'Optimized Core', 'Business Componentization', and 'Digital Ecosystem'. 'The trick to getting value from enterprise architecture is to commit to the long haul.' The line begins at the bottom left of the chart and gradually creates a stretched S shape to the top right. Points along the line, respective to the aforementioned stages, are 'Locally Optimal Business Solutions', 'Technology Infrastructure Platform', 'Digitized Process Platform', 'Repository of Reusable Business Components', 'Components Connecting with Partners' Components', and at the end of the line, outside of the chart is 'Strategic Business Value from Technology'. Percentages along the bottom, respective to the aforementioned stages, read 20%, 36%, 45%, 7%, 2%. Percentages are rough approximations based on findings reported in Mocker, M., Ross, J.W., Beath, C.M., 'How Companies Use Digital Technologies to Enhance Customer Offerings--Summary of Survey Findings,' MIT CISR Working Paper No. 434, Feb. 2019. Copyright MIT, 2019.

    Enterprise Architecture maturity

    A maturity ladder visualization for 'Enterprise Architecture' with five color-coded levels. From the bottom up, the colors and designations are Red: 'Unstable', Orange: 'Firefighter', Yellow: 'Trusted Operator', Blue: 'Business Partner', and Green: 'Innovator'. Beside the visualization at the bottom it says 'EA is here', then an arrow in the direction of the top where it says 'EA needs to be here'.
    • Innovator – Transforms the Business
      Reliable Technology Innovation
    • Business Partner – Expands the Business
      Effective Use of Enterprise Architecture in all Business Projects, Enterprise Architecture Is Strategically Engaged
    • Trusted Operator – Optimizes the Business
      Enterprise Architecture Provides Business, Data, Application & Technology Architectures for All IT Projects
    • Firefighter – Supports the Business
      Reliable Architecture for Some Practices/Projects
    • Unstable – Struggles to Support
      Inability to Provide Reliable Architectures

    Info-Tech Insight

    There is no “absolute maturity” for organizations of all sizes, maturities, and cultural contexts. The maturity of enterprise architecture can only be measured against the business goals of the organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Session 1 Session 2 Session 3 Session 4 Session 5
    Activities
    Identify organizational needs and landscape

    1.0 Interview stakeholders to identify business and technology needs

    1.1 Review organization perspective, including business needs, challenges, and strategic directions

    1.2 Conduct PESTLE analysis to identify business and technology trends

    1.3 Conduct SWOT analysis to identify business and technology internal perspective

    Create the EA value proposition

    2.1 Identify and prioritize EA stakeholders

    2.2 Create business and technology drivers from needs

    2.3 Define the EA value proposition

    2.4 Identify EA maturity and target

    Define the EA fundamentals

    3.1 Define the EA goals and objectives

    3.2 Determine EA scope

    3.3 Create a set of EA principles

    3.4. Define the need of a methodology/agility

    3.5 Create the EA vision and mission statement

    Identify the EA framework and communicate the EA strategy

    4.1 Define initial EA operating model and governance mechanism

    4.2 Define the activities and services the EA function will provide, derived from business goals

    4.3 Determine effectiveness measures

    4.4 Create EA roadmap and next steps

    4.5 Build communication plan for stakeholders

    Next Steps and Wrap-Up (offsite)

    5.1 Generate workshop report

    5.2 Set up review time for workshop report and to discuss next steps

    Outcomes
    1. Stakeholder insights
    2. Organizational needs, challenges, and direction summary
    3. PESTLE & SWOT analysis
    1. Stakeholder power map
    2. List of business and technology drivers with associated pains
    3. Set of EA contributions articulating the promises of value in the EA value proposition
    4. EA maturity assessment
    1. EA scope
    2. List of EA principles
    3. EA vision statement
    4. EA mission statement
    5. Statement about role of enterprise architect relative to agility
    1. EA capabilities mapped to business goals of the organization
    2. List of EA activities and services the EA function is committed to providing
    3. KPI definitions
    4. EA roadmap
    5. EA communication plan
    1. Completed workshop report on EA strategy with roadmap, recommendations, and outcomes from workshop

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    While variations depend on the maturity of the organization as well as its aspirations, these are some typical steps:

      Phase 1

    • Call #1: Explore the role of EA in your organization.
    • Phase 2

    • Call #2: Identify and prioritize stakeholders.
    • Call #3: Use a PESTLE analysis to identify business and technology needs.
    • Call #4: Prepare for stakeholder interviews.
    • Call #5: Discuss your EA value proposition.
    • Phase 3

    • Call #5: Understand the importance of EA fundamentals.
    • Call #6: Define the relevant EA services and their contributions to the organization.
    • Call #7: Measure EA effectiveness.
    • Phase 4

    • Call #8: Build your EA roadmap and communication plan.
    • Call #9: Discuss the EA role relative to agility.
    • Call #10: Summarize results and plan next steps.

    Design an Enterprise Architecture Strategy

    Phase 1

    Explore the Role of Enterprise Architecture

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    Define the role of the group and different roles inside the enterprise architecture competency.

    This phase involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Enterprise architecture optimizes the outcomes of the entire organization

    Corporate Strategy –› Enterprise Architecture Strategy

    Info-Tech Insight

    Enterprise architecture needs to have input from the corporate strategy of the organization. Similarly, EA governance needs to be informed by corporate governance. If this is not the case, it is like planning and governing with your eyes closed.

    Existing EA functions vary in the value they achieve due to their level of maturity

    EA Functions
    Operationalized
    • EA function is operationalized and operates as an effective core function.
    • Effectively aligns the business and IT through governance, communication, and engagement.
    –––› Common EA value
    Decreased cost Reduced risk
    Emerging
    • Emerging but limited ad hoc EA function.
    • Limited by lack of alignment to the business and IT.
    –x–› Cut through complexity Increased agility
    (Source: Booz & Co., 2009)

    Benefits of enterprise architecture

    1. Focuses on business outcomes (business centricity)
    2. Provides traceability of architectural decisions to/from business goals
    3. Provides ways to measure results
    4. Provides consistency across different lines of business: establishes a common vocabulary, reducing inconsistencies
    5. Reduces duplications, creating additional efficiencies at the enterprise level
    6. Presents an actionable migration to the strategy/vision, through short-term milestones/steps

    Benefits of enterprise architecture continued

    1. Done right, increases agility
    2. Done right, reduces costs
    3. Done right, mitigates risks
    4. Done right, stimulates innovation
    5. Done right, helps achieve the stated business goals (e.g. customer satisfaction) and improves the enterprise agility.
    6. Done right, enhances competitive advantage of the enterprise

    Qualities of a well-established and practical enterprise architecture

    1. Objective
    2. Impartial
    3. Credible
    4. Practical
    5. Measurable
    6. (Source: University of Toronto, 2021)

    Role of the enterprise architecture

    • Primarily to set up guardrails for the enterprise, so Agile teams work independently in a safe, ready-to-integrate environment
    • Establish strategy
    • Establish priorities
    • Continuously innovate
    • Establish enterprise standards and enterprise guardrails to guide Solution/Domain/Portfolio Architectures
    • Align with and be informed by the organization’s direction

    Members of the Architecture Board:

    • Chief (Business) Strategist
    • Lead Enterprise Architect
    • Business SME from each major domain
    • IT SME from each major domain
    • Operational & Infrastructure SME
    • Security & Risk Officer
    • Process Management
    • Other relevant stakeholders

    For enterprise architecture to contribute, EA must address the organizational vision and goals

    External Factors –› Layers of a Business Model
    (Organization)
    –› Architecture Supported Transformation
    Industry Changes Business Strategy
    Competition Value Streams
    (Business Outcomes)
    Regulatory Impacts Business Capability Maps
    • Security
    Workforce Impacts Execution
    • Policies
    • Processes
    • People
    • Information
    • Applications
    • Technology

    Info-Tech Insight

    External forces can affect the organization as a whole; they need to be included as part of the holistic approach for enterprise architecture.

    How does EA provide value?

    Business and Technology Drivers – A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

    • Vision, Aspirations, Long-Term Goals – Vision, aspirations, long term goals

      • EA Contributions – EA contributions that will alleviate obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

        • Promise of Value – A statement that depicts a concrete benefit that the EA practice can provide for the organization in response to business and technology drivers.

    Info-Tech Insight

    Enterprise architecture needs to create and be part of a culture where decisions are made through collaboration while focusing on enterprise-wide efficiencies (e.g. reduced duplication, reusability, enterprise-wide cost minimization, overall security, comprehensive risk mitigation, and any other cross-cutting concerns) to optimize corporate business goals.

    The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

    Establish the EA function scope by using the EA value proposition and EA fundamentals that have already been developed. After defining the EA function scope, refer back to these statements to ensure it accurately reflects the EA value proposition and EA fundamentals.

    EA value proposition

    +

    EA vision statement
    EA mission statement
    EA goals and objectives

    —›
    Influences

    Organizational coverage

    Architectural domains

    Depth

    Time horizon

    —›
    Defines
    EA function scope

    EA team characteristics

    Create the optimal EA strategy by including personnel who understand a broad set of topics in the organization

    The team assembled to create the EA strategy will be defined as the “EA strategy creation team” in this blueprint.

    • Someone who has been in the organization for a long time and has built strong relationships with key stakeholders. This individual can exert influence and become the EA strategy sponsor.
    • An individual who understands how the different technology components in the organization support its business operations.
    • Someone in the organization who can communicate IT concepts to business managers in a language the business understands.
    • An individual with a strategy background or perspective on the organization. This individual will understand where the organization is headed.
    • Any individuals who feel an acute pain as a result of poorly made investment decisions. They can be champions of EA strategy in their respective functions.

    EA skills and competencies

    Apart from business know-how, the EA team should have the following skills

    • Architectural thinking
    • Analytical
    • Trusted, credible
    • Can handle complexity
    • Can change perspectives
    • Can learn fast (business and technology)
    • Independent and steadfast
    • Not afraid to go against the stream
    • Able to understand problems of others with empathy
    • Able to estimate scaling on design decisions such as model patterns
    • Intrinsic capability to identify where relevant details are
    • Able to identify root causes quickly
    • Able to communicate complex issues clearly
    • Able to negotiate and come up with acceptable solutions
    • Can model well
    • Able to change perspectives (from business to implementation and operational perspectives).

    Use of enterprise architecture methodologies

    Balance EA methodologies with Agile approaches

    Using an enterprise architecture methodology is a good starting point to achieving a common understanding of what that is. Often, organizations agree to "tailor" methodologies to their needs.

    The use of lean/Agile approaches will increase efficiency beyond traditional methodologies.

    Use of EA methodologies vs. Agile methods

    When to use what?

    • Use an existing methodology to structure your thinking and establish a common vocabulary to communicate basic concepts, processes, and approaches.
    • Customize the methodology to your needs; make it as lean as possible.
    • Execute in an Agile way, but keep in mind the thoughtful checks recommended by your end-to-end methodology.
    • Clarify goals.
    • Have good measures and metrics in place.
    • Continuously monitor progress, fit for purpose, etc.
    • Highlight risks, roadblocks, etc.
    • Get support.
    • Communicate vision, goals, key decisions, etc.
    • Iterate.

    Business strategy first, EA strategy second, and EA operating model third

    Corporate Strategy
    “Why does our enterprise exist in the market?”
    EA Strategy
    “What does EA need to be and do to support the enterprise’s ability to meet its goals? What is EA’s value proposition?”
    Business & IT Operating Culture
    “How does the organization’s culture and structure influence the EA operating model?”
    EA Operating Model
    How does EA need to operate on a daily basis to deliver the value proposition?”

    High-level perspective

    Creating an effective practice involves many moving parts.

    A visual of the many moving parts in an effective practice; there are 6 smaller circles in a large circle, an input arrow labelled 'Environment', an output arrow labelled 'Results', and a thin arrow connecting 'Results' back to 'Environment'. Of the circles, 'Leadership' is in the center, connected to each of the others, while 'Culture', 'Strategy', 'Core Processes', 'Structure', and 'Systems' create a cycle. (Source: The Center for Organizational Design)

    • Environment. Influences that are external to the organization, such as customer perceptions, changing needs, and changes in technology, and the organization’s ability to adjust to them.
    • Strategy. The business strategy defines how the organization adds value and acts as the rudder to direct the organization. Organizational strategy defines the character of the organization, what it wants to be, its values, its vision, its mission, etc.
    • Core Process. The flow of work through the organization.
    • Structure. How people are organized around business processes. Includes reporting structures, boundaries, roles, and responsibilities. The structure should assist the organization with achieving its goals rather than hinder its performance.
    • Systems. Interrelated sets of tasks or activities that help organize and coordinate work.
    • Culture. The personality of the organization: its leadership style, attitudes, habits, and management practices. Culture measures how well philosophy is translated into practice.
    • Results. Measurement of how well the organization achieved its goals.
    • Leadership. Brings the organization together by providing vision and strategy; designing, monitoring, and nurturing the culture; and fostering agility.

    The answer to the strategic planning entity dilemma is enterprise architecture

    Enterprise architecture is a discipline that defines the structure and operation of an organization. The intent of enterprise architecture is to determine how an organization can most effectively achieve its current and future objectives.

    Vision, goals, and aspirations as well internal and external pressures

    Business current state

    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    Enterprise Architecture

    IT current state

    • IT asset management
    • Database services
    • Application development

    Business target state

    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • Existing capability
    • New capability

    IT target state

    • IT asset management
    • Database services
    • Application development
    • Business analytics
    Complex, overlapping, contradictory world of humans vs. logical binary world of IT
    EA is a planning tool to help achieve the corporate business goals

    EA spans across all the domains of architecture

    Business architecture is the cornerstone that sets the foundation for all other architectural domains: security, data, application, and technology.

    A flow-like diagram titled 'Enterprise Architecture' beginning with 'Digital Architecture' and 'Business Architecture', which feeds into 'Security Architecture', which feeds into both 'Data Architecture' and 'Application Architecture', which both feed into 'Technology Architecture: Infrastructure'.

    “An enterprise architecture practice is both difficult and costly to set up. It is normally built around a process of peer review and involves the time and talent of the strategic technical leadership of an enterprise.” (The Open Group Architecture Framework, 2018)

    Enterprise architecture deployment continuum

    A diagram visualizing the Enterprise architecture deployment continuum with two continuums, 'Level of Embedding' and 'EA Value', assigning terms to EA deployments based on where they fall. On the left is an 'Ivory Tower' configuration: EA' is separated from the 'BU's but is still controlling them. Level of Embedding: 'Centralized', EA Value: 'Dictatorship'. In the center is a 'Balanced' configuration: 'EA' is spread across and connected to each 'BU'. Level of Embedding: 'Federated', EA Value: 'Democracy'. On the right is a 'Siloed' configuration: Each 'BU' has its own separate 'EA'. Level of Embedding: 'Decentralized', EA Value: 'Abdication of enterprise role'.

    Info-Tech Insight

    The primary question during the design of the EA operating model is how to integrate the EA function with the rest of the business.

    If the EA practice functions on its own, you end up with ivory tower syndrome and a dictatorship.

    If you totally embed the EA function within business units it will become siloed with no enterprise value.

    Organizations need to balance consistency at the enterprise level with creativity from the grass roots.

    Enterprise vs. Program/Portfolio/Domain

    Enterprise vs. Program/Portfolio/Domain. Image depicts where Enterprise Scope overlaps Program/Portfolio Scope. Enterprise Scope includes Business Architecture. Program/Portfolio Scope includes Business Requirements, Business Process, and Solutions Architecture. Overlap between scope includes Technology Architecture, Data Architecture, and Applications Architecture.

    Info-Tech Insight

    Decisions at the enterprise level apply across multiple programs/portfolios/solutions and represent the guardrails set for all to play within.

    Decide on the degree of centralization

    Larger organizations with multiple domains/divisions or business units will need to decide which architecture functions will be centralized and which, if any, will be decentralized as they plan to scope their EA program. What are the core functions to be centralized for the EA to deliver the greatest benefits?

    Typically, we see a need to have a centralized repository of reusable assets and standards across the organization, while other approaches/standards can operate locally.

    Centralization

    • Allows for more strategic planning
    • Visibility into standards and assets across the organization promotes rationalization and cost savings
    • Ensures enterprise-wide assets are used
    • More strategic sourcing of vendors and resellers
    • Can centrally negotiate pricing for better deals
    • Easier to manage risk and prepare for audits
    • Greater coordination of resources
    • Derives benefits from enterprise decisions, e.g. integration…

    Decentralization

    • May allow for more innovation
    • May be easier to demonstrate local compliance if the organization is geographically decentralized
    • May be easier to procure software if offices are in different countries
    • Deployment and installation of software on user devices may be easier

    EA strategy

    What is the role of enterprise architecture vis-à-vis business goals?

    • What needs to be done?
    • Who needs to be involved?
    • When?
    • Where?
    • Why?
    • How?

    Top-down approach starting from the goals of the organization

      What the Business Sees...
    • Business Goals
      • Value Streams
          What the CxO Sees...
        • Capabilities
            What the App Managers See...
          • Processes
            • Applications
                What the Program Managers See...
              • Programs/Projects

    Info-Tech Insight

    Being able to answer the deceptively simple question “How am I doing?” requires traceability to and from the business goals to be achieved all the way to applications, to infrastructure, and ultimately, to the funded initiatives (portfolios, programs, projects, etc.).

    Measure EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function spans across three main dimensions:

    1. The delivery of EA-enabled business outcomes that are most important to the enterprise.
    2. The alignment between the business and the technology from a planning perspective.
    3. Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).

    Corporate Business Goals

    • Reduction in operating costs
    • Decreased regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure

    EA Contributions

    • Alignment of IT investments to business strategy
    • Achievement of business results directly linked to IT involvement
    • Application and platform rationalization
    • Standards in place
    • Flexible architecture
    • Better integration
    • Higher organizational satisfaction with technology-enabled services and solutions

    Measurements

    • Cost reductions based on application and platform rationalization
    • Time and cost reductions due to standardization
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase in customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    Info-Tech Insight

    Organizations must create clear and smart KPIs (key performance indicators) across the board.

    From corporate strategy to enterprise architecture

    A model connecting 'Enterprise Architecture' with 'Corporate Strategy' through 'EA Services' and 'EA Strategy'.

    Info-Tech Insight

    In the absence of a corporate strategy, enterprise architecture is missing its North Star.

    However, enterprise architects can partner with the business strategists to build the needed vision.

    Traceability to and from business corporate business goals to EA contributions (sample)

    A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

    Enterprise architecture journey

    The enterprise architecture journey, from left to right: 'Business Goals' and 'EA Maturity Assessment', 'EA Strategy', 'Industry-Specific Capability Model' and 'Customized to the Organization's Needs', 'EA Operating Model' and 'EA Governance', 'Business Architecture' and 'EA Tooling', 'Data Architecture' and 'Application Architecture', 'Infrastructure Architecture'.

    Agile architecture principles

    Agile architecture principles:
    • Fast learning cycle
    • Explore alternatives
    • Create environment for decentralized ideation and innovation

    According to the Scaled Agile Framework, three of the most applicable principles for the architectural professions refer to the following:

    1. "Fast learning cycle" refers to learning cycles that allow for quick reiterations as well as the opportunity to fail fast to learn fast.
    2. "Explore alternatives" refers to the exploration phase and also to the need to make tough decisions and balance competing demands.
    3. "Create environment for decentralized ideation and innovation" ensures that no one has a monopoly on innovation. Moreover, EA needs to invite ideas from various stakeholders (from the business to operations as well as implementers, etc.).

    Architecture roles in lean enterprises

    Typical architecture roles in modern/Agile lean enterprises

    • System Architect
    • Solution Architect
    • Enterprise Architect

    Depth vs. strategy focus

    Typical architect roles

    A graph with different architect roles mapped onto it. Axes are 'Low Strategic Impact' to 'High Strategic Impact' and 'Breadth' to 'Depth'. 'Enterprise Architect' has the highest strategic impact and most breadth. 'Technical/System Architect' has the lowest strategic impact and most depth. 'Solution Architect' sits in the middle of both axes.

    Architecture roles continued

    The three architect roles from above and their impacts on the list of 'Common Domains' to the right. 'Enterprise Architect's impact is 'Across Value Streams', 'Solution Architect's impact is 'Across Systems', 'Technical/System Architect's impact is 'Single System'. Adapted from Scaled Agile.

    Common Domains

    Business Architecture

    Information Architecture

    Application Architecture

    Technical Architecture

    Integration Architecture

    Security Architecture

    Others

    Info-Tech Insight

    All architects are boots on the ground and play in the solutioning space. What differs is their decisions’ impact (the enterprise architect’s decisions affects all domains and solutions).

    SAFe definitions of the Enterprise/Solution and System Architect roles can be found here.

    The role of the Enterprise Architect is detailed here.

    Collaboration models across the enterprise

    A collaboration model with 'Enterprise Architecture' at the top consisting of a 'Chief Enterprise Architect', 'Enterprise Architects', and 'EA Concerns across solutions': 'Architect A', 'Architect B', and 'Architect C'. Each lettered Architect is connected to their respective 'Solution Architect (A-C)' which runs their respective 'Delivery Team (A-C)' with 'Other Team Members'.(Adapted from Disciplined Agile)

    There are both formal and informal collaborations between enterprise architects and solution architects across the enterprise.

    Info-Tech Insight

    Enterprise architects should collaborate with solutions architects to create the best solutions at the enterprise level and to provide guidance across the board.

    Architect roles in SAFe

    According to Scale Agile Framework 5 for Lean Enterprises:

    • The system architect participates in the Essential SAFe
    • Solution architects and system architects participate in Large Solution
    • The enterprise architect participates in the Portfolio SAFe
    • Enterprise, solution, and system architects are all involved in Full SAFe

    Please check the SAFe Scaled Agile site for detailed information on the approach.

    Architect roles and their participation in Agile events (see likely events and a typical calendar)

    Info-Tech Insight

    A clear commitment for architects to achieve and support agility is needed. Architects should not be in an ivory tower; they should be hands on and engaged in all relevant Agile ceremonies, like the pre- and post-program increment (PI) planning, etc.

    Architect syncs are also required to ensure the needed collaboration.

    Architect participation in Agile ceremonies, according to SAFe:

    Architecture runway (at scale)

    Info-Tech Insight

    Architecting for scale, modularity, and extensibility is key for the architecture to adapt to changing conditions and evolve.

    Proactively address NFRs; architect for performance and security.

    Continuously refine the solution intent.

    For large solutions, longer foundational architectural runways are needed.

    Having an intentional continuous improvement/continuous development (CI/CD) pipeline to continuously release, test, and monitor is key to evolving large and complex systems.

    Parallel continuous exploration/integration/deployment

    A cycle titled DevOps containing three smaller cycles labelled 'Continuous Explorations', 'Continuous Integration', and 'Continuous Deployment'.

    Info-Tech Insight

    Architects need to help make some fundamental decisions, e.g. help define the environment that best supports continuous innovation or exploration and continuous integration, deployment, and delivery.

    Typical strategic enterprise architecture involvement

    Enterprise Architect —DRIVES–› Enterprise Architecture Strategy

    Enterprise Architecture Strategy
    • Application Strategy
    • Business Strategy
    • Data Strategy
    • Implementation Strategy
    • Infrastructure Strategy
    • Inter-domain Collaboration
    • Integration Strategy
    • Operations Strategy
    • Security Strategy
    • (Adapted from Scaled Agile)

    The EA statement relative to agility

    The enterprise architecture statement relative to agility specifies the architects’ responsibilities as well as the Agile protocols they will participate in. This statement will guide every architect’s participation in planning meetings, pre- and post-PI, various syncs, etc. Use simple and concise terminology; speak loudly and clearly.

    Strong EA statement relative to agility has the following characteristics:

    • Describes what different architect roles do to achieve the vision of the organization
    • In an agile way
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Specific
    • Concise

    Sample EA statement relative to agility

    • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
    • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

    A clear statement can include additional details surrounding the enterprise architect’s role relative to agility

    Below is a sample of connecting keywords to form an enterprise architect role statement, relative to agility.

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance and accelerators.

    Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles
    • Standards and reusable assets
    • Continuous exploration, integration, and deployment

    Traditional vs. Agile approaches

    Traditional Enterprise Architecture Next-Generation Enterprise Architecture
    Scope: Technology focused Business transformation (scope includes both business and technology)
    Bottom up Top down
    Inside out Outside In
    Point to point; difficult to change Expandable, extensible, evolvable
    Control-based: Governance intensive; often over-centralized Guidance-based: Collaboration and partnership-driven based on accepted guardrails
    Big up-front planning Incremental/dynamic planning; frequent changes
    Functional siloes and isolated projects, programs, and portfolios Enterprise-driven outcome optimization (across value streams)

    Info-Tech Insight

    The role of the architecture in Lean (Agile) approaches is to set up the needed guardrails and ensure a safe environment where everyone can be effective and creative.

    Design an Enterprise Architecture Strategy

    Phase 2

    Create the EA Value Proposition

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Identify and prioritize EA stakeholders.
    • Create business and technology drivers from stakeholder information.
    • Identify business pains and technology drivers.
    • Define EA contributions to alleviate the pains.
    • Create promises of value to fully articulate the value proposition.

    This phase involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Step 2.1

    Define the Business and Technology Drivers

    Activities
    • 2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders
    • 2.1.2 Conduct a PESTLE analysis
    • 2.1.3 Review strategic planning documents
    • 2.1.4 Conduct EA stakeholder interviews

    This step will walk you through the following activities:

    • Learn the five-step process to create an EA value proposition.
    • Uncover business and technology needs from stakeholders.

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    An understanding of your organization’s EA needs.

    Create the Value Proposition

    Step 2.1 Step 2.2

    Value proposition is an important step in the creation of the EA strategy

    Creating an EA value proposition should be the first step to realizing a healthy EA function. The EA value proposition demonstrates to organizational stakeholders the importance of EA in helping to realize their needs.

    Five steps towards the successful articulation of EA value proposition:

    1. Identify and prioritize stakeholders. The EA function must know to whom to communicate the value proposition.
    2. Construct business and technology drivers. Drivers are derived from the needs of the business and IT. Needs come from the analysis of external factors, strategic documents, and interviewing stakeholders. Helping stakeholders and the organization realize their needs demonstrates the value of EA.
    3. Discover pains that prevent driver realization. There are always challenges that obstruct drivers of the organization. Find out what they are to get closer to showing the value of EA.
    4. Brainstorm EA contributions. Pains that obstruct drivers have now been identified. To demonstrate EA’s value, think about how EA can help to alleviate those pains. Create statements that show how EA’s contribution will be able to overcome the pain to show the value of EA.
    5. Derive promises of value. Complete the articulation of value for the EA value proposition by stating how realizing the business or technology will provide in terms of value for the organization. Speak with the stakeholders to discover the value that can be achieved.

    Info-Tech Insight

    EA can deliver many benefits to an organization. To increase the likelihood of success, each EA group needs to commit to delivering value to their organization based on the current operating environment and the desired direction of the enterprise. An EA value proposition will articulate the group’s promises of value to the enterprise.

    The foundation of an optimal EA value proposition is laid by defining the right stakeholders

    All stakeholders need to know how the EA function can help them. Provide the stakeholders with an understanding of the EA strategy’s impact on the business by involving them.

    A stakeholder map can be a powerful tool to help identify and prioritize stakeholders. A stakeholder map is a visual sketch of how various stakeholders interact with your organization, with each other, and with external audience segments.

    An example stakeholder map with the 'Key players' quadrant highlighted, it includes 'CEO', 'CIO', and the modified position of 'CFO' after being engaged.

    “Stakeholder management is critical to the success of every project in every organization I have ever worked with. By engaging the right people in the right way in your project, you can make a big difference to its success…and to your career.” (Rachel Thompson, MindTools)

    2.1.1 Use a stakeholder power map to identify and prioritize EA stakeholders

    2 hours

    Input: Expertise from the EA strategy creation team

    Output: An identified and prioritized set of stakeholders for the EA function to target

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    1. A stakeholder power map helps to visualize the importance of various stakeholders and their concerns so you can prioritize your time according to the most powerful and most impacted stakeholders.
    2. Evaluate each stakeholder in terms of power, Involvement, impact, and support.
      • Power: How much influence does the stakeholder have? Enough to drive the project forward or into the ground?
      • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
      • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
      • Support: Is the stakeholder a supporter of the project? Neutral? A resistor?
    3. Map each stakeholder to an area on the Power Map Template.
    4. Ask yourself if the power map looks accurate. Is there someone who has no involvement in EA strategy development but should?
    5. Some stakeholders may have influence over others. For example, a COO who highly values the opinion of the Director of Operations would be influenced by that director. Draw an arrow from one stakeholder to another to signify this relationship.

    Download the Stakeholder Power Map Template for more detailed instructions on completing this activity.

    Each stakeholder will have a set of needs that will influence the final EA value proposition

    All stakeholders will have a set of needs they would like to address. Take those needs and translate them into business and technology drivers. Drivers help clearly articulate to stakeholders, and the EA function, the stakeholder needs to be addressed.

    Business Driver

    Business drivers are internal or external business conditions, changing business capabilities, and changing market trends that impact the way EA operates and provides value to the enterprise.

    Examples:

    Ensure corporate compliance with legislation pertaining to data and security (e.g. regulated oil fields).

    Enable the automation and digitization of internal processes and services to business stakeholders.

    Technology Driver

    Technology drivers are internal or external technology conditions or factors that are not within the control of the EA group that impact the way that the EA group operates and provides value to the enterprise.

    Examples:

    Establish standards and policies for enabling the organization to take advantage of cloud and mobile technologies.

    Reduce the frequency of shadow IT by lowering the propensity to make business–technology decisions in isolation.

    (Source: The Strategic CFO, 2013)

    Gather information from stakeholders to begin the process of distilling business and technology drivers

    Review information sources, then analyze them to derive business and technology drivers. Information sources are not targeted towards EA stakeholders. Analyze the information sources to create drivers that are relevant to EA stakeholders.

    Information Sources Drivers (Examples)

    PESTLE Analysis

    Strategy Documents

    Stakeholder Interviews

    SWOT Analysis

    —›

    Analysis

    —›

    Help the organization align technology investments with corporate strategy

    Ensure corporate compliance with legislation.

    Increase the organization’s speed to market.

    Business and Technology Needs

    By examining information sources, the EA team will come across a set of business and technology needs. Through analysis, these needs can be synthesized into drivers.

    The PESTLE analysis will help you uncover external factors impacting the organization

    PESTLE examines six perspectives for external factors that may impact business and technology needs. Below are prompting questions to facilitate a PESTLE analysis working session.

    Political
    • Will a change in government (at any level) affect your organization?
    • Do inter-government or trade relations affect you?
    • Are there shareholder needs or demands that must be considered?
    • How are your costs changing (moving off-shore, fluctuations in markets, etc.)?
    • Do currency fluctuations have an effect on your business?
    • Can you attract and pay for top-quality talent (e.g. desirable location, reasonable cost of living, changes to insurance requirements)?
    Economic
    Social
    • What are the demographics of your customers and/or employees?
    • What are the attitudes of your customers and/or staff (e.g. do they require social media, collaboration, transparency of costs)?
    • What is the general lifecycle of an employee (i.e. is there high turnover)?
    • Is there a market of qualified staff?
    • Is your business seasonal?
    • Do you require constant technology upgrades (e.g. faster network, new hardware)?
    • What is the appetite for innovation within your industry/business?
    • Are there demands for increasing data storage, quality, BI, etc.?
    • Are you looking to cloud technologies?
    • What is the stance on bring your own device?
    • Are you required to do a significant amount of development work in-house?
    Technological
    Legal
    • Are there changes to trade laws?
    • Are there changes to regulatory requirements (i.e. data storage policies, privacy policies)?
    • Are there union factors that must be considered?
    • Is there a push towards being environmentally friendly?
    • Does the weather have any effect on your business (hurricanes, flooding, etc.)?
    Environmental

    2.1.2 Conduct a PESTLE analysis

    2 hours

    Input: Expertise from EA strategy creation team

    Output: Identified set of business and technology needs from PESTLE

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    1. Begin conducting the PESTLE analysis by breaking the participants into groups. Divide the six different perspectives amongst the groups.
    2. Ask each group to begin to derive business and technology needs from their assigned perspectives. Use some of the areas noted below along with the questions on the previous slide to derive business and technology needs.
      • Political: Examine taxes, environmental regulations, and zoning restrictions.
      • Economic: Examine interest rates, inflation rate, exchange rates, the financial and stock markets, and the job market.
      • Social: Examine gender, race, age, income, disabilities, educational attainment, employment status, and religion.
      • Technological: Examine servers, computers, networks, software, database technologies, wireless capabilities, and availability of Software as a Service.
      • Legal: Examine trade laws, labor laws, environmental laws, and privacy laws.
      • Environmental: Examine green initiatives, ethical issues, weather patterns, and pollution.
    3. Ask each group to take into account the following questions when deriving business and technology needs:
      • Will business components require any changes to address the factor?
      • Will information technology components changes be needed to address any factor?
    4. Have each team record its findings. Have each team present its list and have remaining teams give feedback and additional suggestions. Record any changes in this step.

    Download the PESTLE Analysis Template to assist with completing this activity.

    Strategic planning documents can provide information regarding the direction of the organization

    Some organizations (and business units) create an authoritative strategy document. These documents contain corporate aspirations and outline initiatives, reorganizations, and shifts in strategy. From these documents, a set of business and technology needs can be generated.

    Overt Statements

    • Corporate objectives and initiatives are often explicitly stated in these documents. Look for statements that begin with phrases such as “Our corporate objectives are…”
    • Remember that different organizations use different terminology; if you cannot find the word goal or objective then look for “pillar,” “imperative,” “theme,” etc.

    Turn these statements to business and technology needs by:

    Asking the following:
    • Is there a need from a business perspective to address these objectives, initiatives, and shifts in strategy?
    • Is there a need from a technology perspective to address these objectives, initiatives, and shifts in strategy?

    Covert Statements

    • Some corporate objectives and initiatives will be mentioned in passing and will require clarification. For example: “As we continue to penetrate new markets, we will be diversifying our manufacturing geography to simplify distribution.”

    2.1.3 Review strategic planning documents

    2 hours

    Input: Strategic documents in the organization

    Output: Identified set of business and technology needs from documents

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the identification process of business and technology needs from strategic documents with the following steps:

    1. Work with the EA strategy creation team to identify the strategic documents within the organization. Look for documents with any of the following content:
      • Corporate strategy document
      • Business unit strategy documents
      • Annual general reports
    2. Gather the strategic documents into one place and call a meeting with the EA strategy creation team to identify the business and technology needs in those documents.
    3. Pick one document and look through its contents. Look for future-looking words such as:
      • We will be…
      • We are planning to…
      • We will need…
    4. Consider those portions of the document with future-looking words and ask the following:
      • Will business components require any changes to address these objectives?
      • Will information technology components changes be needed to address these objectives?
    5. Record the business and technology needs identified in step 4. As well, record any questions you may have regarding the document contents for stakeholders to validate later.
    6. Move to the next document once complete. Complete steps 3-5 for the remaining strategy documents.

    Stakeholder interviews will help you collect primary data and will shed light on stakeholder priorities and challenges

    In this interview process, you will be asking EA stakeholders questions that uncover their business and technology needs. You will also be able to ask follow-up questions to get a better understanding of abstract or complex concepts from the strategy document review and PESTLE analysis.

    EA Stakeholders:

    • Stakeholders may not think of their business and technology needs. But stakeholders will often explicitly state their objectives and initiatives.
    • Objectives often result in risks, opportunities, and annoyances:
      • Risks: Potential damage associated with pursuing an objective or initiative.
      • Opportunities: Potential gains that could be leveraged when capturing objectives and initiatives.
      • Annoyances: Roadblocks that could hinder the pursuit of objectives and initiatives.
    • Ask stakeholders questions on these areas to discern their business and technology needs.

    Risks + Opportunities + Annoyances –› Business and Technology Needs

    2.1.4 Conduct EA stakeholder interviews

    4-8 hours

    Input: Expertise from the EA stakeholders

    Output: Business and technology needs for EA stakeholders

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, Identified EA stakeholders

    1. Schedule an interview with each of the stakeholders that were identified as key stakeholders in the Stakeholder Power Map.
    2. Meet with the key EA stakeholders and start business and technology needs gathering. Schedule each identified key stakeholder for an interview.
    3. When a stakeholder arrives for their interview, ask the following questions and record the answers to help uncover needs. Be sure to record which stakeholder answered the question. Further, record any future stakeholders that agree.
      • What are the current strengths of your organization?
      • What are the current weaknesses of your organization?
      • What is the number 1 risk you need to prevent?
      • What is the number 1 opportunity you want to capitalize on?
      • What is the number 1 annoying pet peeve you want to remove?
      • How would you prioritize these risks, opportunities, and annoyances?
    4. Recorded answer example: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
    5. After completing each interview, verify with each stakeholder that you have captured their business and technology needs. Continue the interview process until all identified key stakeholders have been interviewed.
    6. Capture all inputs into a SWOT (strengths, weaknesses, opportunities, and threats) format.

    Step 2.2

    Define Your Value Proposition

    Activities
    • 2.2.1 Create a set of business and technology drivers from business and technology needs
    • 2.2.2 Identify the pains associated with the business and technology drivers
    • 2.2.3 Identify the EA contributions that can address the pains
    • 2.2.4 Create promises of value to shape the EA value proposition

    This step will walk you through the following activities:

    • Use business and technology drivers to determine EA’s role in your organization.

    This step involves the following participants:

    • CIO
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    A value proposition document that ties the value of the EA function to stakeholder needs.

    Create the EA Value Proposition

    Step 2.1 Step 2.2

    Synthesize the collected data into business and technology drivers

    Two triangles labelled 'Business needs' and 'Technology needs' point to a cloud labelled 'Analysis', which connects to the driver attributes on the right via a dotted line.

    There are several key attributes that a driver should have.

    Driver Key Attributes
    • A succinct statement.
    • Begins with “action words” to communicate a call to action (e.g. Support, Help, Enable).
    • Written in a language understood by all parties involved.
    • Communicates a need for improvement or prevention.

    “The greatest impact of enterprise architecture is the strategic impact. Put the mission and the needs of the organization first.” (Matthew Kern, Clear Government Solutions)

    2.2.1 Create a set of business and technology drivers from business and technology needs

    3 hours

    Input: Expertise from EA strategy creation team

    Output: A set of business and technology drivers

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Meet with the EA strategy creation team and follow the steps below to begin the process of synthesizing the business and technology needs into drivers.

    1. Lay out the documented business and technology needs your team gathered from PESTLE analysis, strategy document reviews, and stakeholder interviews.
    2. Assess the documented business and technology needs to see if there are common themes. Consolidate those similar business and technology needs by crafting one driver for them. For example:
      • PESTLE: Influx of competitors in the marketplace causing tighter margins.
      • Document review: Improve investment quality and their value to the organization.
      • Stakeholder interview: “We can’t see what the other departments are doing; when we spend a lot of money to invest in something, we later find out the capability is already within the company.”
      • Consolidated business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
    3. As well, synthesize the business and technology needs that cannot be consolidated.
    4. Verify the completed list of drivers with stakeholders. This is to ensure you have fully captured their needs.

    Download the EA Value Proposition Template to record your findings in this activity.

    When addressing business and technology drivers, an organization can expect obstacles

    A pain is an obstacle that business stakeholders will face when attempting to address business and technology drivers. Identify the pains associated with each driver so that EA’s contributions can be linked to resolving obstacles to address business needs.

    Business and Technology Drivers

    Pains

    Created by assessing information sources. A sentence that states the nature of the pain and how the pain stops the organization from addressing the drivers.
    Examples:
    • Business driver: Help the organization align investments with the corporate strategy and departmental priorities.
    • Technology driver: Improve the organization’s technology responsiveness and increase speed to market.
    Examples:
    • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    • Technology driver pains: Ineffective application development requiring delays decreases the speed to market.

    2.2.2 Identify the pains associated with the business and technology drivers

    2 hours

    Input: Expertise from EA strategy creation team and EA stakeholders

    Output: An associated pain that obstructs each identified driver

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Call a meeting with the EA strategy creation team and any available stakeholders to identify the pains that obstruct addressing the business and technology drivers.

    Take each driver and ask the questions below to the EA strategy creation team and to any EA stakeholders who are available. Record the answers to identify the pains when realizing the drivers.

    1. What are your challenges in performing the activity or process today?
    2. What other business activities/processes will be impacted/improved if we solve this?
    3. What compliance/regulatory/policy concerns do we need to consider in any solution?
    4. What are the steps in the process/activity?

    Take the recorded answers and follow the steps below to create the pain statements:

    1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into pains, refine the recorded answers into a succinct sentence that captures its meaning.
      • Recorded answer example: “I feel like there needs to be a holistic view of the organization. If we had a tool to see all the capabilities across the business, then we can figure out what investments should be prioritized.”
      • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    2. When the list of pains has been written out, verify with the stakeholders that you have fully captured their pains.

    Download the EA Value Proposition Template to record your findings in this activity.

    The identified pains can be alleviated by a set of EA contributions

    Set the foundations for the value proposition by brainstorming the EA contributions that can alleviate the pains.

    Business and technology drivers produce:

    Pains

    —›
    EA contributions produce:

    Value by alleviating pains

    Pains

    Obstructions to addressing business and technology drivers. Stakeholders will face these pains.

    Examples
    • Business driver pains: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
    EA contributions

    Activities the EA function can perform to help alleviate the pains. Demonstrates the contributions the EA function can make to business value.

    Examples:
    • Business driver EA contributions: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

    Enterprise architecture functions can provide a diverse set of contributions to any organization – Sample

    EA contribution category EA contribution details
    Define business capabilities and processes As-is and target business capabilities and processes are documented and understood by both IT and the business.
    Design information flows and services Information flows and services effectively support business capabilities and processes.
    Analyze gaps and identify project opportunities Create informed project identification, scope definition, and project portfolio management.
    Optimize technology assets Greater homogeneity and interoperability between tangible and intangible technology assets.
    Create and maintain technology standards Decrease development, integration, and support efforts. Reduce complexity and improve interoperability.
    Rationalize technology assets Tangible and intangible technology assets are rationalized to adequately and efficiently support information flows and services.

    2.2.3 Identify the EA contributions that can address the pains

    2 hours

    Input: Expertise from EA strategy creation team

    Output: EA contributions that addresses the pains that were identified

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Gather with the EA strategy creation team, take each pain, then ask and record the answers to the questions below to identify the EA contributions that would solve the pains:

    1. What activities can the EA practice conduct to overcome the pain?
    2. What are the core EA models that can help accurately define the problem and assist in finding appropriate resolutions?
    3. What are the general EA benefits that can be associated with solving this pain?

    Answers to the questions above will generate a list of activities EA can do to help alleviate the pains. Use the following steps to complete this activity:

    1. Create a stronger tie between the EA contributions and pains by linking the EA contribution statement to the pain.
      • Example of pain statement: Lack of holistic view of business capabilities obstructs the organization from aligning investments with corporate strategy and departmental priorities.
      • Example of EA contributions statement: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.
    2. Verify with the stakeholders that they understand the EA contributions have been written out and how those contributions address the pains.

    Download the EA Value Proposition Template to record your findings in this activity.

    EA promises of value articulate EA’s commitment to the organization

    • Business Goals and Technology Drivers
      A set of statements created from business and technology needs. Gathered from information sources, it communicates improvements needed.

      • Value Streams, Aspirations, Long-Term Goals
        Value streams, aspirations, long-term goals

        • EA Contributions
          EA contributions that will alleviate the obstructions. Removing the obstructions will allow EA to help satisfy business and technology needs.

          • Promise of Value
            A statement that depicts a concrete benefit the EA practice can provide for the organization in response to business and technology drivers.
            Communicate the statements in a language that stakeholders understand to complete the articulation of EA’s value proposition.

    2.2.4 Create promises of value to shape the EA value proposition

    2 hours

    Input: Expertise from EA strategy creation team and EA stakeholders

    Output: Promises of value for each business and technology driver

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, EA stakeholders

    Now that the EA contributions have been identified, identify the promises of value to articulate the value proposition.

    Take each driver, then ask and record the answers to the questions below to identify the promises of value when realizing the drivers:

    1. What does amazing look like if we solve this perfectly?
    2. What other business activities/processes will be impacted/improved if we solve this?
    3. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?

    Take the recorded answers and follow the steps below to create the promises of value.

    1. Answers to the questions above can be long, unfocused, or spoken in a casual manner. To turn the answer into a promise of value, refine the recorded answer into a succinct sentence that captures its meaning.
      • Business driver example: Help the organization align investments with the corporate strategy and departmental priorities.
      • Recorded answer example: “If this would be solved perfectly, we would have a very easy time planning investments and investment planning hours can be spent doing other activities.”
      • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
    2. When the promises of value have been written out, verify with the stakeholders that you have fully captured their ideas.

    Download the EA Value Proposition Template to record your findings in this activity.

    Design an Enterprise Architecture Strategy

    Phase 3

    Build the EA Fundamentals

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Create an EA vision statement and an EA mission statement.
    • Create EA goals, define EA objectives, and link them to EA goals.
    • Define the EA function scope dimensions.
    • Create a set of EA principles for your organization.
    • Discuss current methodology.

    This phase involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Step 3.1

    Realize the Importance of EA Fundamentals

    Activities
    • 3.1.1 Create the EA vision statement
    • 3.1.2 Create the EA mission statement
    • 3.1.3 Create EA goals
    • 3.1.4 Define EA objectives and link them to EA goals
    • 3.1.5 Record the details of each EA objective

    This step will walk you through the following activities:

    • Define and document the fundamentals that guide the EA function.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Vision and mission statements for the EA function.
    • A set of EA goals and a set of objectives to track progression toward those goals.
    Build the EA Fundamentals
    Step 3.1 Step 3.2

    EA fundamentals guide the EA function

    EA fundamentals include a vision statement, a mission statement, goals and objectives, and principles. They are a set of documented statements that guide the EA function. The fundamentals guide the EA function in terms of its strategy and decision making.

    EA vision statement EA mission statement

    EA fundamentals

    EA goals and objectives EA principles

    Info-Tech Insight

    Treat the critical elements of the EA group the same way as you would a business. Create a directional foundation for EA and define the vision, mission, goals, principles, and scope necessary to deliver on the established value proposition.

    The EA vision statement articulates the aspirations of the EA function

    The enterprise architecture vision statement communicates a desired future state of the EA function. The statement is expressed in the present tense. It seeks to articulate the desired role of the EA function and how the EA function will be perceived.

    Strong EA vision statements have the following characteristics:

    • Describe a desired future
    • Focus on ends, not means
    • Communicate promise
    • Concise, no unnecessary words
    • Compelling
    • Achievable
    • Inspirational
    • Memorable

    Sample EA vision statements:

    • To be a trusted partner for both the business and IT, driving enterprise effectiveness, efficiency, and agility at [Company Name].
    • To be a trusted partner and advisor to both the business and IT, contributing to business-IT alignment and cost reduction at [Company Name].
    • To create distinctive value and accelerate [Company Name]’s transformation.

    The EA mission statement articulates the purpose of the EA function

    The enterprise architecture mission statement specifies the team’s purpose or “reason of being.” The mission should guide each day’s activities and decisions. The mission statements use simple and concise terminology, speak loudly and clearly, and generate enthusiasm for the organization.

    Strong EA mission statements have the following characteristics:

    • Articulates EA function purpose and reason for existence
    • Describes what the EA function does to achieve its vision
    • Defines who the customers of the EA function are
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Inspirational
    • Memorable
    • Concise

    Sample EA mission statements:

    • Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.
    • Synergize with both the business and IT to define and help realize [Company Name]’s target enterprise architecture that enables the business strategy and optimizes IT assets, resources, and capabilities.

    The EA vision and mission statements become relevant to EA stakeholders when linked to the promises of value

    The process for constructing the enterprise architecture vision statement and enterprise architecture mission statement is articulated below.

    Promises of value Derive keywords Construct draft statements Reference test criteria Finalize statements
    Derive the a set of keywords from the promises of value to accurately capture their essence. Create the initial statement using the keywords. Check the initial statement against a set of test criteria to ensure their quality. Finalize the statement after referencing the initial statement against the test criteria.

    Derive keywords from promises of value to begin the vision and mission statement creation process

    Develop keywords by summarizing the promises of value that were derived from drivers into one word that will take on the essence of the promise. See examples below:

    Business and technology drivers Promises of value Keywords
    Help the organization align investments with the corporate strategy and departmental priorities. Increase the number of investments that have a direct tie to corporate strategy. Business
    Support the rapid growth and development of the company through fiscal planning, project planning, and technology sustainability. Ensure budgets and projects are delivered on time with the assistance of technology. IT-Enabled
    Reduce the duplication and work effort to build and deploy technology solutions across the entire organization. Aim to reduce the number of redundant applications in the organization to streamline processes and save costs. Catalyst
    Improve the organization’s technology responsiveness and increase speed to market. Reduce the number of days required in the SDLC for all core business support projects. Value delivery

    An inspirational vision statement is greater than the sum of the individual words

    Ensure the sentence is cohesive and captures additional value outside of the keywords. The statement as a whole should be greater than the sum of the parts. Expand upon the meaning of the words, if necessary, to communicate the value. Below is an example of a finished vision statement.

    Sample

    Be a catalyst for IT-enabled business value delivery.

    Catalyst – We will continuously interact with the business and IT to accelerate and improve results.

    IT-enabled – We will ensure the optimal use of technology in enabling business capabilities to achieve business objectives.

    Business – We will be perceived as a business-focused unit that understands [Company name]’s business priorities and required business capabilities.

    Value delivery – EA’s value will be recognized by both business and IT stakeholders. We will track and market EA’s contribution to business value organization-wide.

    A clear mission statement can include additional details surrounding the EA team’s desired and expected value

    Likewise, below is a sample of connecting keywords together to form an EA mission statement:

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture.

    Target enterprise structure – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles and standards

    3.1.1 Create the EA vision statement

    1 hour

    Input: Identified promises of value, Vision statement test criteria

    Output: EA function vision statement

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of the EA vision statement by following the steps below:

    1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
    2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
    3. Continue to the next promise of value until all of the promises of value have a keyword identified.
    4. Have the identified set of keywords laid out and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
    5. Create the initial draft of the EA vision statement by linking the keywords together.
    6. Check the initial draft of the vision statement against the test criteria below. Ask the team if the vision statement satisfies each of the test criteria.
      • Do you find this vision exciting?
      • Is the vision clear, compelling, and easy to grasp?
      • Does this vision somehow connect to the core purpose?
      • Will this vision be exciting to a broad base of people in the organization, not just those within the EA team?
    7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA vision statement with EA stakeholders to make sure it captures their needs.

    3.1.2 Create the EA mission statement

    1 hour

    Input: Identified promises of value, Mission statement test criteria

    Output: EA function mission statement

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of the EA mission statement by following the steps below:

    1. Gather the EA strategy creation team and have the promises of value from the EA value proposition laid out.
    2. Select one promise of value and work with the team to identify one word that captures the essence of that promise of value.
    3. Continue to the next promise of value until all of the promises of value have a keyword identified.
    4. Have the identified set of keywords laid out, and see if any of their meanings are similar and can be consolidated together. Consolidate similar meaning keywords.
    5. Create the initial draft of the EA mission statement by linking the keywords together.
    6. Check the initial draft of the mission statement against the following test criteria below. Ask the team if the mission statement satisfies each of the test criteria.
      • Do you find this purpose personally inspiring?
      • Does the purpose help you to decide what activities to not pursue, to eliminate from consideration? Is this purpose authentic – something true to what the organization is all about – not merely words on paper that sound nice?
      • Would this purpose be greeted with enthusiasm rather than cynicism by a broad base of people in the organization?
    7. Make changes to the initial draft to satisfy the test criteria. Socialize the EA mission statement with EA stakeholders to make sure it captures their needs.

    EA goals demonstrate the achievement of success of the EA function

    Enterprise architecture goals define specific desired outcomes of an EA function. EA goals are important because they establish the milestones the EA function can strive toward to deliver their promises of value.

    Inform EA goals by examining:

    Promises of value

    —›
    EA goals produce:

    Targets and milestones

    Promises of value

    Produce EA strategic outcomes that can be classified into four categories. The four categories are:

    • Business performance
    • IT performance
    • Customer value
    • Risk management
    EA goals

    Support the strategic outcomes. EA goals can be strategic or operational:

    • EA strategic goals support the strategic outcomes.
    • EA operational goals help measure the architecture capability quality and supporting processes.

    3.1.3 Create EA goals

    2 hours

    Input: Identified promises of value

    Output: EA goals

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the creation of EA goals by following the steps below:

    1. Gather the EA strategy creation team and the identified promises of value from Phase 2, Create the EA Value Proposition.
    2. Open the EA Goals and Objectives Template and examine the list of default EA goals already within the template.
    3. Take the identified promises of value and discuss with the team if any of the EA goals in the template relate to the promises of value. Record the related EA goal and promise of value. See example below:
      • Promises of value example: Increase the number of investments that have a direct tie to corporate strategy.
      • Related EA goal example: Alignment of IT and business strategy.
    4. Repeat step 3 until all identified promises of value have been examined in relation to the EA goals in the template.
    5. If there are promises of value that are not related to an EA goal in the template, create EA goals to relate to those promises of value. Keep in mind that EA goals need to support the strategic outcomes produced by the promises of value. Record the EA goals in the template and document the related promises of value.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    Starting with COBIT, select the appropriate objectives to track EA goals – Sample

    Below are examples of EA goals and the objectives that track their performance:

    IT performance-oriented goals Objectives
    Alignment of IT and business strategy
    • Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by X percent in the fiscal year.
    • Improve stakeholder satisfaction with planned function and services portfolio scope by X percent in the fiscal year.
    • Increase the percentage of IT value drivers mapped to business value drivers by X percent in the next fiscal year.
    Increase in IT agility
    • Improve business executive satisfaction with IT’s responsiveness to new requirements by X percent in the fiscal year.
    • Increase the number of critical business processes supported by up-to-date infrastructure and applications in the next three years.
    • Lower the average time to turn strategic IT objectives into agreed-upon and approved initiatives.
    Optimization of IT assets, resources, and capabilities
    • Increase the frequency of capability maturity and cost optimization assessments.
    • Improve the frequency of reporting for assessment result trends.
    • Raise the satisfaction levels of business and IT executives with IT-related costs and capabilities by X percent.

    3.1.4 Define EA objectives and link them to EA goals

    2 hours

    Input: Defined EA goals

    Output: EA objectives linked to EA goals

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the process of defining EA objectives and linking them to EA goals using the following steps:

    1. Gather the EA strategy creation team and open the EA Goals and Objectives Template.
    2. Have the goals laid out, and refer to the objectives already in the EA Goals and Objectives Template. Examine if any of them will fit the goals your team has created.
    3. If some of the goals your team has created do not fit with the objectives in the template, begin the process of creating new objectives. Remember, EA objectives are SMART metrics that help track the progress toward the EA goals.
    4. Create an EA objective and check if it is SMART by asking some of the questions below:
      • Specific: Is the objective specific to the goal? Is the objective clear to anyone who has basic knowledge of the goal?
      • Measurable: Is it possible to figure out how far the team would be away from completing the objective?
      • Agreed Upon: Does everyone involved agree the objective is the correct way to measure progress?
      • Realistic: Can the objective be met within the availability of resources, knowledge, and time?
      • Time Based: Is there a time-bound component to the goal?
    5. Continue to create new objectives until each goal has an objective linked to it.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    For each of the objectives, determine how they will be collected, reported, and implemented

    Add details to the enterprise architecture objectives previously defined to increase their clarity to stakeholders.

    EA objective detail category Description
    Unit of measure
    • The unit in which the objective will be presented.
    Calculation formula
    • The formula by which the objective will be calculated.
    Objective baseline, status, and target
    • Baseline: The state of the objective at the start of measurement.
    • Status: The current state of the measurement.
    • Target: The target state the measurement should reach.
    Data collection
    • Responsible: The individual responsible for collecting the data.
    • Source: Where the data originates.
    • Frequency: How often the data will be collected to calculate the objective.
    Reporting
    • Target Audience: The people the objective will be presented to.
    • Method: The method used to present the data collected on the objective (e.g. report, presentation).
    • Frequency: How often the data will be presented to the target audience.

    3.1.5 Record the details of each EA objective

    2 hours

    Input: Defined list of EA objectives

    Output: Increased detail into each defined EA objective

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Record the details of each EA objective. Use the following steps below to assist with recording the details:

    1. Gather the EA strategy creation team, and open the EA Goals and Objectives Template.
    2. Select one objective that has been identified and discuss the formula for calculating the objective and in what units the objective will be recorded. Record the information in the “Calculation formula” and “Unit of measure” columns in the template once they have been agreed upon.
    3. Using the same objective, move to the “Data Collection” portion of the template. Discuss and record the following: the source of the data that generates the objective, the frequency of reporting on the objective, and the person responsible for reporting the objective.
    4. Move to the “Reporting” portion of the template. Discuss and record the target audience for the objective and the reporting frequency and method to those audiences.
    5. Examine the “Objective baseline,” “Objective status,” and “Objective target” columns. Record any measurement you may currently have in the “Objective baseline” column. Record what you would like the objective measurement to be in the “Objective target” column. Note: Keep track of the progression towards the target in the “Objective status” column in the future.
    6. Select the next objective and complete steps 2–5 for that measure. Continue this process until you have recorded details for all objectives.

    Download the EA Goals and Objectives Template to assist with completing this activity.

    Step 3.2

    Finalize the EA Fundamentals

    Activities
    • 3.2.1 Define the organizational coverage dimension of the EA function scope
    • 3.2.2 Define the architectural domains and depth dimension
    • 3.2.3 Define the time horizon dimension
    • 3.2.4 Create a set of EA principles for your organization
    • 3.2.5 Add the rationale and implications to the principles
    • 3.2.6 Operationalize the EA principles
    • 3.2.7 Discuss the need for classical methodology and/or a combination including Agile practices

    This step will walk you through the following activities:

    • Define the EA function scope dimensions.
    • Create a set of EA principles.
    • Discuss the organization’s current methodology, if any, and whether it works for the business.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Defined scope of the EA function.
    • A set of EA principles for your organization.
    • A decision on traditional vs. Agile methodology or a blend of both.

    Build the EA Fundamentals

    Step 3.1 Step 3.2

    A clear EA function scope defines the EA sandbox

    The EA function scope constrains the promises of value the EA function will deliver on by taking into account factors across four dimensions. The EA function scope ensures that the EA function is not stretched beyond its current/planned means and capabilities when delivering the promised value. The four dimensions are illustrated below:

    Organizational coverage
    Determine the focus of the enterprise architecture effort in terms of specific business units, functions, departments, capabilities, or geographical areas.
    Depth
    Determine the appropriate level of detail to be captured, based on the intended use of the enterprise architecture and the contingent decisions to be made.

    EA Scope

    Architectural Domains
    Determine the EA domains (business, data, application, infrastructure, security) that are appropriate to address stakeholder concerns and architecture requirements.
    Time horizon
    Determine the target-state architecture’s objective time period.

    The EA function scope is influenced by the EA value proposition and previously developed EA fundamentals

    Establish the EA function scope by using the EA value proposition and EA fundamentals that have been developed. After defining the EA function scope, refer back to these statements to ensure the EA function scope accurately reflects the EA value proposition and EA fundamentals.

    EA value proposition

    +

    EA vision statement
    EA mission statement
    EA goals and objectives

    —›
    Influences

    Organizational coverage

    Architectural domains

    Depth

    Time horizon

    —›
    Defines
    EA function scope

    EA scope – Organizational Coverage

    The organizational coverage dimension of EA scope determines the focus of enterprise architecture effort in the organization. Coverage can be determined by specific business units, functions, departments, capabilities, or geographic areas. Info-Tech has typically seen two types of coverage based on the size of the organization.

    Small and medium-size enterprise

    Indicators: Full-time employees dedicated to manage its data and IT infrastructure. Individuals are IT generalists and may have multiple roles.

    Recommended coverage: Typically, for small and medium-size businesses, the organizational coverage of architecture work is the entire enterprise. (Source: The Open Group, 2018)

    Large enterprise

    Indicators: Dedicated full-time IT staff with expertise to manage specific applications or parts of the IT infrastructure.

    Recommended coverage: For large enterprises, it is often necessary to develop a number of architectures focused on specific business segments and/or geographies. In this federated model, an overarching enterprise architecture should be established to ensure interoperability and conformance to overarching EA principles. (Source: DCIG, 2011)

    EA objectives track the progression towards the target set by EA goals

    Enterprise architecture objectives are specific metrics that help measure and monitor progress towards achieving an EA goal. Objectives are SMART.

    EA goals —› EA objectives
    • EA strategic goals:
      • Business performance
      • IT performance
      • Customer value
      • Risk management
    • EA operational goals
    • Specific
    • Measurable
    • Agreed upon
    • Realistic
    • Time bound
    (Source: Project Smart, 2014)

    Download the EA Goals and Objectives Template to see examples between the relationship of EA goals to objectives.

    Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function is influenced by the following:

    • The delivery of EA-enabled business outcomes that are most important to the enterprise.
    • The alignment between the business and IT from a planning perspective.
    • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
    Corporate Business Goals Measurements
    • Reduction in operating costs
    • Decrease in regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure
    • Cost reductions based on application and platform rationalization
    • Standard-based solutions
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    3.2.1 Define the organizational coverage dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Organizational coverage dimension of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the organizational coverage of the EA function scope using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the EA function scope organizational coverage.
    3. Consider how much of the organization the EA function would need to cover. Refer to the gathered materials to assist with your decision. For example:
      • EA mission statement: Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture.
      • Implications on organizational coverage: If the purpose of the EA function is to help optimize, transform, and innovate with target-state architecture mapping, then the scope should cover the entire organization. Only by mapping the entire organization’s architecture can the EA function assist with optimizing, transforming, and innovating.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on organization coverage as shown in step 3.
    5. Discuss with the team and select the organizational coverage level that best fits the documented implications for all the gathered materials. Refer back to the gathered materials and make any changes necessary to ensure they support the selected organizational coverage.

    EA scope – Architectural Domains

    A complete enterprise architecture should address all five architectural domains. The five architectural domains are business, data, application, infrastructure, and security.

    Enterprise Architecture
    —› Data Architecture
    Business Architecture —› Infrastructure Architecture
    Security Architecture
    —› Application Architecture

    “The realities of resource and time constraints often mean there is not enough time, funding, or resources to build a top-down, all-inclusive architecture encompassing all four architecture domains. Build architecture domains with a specific purpose in mind.” (The Open Group, 2018)

    Each architectural domain creates a different view of the organization

    Below are the definitions of different domains of enterprise architecture (Info-Tech perspective; others can be identified as well, e.g. Integration Architecture).

    Business Architecture

    Business architecture is a means of demonstrating the business value of subsequent architecture work to key stakeholders and the return on investment to those stakeholders from supporting and participating in the subsequent work. Business architecture defines the business strategy, governance, organization, and key business processes.

    Data Architecture

    Describes the structure of an organization’s logical and physical data assets and data management resources.

    Application Architecture

    Provides a blueprint for the individual applications to be deployed, their interactions, and their relationships to the core business processes of the organization.

    Infrastructure Architecture

    Represents the sum of hardware, software, and telecommunications-related IT capability associated with a particular enterprise. It is concerned with the synergistic operations and management of the devices in the organization.

    Security Architecture

    Provides an unified security design that addresses the necessities and potential risks involved in a certain scenario or environment. It also specifies when and where to apply security controls.
    (Sources: The Open Group, 2018; IT Architecture Journal, 2014; Technopedia, 2016)

    EA scope – Depth

    EA scope depth defines the architectural detail for each EA domain that the organization has selected to pursue. The level of depth is broken down into four levels. The level of depth the organization decides to pursue should be consistent across the domains.

    Contextual
    • Helps define the organization scope, and examines external and internal requirements and their effect on the organization. For example, enterprise governance.
    Conceptual
    • High-level representations of the organization or what the organization wants to be. For example, business strategy, IT strategy.
    Logical
    • Models that define how to implement the representation in the conceptual stage. For example, identifying the business gaps from the current state to the target state defined by the business strategy.
    Physical
    • The technology and physical tools used to implement the representation created in the logical stage. For example, business processes that need to be created to bridge the gaps identified and reach the target stage.
    (Source: Zachman International, 2011) Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

    Each architectural depth level contains a set of key artifacts

    The graphic below depicts examples of the key artifacts that each domain of architecture would produce at each depth level.

    Contextual Enterprise Governance
    Conceptual Business strategy Business objects Use-case models Technology landscaping Security policy
    Logical Business capabilities Data attribution Application integration Network/ hardware topology Security standards
    Physical Business process Database design Application design Configuration management Security configuration
    Business Architecture Data Architecture Application Architecture Infrastructure Architecture Security Architecture

    3.2.2 Define the architectural domains and depth dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Architectural domain and depth dimensions of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the EA function scope for your organization using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives that your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when defining the architectural domains and depth of the EA function scope.
    3. Consider the architectural domains and the depth those domains need to reach. Refer to the gathered materials to assist with your decision. For example:
      • Promise of value: Increase the number of IT investments with a direct tie to business strategy.
      • Implications on architectural domains: The EA function will need business architecture. Business architecture generates business capability mapping, which will anticipate what IT investments are needed for the future.
      • Implications on depth: Depth for business architecture needs to reach a logical level to encompass business capabilities.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on architectural domains and depth as shown in step 3.
    5. Discuss with the team and select the architectural domains and the depth for each domain that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural domains and depth.

    EA scope – Time Horizon

    The EA scope time horizon dictates how long to plan for the architecture.

    It is important that the EA team’s work has an appropriate planning horizon while avoiding two extremes:

    1. A planning horizon that is too short focuses on immediate operational goals and strategic quick wins, missing the “big picture,” and fails to support the achievement of strategic long-term enterprise goals.
    2. A planning horizon that is too long is at a higher risk of becoming irrelevant.

    Target the same strategic planning horizon as your business. Additionally, consider the following recommendations:

    Planning Horizon: 1 year 2-3 years 5 years
    Recommended under the following conditions:
    • Corporate strategy is not stable and frequently changes direction (typical for small and some mid-sized companies).
    • There will be a major update of the corporate strategy in one year.
    • The company will be acquired by or merged with another company in one year.
    • The business' strategic plan spans the next two to three years, and corporate strategy is moderately stable within this time frame (typical for mid-sized and some large companies).
    • The business' strategic plan spans the next five years and corporate strategy is very stable (typical for large companies).

    3.2.3 Define the time horizon dimension of the EA function scope

    2 hours

    Input: EA value proposition, Previously defined EA fundamentals

    Output: Time horizon dimension of EA scope defined

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Define the EA function scope for your organization using the following steps below:

    1. Gather the EA strategy creation team. As well, gather the EA value proposition, the EA vision and mission statements, and the EA goals and objectives your team has already created.
    2. Ask the team to read each of the documents gathered in the previous step. This ensures the concepts are fresh in the team members’ minds when crafting the EA function scope.
    3. Consider the time horizons of the EA function scope. Refer to the gathered materials to assist with your decision. For example:
      • EA Objective: Increase the percentage of enterprise strategic goals and requirements supported by IT strategic goals by 30% in the next 3 years.
      • Implications on time horizon: Because it will take 3 years to measure the success of these EA objectives, the time horizon may need to be 3 years.
    4. Work with the EA strategy creation team to examine all the gathered materials and document the implications on time horizon as shown in step 3.
    5. Discuss with the team and select the time horizon that best fits the documented implication. Refer back to the gathered materials and make any changes necessary to ensure they support the selected architectural time horizon.

    EA principles capture the EA value proposition essence and provide guidance for the decisions that impact architecture

    EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, IT investment portfolio management, solution development, and procurement decisions.

    EA value proposition Influences
    —›
    EA Principles Guide and inform
    —›
    Decisions on the Use of IT Direct and control
    ‹—
    Specific Domain Policies
    ‹———————

    What decisions should be made?
    ————— ————— —————
    How should decisions be made?
    ————— ————— —————————›
    Who has the accountability and authority to make decisions?

    EA principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that EA principles should possess. Having these characteristics ensures the EA principles are relevant and followed in the organization.

    Approach focused EA principles are focused on the approach, i.e. how the enterprise is built, transformed, and operated, as apposed to what needs to be built, which is defined by both functional and non-functional requirements.
    Business relevant Create EA principles specific to the organization. Tie EA principles to the organization’s priorities and strategic aspirations.
    Long lasting Build EA principles that will withstand the test of time.
    Prescriptive Inform and direct decision making with EA principles that are actionable. Avoid truisms, general statements, and observations.
    Verifiable If compliance can’t be verified, the principle is less likely to be followed.
    Easily digestible EA principles must be clearly understood by everyone in IT and by business stakeholders. EA principles aren’t a secret manuscript of the EA team. EA principles should be succinct; wordy principles are hard to understand and remember.
    Followed Successful EA principles represent a collection of beliefs shared among enterprise stakeholders. EA principles must be continuously “preached” to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, EA principles should be enforced through appropriate governance processes.

    Review ten universal EA principles to determine if your organization wishes to adopt them

    1. Enterprise value focus We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2. Fit for purpose We maintain capability levels and create solutions that are fit for purpose without over-engineering them.
    3. Simplicity We choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4. Reuse › buy › build We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
    5. Managed data We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy.
    6. Controlled technical diversity We control the variety of technology platforms we use.
    7. Managed security We manage security enterprise-wide in compliance with our security governance policy.
    8. Compliance to laws and regulations We operate in compliance with all applicable laws and regulations.
    9. Innovation We seek innovative ways to use technology for business advantage.
    10. Customer centricity We deliver best experiences to our customers with our services and products.

    3.2.4 Create a set of EA principles for your organization

    2 hours

    Input: Info-Tech’s ten universal EA principles, Identified promises of value

    Output: A defined set of EA principles for your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Create a set of EA principles for your organization using the steps below:

    1. Gather the EA strategy creation team, download the EA Principles Template – EA Strategy, and have the identified promises of value opened.
    2. Select one universal principle and relate it to the promises of value by discussing with the EA strategy creation team. If there is a relation, record “Yes” in the template on the slide “Select the applicability of 10 universally accepted EA principles.” See example below:
      • Universal principle: Enterprise value focus – We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
      • Related promise of value example: Increase the number of investments that have a direct tie with corporate strategy.
    3. Continue the process in step 2 until all ten universal EA principles have been examined. If there is a universal principle that is unrelated to a promise of value, discuss with the team whether the principle still needs to be included. If the principle is not included, record “No” in the template on the slide “Select the applicability of 10 universally accepted EA principles.”
    4. If there are any promises of value that are not captured by the universally accepted EA principles, the team may choose to create new principles. Create the new principles in the format below and record them in the template.
      • Name: The name of the principle, in a few words.
      • Statement: A sentence that expands on the “Name” section and explains what the principle achieves.

    Download the EA Principles Template – EA Strategy to document this step.

    Organizational stakeholders are more likely to follow EA principles when a rationale and an implication are provided

    After defining the set of EA principles, ensure they are all expanded upon with a rationale and implications. The rationale and implications ensure principles are more likely to be followed because they communicate why the principles are important and how they are to be used.

    Name
    • The name of the EA principle, in a few words.
    Statement
    • A sentence that expands on the “Name” section and explains what the principle achieves.
    Rationale
    • Describes the business benefits and reasoning for establishing the principle.
    • Explicitly links the principle to business/IT vision, mission, priorities, goals, or strategic aspirations (strategic themes).
    Implications
    • Describe when and how the principle is to be applied.
    • Communicate this section with “must” sentences.
    • Refer to domain-specific policies that provide detailed, domain-specific direction on how to apply the principle.

    3.2.5 Add the rationale and implications to the principles that have been created

    2 hours

    Input: Identified set of EA principles

    Output: EA principles that have rationale and implications

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Add the rationale and implication of each EA principle that your organization has selected using the following steps:

    1. Gather the EA strategy creation team and open the EA Principles Template – EA Strategy.
    2. Examine the EA Principles Template – EA Strategy. Look for the detailed descriptions of all the applicable EA universal principles, and discuss with the team whether the pre-populated rationale and implications need to be changed.
    3. Make sure all the rationale and implication sections of the applicable universal EA principles have been examined. Record the changes on the slide devoted to each principle in the template.
    4. Examine any new principles created outside of the universal EA principles. Create the rationale and implication sections for each of those principles. Use the slide “Review the rationale and implications for the applicable universal principles” in the EA Principles Template – EA Strategy to assist with this step.

    Download the EA Principles Template – EA Strategy to document this step.

    3.2.6 Operationalize the EA principles to ensure they are used when decisions are being made

    1-2 hours

    Input: Defined set of EA principles

    Output: EA principles are successfully operationalized

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin to operationalize the EA principles by reviewing the proposed principles with business and technology leadership to secure their approval.

    1. Publish the list of principles, their rationale, and their implications.
    2. Include the principles in any existing policies that guide decision making for the use of technology within the business.
    3. Provide existing governance bodies with the authority to enforce adherence to principles, and communicate the waiver process.
    4. Ensure that project-level teams are aware of the principles and have at least one champion guiding the decisions of the team.

    Review a use case for the utilization of EA principles – Sample

    After operationalizing the EA principles for your organization, the organization can now use those principles to guide and inform its IT investment decisions. Below is an example of a scenario where EA principles were used to guide and inform an IT investment decision.

    Organization wants to provision an application but it needs to decide how to do so, and it considers the relevant EA principles:

    • Reuse › buy › build
    • Managed security
    • Innovation

    The organization has decided to go with a specialized vendor, even though it normally prefers to reuse existing components. The vendor has experience in this domain, understands the data security implications, and can help the organization mitigate risk. Lastly, the vendor is known for providing new solutions on a regular basis and is a market leader, making it more likely to provide the organization with innovative solutions.

    An oil and gas company created EA fundamentals to guide the EA function

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    As an enterprise architecture function starting from ground zero, the organization did not have the EA fundamentals in place to guide the EA function. Further, the organization also did not possess an EA function scope to define the boundaries of the EA function.

    Due to the lack of EA scope, the EA function did not know which part of the organization to provide contributions toward. A lack of EA fundamentals caused confusion regarding the future direction of the EA function.

    Solution

    Info-Tech worked with the EA team to define the different components of the EA fundamentals. This included EA vision and mission statements, EA goals and objectives, and EA principles.

    Additionally, Info-Tech worked with the EA team to define the EA function scope.

    These EA strategy components were created by examining the needs of the business. The components were aligned with the identified needs of the EA stakeholders.

    Results

    The defined EA function scope helped set out the responsibilities of the enterprise architecture function to the organization.

    The EA vision and mission statements and EA goals and objectives were used to guide the direction of the EA function. These fundamentals helped the EA function improve its maturity and deliver on its promises.

    The EA principles were used in IT review boards to guide the decisions on IT investments in the organization.

    3.2.7 Discuss the need for a classical methodology and/or a combination including Agility practices

    1 hour

    Input: Existing methodologies

    Output: Decisions about need of agility, ceremonies, and protocols to be used

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Add the rationale and implication of adopting an Agile methodology and/or a combination with a traditional methodology.

    1. Is there an EA methodology adopted by the organization? Is there a classical one, or is it purely Agile?
    2. What would need to happen to address the business goals of the organization (e.g. is there a need to be more agile?)? Do you need to have more decisions centralized (e.g. to adopt certain standards, security controls)?
    3. Where on the decentralization continuum does your organization need to be?
    4. What role would Enterprise Architects have (would they need to be part of existing ceremonies? Would they need to blend traditional and agile processes?)?
    5. If a customized methodology is required, identify this as an item to be included as part of the EA roadmap (can be run as a Agile Enterprise Operating Model workshop).

    Design an Enterprise Architecture Strategy

    Phase 4

    Design the EA Services

    Phase 1

    • 1.1 Explore a general EA strategy approach
    • 1.2 Introduce Agile EA architecture

    Phase 2

    • 2.1 Define the business and technology drivers
    • 2.2 Define your value proposition

    Phase 3

    • 3.1 Realize the importance of EA fundamentals
    • 3.2 Finalize the EA fundamentals

    Phase 4

    • 4.1 Select relevant EA services
    • 4.2 Finalize the set of services and secure approval

    This phase will walk you through the following activities:

    • Select relevant EA services
    • Finalize the set of services and secure approval

    This phase involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Step 4.1

    Select Relevant EA Services

    Activities
    • 4.1.1 Select the EA services relevant to your organization
    • 4.1.2 Identify if your organization needs additional services outside of the recommended list
    • 4.1.3 Complete all of the service catalog fields for each service to show the organization how each can be consumed

    This step will walk you through the following activities:

    • Communicate a definition of EA services.
    • Link services to the previously identified EA contributions.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • A defined set of services the EA function will provide.
    • An EA service catalog that demonstrates to the organization how each provided service can be accessed and consumed.

    Design the EA Services

    Step 3.1 Step 3.2

    The definition of EA services will allow the group to communicate how they can add value to EA stakeholders

    Enterprise architecture services are a set of activities the enterprise architecture function provides for the organization. EA services are important because the services themselves provide a set of benefits for the organization.

    Enterprise Architecture Services

    • A means of delivering value to the business by facilitating outcomes service consumers want to achieve.
    • EA services are defined from the business perspective using business language.
    • EA services are designed to enable required business activities.

    Viewing the EA function from a service perspective resolves the following pains:

    • Business users don’t know how EA can assist them.
    • Business users don’t know how to request access to a service with multiple sources of information available.
    • EA has no way of managing expectations for their users, which tend to inflate.
    • EA does not have a holistic view of all the services they need to provide.

    Link EA services to the previously identified EA contributions

    Previously identified EA contributions can be linked to EA services, which helps the EA function identify a set of EA services that are important to business stakeholders. Further, linking the EA contributions to EA services can define for the EA function the services they need to provide.

    Demonstrate EA service value by linking them to EA contributions

    1. EA stakeholders generate drivers
    2. Drivers have pains that obstruct them
    3. Pains are alleviated by EA contributions
    4. EA contributions help define the EA services needed

      • EA Contributions
        Example EA contribution: Business capability mapping shows the business capabilities of the organization and the technology that supports those capabilities in the current and target state. This provides a view for the set of investments that are needed by the organization, which can then be prioritized.

        • EA Services
          Example EA service: Target-state business capability mapping

    4.1.1 Select the EA services relevant to your organization

    2 hours

    Input: Previously identified EA contributions from the EA value proposition

    Output: A set of EA services selected for the organization from Info-Tech’s defined set of EA services

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Begin the selection of EA services relevant to your organization by following the steps below:

    1. Gather the EA strategy creation team, and the list of identified EA contributions that the team formulated during Phase 2.
    2. Open the EA Service Planning Tool, select one sub-service, and read its definition.
    3. Based on the definition of the sub-service, refer back to the identified list of EA contributions and check if there is an identified EA contribution that matches the service.
      • If the EA service definitions matches one of the identified EA contributions, then that EA service is relevant to the organization. If there is no match, then the EA service may not be relevant to the organization.
    4. Highlight the sub-service if it is relevant. Add a checkmark beside the EA contribution if it is addressed by a sub-service.
    5. Select the next sub-service and repeat steps 2-4. Continue down the list of sub-services in the EA Service Planning Tool until all sub-services have been examined.

    Download the EA Service Planning Tool to assist with this activity.

    4.1.2 Identify if your organization needs additional services outside of the recommended list

    2 hours

    Input: Expertise from the EA strategy creation team, Previously defined EA contributions

    Output: A defined set of EA services outside the list Info-Tech has recommended

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Identify if services outside of the recommended list in the EA Service Planning Tool are relevant to your organization by using the steps below:

    1. Gather the EA strategy creation team and the list of EA contributions with checkmarks for contributions addressed by EA services.
    2. Take the list of unaddressed EA contributions and select one EA contribution in the list. Assess whether an EA service is required to address the EA contribution. Ask the group the following:
      • Can the EA practice provide the service now?
      • Does providing this EA service line up with the previously defined EA function scope and EA fundamentals?
    3. Decide if a service needs to be provided for that contribution. If yes, give the service a name and a definition.
    4. Then, decide if the service fits into one of the service categories in the EA Service Planning Tool. If there is no fit, create another service category. Define the new service category as well.
    5. Continue to the next unaddressed EA contribution and repeat steps 2-4. Repeat this process until all unaddressed EA contributions have been assessed.

    Download the EA Service Planning Tool to assist with this activity.

    Create the EA service catalog to demonstrate to the organization how each service can be accessed and used

    The EA service catalog is an important communicator to the business. It shifts the technology-oriented view of EA to services that show direct benefit to the business. It is a tool that communicates and provides clarity to the business about the EA services that are available and how those services can assist them.

    Define the services to show value Define the service catalog to show how to use those services
    Already defined
    • EA service categories
    • The services needed by the EA stakeholders in each EA service category
    Need to define
    • Should EA deliver this service?
    • Service triggers
    • Service provider
    • Service requestor

    Info-Tech Insight

    The EA group must provide the organization with a list of services it will provide to demonstrate value. This will help the team manage expectations and the workload while giving organizational stakeholders a clear understanding of how to engage EA and what lies outside of EA’s involvement.

    4.1.3 Complete all the service catalog fields for each service to show the organization how each can be consumed

    4 hours

    Input: Expertise from the EA strategy creation team

    Output: Service details for each EA service in your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Complete the details for each relevant EA service in the EA Service Planning Tool by using the following steps:

    1. Gather the EA strategy creation team, and open the EA Service Planning Tool.
    2. Select one of the services you have defined as relevant and begin the process of defining the service. Define the following fields:
      • Should EA deliver this service? Should the EA team provide this service? (Yes/No)
      • Service trigger: What trigger will signal the need for the service?
      • Service provider: Who in the EA team will provide the service?
      • Service requestor: Who outside of the EA team has requested this service?
    3. Have the EA strategy creation team discuss and define each of the fields for the service above. Record the decisions in the corresponding columns of the EA Service Planning Tool.
    4. Select the next required EA service, and repeat steps 2 and 3. Repeat the process until all required EA services have their details defined.

    Download the EA Service Planning Tool to assist with this activity.

    Step 4.2

    Finalize the Set of Services and Secure Approval

    Activities
    • 4.2.1 Secure approval for your organization’s EA strategy
    • 4.2.2 Map the EA contributions to business goals
    • 4.2.3 Quantify the EA effectiveness
    • 4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

    This step will walk you through the following activities:

    • Present the EA strategy to stakeholders.
    • Determine service details for each EA service in your organization.

    This step involves the following participants:

    • CIO
    • EA Team
    • IT Leaders
    • Business Leaders

    Outcomes of this step

    • Secured approval for your organization’s EA strategy.
    • Measure effectiveness of EA contributions.

    Design the EA Services

    Step 4.1 Step 4.2

    Present the EA strategy to stakeholders to secure approval of the finalized EA strategy

    For the EA strategy to be successfully executed, it must be approved by the EA stakeholders. Securing their approval will increase the likelihood of success in the execution of the EA operating model.

    Outputs that make up the EA strategy —› Present outputs to EA strategy stakeholders
    • Business and technology drivers
    • EA function value proposition

    • EA vision statement
    • EA mission statement
    • EA goals and objectives
    • EA scope
    • EA principles

    • EA function services
    • Identified and prioritized EA stakeholders.








    • The checkmark symbol represents the outputs this blueprint assists with creating.

    4.2.1 Secure approval of your organization’s EA strategy

    1 hour

    Input: Completed EA Function Strategy Template, Expertise from EA strategy creation team

    Output: Approval of the EA strategy

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team, Key EA stakeholders

    Use the following steps to assist with securing approval for your organization’s EA strategy:

    1. Call a meeting between the EA strategy creation team and the identified key EA stakeholders. Key stakeholders were defined in activity 2.1.1.
    2. Open the completed EA Function Strategy Template. Use it to help you discuss the merits of the EA strategy with the key stakeholders.
    3. Discuss with the stakeholders any concerns and modifications they wish to make to the strategy. If detailed questions are asked, refer to the other templates created as a part of this blueprint. Record those concerns and address them at a later time.
    4. After presenting the EA strategy, ask the stakeholders for approval. If stakeholders do not approve, refer back to the concerns documented in step 3 and inquire if addressing the concerns will result in approval.
    5. If applicable, address stakeholder concerns with the EA strategy.
    6. Once EA strategy has been approved, publish the EA strategy to ensure there is a mutual understanding of what the EA function will provide to the organization. Move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing upon the EA strategy.

    Use the EA Function Strategy Template to assist with this activity.

    4.2.2 Map the EA contributions to the business goals

    3 hours

    Input: Expertise from EA strategy creation team

    Output: Service details for each EA service in your organization

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Map EA contributions/services to the goals of the organization.

    1. Start from the business goals of the organization.
    2. Determine Business and IT drivers.
    3. Identify EA contributions that help achieve the business goals.

    Download the EA Service Planning Tool to assist with this activity.

    Trace EA drivers to business goals (sample)

    A model connecting 'Enterprise Architecture' with 'Corporate Goals' through 'EA Contributions'.

    4.2.3 Quantify the EA effectiveness

    1 hour

    Input: Expertise from EA strategy creation team

    Output: Defined KPIs (SMART)

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Use SMART key performance indicators (KPIs) to measure EA contributions vis-à-vis business goals.

    Measure the EA strategy effectiveness by tracking the benefits it provides to the corporate business goals

    The success of the EA function spans across three main dimensions:

    • The delivery of EA-enabled business outcomes that are most important to the enterprise.
    • The alignment between the business and IT from a planning perspective.
    • Improvements in the corporate business goals due to EA contributions (standardization, rationalization, reuse, etc.).
    Corporate Business GoalsEA ContributionsMeasurements
    • Reduction in operating costs
    • Decrease in regulatory compliance infractions
    • Increased revenue from existing channels
    • Increased revenue from new channels
    • Faster time to business value
    • Improved business agility
    • Reduction in enterprise risk exposure
    • Alignment of IT investments to business strategy
    • Achievement of business results directly linked to IT involvement
    • Application and platform rationalization
    • Standards in place
    • Flexible architecture
    • Better integration
    • Higher organizational satisfaction with technology-enabled services and solutions
    • Cost reductions based on application and platform rationalization
    • Standard based solutions
    • Time reduction for integration
    • Service reused
    • Stakeholder satisfaction with EA services
    • Increase customer satisfaction
    • Rework minimized
    • Lower cost of integration
    • Risk reduction
    • Faster time to market
    • Better scalability, etc.

    The oil and gas company began the EA strategy creation by crafting an EA value proposition

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    The oil and gas corporation faced a great challenge in communicating the role of enterprise architecture to the organization. Although it has the mandate from the CIO to create the EA function, there was no function in existence. Thus, few people in the organization understood EA.

    Because of this lack of understanding, the EA function was often undermined. The EA function was seen as an order taker that provided some services to the organization.

    Solution

    First, Info-Tech worked with the enterprise architecture team to define the EA stakeholders in the organization.

    Second, Info-Tech interviewed those stakeholders to identify their needs. The needs were analyzed and pains that would obstruct addressing those needs were identified.

    Lastly, Info-Tech worked with the team to identify common EA contributions that would solve those pains.

    Results

    Through this process, Info-Tech helped the team at the oil and gas company create a document that could communicate the value of EA. Specifically, the document could articulate the issues obstructing each stakeholder from achieving their needs and how enterprise architecture could solve them.

    With this value proposition, EA was able to demonstrate value to important stakeholders and set itself up for success in its future endeavors.

    The oil and gas company defined EA services to provide and communicate value to the organization

    CASE STUDY

    Industry: Oil & Gas
    Source: Info-Tech

    Challenge

    As a brand new enterprise architecture function, the EA function at the oil and gas corporation did not have a set of defined EA services. Because of this lack of EA services, the organization did not know what contributions EA could provide.

    Further, without the definition of EA services, the EA function did not set out explicit expectations to the business. This caused expectations from the business to be different from those of the EA function, resulting in friction.

    Solution

    Info-Tech worked with the EA function at the oil and gas corporation to define a set of EA services the function could provide.

    The Info-Tech team, along with the organization, assessed the business and technology needs of the stakeholder. Those needs acted as the basis for the EA function to create their initial services.

    Additionally, Info-Tech worked with the team to define the service details (e.g. service benefits, service requestor, service provider) to communicate how to provide services to the business.

    Results

    The defined EA services led the EA function to communicate what it could provide for the business. As well, the defined services clarified the level of expectation for the business.

    The EA team was able to successfully service the business on future projects, adding value through their expertise and knowledge of the organization’s systems. Because of the demonstrated value, EA has been given greater responsibility throughout the organization.

    4.2.4 Determine the role of the architect in the Agile ceremonies of the organization

    1 hour

    Input: Expertise from EA strategy creation team

    Output: Participation in Agile Pre- and Post-PI, Architect Syncs, etc.

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: EA strategy creation team

    Document the involvement of the enterprise architect in your organization’s Agile ceremonies.

    1. Document the Agile ceremonial used in the organization (based on SAFe or other Agile approaches).
    2. Determine ceremonies the System Architect will participate in.
    3. Determine ceremonies the Solution Architect will participate in
    4. Determine ceremonies the Enterprise Architect will participate in.
    5. Determine Architect Syncs, etc.

    Note: Roles and responsibilities can be further defined as part of the Agile Enterprise Operating Model.

    The EA role relative to agility

    The enterprise architecture role relative to agility specifies the architecture roles as well as the agile protocols they will participate in.
    This statement will guide every architect’s participation in planning meetings, pre- and post-PI, syncs, etc. Use simple and concise terminology; speak loudly and clearly.

    A strong EA role statement relative to agility has the following characteristics:

    • Describes what different architect roles do to achieve the vision of the organization
    • In an agile way
    • Compelling
    • Easy to grasp
    • Sharply focused
    • Specific
    • Concise

    Sample EA mission relative to agility

    • Create strategies that provide guardrails for the organization, provide standards, reusable assets, accelerators, and other decisions at the enterprise level that support agility.
    • Participate in pre-PI and post-PI planning activities, architect syncs, etc.

    A clear statement can include additional details surrounding the Enterprise Architect role relative to agility

    Likewise, below is a sample of connecting keywords together to form an enterprise architect role statement, relative to agility.

    Optimize, transform, and innovate by defining and implementing the [Company]’s target enterprise architecture in an agile way.

    Optimize – We collaborate with the business to analyze and optimize business capabilities and business processes to enable the agile and efficient attainment of [Company name] business objectives.

    Transform – We support IT-enabled business transformation programs by building and maintaining a shared vision of the future-state enterprise and consistently communicating it to stakeholders.

    Innovate – We identify and develop new and creative opportunities for IT to enable the business. We communicate the art of the possible to the business.

    Defining and implementing – We engage with project teams early and guide solution design and selection to ensure alignment to the target-state enterprise architecture and provide guidance as well as accelerators.

    Target enterprise structure in an agile way – We analyze business needs and priorities and assess the current state of the enterprise. We build and maintain the target enterprise architecture blueprints that define:

    • Business capabilities and processes (business architecture)
    • Data, application, and technology assets that enable business capabilities and processes (technology architecture)
    • Architecture principles
    • Standards and reusable assets
    • Continuous exploration, integration, and deployment

    Move to the enterprise architecture operating model blueprint to execute your EA strategy

    Once approved, move on to Info-Tech’s Define an EA Operating Model blueprint to begin executing on the EA strategy.

    Enterprise architecture strategy

    This blueprint focuses on setting up an enterprise architecture function, with the goal of maximizing the likelihood of EA success. The blueprint puts into place the components that will align the EA function with the needs of the stakeholders, guide the decision making of the EA function, and define the services EA can provide to the organization.

    Agile enterprise architecture operating model

    An EA operating model helps you design and organize the EA function, ensuring adherence to architectural standards and delivery of EA services. This blueprint acts on the EA strategy by creating methods to engage, govern, and develop architecture as a part of the larger organization.

    Research contributors and experts

    Photo of Milena Litoiu, Senior Director Research and Advisory, Enterprise Architecture Milena Litoiu
    Senior Director Research and Advisory, Enterprise Architecture
    • Milena Litoiu is a Principal/Senior Manager of Enterprise Architecture. She is Master Certified with The Open Group and she sits on global architecture certification boards.
    • Other certifications include SABSA, CRISC, and Scaled Agile Framework. She started as a certified IT Architect at IBM and has over 25 years experience in this field.
    • Milena teaches enterprise architecture at the University of Toronto and led the development of the Enterprise Architecture Certificate (a course on EA fundamentals, one on EA development and Governance, and one on Trends going forward).
    • She has a Masters in Engineering, an executive MBA, and extensive experience in enterprise architecture as well as methodologies and tools.
    Photo of Lan Nguyen, IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group Lan Nguyen
    IT Executive, Mentor, Managing Partner at CIOs Beyond Borders Group
    • Lan Nguyen has a wealth of experience driving the EA strategy and the digital transformation success at the City of Toronto.
    • Lan is a university lecturer on topics like strategic leadership in the digital enterprise.
    • Lan is a Managing Partner at CIOs Beyond Borders Group.
    • Lan specializes in Partnership Development; Governance; Strategic Planning, Business Development; Government Relations; Business Relationship Management; Leadership Development; Organizational Agility and Change Management; Talent Management; Managed Services; Digital Transformation; Strategic Management of Enterprise IT; Shared Services; Service Quality Improvement, Portfolio Management; Community Development; and Social Enterprise.


    Photo of Dirk Coetsee, Director Research and Advisory, Enterprise Architecture, Data & Analytics Dirk Coetsee
    Director Research and Advisory, Enterprise Architecture, Data & Analytics
    • Dirk Coetsee is a Research & Advisory Director in the Data & Analytics practice. Dirk has over 25 years of experience in data management and architecture within a wide range of industries, especially Financial Services, Manufacturing, and Retail.
    • Dirk spearheaded data architecture at several organizations and was involved in enterprise data architecture, data governance, and data quality and analytics. He architected many operational data stores of ranging complexity and transaction volumes and was part of major enterprise data warehouse initiatives. Lately, he was part of projects that implemented big data, enterprise service bus, and micro services architectures. Dirk has an in-depth knowledge of industry models within the financial and retail spaces.
    • Dirk holds a BSc (Hons) in Operational Research and an MBA with specialization in Financial Services from the University of Pretoria, South Africa.
    Photo of Andy Neill, AVP, Enterprise Architecture, Data and Analytics Andy Neill
    AVP, Enterprise Architecture, Data and Analytics
    • Andy is AVP Data and Analytics and Chief Enterprise Architect at Info-Tech Research Group. Previous roles include leading the data architecture practice for Loblaw Companies Ltd, Shoppers Drug Mart and 360 Insights in Canada as well as leading architecture practices at Siemens consultancy, BBC, NHS, Ordnance Survey, and Houses of Parliament and Commons in the UK.
    • His responsibilities at Info-Tech include leading the data and analytics and enterprise architecture research practices and guiding the future of research and client engagement in that space.
    • Andy is the Product Owner for the Technical Counselor seat offering at Info-Tech, which gives world-class holistic support to our senior technical members.
    • He is also a instructor and content creator for the University of Toronto in the field of Enterprise Architecture.


    Photo of Wayne Filin-Matthews, Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019 Wayne Filin-Matthews
    Chief Enterprise Architect, ICMG Winner of Global Chief Enterprise Architect of the Year 2019
    • Wayne is currently the EA Discipline Lead/Chief Enterprise Architect – Global Digital Transformation Office, COE at Dell Technologies.
    • He is a distinguished Motivator & Tech Lead as well as an influencer.
    • Wayne has led multiple Enterprise Architecture practices at the global level and has valuable contributions in this space managing and growing Enterprise Architecture and CTO practices across strategy, execution, and adoption parts of the IT lifecycle.
    Photo of Graham Smith, Experienced lead Enterprise Architect and Independent Consultant Graham Smith
    Experienced lead Enterprise Architect and Independent Consultant
    • Graham is an experienced lead enterprise architect specializing in digital and data transformation, with over 33 years of experience, spanning financial markets, media, information, insurance, and telecommunications sectors. Graham has successfully established and led large teams across India, China, Australia, Americas, Japan, and the UK.
    • He is currently working as an independent consultant in digital and data-led transformation and his work spans established businesses and start-ups alike.

    Thanks also go to all experts who contributed to previous versions of this document:

    • Zachary Curry, Director, Enterprise Architecture and Innovation, FMC Technologies
    • Pam Doucette, Director of Enterprise Architecture, Tufts Health Plan
    • Joe Evers, Consulting Principal, JcEvers Consulting Corp
    • Cameron Fairbairn, Enterprise Architect, Agriculture Financial Services Corporation (AFSC)
    • Michael Fulton, Chief Digital Officer & Senior IT Strategy & Architecture Consultant at CC and C Solutions
    • Tom Graves, Principal Consultant, Tetradian Consulting
    • (JB) Brahmaiah Jarugumilli, Consultant, Federal Aviation Administration – Enterprise Services Center
    • Huw Morgan, IT Research Executive, Enterprise Architect
    • Serge Parisien, Manager, Enterprise Architecture, Canada Mortgage & Housing Corporation

    Additional interviews were conducted but are not listed due to privacy and confidentiality requirements.

    Bibliography

    “Agile Manifesto for Software Development,” Ward Cunningham, 2001. Accessed July 2021.

    “ArchiMate 3.1 Specification.” The Open Group, n.d. Accessed July 2021.

    “Are Your IT Strategy and Business Strategy Aligned?” 5Q Partners, 8 Jan. 2015. Accessed Oct. 2016.

    Bowen, Fillmore. “How agile companies create and sustain high ROI.” IBM. Accessed Oct. 2016.

    Burns, Peter, et al. Building Value through Enterprise Architecture: A Global Study. Booz & Co. 2009. Web. Nov. 2016.

    “Demonstrating the Value of Enterprise Architecture in Delivering Business Capabilities.” Cisco, 2008. Web. Oct. 2016.

    “Disciplined Agile.” Disciplined Agile Consortium, n.d. Web.

    Fowler, Martin. “Building Effective software.” MartinFowler.com. Accessed July 2021.

    Fowler, Martin. “Agile Software Guide.” MartinFowler.com, 1 Aug. 2019.

    Accessed July 2021.

    Haughey, Duncan. “SMART Goals.” Project Smart, 2014. Accessed July 2021.

    Kern, Matthew. “20 Enterprise Architecture Practices.” LinkedIn, 3 March 2016. Accessed Nov. 2016.

    Lahanas, Stephen. “Infrastructure Architecture, Defined.” IT Architecture Journal, Sept. 2014. Accessed July 2021.

    Lean IX website, Accessed July 2021.

    Litoiu, Milena. Course material from Information Technology 2690: Foundations of Enterprise Architecture, 2021, University of Toronto.

    Mocker, M., J.W. Ross, and C.M. Beath. “How Companies Use Digital Technologies to Enhance Customer Findings.” MIT CISR Working Paper No. 434, Feb. 2019. Qtd in Mayor, Tracy. “MIT expert recaps 30-plus years of enterprise architecture.” MIT Sloan, 10 Aug. 2020. Web.

    “Open Agile ArchitectureTM.” The Open Group, 2020. Accessed July 2021.

    “Organizational Design Framework – The Transformation Model.” The Center for Organizational Design, n.d. Accessed 1 Aug. 2020.

    Ross, Jeanne W. et al. Enterprise Architecture as Strategy: Creating a Foundation for Business Execution. Harvard Business School Press, 2006.

    Rouse, Margaret. “Enterprise Architecture (EA).” SearchCIO, June 2007. Accessed Nov. 2016.

    “SAFe 5 for Lean Enterprises.” Scaled Agile Framework, Scaled Agile, Inc. Accessed 2021.

    “Security Architecture.” Technopedia, updated 20 Dec. 2016. Accessed July 2021.

    “Software Engineering Institute.” Carnegie Mellon University, n.d. Web.

    “TOGAF 9.1.” The Open Group, 2011. Accessed Oct. 2016.

    “TOGAF 9.2.” The Open Group, 2018. Accessed July 2021.

    Thompson, Rachel. “Stakeholder Analysis: Winning Support for Your Projects.” MindTools, n.d. Accessed July 2021.

    Wendt, Jerome M. “Redefining ‘SMB’, ‘SME’ and ‘Large Enterprise.’” DCIG, 25 Mar. 2011. Accessed July 2021.

    Wilkinson, Jim. “Business Drivers.” The Strategic CFO, 23 July 2013. Accessed July 2021.

    Zachman, John. “Conceptual, Logical, Physical: It is Simple.” Zachman International, 2011. Accessed July 2021.

    Select a Security Outsourcing Partner

    • Buy Link or Shortcode: {j2store}246|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $13,739 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partners’ systems and processes integrate seamlessly with existing systems can be a challenge for most organizations in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • You can outsource your responsibilities but not your accountability.
    • Be aware that in most cases, the traditional approach is more profitable to MSSPs, and they may push you toward one, so make sure you get the service you want, not what they prescribe.

    Impact and Result

    • Determine which security responsibilities can be outsourced and which should be insourced and the right procedure to outsourcing to gain cost savings, improve resource allocation, and boost your overall security posture.

    Select a Security Outsourcing Partner Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Security Outsourcing Partner Storyboard – A guide to help you determine your requirements and select and manage your security outsourcing partner.

    Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.

    • Select a Security Outsourcing Partner – Phases 1-3

    2. MSSP RFP Template – A customizable template to help you choose the right security service provider.

    This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.

    • MSSP RFP Template

    Infographic

    Further reading

    Select a Security Outsourcing Partner

    Outsource the right functions to secure your business.

    Analyst Perspective

    Understanding your security needs and remaining accountable is the key to selecting the right partner.

    The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

    Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

    And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

    Photo of Danny Hammond
    Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.

    A lack of time and resources prevents your organization from being able to enable security internally.

    Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house.

    Having 24/7/365 monitoring in-house is not feasible for most firms.

    There is difficulty measuring the effectiveness of managed security service providers (MSSPs).

    Common Obstacles

    InfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:

    • How to start the process to select the right service provider that will cover your security needs. With so many service providers and technology tools in this field, who is the right partner?
    • Where to obtain guidance on externalization of resources or maintaining internal posture to enable to you confidently select an outsourcing partner.

    InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits.

    Info-Tech’s Approach

    Info-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Determine which security responsibilities can be insourced and which should be outsourced, and the right procedure to outsourcing in order to gain cost savings, improve resource allocation, and boost your overall security posture.
    • Understand the current landscape of MSSPs that are available today and the features they offer.
    • Highlight the future financial obligations of outsourcing vs. insourcing to explain which method is the most cost-effective.

    Info-Tech Insight

    Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

    Your Challenge

    This research is designed to help organizations select an effective security outsourcing partner.

    • A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
    • An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
    • One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
    • Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
    • Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

    Outsourcing is effective, but only if done right

    • 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
    • 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
    • 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

    Common Obstacles

    The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    A diagram that shows Average cost of a data breach from 2019 to 2022.
    Source: IBM, 2022 Cost of a Data Breach; N=537.


    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s methodology for selecting a security outsourcing partner

    Determine your responsibilities

    Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

    Scope your requirements

    Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

    Manage your outsourcing program

    Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

    Select a Security Outsourcing Partner

    A diagram that shows your organization responsibilities & accountabilities, framework for selecting a security outsourcing partner, and benefits.

    Blueprint benefits

    IT/InfoSec Benefits

    Reduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program.

    Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection.

    Reduces costs and efforts related to managing MSSPs and other security partners.

    Business Benefits

    Assists with selecting outsourcing partners that are essential to your organization’s objectives.

    Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing.

    Reduces security outsourcing risk.

    Insight summary

    Overarching insight: You can outsource your responsibilities but not your accountability.

    Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

    Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

    Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

    Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Determine what to outsource Understand the value in outsourcing and determining what responsibilities can be outsourced. Cost of determining what you can/should outsource:
    • 120 FTE hours at $90K per year = $5,400
    Cost of determining the savings from outsourcing vs. insourcing:
    • 120 FTE hours at $90K per year = $5,400
    Select the right partner Select an outsourcing partner that will have the right skill set and solution to identified requirements. Cost of ranking and selecting your MSSPs:
    • 160 FTE hours at $90K per year = $7,200
    Cost of creating and distributing RFPs:
    • 200 FTE hours at $90K per year = $9,000
    Manage your third-party service security outsourcing Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. Cost of creating and implementing a metrics program to manage the MSSP:
    • 80 FTE hours at $90K per year = $3,600

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact: 8.9 /10

    Overall Average Cost Saved: $22,950

    Overall Average Days Saved: 9

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Build a Vendor Security Assessment Service

    • Buy Link or Shortcode: {j2store}318|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $17,501 Average $ Saved
    • member rating average days saved: 17 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vendor security risk management is a growing concern for many organizations. Whether suppliers or business partners, we often trust them with our most sensitive data and processes.
    • More and more regulations require vendor security risk management, and regulator expectations in this area are growing.
    • However, traditional approaches to vendor security assessments are seen by business partners and vendors as too onerous and are unsustainable for information security departments.

    Our Advice

    Critical Insight

    • An efficient and effective assessment process can only be achieved when all stakeholders are participating.
    • Security assessments are time-consuming for both you and your vendors. Maximize the returns on your effort with a risk-based approach.
    • Effective vendor security risk management is an end-to-end process that includes assessment, risk mitigation, and periodic re-assessments.

    Impact and Result

    • Develop an end-to-end security risk management process that includes assessments, risk treatment through contracts and monitoring, and periodic re-assessments.
    • Base your vendor assessments on the actual risks to your organization to ensure that your vendors are committed to the process and you have the internal resources to fully evaluate assessment results.
    • Understand your stakeholder needs and goals to foster support for vendor security risk management efforts.

    Build a Vendor Security Assessment Service Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a vendor security assessment service, review Info-Tech’s methodology, and understand the three ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define governance and process

    Determine your business requirements and build your process to meet them.

    • Build a Vendor Security Assessment Service – Phase 1: Define Governance and Process
    • Vendor Security Policy Template
    • Vendor Security Process Template
    • Vendor Security Process Diagram (Visio)
    • Vendor Security Process Diagram (PDF)

    2. Develop assessment methodology

    Develop the specific procedures and tools required to assess vendor risk.

    • Build a Vendor Security Assessment Service – Phase 2: Develop Assessment Methodology
    • Service Risk Assessment Questionnaire
    • Vendor Security Questionnaire
    • Vendor Security Assessment Inventory

    3. Deploy and monitor process

    Implement the process and develop metrics to measure effectiveness.

    • Build a Vendor Security Assessment Service – Phase 3: Deploy and Monitor Process
    • Vendor Security Requirements Template
    [infographic]

    Workshop: Build a Vendor Security Assessment Service

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Governance and Process

    The Purpose

    Understand business and compliance requirements.

    Identify roles and responsibilities.

    Define the process.

    Key Benefits Achieved

    Understanding of key goals for process outcomes.

    Documented service that leverages existing processes.

    Activities

    1.1 Review current processes and pain points.

    1.2 Identify key stakeholders.

    1.3 Define policy.

    1.4 Develop process.

    Outputs

    RACI Matrix

    Vendor Security Policy

    Defined process

    2 Define Methodology

    The Purpose

    Determine methodology for assessing procurement risk.

    Develop procedures for performing vendor security assessments.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    2.1 Identify organizational security risk tolerance.

    2.2 Develop risk treatment action plans.

    2.3 Define schedule for re-assessments.

    2.4 Develop methodology for assessing service risk.

    Outputs

    Security risk tolerance statement

    Risk treatment matrix

    Service Risk Questionnaire

    3 Continue Methodology

    The Purpose

    Develop procedures for performing vendor security assessments.

    Establish vendor inventory.

    Key Benefits Achieved

    Standardized, repeatable methodologies for supply chain security risk assessment.

    Activities

    3.1 Develop vendor security questionnaire.

    3.2 Define procedures for vendor security assessments.

    3.3 Customize the vendor security inventory.

    Outputs

    Vendor security questionnaire

    Vendor security inventory

    4 Deploy Process

    The Purpose

    Define risk treatment actions.

    Deploy the process.

    Monitor the process.

    Key Benefits Achieved

    Understanding of how to treat different risks according to the risk tolerance.

    Defined implementation strategy.

    Activities

    4.1 Define risk treatment action plans.

    4.2 Develop implementation strategy.

    4.3 Identify process metrics.

    Outputs

    Vendor security requirements

    Understanding of required implementation plans

    Metrics inventory

    Staff the Service Desk to Meet Demand

    • Buy Link or Shortcode: {j2store}490|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $1,900 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk
    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Our Advice

    Critical Insight

    • IT managers are stuck with the difficult task of determining the right number of service desk resources to meet demand to executives who perceive the service desk to be already effective.
    • Service desk managers often don’t have accurate historical data and metrics to justify their headcount, or don’t know where to start to find the data they need.
    • They often then fall prey to the common misperception that there is an industry standard ratio of the ideal number of service desk analysts to users. IT leaders who rely on staffing ratios or industry benchmarks fail to take into account the complexity of their own organization and may make inaccurate resourcing decisions.

    Impact and Result

    • There’s no magic, one-size-fits-all ratio to tell you how many service desk staff you need based on your user base alone. There are many factors that come into play, including the complexity of your environment, user profiles, ticket volume and trends, and maturity and efficiency of your processes.
    • If you don’t have historical data to help inform resourcing needs, start tracking ticket volume trends now so that you can forecast future needs.
    • If your data suggests you don’t need more staff, look to other ways to maximize your time and resources to deliver more efficient service.

    Staff the Service Desk to Meet Demand Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize service desk staffing, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine environment and operating model

    Define your business and IT environment, service desk operating model, and existing challenges to inform objectives.

    • Service Desk Staffing Stakeholder Presentation

    2. Determine staffing needs

    Understand why service desk staffing estimates should be based on your unique workload, then complete the Staffing Calculator to estimate your needs.

    • Service Desk Staffing Calculator

    3. Interpret data to plan approach

    Review workload over time to analyze trends and better inform your overall resourcing needs, then plan your next steps to optimize staffing.

    [infographic]

    Tymans Group Consulting

    IT resilience, carefree entrepreneurship.

    Discover and implement all the ingredients that make your IT perform fast and rock solid.

    Yes, I want stable and performant IT Operations

    We are multidisciplinary infrastructure and IT Operations experts.
    We bring passion, focus, and results to our work and your company.

    TY innovates resilience embedding in your organization

    Let's have a chat

    • TY as your advisor

      This gives you our expertise on tap. Do you have an issue? Call us. You want to have a sparring partner to solve a problem? Call us. Do you need a sounding board? Call us.

      TY provides advisory services as well as traditional consulting. We also execute study and revision services for your policies, standards, procedures, and guidelines to ensure compliance with DORA, NIS2 and corporate requirements of both your own company and that of your clients. And we also check against our internal best ways of working.

      Book a conversation

    • Focused Consulting and Implementing

      This is where you have our undivided attention, and we work with you one on one until resolution. Note that there is a waiting period for this service at this time.

      If you are interested, please first book a call so that we can determine if we are a good fit together.

      Book a conversation

    What our relations tell us

    • Citigroup Manager

      As a technical consultant, Gert is an All-Star performer...  He has got many wins under his belt... His willingness to work hard, knowledge of regional systems (especially Tokyo) and Microsoft Office is well respected within the Group 

    • Sandra

      Tx for all the efforts done! Great Job! And good luck for the ones amongst you that still need to work tomorrow Grtz Sandra VB
    • Patrick A.

      Hi Gert, I'm busy documenting .... Thanks for your real friendly and careful, yet effective support :-) Patrick A.
    • Lucie VH

      During my vacation, Gert took over the management of a number of ongoing problems. Even before I actually left for my trip, he took action and proposed a number of improvements. Gert coordinated between the different stakeholders and PTA's and resolved a number of acute issues. And he did this in a very pleasant, yet effective way.
    • Dawn

      No worries. It only freaked me out for a few minutes, then I saw that the system had blocked them from doing any real damage. Thanks for the cleanup and extra measures, though! As always, you rock!
    • After a successful DRP

      Thanks for all the efforts done ans special Tx Gert for Coordinating this again!
    • A CIO

      Yet again Gert, Thanks for handling this in such a top way!
    • A Sales Manager

      Awesome Gert, I will let the team know we can close this issue!
    • Investment bank manager

      Flexibility, Adaptability, problem Solving are Gert's strong points, Exceptionally beneficial in "crisis." I can attest that Gert will always see a problem through. if he needs to hand it off, it will aways have good handoff notes. His business knowledge is good and will part of the next project.

    • Wall Street Performance Review

      As with the classes for SFC, Gert organised formal classes for all of the Research IT teams.... I would class this job as well done, given everything that was going on with Rsearch IT. 

    • Stuart B on Gert Taeymans

      Excellent technical resource. Quick help on issues and provide explanations to regional teams. Often covers for us in the evenings or when things get particularly busy.

    • Asia support to roll out global system

      Gert time in Japan was a great success. He really helped the IT group through a really difficult tume during the roll out of {the global research publishing system} and had to cover all the bases that had not been properly coverd by the previous person in Japan. Gert's visit also coincided with Stuart's joining into the Asia IT Research group. Gert was very flexible  in the hours that he worked and the lenght of time he was out in Tokyo (in the end more than 4 weeks.)

      The feedback from both the users and the IT group was VERY positive on Gertt's contribution. He was more than capabable to put across technical points to the IT team, in their language.

    • IT Director

      Gert is a knowledgeable individual who takes on additional responsibility... rapidly addressng end-user issues and developing custom solutions when needed.

    Benefits of working with Tymans Group

    • We focus on actual deliverables

      TY delivers on the IT resilience what and how. Get actionable IT, management, governance, and productivity research, insights, blueprints with templates, easy-to-use tools, and clear instructions to help you execute effectively and become IT resilient.

    • Get insights from top IT professionals

      Our TY network base constantly informs us about our IT resilience research and validates it through client experiences. TY adds to that by applying this research to real-world situations in Belgium, the Netherlands, Germany, Europe and the US.

    • Data-driven insights

      It is tempting to use your gut instinct. Don't. Everything TY does, is data-driven. From our research to our interactions with you, we use an analytical approach to help you move forward with your key IT resilience projects.

    Frequently asked questions

    • How does Tymans Group IT Operations advisory work?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      Every advisory option has a set number of interactive contact points in addition to email and chat options. Every contact request is answered by me personally. 

      Through the use of technology, I ensure that instead of you having to drive to your coach, the coach “comes” to you!

    • What are Tymans Group advisory service timings?

      TY is available on European time from 09:00 until 17:00 and US EST 09:00-17:00 (depending on already booked appointments). 

    • How much to Tymans Group programs cost?

      While this is a difficult question to answer, let's give it a shot.

      Ideally I work value-based. But this is more for well-defined projects where the ROI is quantifiable rather than qualifiable.

      Often advisory services are a discovery and we obtain results together. You may even only need an experienced sounding board. This type of pricing starts from €4,500.

    • Does Tymans Group have a "pick your brain" option?

      By popular demand, yes, I added this. It is not the cheapest way to use me, but it may be the most effective for you.

    • How are Tymans Group advisory services delivered?

      TY believes strongly in leveraging technology and personal delivery. That is why TY uses one on one calling sessions using Teams and Zoom. When needed I do on site delivery.

      This way I ensure that instead of you having to drive to your coach, the coach “comes” to you!

      You are allowed to record the sessions and use them internally in your organization, including as part of your internal training. You are not allowed to resell these without a resale agreement.

    • Tymans Group is delivered online via calls? Isn't on-site better?

      Interestingly, in the majority of advisory services the answer is no.

      Purely on-site automatically limits the time we can spend together. Thus, typically, the interactions are of a shorter duration. Even when this is done over a longer timeframe, like 5 to 10 days, this is really too short for effective advising, coaching and mentoring. 

      We stay away from accelerated programs, where I can send a lot of information, and most of it will not stick.

      Terry Sejnowski  a neuroscientist, actually states that cramming does not help you remember. It gets you, maybe, through the next exam, but the information is not retained. The way to integrate and remember information is to spread out the study and repeat. This is called the spacing effect.

      This is why I employ the online delivery method. When you record our sessions, you can come back and again repeat it, note down your questions and fire them off to me. I respond and you go back into the talk. Then you apply, possibly fail, and come back again until it succeeds, and then you make it your own.

      That is why time-pressured, on-site delivery does not work. Our method makes you effective because you internalized the material and feedback. This can then be rounded-off by on-site finalization.

      10-15 years ago, this was not possible, as the web-based tools were simply not fast enough. Today, unless you are taking classes like carpentry or other topics that require on-site delivery, online delivery is the way to go.

    • Can I pay by wire transfer?

      We actually prefer wire transfer. It cuts down on the financial fees and it is the norm in the European Union. Our US customer can also use this feature and pay into our US bank.

    • Where is Tymans Group located?

      Tymans Group has two locations:

      In Europe, Belgium and in Greenville, DE, United States, 

      The HQ is in Belgium.

    • Does this work for less than 25 employees?

      Resilience is not size-dependent. That said, if you are supplying critical services to financial services firms, you may not have a choice. In that case, be prepared to up your game. Call TY in this case. We can help you fulfill third-party requirements, such as the DORA regulation.

      In other cases, if you plan to grow your company beyond 25 employees, then yes. Start with the basics, though. Make sure you have a good understanding of your current challenges. Schedule a chat with me to determine the right baseline.

      If you are just starting out and want to ensure that your company's processes are correct right out of the gate, it's better to give me a call. We can start you off in the right direction without spending too much.

      Our guides are only available to existing advisory clients. Let's chat informally if we are a fit for you.

    • I'm a small business owner, can I do all this by myself?

      Our guides are only available to existing advisory clients.

      But also see the above question about company size and target clients. If you have fewer than 25 employees and you are not supplying critical services to financial institutions, then maybe some of our guides are not for you. We can still help you organize your resilience, but it may be more cost-effective to use only our TY Advisory services.

      Once you grow beyond 25 employees, you will benefit from our processes. Just implement what you need. How do you know what you require? You probably already have an inkling of what is lacking in your organization. If you are unsure, please get in touch with us.

      In short, the answer is yes, and TY can help you. Once you know what you are looking for, that guide allows you to handle it yourself. If you require help selecting the right guide, please get in touch with us.

    • Do you provide refunds?

      Before buying the DIY guides, available only to existing advisory clients,, please refer to the free Executive Summary when available. If there is no Executive summary available, please contact me with any questions you have. 

      As these are downloadable products, I cannot provide any refunds, but I will help you with any exchange where you have a good reason. 

    • I bought the wrong item

      If you bought the wrong item, please contact me and we'll be happy to provide an alternative item.

    • I want more assistance

      Yes, more assistance is available.  Tymans Group can provide you with any assistance you require within the parameters of your contract.

      Per-guide assistance ranges from a single phone or video consultation to guided implementation or a workshop. Alternatively we can go to do-it-for-you implementation or even full-time consulting.

      Note that our guides are only available to existing advisory clients.

      Please contact me for a talk.

    I want more information to become more resilient.

    Continue reading

    Hire or Develop a World-Class CISO

    • Buy Link or Shortcode: {j2store}243|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • It is difficult to find a “unicorn”: a candidate who is already fully developed in all areas.
    • The role of the CISO has changed so much in the past three years, it is unclear what competencies are most important.
    • Current CISOs need to scope out areas of future development.

    Our Advice

    Critical Insight

    The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

    Impact and Result

    • Clarify the competencies that are important to your organizational needs and use them to find a candidate with those specific strengths.
    • If you are a current CISO, complete a self-assessment and identify your high-priority competency gaps so you can actively work to develop those areas.
    • Create an actionable plan to develop the CISO’s capabilities and regularly reassess these items to ensure constant improvement.

    Hire or Develop a World-Class CISO Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Hire of Develop a World-Class CISO Deck – A step-by-step guide on finding or developing the CISO that best fits your organization.

    Use this blueprint to hire or develop a world-class Chief Information Security Officer (CISO) with the competencies that suit your specific organizational needs. Once you have identified the right candidate, create a plan to develop your CISO.

    • Hire or Develop a World-Class CISO – Phases 1-4

    2. CISO Core Competency Evaluation Tool – Determine which competencies your organization needs and which competencies your CISO needs to work on.

    This tool will help you determine which competencies are a priority for your organizational needs and which competencies your CISO needs to develop.

    • CISO Core Competency Evaluation Tool

    3. CISO Stakeholder Power Map Template – Visualize stakeholder and CISO relationships.

    Use this template to identify stakeholders who are key to your security initiatives and to understand your relationships with them.

    • CISO Stakeholder Power Map Template

    4. CISO Stakeholder Management Strategy Template – Develop a strategy to improve stakeholder and CISO relationships.

    Create a strategy to cultivate your stakeholder relationships and manage each relationship in the most effective way.

    • CISO Stakeholder Management Strategy Template

    5. CISO Development Plan Template – Develop a plan to support a world-class CISO.

    This tool will help you create and implement a plan to remediate competency gaps.

    • CISO Development Plan Template

    Infographic

    Further reading

    Hire or Develop a World-Class CISO

    Find a strategic and security-focused champion for your business.

    Analyst Perspective

    Create a plan to become the security leader of tomorrow

    The days are gone when the security leader can stay at a desk and watch the perimeter. The rapidly increasing sophistication of technology, and of attackers, has changed the landscape so that a successful information security program must be elastic, nimble, and tailored to the organization’s specific needs.

    The Chief Information Security Officer (CISO) is tasked with leading this modern security program, and this individual must truly be a Chief Officer, with a finger on the pulses of the business and security processes at the same time. The modern, strategic CISO must be a master of all trades.

    A world-class CISO is a business enabler who finds creative ways for the business to take on innovative processes that provide a competitive advantage and, most importantly, to do so securely.

    Cameron Smith, Research Lead, Security and Privacy

    Cameron Smith
    Research Lead, Security & Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • CEOs/CXOs are looking to hire or develop a senior security leader and aren’t sure where to start.
    • Conversely, security practitioners are looking to upgrade their skill set and are equally stuck in terms of what an appropriate starting point is.
    • Organizations are looking to optimize their security plans and move from a tactical position to a more strategic one.

    Common Obstacles

    • It is difficult to find a “unicorn”: a candidate who is already fully developed in all areas.
    • The role of the CISO has changed so much in the past three years, it is unclear what competencies are most important.
    • You are a current CISO and need to scope out your areas of future development.

    Info-Tech’s Approach

    • Clarify the competencies that are important to your organizational needs and use them to find a candidate with those specific strengths.
    • If you are a current CISO, complete a self-assessment and identify your high-priority competency gaps so you can actively work to develop those areas.
    • Create an actionable plan to develop the CISO’s capabilities and regularly reassess these items to ensure constant improvement.

    Info-Tech Insight
    The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

    Your challenge

    This Info-Tech blueprint will help you hire and develop a strategic CISO

    • Security without strategy is a hacker’s paradise.
    • The outdated model of information security is tactical, where security acts as a watchdog and responds.
    • The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

    Around one in five organizations don’t have an individual with the sole responsibility for security1

    1 Navisite

    Info-Tech Insight
    Assigning security responsibilities to departments other than security can lead to conflicts of interest.

    Common obstacles

    It can be difficult to find the right CISO for your organization

    • The smaller the organization, the less likely it will have a CISO or equivalent position.
    • Because there is a shortage of qualified candidates, qualified CISOs can demand high salaries and many CISO positions will go unfilled.
    • It is easier for larger companies to attract top CISO talent, as they generally have more resources available.

    Source: Navisite

    Only 36% of small businesses have a CISO (or equivalent position).

    48% of mid-sized businesses have a CISO.

    90% of large organizations have a CISO.

    Source: Navisite

    Strategic versus tactical

    CISOs should provide leadership based on a strategic vision 1

    Strategic CISO Tactical CISO

    Proactive

    Focus is on protecting hyperdistributed business processes and data

    Elastic, flexible, and nimble

    Engaged in business design decisions

    Speaks the language of the audience (e.g. business, financial, technical)

    Reactive

    Focus is on protecting current state

    Perimeter and IT-centric approach

    Communicates with technical jargon

    1 Journal of Computer Science and Information Technology

    Info-Tech has identified three key behaviors of the world-class CISO

    To determine what is required from tomorrow’s security leader, Info-Tech examined the core behaviors that make a world-class CISO. These are the three areas that a CISO engages with and excels in.

    Later in this blueprint, we will review the competencies and skills that are required for your CISO to perform these behaviors at a high level.

    Align

    Aligning security enablement with business requirements

    Enable

    Enabling a culture of risk management

    Manage

    Managing talent and change

    Info-Tech Insight
    Through these three overarching behaviors, you can enable a security culture that is aligned to the business and make security elastic, flexible, and nimble to maintain the business processes.

    Info-Tech’s approach

    Understand what your organization needs in a CISO: Consider the core competencies of a CISO. Assess: Assess candidates' core competencies and the CISO's stakeholder relationships. Plan improvements: Identify resources to close competency gaps and an approach to improve stakeholder relationships. Executive development: Decide next steps to support your CISO moving forward and regularly reassess to measure progress.

    Info-Tech’s methodology to Develop or Hire a World-Class CISO

    1. Launch 2. Assess 3. Plan 4. Execute
    Phase Steps
    1. Understand the core competencies
    2. Measure security and business satisfaction and alignment
    1. Assess stakeholder relationships
    2. Assess core competencies
    1. Identify resources to address your CISO’s competency gaps
    2. Plan an approach to improve stakeholder relationships
    1. Decide next actions and support your CISO moving forward
    2. Regularly reassess to measure development and progress
    Phase Outcomes

    At the end of this phase, you will have:

    • Determined the current gaps in satisfaction and business alignment for your IT security program.
    • Identified the desired qualities in a security leader, specific to your current organizational needs.

    At the end of this phase, you will have:

    • Used the core competencies to help identify the ideal candidate.
    • Identified areas for development in your new or existing CISO.
    • Determined stakeholder relationships to cultivate.

    At the end of this phase, you will have:

    • Created a high-level plan to address any deficiencies.
    • Improved stakeholder relations.

    At the end of this phase, you will have:

    • Created an action-based development plan, including relevant metrics, due dates, and identified stakeholders. This plan is the beginning, not the end. Continually reassessing your organizational needs and revisiting this blueprint’s method will ensure ongoing development.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    CISO Core Competency Evaluation Tool

    Assess the competency levels of a current or prospective CISO and identify areas for improvement.

    Stakeholder Power Map Template

    Visualize the importance of various stakeholders and their concerns.

    Stakeholder Management Strategy Template

    Document a plan to manage stakeholders and track actions.

    Key deliverable:

    CISO Development Plan Template

    The CISO Development Plan Template is used to map specific activities and time frames for competency development to address gaps and achieve your goal.

    Strategic competencies will benefit the organization and the CISO

    Career development should not be seen as an individual effort. By understanding the personal core competencies that Info-Tech has identified, the individual wins by developing relevant new skills and the organization wins because the CISO provides increased value.

    Organizational Benefits Individual Benefits
    • Increased alignment between security and business objectives
    • Development of information security that is elastic, nimble, and flexible for the business
    • Reduction in wasted efforts and resources, and improvement in efficiency of security and the organization as a whole
    • True synergy between security and business stakeholders, where the goals of both groups are being met
    • Increased opportunity as you become a trusted partner within your organization
    • Improved relationships with peers and stakeholders
    • Less resistance and more support for security initiatives
    • More involvement and a stronger role for security at all levels of the organization

    Measured value of a world-class CISO

    Organizations with a CISO saw an average of $145,000 less in data breach costs.1

    However, we aren’t talking about hiring just any CISO. This blueprint seeks to develop your CISO’s competencies and reach a new level of effectiveness.

    Organizations invest a median of around $375,000 annually in their CISO.2 The CISO would have to be only 4% more effective to represent $15,000 more value from this position. This would offset the cost of an Info-Tech workshop, and this conservative estimate pales in comparison to the tangible and intangible savings as shown below.

    Your specific benefits will depend on many factors, but the value of protecting your reputation, adopting new and secure revenue opportunities, and preventing breaches cannot be overstated. There is a reason that investment in information security is on the rise: Organizations are realizing that the payoff is immense and the effort is worthwhile.

    Tangible cost savings from having a world-class CISO Intangible cost savings from having a world-class CISO
    • Cost savings from incident reduction.
    • Cost savings achieved through optimizing information security investments, resulting in savings from previously misdiagnosed issues.
    • Cost savings from ensuring that dollars spent on security initiatives support business strategy.
    • More opportunities to create new business processes through greater alignment between security and business.
    • Improved reputation and brand equity achieved through a proper evaluation of the organization’s security posture.
    • Continuous improvement achieved through a good security assessment and measurement strategy.
    • Ability to plan for the future since less security time will be spent firefighting and more time will be spent engaged with key stakeholders.

    1 IBM Security
    2 Heidrick & Struggles International, Inc.

    Case Study

    In the middle of difficulty lies opportunity

    SOURCE
    Kyle Kennedy
    CISO, CyberSN.com

    Challenge
    The security program identified vulnerabilities at the database layer that needed to be addressed.

    The decision was made to move to a new vendor. There were multiple options, but the best option in the CISO’s opinion was a substantially more expensive service that provided more robust protection and more control features.

    The CISO faced the challenge of convincing the board to make a financial investment in his IT security initiative to implement this new software.

    Solution
    The CISO knew he needed to express this challenge (and his solution!) in a way that was meaningful for the executive stakeholders.

    He identified that the business has $100 million in revenue that would move through this data stream. This new software would help to ensure the security of all these transactions, which they would lose in the event of a breach.

    Furthermore, the CISO identified new business plans in the planning stage that could be protected under this initiative.

    Results
    The CISO was able to gain support for and implement the new database platform, which was able to protect current assets more securely than before. Also, the CISO allowed new revenue streams to be created securely.

    This approach is the opposite of the cautionary tales that make news headlines, where new revenue streams are created before systems are put in place to secure them.

    This proactive approach is the core of the world-class CISO.

    Info-Tech offers various levels of support to best suit your needs

    Guided Implementation

    What does a typical GI on this topic look like?

    Launch Assess Plan Execute

    Call #1: Review and discuss CISO core competencies.

    Call #2: Discuss Security Business Satisfaction and Alignment diagnostic results.

    Call #3: Discuss the CISO Stakeholder Power Map Template and the importance of relationships.

    Call #4: Discuss the CISO Core Competency Evaluation Tool.

    Call #5: Discuss results of the CISO Core Competency Evaluation and identify resources to close gaps.

    Call #6: Review organizational structure and key stakeholder relationships.

    Call #7: Discuss and create your CISO development plan and track your development

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 10 calls over the course of 3 to 6 months.

    Phase 1

    Launch

    Phase 1
    1.1 Understand Core Competencies
    1.2 Measure Security and Business Satisfaction and Alignment

    Phase 2
    2.1 Assess Stakeholder Relationships
    2.2 Assess the Core Competencies

    Phase 3
    3.1 Identify Resources to Address Competency Gaps
    3.2 Plan Approach to Improve Stakeholder Relationships

    Phase 4
    4.1 Decide Next Actions and Support Your CISO Moving Forward
    4.2 Regularly Reassess to Measure Development and Progress

    This phase will walk you through the following activities:

    • Review and understand the core competencies of a world-class CISO.
    • Launch your diagnostic survey.
    • Evaluate current business satisfaction with IT security.
    • Determine the competencies that are valuable to your IT security program’s needs.

    Hire or Develop a World-Class CISO

    Case study

    Mark Lester
    InfoSec Manager, SC Ports Authority

    An organization hires a new Information Security Manager into a static and well-established IT department.

    Situation: The organization acknowledges the need for improved information security, but there is no framework for the Security Manager to make successful changes.

    Challenges Next Steps
    • The Security Manager is an outsider in a company with well-established habits and protocols. He is tasked with revamping the security strategy to create unified threat management.
    • Initial proposals for information security improvements are rejected by executives. It is a challenge to implement changes or gain support for new initiatives.
    • The Security Manager will engage with individuals in the organization to learn about the culture and what is important to them.
    • He will assess existing misalignments in the business so that he can target problems causing real pains to individuals.

    Follow this case study throughout the deck to see this organization’s results

    Step 1.1

    Understand the Core Competencies of a World-Class CISO

    Activities

    Review core competencies the security leader must develop to become a strategic business partner

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step
    Analysis and understanding of the eight strategic CISO competencies required to become a business partner

    Launch

    Core competencies

    Info-Tech has identified eight core competencies affecting the CISO’s progression to becoming a strategic business partner.

    Business Acumen
    A CISO must focus primarily on the needs of the business.

    Leadership
    A CISO must be a security leader and not simply a practitioner.

    Communication
    A CISO must have executive communication skills

    Technical Knowledge
    A CISO must have a broad technical understanding.

    Innovative Problem Solving
    A good CISO doesn’t just say “no,” but rather finds creative ways to say “yes.”

    Vendor Management
    Vendor and financial management skills are critical to becoming a strategic CISO.

    Change Management
    A CISO improves security processes by being an agent of change for the organization.

    Collaboration
    A CISO must be able to use alliances and partnerships strategically.

    1.1 Understand the core competencies a CISO must focus on to become a strategic business partner

    < 1 hour

    Over the next few slides, review each world-class CISO core competency. In Step 1.2, you will determine which competencies are a priority for your organization.

    CISO Competencies Description
    Business Acumen

    A CISO must focus primarily on the needs of the business and how the business works, then determine how to align IT security initiatives to support business initiatives. This includes:

    • Contributing to business growth with an understanding of the industry, core functions, products, services, customers, and competitors.
    • Understanding the business’ strategic direction and allowing it to securely capitalize on opportunities.
    • Understanding the key drivers of business performance and the use of sound business practice.
    Leadership

    A CISO must be a security leader, and not simply a practitioner. This requires:

    • Developing a holistic view of security, risk, and compliance for the organization.
    • Fostering a culture of risk management.
    • Choosing a strong team. Having innovative and reliable employees who do quality work is a critical component of an effective department.
      • This aspect involves identifying talent, engaging your staff, and managing their time and abilities.

    1.1 Understand the core competencies (continued)

    CISO Competencies Description
    Communication

    Many CISOs believe that using technical jargon impresses their business stakeholders – in fact, it only makes business stakeholders become confused and disinterested. A CISO must have executive communication skills. This involves:

    • Clearly communicating with business leaders in meaningful language (i.e. business, financial, social) that they understand by breaking down the complexities of IT security into simple and relatable concepts.
    • Not using acronyms or technological speak. Easy-to-understand translations will go a long way.
    • Strong public speaking and presentation abilities.
    Technical Knowledge

    A CISO must have a broad technical understanding of IT security to oversee a successful security program. This includes:

    • Understanding key security and general IT technologies and processes.
    • Assembling a complementary team, because no individual can have deep knowledge in all areas.
    • Maintaining continuing education to stay on top of emerging technologies and threats.

    1.1 Understand the core competencies (continued)

    CISO Competencies Description
    Innovative Problem Solving

    A good CISO doesn’t just say “no,” but rather finds creative ways to say “yes.” This can include:

    • Taking an active role in seizing opportunities created by emerging technologies.
    • Facilitating the secure implementation of new, innovative revenue models.
    • Developing solutions for complex business problems that require creativity and ingenuity.
    • Using information and technology to drive value around the customer experience.
    Vendor Management

    With the growing use of “anything as a service,” negotiation, vendor, and financial management skills are critical to becoming a strategic CISO.

    • The CISO must be able to evaluate service offerings and secure favorable contracts with the right provider. It is about extracting the maximum value from vendors for the dollars you are spending.
    • Vendor products must be aligned with future business plans to create maximum ongoing value.
    • The CISO must develop financial management skills. This includes the ability to calculate total cost of ownership, return on investment, and project spending over multiyear business plans.

    1.1 Understand the core competencies (continued)

    CISO Competencies Description
    Change Management

    A world-class CISO improves security processes by being an agent of change for the organization. This involves:

    • Leading, guiding, and motivating teams to adopt a responsible risk management culture.
    • Communicating important and complex ideas in a persuasive way.
    • Demonstrating an ability to change themselves and taking the initiative in adopting more efficient behaviors.
    • Handling unplanned change, such as unforeseen attacks or personnel changes, in a professional and proactive manner.
    Collaboration

    A CISO must be able to use alliances and partnerships strategically to benefit both the business and themselves. This includes:

    • Identifying formal and informal networks and constructive relationships to enable security development.
    • Leveraging stakeholders to influence positive outcomes for the organization.
    • Getting out of the IT or IT security sphere and engaging relationships in diverse areas of the organization.

    Step 1.2

    Evaluate satisfaction and alignment between the business and IT security

    Activities

    • Conduct the Information Security Business Satisfaction and Alignment diagnostic
    • Use your results as input into the CISO Core Competency Evaluation Tool

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step
    Determine current gaps in satisfaction and alignment between information security and your organization.

    If seeking to hire/develop a CISO: Your diagnostic results will help develop a profile of the ideal CISO candidate to use as a hiring and interview guide.

    If developing a current CISO, use your diagnostic results to identify existing competency gaps and target them for improvement.

    For the CISO seeking to upgrade capabilities: Use the core competencies guide to self-assess and identify competencies that require improvement.

    Launch

    1.2 Get started by conducting Info-Tech’s Information Security Business Satisfaction and Alignment diagnostic

    Suggested Time: One week for distribution, completion, and collection of surveys
    One-hour follow-up with an Info-Tech analyst

    The primary goal of IT security is to protect the organization from threats. This does not simply mean bolting everything down, but it means enabling business processes securely. To do this effectively requires alignment between IT security and the overall business.

    • Once you have completed the diagnostic, call Info-Tech to review your results with one of our analysts.
    • The results from this assessment will provide insights to inform your entries in the CISO Core Competency Evaluation Tool.

    Call an analyst to review your results and provide you with recommendations.

    Info-Tech Insight
    Focus on the high-priority competencies for your organization. You may find a candidate with perfect 10s across the board, but a more pragmatic strategy is to find someone with strengths that align with your needs. If there are other areas of weakness, then target those areas for development.

    1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

    After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

    • Your diagnostic results will indicate where your information security program is aligned well or poorly with your business.
    • For example, the diagnostic may show significant misalignment between information security and executives over the level of external compliance. The CISO behavior that would contribute to solving this is aligning security enablement with business requirements.
      • This misalignment may be due to a misunderstanding by either party. The competencies that will contribute to resolving this are communication, technical knowledge, and business acumen.
      • This mapping method is what will be used to determine which competencies are most important for your needs at the present moment.

    Download the CISO Core Competency Evaluation Tool

    1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

    After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

    1. Starting on Tab 2: CISO Core Competencies, use your understanding of each competency from section 1.1 along with the definitions described in the tool.
      • For each competency, assign a degree of importance using the drop-down menu in the second column from the right.
      • Importance ratings will range from not at all important at the low end to critically important at the high end.
      • Your importance score will be influenced by several factors, including:
        • The current alignment of your information security department.
        • Your organizational security posture.
        • The size and structure of your organization.
        • The existing skills and maturity within your information security department.

    Download the CISO Core Competency Evaluation Tool

    1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

    After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

    1. Still on Tab 2. CISO Core Competencies, you will now assign a current level of effectiveness for each competency.
      • This will range from foundational at a low level of effectiveness up to capable, then inspirational, and at the highest rating, transformational.
      • Again, this rating will be very specific to your organization, depending on your structure and your current employees.
      • Fundamentally, these scores will reflect what you want to improve in the area of information security. This is not an absolute scale, and it will be influenced by what skills you want to support your goals and direction as an organization.

    Download the CISO Core Competency Evaluation Tool

    Phase 2

    Assess

    Phase 1
    1.1 Understand Core Competencies
    1.2 Measure Security and Business Satisfaction and Alignment

    Phase 2
    2.1 Assess Stakeholder Relationships
    2.2 Assess the Core Competencies

    Phase 3
    3.2 Plan Approach to Improve Stakeholder Relationships

    Phase 4
    4.1 Decide Next Actions and Support Your CISO Moving Forward
    4.2 Regularly Reassess to Measure Development and Progress

    This phase will walk you through the following activities:

    • Use the CISO Core Competency Evaluation Tool to create and implement an interview guide.
    • Assess and analyze the core competencies of your prospective CISOs. Or, if you are a current CISO, use the CISO Core Competency Evaluation Tool as a self-analysis and identify areas for personal development.
    • Evaluate the influence, impact, and support of key executive business stakeholders using the CISO Stakeholder Power Map Template.

    Hire or Develop a World-Class CISO

    Case study

    Mark Lester
    InfoSec Manager, SC Ports Authority

    The new Security Manager engages with employees to learn the culture.

    Outcome: Understand what is important to individuals in order to create effective collaboration. People will engage with a project if they can relate it to something they value.

    Actions Next Steps
    • The Security Manager determines that he must use low-cost small wins to integrate with the organizational culture and create trust and buy-in and investment will follow.
    • The Security Manager starts a monthly newsletter to get traction across the organization, create awareness of his mandate to improve information security, and establish himself as a trustworthy partner.
    • The Security Manager will identify specific ways to engage and change the culture.
    • Create a persuasive case for investing in information security based on what resonates with the organization.

    Follow this case study throughout the deck to see this organization’s results

    Step 2.1

    Identify key stakeholders for the CISO and assess current relationships

    Activities

    Evaluate the power, impact, and support of key stakeholders

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step

    • Power map of executive business stakeholders
    • Evaluation of each stakeholder in terms of influence, impact, and current level of support

    Assess

    Identify key stakeholders who own business processes that intersect with security processes

    Info-Tech Insight
    Most organizations don’t exist for the sole purpose of doing information security. For example, if your organization is in the business of selling pencils, then information security is in business to enable the selling of pencils. All the security in the world is meaningless if it doesn’t enable your primary business processes. The CISO must always remember the fundamental goals of the business.

    The above insight has two implications:

    1. The CISO needs to understand the key business processes and who owns them, because these are the people they will need to collaborate with. Like any C-level, the CISO should be one of the most knowledgeable people in the organization regarding business processes.
    2. Each of these stakeholders stands to win or lose depending on the performance of their process, and they can act to either block or enable your progress.
      • To work effectively with these stakeholders, you must learn what is important to them, and pose your initiatives so that you both benefit.

    When people are not receptive to the CISO, it’s usually because the CISO has not been part of the discussion when plans were being made. This is the heart of proactivity.

    You need to be involved from the start … from the earliest part of planning.

    The job is not to come in late and say “No” ... the job is to be involved early and find creative and intelligent ways to say “Yes.”

    The CISO needs to be the enabling security asset that drives business.

    – Elliot Lewis, CEO at Keyavi Data

    Evaluate the importance of business stakeholders and the support necessary from them

    The CISO Stakeholder Power Map Template is meant to provide a visualization of the CISO’s relationships within the organization. This should be a living document that can be updated throughout the year as relationships develop and the structure of an organization changes.

    At a glance, this tool should show:

    • How influential each stakeholder is within the company.
    • How supportive they currently are of the CISO’s initiatives.
    • How strongly each person is impacted by IT security activities.

    Once this tool has been created, it provides a good reference as the CISO works to develop lagging relationships. It shows the landscape of influence and impact within the organization, which may help to guide the CISO’s strategy in the future.

    Evaluate the importance of business stakeholders and the support necessary from them

    Download the CISO Stakeholder Power Map Template

    Evaluate the importance of business stakeholders and the support necessary from them

    1. Identify key stakeholders.
      1. Focus on owners of important business processes.
    2. Evaluate and map each stakeholder in terms of:
      1. Influence (up/down)
      2. Support (left/right)
      3. Impact (size of circle)
      4. Involvement (color of circle)
    3. Decide whether the level of support from each stakeholder needs to change to facilitate success.

    Evaluate the importance of business stakeholders and the support necessary from them

    Info-Tech Insight
    Some stakeholders must work closely with your incoming CISO. It is worth consideration to include these individuals in the interview process to ensure you will have partners that can work well together. This small piece of involvement early on can save a lot of headache in the future.

    Where can you find your desired CISO?

    Once you know which competencies are a priority in your new CISO, the next step is to decide where to start looking. This person may already exist in your company.

    Internal

    Take some time to review your current top information security employees or managers. It may be immediately clear that certain people will or will not be suitable for the CISO role. For those that have potential, proceed to Step 2.2 to map their competencies.

    Recruitment

    If you do not have any current employees that will fit your new CISO profile, or you have other reasons for wanting to bring in an outside individual, you can begin the recruitment process. This could start by posting the position for applications or by identifying and targeting specific candidates.

    Ready to start looking for your ideal candidate? You can use Info-Tech’s Chief Information Security Officer job description template.

    Use the CISO job description template

    Alternatives to hiring a CISO

    Small organizations are less able to muster the resources required to find and retain a CISO,

    Technical Counselor Seat

    In addition to having access to our research and consulting services, you can acquire a Technical Counselor Seat from our Security & Risk practice, where one of our senior analysts would serve with you on a retainer. You may find that this option saves you the expense of having to hire a new CISO altogether.

    Virtual CISO

    A virtual CISO, or vCISO, is essentially a “CISO as a service.” A vCISO provides an organization with an experienced individual that can, on a part-time basis, lead the organization’s security program through policy and strategy development.

    Why would an organization consider a vCISO?

    • A vCISO can provide services that are flexible, technical, and strategic and that are based on the specific requirements of the organization.
    • They can provide a small organization with program maturation within the organization’s resources.
    • They can typically offer depth of experience beyond what a small business could afford if it were to pursue a full-time CISO.

    Source: InfoSec Insights by Sectigo Store

    Why would an organization not consider a vCISO?

    • The vCISO’s attention is divided among their other clients.
    • They won’t feel like a member of your organization.
    • They won’t have a deep understanding of your systems and processes.

    Source: Georgia State University

    Step 2.2

    Assess CISO candidates and evaluate their current competency

    Activities

    Assess CISO candidates in terms of desired core competencies

    or

    Self-assess your personal core competencies

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO

    or

    • Current CISO seeking to upgrade capabilities

    and

    • Any key stakeholders or collaborators you choose to include in the assessment process

    Outcomes of this step

    • You have assessed your requirements for a CISO candidate.
    • The process of hiring is under way, and you have decided whether to hire a CISO, develop a CISO, or consider a Counselor Seat as another option.

    Assess

    2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to assess your CISO candidate

    Use Info-Tech’s CISO Core Competency Evaluation Tool to assess your CISO candidate

    Download the CISO Core Competency Evaluation Tool

    Info-Tech Insight
    The most important competencies should be your focus. Unless you are lucky enough to find a candidate that is perfect across the board, you will see some areas that are not ideal. Don’t forget the importance you assigned to each competency. If a candidate is ideal in the most critical areas, you may not mind that some development is needed in a less important area.

    2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to evaluate your candidates

    After deciding the importance of and requirements for each competency in Phase 1, assess your CISO candidates.

    Your first pass on this tool will be to look at internal candidates. This is the develop a CISO option.

    1. In the previous phase, you rated the Importance and Current Effectiveness for each competency in Tab 2. CISO Core Competencies. In this step, use Tab 3. Gap Analysis to enter a Minimum Level and a Desired Level for each competency. Keep in mind that it may be unrealistic to expect a candidate to be fully developed in all aspects.
    2. Next, enter a rating for your candidate of interest for each of the eight competencies.
    3. This scorecard will generate an overall suitability score for the candidate. The color of the output (from red to green) indicates the suitability, and the intensity of the color indicates the importance you assigned to that competency.

    Download the CISO Core Competency Evaluation Tool

    2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to evaluate your candidates

    • If the internal search does not identify a suitable candidate, you will want to expand your search.
    • Repeat the scoring process for external candidates until you find your new CISO.
    • You may want to skip your external search altogether and instead contact Info-Tech for more information on our Counselor Seat options.

    Download the CISO Core Competency Evaluation Tool

    Phase 3

    Plan

    Phase 1
    1.1 Understand Core Competencies
    1.2 Measure Security and Business Satisfaction and Alignment

    Phase 2
    2.1 Assess Stakeholder Relationships
    2.2 Assess the Core Competencies

    Phase 3
    3.1 Identify Resources to Address Competency Gaps
    3.2 Plan Approach to Improve Stakeholder Relationships

    Phase 4
    4.1 Decide Next Actions and Support Your CISO Moving Forward
    4.2 Regularly Reassess to Measure Development and Progress

    This phase will walk you through the following activities:

    • Create a plan to develop your competency gaps.
    • Construct and consider your organizational model.
    • Create plan to cultivate key stakeholder relationships.

    Hire or Develop a World-Class CISO

    Case study

    Mark Lester
    InfoSec Manager, SC Ports Authority

    The new Security Manager changes the security culture by understanding what is meaningful to employees.

    Outcome: Engage with people on their terms. The CISO must speak the audience’s language and express security terms in a way that is meaningful to the audience.

    Actions Next Steps
    • The Security Manager identifies recent events where ransomware and social engineering attacks were successful in penetrating the organization.
    • He uses his newsletter to create organization-wide discussion on this topic.
    • This very personal example makes employees more receptive to the Security Manager’s message, enabling the culture of risk management.
    • The Security Manager will leverage his success in improving the information security culture and awareness to gain support for future initiatives.

    Follow this case study throughout the deck to see this organization’s results

    Step 3.1

    Identify resources for your CISO to remediate competency gaps

    Activities

    Create a plan to remediate competency gaps

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO
    • The newly hired CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step

    • Identification of core competency deficiencies
    • A plan to close the gaps

    Plan

    3.1 Close competency gaps with Info-Tech’s Cybersecurity Workforce Development Training

    Resources to close competency gaps

    Info-Tech’s Cybersecurity Workforce Training develops critical cybersecurity skills missing within your team and organization. The leadership track provides the same deep coverage of technical knowledge as the analyst track but adds hands-on support and has a focus on strategic business alignment, program management, and governance.

    The program builds critical skills through:

    • Standardized curriculum with flexible projects tailored to business needs
    • Realistic cyber range scenarios
    • Ready-to-deploy security deliverables
    • Real assurance of skill development

    Info-Tech Insight
    Investing in a current employee that has the potential to be a world-class CISO may take less time, effort, and money than finding a unicorn.

    Learn more on the Cybersecurity Workforce Development webpage

    3.1 Identify resources for your CISO to remediate competency gaps

    < 2 hours

    CISO Competencies Description
    Business Acumen

    Info-Tech Workshops & Blueprints

    Actions/Activities

    • Take a business acumen course: Acumen Learning, What the CEO Wants You to Know: Building Business Acumen.
    • Meet with business stakeholders. Ask them to take you through the strategic plan for their department and then identify opportunities where security can provide support to help drive their initiatives.
    • Shadow another C-level executive. Understand how they manage their business unit and demonstrate an eagerness to learn.
    • Pursue an MBA or take a business development course.

    3.1 Identify resources for your CISO to remediate competency gaps (continued)

    < 2 hours

    CISO Competencies Description
    Leadership

    Info-Tech Training and Blueprints

    Action/Activities

    • Communicate your vision for security to your team. You will gain buy-in from your employees by including them in the creation of your program, and they will be instrumental to your success.

    Info-Tech Insight
    Surround yourself with great people. Insecure leaders surround themselves with mediocre employees that aren’t perceived as a threat. Great leaders are supported by great teams, but you must choose that great team first.

    3.1 Identify resources for your CISO to remediate competency gaps (continued)

    < 2 hours

    CISO Competencies Description
    Communication

    Info-Tech Workshops & Blueprints

    Build and Deliver an Optimized IT Update Presentation: Show IT’s value and relevance by dropping the technical jargon and speaking to the business in their terms.

    Master Your Security Incident Response Communications Program: Learn how to talk to your stakeholders about what’s going on when things go wrong.

    Develop a Security Awareness and Training Program That Empowers End Users: Your weakest link is between the keyboard and the chair, so use engaging communication to create positive behavior change.

    Actions/Activities

    Learn to communicate in the language of your audience (whether business, finance, or social), and frame security solutions in terms that are meaningful to your listener.

    Technical Knowledge

    Actions/Activities

    • In many cases, the CISO is progressing from a strong technical background, so this area is likely a strength already.
    • However, as the need for executive skills are being recognized, many organizations are opting to hire a business or operations professional as a CISO. In this case, various Info-Tech blueprints across all our silos (e.g. Security, Infrastructure, CIO, Apps) will provide great value in understanding best practices and integrating technical skills with the business processes.
    • Pursue an information security leadership certification: GIAC, (ISC)², and ISACA are a few of the many organizations that offer certification programs.

    3.1 Identify resources for your CISO to remediate competency gaps (continued)

    < 2 hours

    CISO Competencies Description
    Innovative Problem Solving

    Info-Tech Workshops & Blueprints

    Actions/Activities

    Vendor Management

    Info-Tech Blueprints & Resources

    Actions/Activities

    3.1 Identify resources for your CISO to remediate competency gaps (continued)

    < 2 hours

    CISO Competencies Description
    Change Management

    Info-Tech Blueprints

    Actions/Activities

    • Start with an easy-win project to create trust and support for your initiatives.
    Collaboration

    Info-Tech Blueprints

    Actions/Activities

    • Get out of your office. Have lunch with people from all areas of the business. Understanding the goals and the pains of employees throughout your organization will help you to design effective initiatives and cultivate support.
    • Be clear and honest about your goals. If people know what you are trying to do, then it is much easier for them to work with you on it. Being ambiguous or secretive creates confusion and distrust.

    3.1 Create the CISO’s personal development plan

    • Use Info-Tech’s CISO Development Plan Template to document key initiatives that will close previously identified competency gaps.
    • The CISO Development Plan Template is used to map specific actions and time frames for competency development, with the goal of addressing competency gaps and helping you become a world-class CISO. This template can be used to document:
      • Core competency gaps
      • Security process gaps
      • Security technology gaps
      • Any other career/development goals
    • If you have a coach or mentor, you should share your plan and report progress to that person. Alternatively, call Info-Tech to speak with an executive advisor for support and advice.
      • Toll-Free: 1-888-670-8889

    What you will need to complete this exercise

    • CISO Core Competency Evaluation Tool results
    • Information Security Business Satisfaction and Alignment diagnostic results
    • Insights gathered from business stakeholder interviews

    Step 3.2

    Plan an approach to improve your relationships

    Activities

    • Review engagement strategies for different stakeholder types
    • Create a stakeholder relationship development plan

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO
    • The newly hired CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step

    • Stakeholder relationship strategy deliverable

    Plan

    Where should the CISO sit?

    Where the CISO sits in the organization can have a big impact on the security program.

    • Organizations with CISOs in the C-suite have a fewer security incidents.1
    • Organizations with CISOs in the C-suite generally have better IT ability.1
    • An organization whose CISO reports to the CIO risks conflict of interest.1
    • 51% of CISOs believe their effectiveness can be hampered by reporting lines.2
    • Only half of CISOs feel like they are in a position to succeed.2

    A formalized security organizational structure assigns and defines the roles and responsibilities of different members around security. Use Info-Tech’s blueprint Implement a Security Governance and Management Program to determine the best structure for your organization.

    Who the CISO reports to, by percentage of organizations3

    Who the CISO reports to, by percentage of organizations

    Download the Implement a Security Governance and Management Program blueprint

    1. Journal of Computer Science and Information
    2. Proofpoint
    3. Heidrick & Struggles International, Inc

    3.2 Make a plan to manage your key stakeholders

    Managing stakeholders requires engagement, communication, and relationship management. To effectively collaborate and gain support for your initiatives, you will need to build relationships with your stakeholders. Take some time to review the stakeholder engagement strategies for different stakeholder types.

    Influence Mediators
    (Satisfy)
    Key Players
    (Engage)
    Spectators
    (Monitor)
    Noisemakers
    (Inform)
    Support for you

    When building relationships, I find that what people care about most is getting their job done. We need to help them do this in the most secure way possible.

    I don’t want to be the “No” guy, I want to enable the business. I want to find to secure options and say, “Here is how we can do this.”

    – James Miller, Information Security Director, Xavier University

    Download the CISO Stakeholder Management Strategy Template

    Key players – Engage

    Goal Action
    Get key players to help champion your initiative and turn your detractors into supporters. Actively involve key players to take ownership.
    Keep It Positive Maintain a Close Relationship
    • Use their positive support to further your objectives and act as your foundation of support.
    • Key players can help you build consensus among other stakeholders.
    • Get supporters to be vocal in your town halls.
    • Ask them to talk to other stakeholders over whom they have influence.
    • Get some quick wins early to gain and maintain stakeholder support and help convert them to your cause.
    • Use their influence and support to help persuade blockers to see your point of view.
    • Collaborate closely. Key players are tuned in to information streams that are important. Their advice can keep you informed and save you from being blindsided.
    • Keep them happy. By definition, these individuals have a stake in your plans and can be affected positively or negatively. Going out of your way to maintain relationships can be well worth the effort.

    Info-Tech Insight
    Listen to your key players. They understand what is important to other business stakeholders, and they can provide valuable insight to guide your future strategy.

    Mediators – Satisfy

    Goal Action
    Turn mediators into key players Increase their support level.
    Keep It Positive Maintain a Close Relationship
    • Make stakeholders part of the conversation by consulting them for input on planning and strategy.
    • Sample phrases:
      • “I’ve heard you have experience in this area. Do you have time to answer a few questions?”
      • “I’m making some decisions and I would value your thoughts. Can I get your perspective on this?”
    • Enhance their commitment by being inclusive. Encourage their support whenever possible.
    • Make them feel acknowledged and solicit feedback.
    • Listen to blockers with an open mind to understand their point of view. They may have valuable insight.
    • Approach stakeholders on their individual playing fields.
      • They want to know that you understand their business perspective.
    • Stubborn mediators might never support you. If consulting doesn’t work, keep them informed of important decision-making points and give them the opportunity to be involved if they choose to be.

    Info-Tech Insight
    Don’t dictate to stakeholders. Make them feel like valued contributors by including them in development and decision making. You don’t have to incorporate all their input, but it is essential that they feel respected and heard.

    Noisemakers – Inform

    Goal Action
    Have noisemakers spread the word to increase their influence. Encourage noisemakers to influence key stakeholders.
    Keep It Positive Maintain a Close Relationship
    • Identify noisemakers who have strong relationships with key stakeholders and focus on them.
      • These individuals may not have decision-making power, but their opinions and advice may help to sway a decision in your favor.
    • Look for opportunities to increase their influence over others.
    • Put effort into maintaining the positive relationship so that it doesn’t dwindle.
    • You already have this group’s support, but don’t take it for granted.
    • Be proactive, pre-emptive, and transparent.
    • Address issues or bad news early and be careful not to exaggerate their significance.
    • Use one-on-one meetings to give them an opportunity to express challenges in a private setting.
    • Show individuals in this group that you are a problem-solver:
      • “The implementation was great, but we discovered problems afterward. Here is what we’re doing about it.”

    Spectators – Monitor

    Goal Action
    Keep spectators content and avoid turning them into detractors. Keep them well informed.
    Keep It Positive Maintain a Close Relationship
    • A hands-on approach is not required with this group.
    • Keep them informed with regular, high-altitude communications and updates.
    • Use positive, exciting announcements to increase their interest in your initiatives.
    • Select a good venue for generating excitement and assessing the mood of spectators.
    • Spectators may become either supporters or blockers. Monitor them closely and keep in touch with them to stop these individuals from becoming blockers.
    • Listen to questions from spectators carefully. View any engagement as an opportunity to increase participation from this group and generate a positive shift in interest.

    3.2 Create the CISO’s stakeholder management strategy

    Develop a strategy to manage key stakeholders in order to drive your personal development plan initiatives.

    • The purpose of the CISO Stakeholder Management Strategy Template is to document the results of the power mapping exercise, create a plan to proactively manage stakeholders, and track the actions taken.
    • Use this in concert with Info-Tech’s CISO Stakeholder Power Map Template to help visualize the importance of key stakeholders to your personal development. You will document:
      • Stakeholder role and type.
      • Current relationship with the stakeholder.
      • Level of power/influence and degree of impact.
      • Current and desired level of support.
      • Initiatives that require the stakeholder’s engagement.
      • Actions to be taken – along with the status and results.

    What you will need to complete this exercise

    • Completed CISO Stakeholder Power Map
    • Security Business Satisfaction and Alignment Diagnostic results

    Download the CISO Stakeholder Management Strategy Template

    Phase 4

    Execute

    Phase 1
    1.1 Understand Core Competencies
    1.2 Measure Security and Business Satisfaction and Alignment

    Phase 2
    2.1 Assess Stakeholder Relationships
    2.2 Assess the Core Competencies

    Phase 3
    3.1 Identify Resources to Address Competency Gaps
    3.2 Plan Approach to Improve Stakeholder Relationships

    Phase 4
    4.1 Decide Next Actions and Support Your CISO Moving Forward
    4.2 Regularly Reassess to Measure Development and Progress

    This phase will walk you through the following activities:

    • Populate the CISO Development Plan Template with appropriate targets and due dates.
    • Set review and reassess dates.
    • Review due dates with CISO.

    Hire or Develop a World-Class CISO

    Case study

    Mark Lester
    InfoSec Manager, SC Ports Authority

    The new Security Manager leverages successful cultural change to gain support for new security investments.

    Outcome: Integrating with the business on a small level and building on small successes will lead to bigger wins and bigger change.

    Actions Next Steps
    • By fostering positive relationships throughout the organization, the Security Manager has improved the security culture and established himself as a trusted partner.
    • In an organization that had seen very little change in years, he has used well developed change management, business acumen, leadership, communication, collaboration, and innovative problem-solving competencies to affect his initiatives.
    • He can now return to the board with a great deal more leverage in seeking support for security investments.
    • The Security Manager will leverage his success in improving the information security culture and awareness to gain support for future initiatives.

    Step 4.1

    Decide next actions and support your CISO moving forward

    Activities

    • Complete the Info-Tech CISO Development Plan Template
    • Create a stakeholder relationship development plan

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO
    • The newly hired CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step

    Next actions for each of your development initiatives

    Execute

    Establish a set of first actions to set your plan into motion

    The CISO Development Plan Template provides a simple but powerful way to focus on what really matters to execute your plan.

    • By this point, the CISO is working on the personal competency development while simultaneously overseeing improvements across the security program, managing stakeholders, and seeking new business initiatives to engage with. This can be a lot to juggle effectively.
    • Disparate initiatives like these can hinder progress by creating confusion.
    • By distilling your plan down to Subject > Action > Outcome, you immediately restore focus and turn your plans into actionable items.
    • The outcome is most valuable when it is measurable. This makes progress (or lack of it) very easy to track and assess, so choose a meaningful metric.
    Item to Develop
    (competency/process/tech)
    First Action Toward Development
    Desired Outcome, Including a Measurable Indicator

    Download the CISO Development Plan Template

    4.1 Create a CISO development plan to keep all your objectives in one place

    Use Info-Tech’s CISO Development Plan Template to create a quick and simple yet powerful tool that you can refer to and update throughout your personal and professional development initiatives. As instructed in the template, you will document the following:

    Your Item to Develop The Next Action Required The Target Outcome
    This could be a CISO competency, a security process item, a security technology item, or an important relationship (or something else that is a priority). This could be as simple as “schedule lunch with a stakeholder” or “email Info-Tech to schedule a Guided Implementation call.” This part of the tool is meant to be continually updated as you progress through your projects. The strength of this approach is that it focuses your project into simple actionable steps that are easily achieved, rather than looking too far down the road and seeing an overwhelming task ahead. This will be something measurable like “reduce spending by 10%” or “have informal meeting with leaders from each department.”

    Info-Tech Insight
    A good plan doesn’t require anything that is outside of your control. Good measurable outcomes are behavior based rather than state based.
    “Increase the budget by 10%” is a bad goal because it is ultimately reliant on someone else and can be derailed by an unsupportive executive. A better goal is “reduce spending by 10%.” This is something more within the CISO’s control and is thus a better performance indicator and a more achievable goal.

    4.1 Create a CISO development plan to keep all your objectives in one place

    Below you will find sample content to populate your CISO Development Plan Template. Using this template will guide your CISO in achieving the goals identified here.

    The template itself is a metric for assessing the development of the CISO. The number of targets achieved by the due date will help to quantify the CISO’s progress.

    You may also want to include improvements to the organization’s security program as part of the CISO development plan.

    Area for Development Item for Development Next Action Required Key Stakeholders/ Owners Target Outcome Due Date Completed
    Core Competencies:
    Communication
    Executive
    communication
    Take economics course to learn business language Course completed [Insert date] [Y/N]
    Core Competencies:
    Communication
    Improve stakeholder
    relationships
    Email Bryce from finance to arrange lunch Improved relationship with finance department [Insert date] [Y/N]
    Technology Maturity: Security Prevention Identity and access management (IAM) system Call Info-Tech to arrange call on IAM solutions 90% of employees entered into IAM system [Insert date] [Y/N]
    Process Maturity: Response & Recovery Disaster recovery Read Info-Tech blueprint on disaster recovery Disaster recovery and backup policies in place [Insert date] [Y/N]

    Check out the First 100 Days as CISO blueprint for guidance on bringing improvements to the security program

    4.1 Use your action plan to track development progress and inform stakeholders

    • As you progress toward your goals, continually update the CISO development plan. It is meant to be a living document.
    • The Next Action Required should be updated regularly as you make progress so you can quickly jump in and take meaningful actions without having to reassess your position every time you open the plan. This is a simple but very powerful method.
    • To view your initiatives in customizable ways, you can use the drop-down menu on any column header to sort your initiatives (i.e. by due date, completed status, area for development). This allows you to quickly and easily see a variety of perspectives on your progress and enables you to bring upcoming or incomplete projects right to the top.
    Area for Development Item for Development Next Action Required Key Stakeholders/ Owners Target Outcome Due Date Completed
    Core Competencies:
    Communication
    Executive
    communication
    Take economics course to learn business language Course completed [Insert date] [Y/N]
    Core Competencies:
    Communication
    Improve stakeholder
    relationships
    Email Bryce from finance to arrange lunch Improved relationship with finance department [Insert date] [Y/N]
    Technology Maturity: Security Prevention Identity and access management (IAM) system Call Info-Tech to arrange call on IAM solutions 90% of employees entered into IAM system [Insert date] [Y/N]
    Process Maturity: Response & Recovery Disaster recovery Read Info-Tech blueprint on disaster recovery Disaster recovery and backup policies in place [Insert date] [Y/N]

    Step 4.2

    Regularly reassess to track development and progress

    Activities

    Create a calendar event for you and your CISO, including which items you will reassess and when

    This step involves the following participants:

    • CEO or other executive seeking to hire/develop a CISO
    • The newly hired CISO

    or

    • Current CISO seeking to upgrade capabilities

    Outcomes of this step

    Scheduled reassessment of the CISO’s competencies

    Execute

    4.2 Regularly evaluate your CISO’s progress

    < 1 day

    As previously mentioned, your CISO development plan is meant to be a living document. Your CISO will use this as a companion tool throughout project implementation, but periodically it will be necessary to re-evaluate the entire program to assess your progress and ensure that your actions are still in alignment with personal and organizational goals.

    Info-Tech recommends performing the following assessments quarterly or twice yearly with the help of our executive advisors (either over the phone or onsite).

    1. Sit down and re-evaluate your CISO core competencies using the CISO Core Competency Evaluation Tool.
    2. Analyze your relationships using the CISO Stakeholder Power Map Template.
    3. Compare all of these against your previous results to see what areas you have strengthened and decide if you need to focus on a different area now.
    4. Consider your CISO Development Plan Template and decide whether you have achieved your desired outcomes. If not, why?
    5. Schedule your next reassessment, then create a new plan for the upcoming quarter and get started.
    Materials
    • Laptop
    • CISO Development Plan Template
    Participants
    • CISO
    • Hiring executive (possibly)
    Output
    • Complete CISO and security program development plan

    Summary of Accomplishment

    Knowledge Gained

    • Understanding of the competencies contributing to a successful CISO
    • Strategic approach to integrate the CISO into the organization
    • View of various CISO functions from a variety of business and executive perspectives, rather than just a security view

    Process Optimized

    • Hiring of the CISO
    • Assessment and development of stakeholder relationships for the CISO
    • Broad planning for CISO development

    Deliverables Completed

    • IT Security Business Satisfaction and Alignment Diagnostic
    • CISO Core Competency Evaluation Tool
    • CISO Stakeholder Power Map Template
    • CISO Stakeholder Management Strategy Template
    • CISO Development Plan Template

    If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation

    Contact your account representative for more information

    workshop@infotech.com
    1-888-670-8889

    Related Info-Tech Research

    Build an Information Security Strategy
    Your security strategy should not be based on trying to blindly follow best practices but on a holistic risk-based assessment that is risk aware and aligns with your business context.

    The First 100 Days as CISO
    Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, but the approach to the new position will be relatively the same.

    Implement a Security Governance and Management Program
    Business and security goals should be the same. Businesses cannot operate without security, and security's goal is to enable safe business operations.

    Research Contributors

    • Mark Lester, Information Security Manager, South Carolina State Ports Authority
    • Kyle Kennedy, CISO, CyberSN.com
    • James Miller, Information Security Director, Xavier University
    • Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
    • Andrew Maroun, Enterprise Security Lead, State of California
    • Brian Bobo, VP Enterprise Security, Schneider National
    • Candy Alexander, GRC Security Consultant, Towerall Inc.
    • Chad Fulgham, Chairman, PerCredo
    • Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
    • Diane Kelly, Information Security Manager, Colorado State Judicial Branch
    • Jeffrey Gardiner, CISO, Western University
    • Joey LaCour, VP & Chief Security, Colonial Savings
    • Karla Thomas, Director IT Global Security, Tower Automotive
    • Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
    • Lisa Davis, CEO, Vicinage
    • Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
    • Peter Clay, CISO, Qlik
    • Robert Banniza, Senior Director IT Center Security, AMSURG
    • Tim Tyndall, Systems Architect, Oregon State

    Bibliography

    Dicker, William. "An Examination of the Role of vCISO in SMBs: An Information Security Governance Exploration." Dissertation, Georgia State University, May 2, 2021. Accessed 30 Sep. 2022.

    Heidrick & Struggles. "2022 Global Chief Information Security Officer (CISO) Survey" Heidrick & Struggles International, Inc. September 6, 2022. Accessed 30 Sep. 2022.

    IBM Security. "Cost of a Data Breach Report 2022" IBM. August 1, 2022. Accessed 9 Nov. 2022.

    Mehta, Medha. "What Is a vCISO? Are vCISO Services Worth It?" Infosec Insights by Sectigo, June 23, 2021. Accessed Nov 22. 2022.

    Milica, Lucia. “Proofpoint 2022 Voice of the CISO Report” Proofpoint. May 2022. Accessed 6 Oct. 2022.

    Navisite. "The State of Cybersecurity Leadership and Readiness" Navisite. November 9, 2021. Accessed 9 Nov. 2022.

    Shayo, Conrad, and Frank Lin. “An Exploration of the Evolving Reporting Organizational Structure for the Chief Information Security Officer (CISO) Function” Journal of Computer Science and Information Technology, vol. 7, no. 1, June 2019. Accessed 28 Sep. 2022.

    Make Prudent Decisions When Increasing Your Salesforce Footprint

    • Buy Link or Shortcode: {j2store}134|cart{/j2store}
    • member rating overall impact: 8.9/10 Overall Impact
    • member rating average dollars saved: $55,224 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Too often, organizations fail to achieve economy of scale. They neglect to negotiate price holds, do not negotiate deeper discounts as volume increases, or do not realize there are already existing contracts within the organization.
    • Understand what to negotiate. Organizations do not know what can and cannot be negotiated, which means value gets left on the table.
    • Integrations with other applications must be addressed from the outset. Many users buy the platform only to realize later on that the functionality they wanted does not exist and may be an extra expense with customization.

    Our Advice

    Critical Insight

    • Buying power dissipates when you sign the contract. Get the right product for the right number of users for the right term and get it right the first time.
    • Getting the best price does not assure a great total cost of ownership or ROI. There are many components as part of the purchasing process that if unaccounted for can lead to dramatic and unbudgeted spend.
    • Avoid buyer’s remorse through due diligence before signing the deal. If you need to customize the software or extend it with a third-party add-in, identify your costs and timelines upfront. Plan for successful adoption.

    Impact and Result

    • Centralize purchasing instead of enabling small deals to maximize discount levels by creating a process to derive a cost-effective methodology when subscribing to Sales Cloud, Service Cloud, and Force.com.
    • Educate your organization on Salesforce’s licensing methods and contract types, enabling informed purchasing decisions. Critical components of every agreement that need to be negotiated are a renewal escalation cap, term protection, and license metrics to document what comes with each. Re-bundling protection is also critical in case a product is no longer desired.
    • Proactively addressing integrations and business requirements will enable project success and enable the regular upgrades the come with a multi-tenant cloud services SaaS solution.

    Make Prudent Decisions When Increasing Your Salesforce Footprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your Salesforce licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish software requirements

    Begin your journey by understanding whether Salesforce is the right CRM. Also proactively approach Salesforce licensing by understanding which information to gather and assessing the current state and gaps.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 1: Establish Software Requirements
    • Salesforce Licensing Purchase Reference Guide
    • RASCI Chart

    2. Evaluate licensing options

    Review current products and licensing models to determine which licensing models will most appropriately fit the organization's environment.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 2: Evaluate Licensing Options
    • Salesforce TCO Calculator
    • Salesforce Discount Calculator

    3. Evaluate agreement options

    Review Salesforce’s contract types and assess which best fits the organization’s licensing needs.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 3: Evaluate Agreement Options
    • Salesforce Terms and Conditions Evaluation Tool

    4. Purchase and manage licenses

    Conduct negotiations, purchase licensing, finalize a licensing management strategy, and enhance your CRM with a Salesforce partner.

    • Make Prudent Decisions When Increasing Your Salesforce Footprint – Phase 4: Purchase and Manage Licenses
    • Controlled Vendor Communications Letter
    • Vendor Communication Management Plan
    [infographic]

    Workshop: Make Prudent Decisions When Increasing Your Salesforce Footprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Software Requirements

    The Purpose

    Assess current state and align goals; review business feedback.

    Interview key stakeholders to define business objectives and drivers.

    Key Benefits Achieved

    Have a baseline for whether Salesforce is the right solution.

    Understand Salesforce as a solution.

    Examine all CRM options.

    Activities

    1.1 Perform requirements gathering to review Salesforce as a potential solution.

    1.2 Gather your documentation before buying or renewing.

    1.3 Confirm or create your Salesforce licensing team.

    1.4 Meet with stakeholders to discuss the licensing options and budget allocation.

    Outputs

    Copy of your Salesforce Master Subscription Agreement

    RASCI Chart

    Salesforce Licensing Purchase Reference Guide

    2 Evaluate Licensing Options

    The Purpose

    Review product editions and licensing options.

    Review add-ons and licensing rules.

    Key Benefits Achieved

    Understand how licensing works.

    Discuss licensing rules and their application to your current environment.

    Determine the product and license mix that is best for your requirements.

    Activities

    2.1 Determine the editions, licenses, and add-ons for your Salesforce CRM solution.

    2.2 Calculate total cost of ownership.

    2.3 Use the Salesforce Discount Calculator to ensure you are getting the discount you deserve.

    2.4 Meet with stakeholders to discuss the licensing options and budget allocation.

    Outputs

    Salesforce CRM Solution

    Salesforce TCO Calculator

    Salesforce Discount Calculator

    Salesforce Licensing Purchase Reference Guide

    3 Evaluate Agreement Options

    The Purpose

    Review terms and conditions of Salesforce contracts.

    Review vendors.

    Key Benefits Achieved

    Determine if MSA or term agreement is best.

    Learn what specific terms to negotiate.

    Activities

    3.1 Perform a T&Cs review and identify key “deal breakers.”

    3.2 Decide on an agreement that nets the maximum benefit.

    Outputs

    Salesforce T&Cs Evaluation Tool

    Salesforce Licensing Purchase Reference Guide

    4 Purchase and Manage Licenses

    The Purpose

    Finalize the contract.

    Discuss negotiation points.

    Discuss license management and future roadmap.

    Discuss Salesforce partner and implementation strategy.

    Key Benefits Achieved

    Discuss negotiation strategies.

    Learn about licensing management best practices.

    Review Salesforce partner options.

    Create an implementation plan.

    Activities

    4.1 Know the what, when, and who to negotiate.

    4.2 Control the flow of communication.

    4.3 Assign the right people to manage the environment.

    4.4 Discuss Salesforce partner options.

    4.5 Discuss implementation strategy.

    4.6 Meet with stakeholders to discuss licensing options and budget allocation.

    Outputs

    Salesforce Negotiation Strategy

    Vendor Communication Management Plan

    RASCI Chart

    Info-Tech’s Core CRM Project Plan

    Salesforce Licensing Purchase Reference Guide

    Take the First Steps to Embrace Open-Source Software

    • Buy Link or Shortcode: {j2store}164|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option given the advertised opportunities and the popularity of many open-source projects, but they have concerns:

    • Despite the longevity and broad adoption of open-source software, stakeholders are hesitant about its long-term viability and the costs of ongoing support.
    • A clear direction and strategy are needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Our Advice

    Critical Insight

    • Position open source in the same light as commercial software. The continuous improvement and evolution of popular open-source software and communities have established a reputation for reliability in the industry.
    • Consider open source as another form of outsource development. Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization.
    • Treat open source as any internally developed solution. Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team.

    Impact and Result

    • Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.
    • Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.
    • Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Take the First Steps to Embrace Open-Source Software Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take the First Steps to Embrace Open-Source Software Storyboard – A guide to learn the fit, value, and considerations of open-source software.

    This research walks you through the misconceptions about open source, factors to consider in its selection, and initiatives to prepare your teams for its adoption.

    • Take the First Steps to Embrace Open-Source Software Storyboard

    2. Open-Source Readiness Assessment – A tool to help you evaluate your readiness to embrace open-source software in your environment.

    Use this tool to identify key gaps in the people, processes, and technologies needed to support open source in your organization. It also contains a canvas to facilitate discussions about expectations with your stakeholders and applications teams.

    • Open-Source Readiness Assessment
    [infographic]

    Further reading

    Take the First Steps to Embrace Open-Source Software

    Begin to understand what is required to embrace open-source software in your organization.

    Analyst Perspective

    With great empowerment comes great responsibilities.

    Open-source software promotes enticing technology and functional opportunities to any organization looking to modernize without the headaches of traditional licensing. Many organizations see the value of open source in its ability to foster innovation, be flexible to various use cases and system configurations, and give complete control to the teams who are using and managing it.

    However, open source is not free. While the software is freely and easily accessible, its use and sharing are bound by its licenses, and its implementation requires technical expertise and infrastructure investments. Your organization must be motivated and capable of taking on the various services traditionally provided and managed by the vendor.

    Photo of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Application Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your organization is looking to invest in new software or a tool to solve key business and IT problems. They see open source as a viable option because of the advertised opportunities and the popularity of many open-source projects.

    Despite the longevity and the broad adoption of open-source software, stakeholders are hesitant about its adoption, its long-term viability, and the costs of ongoing support.

    A clear direction and strategy is needed to align the expected value of open source to your stakeholders’ priorities and gain the funding required to select, implement, and support open-source software.

    Common Obstacles

    Your stakeholders’ fears, uncertainties, and doubts about open source may be driven by misinterpretation or outdated information. This hesitancy can persist despite some projects being active longer than their proprietary counterparts.

    Certain software features, support capabilities, and costs are commonly overlooked when selecting open-source software because they are often assumed in the licensing and service costs of commercial software.

    Open-source software is often technically complicated and requires specific skill sets and knowledge. Unfortunately, current software delivery capability gaps impede successful adoption and scaling of open-source software.

    Info-Tech’s Approach

    Outline the value you expect to gain. Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Define your open-source selection criteria. Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Assess the readiness of your team. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Insight Summary

    Overarching Info-Tech Insight

    Open source is as much about an investment in people as it is about technology. It empowers applications teams to take greater control over their technology and customize it as they see fit. However, teams need the time and funding to conduct the necessary training, management, and ongoing community engagement that open-source software and its licenses require.

    • Position open source in the same light as commercial software.
      The continuous improvement and evolution of popular open-source software and communities have established a trusting and reliable reputation in the industry. Open-source software quality and community support can rival similar vendor capabilities given the community’s maturity and contributions in the technology.
    • Consider open source another form of outsource development.
      Open source is externally developed software where the code is accessible and customizable. Code quality may not align to your organization’s standards, which can require extensive testing and optimization. A thorough analysis of change logs, code repositories, contributors, and the community is recommended – much to the same degree as one would do with prospective outsourcing partners.
    • Treat open source as any internally developed solution.
      Configurations, integrations, customizations, and orchestrations of open-source software are often done at the code level. While some community support is provided, most of the heavy lifting is done by the applications team. Teams must be properly resourced, upskilled, and equipped to meet this requirement. Otherwise, third-party partners are needed.

    What is open source?

    According to Synopsys, “Open source software (OSS) is software that is distributed with its source code, making it available for use, modification, and distribution with its original rights. … Programmers who have access to source code can change a program by adding to it, changing it, or fixing parts of it that aren’t working properly. OSS typically includes a license that allows programmers to modify the software to best fit their needs and control how the software can be distributed.”

    What are the popular use cases?

    1. Programming languages and frameworks
    2. Databases and data technologies
    3. Operating systems
    4. Git public repos
    5. Frameworks and tools for AI/ML/DL
    6. CI/CD tooling
    7. Cloud-related tools
    8. Security tools
    9. Container technology
    10. Networking

    Source: OpenLogic, 2022

    Common Attributes of All Open-Source Software

    • Publicly shared repository that anyone can access to use the solution and contribute changes to the design and functionality of the project.
    • A community that is an open forum to share ideas and solution enhancements, discuss project direction and vision, and seek support from peers.
    • Project governance that sets out guidelines, rules, and requirements to participate and contribute to the project.
    • Distribution license that defines the terms of how a solution can be used, assessed, modified, and distributed.

    Take the first steps to embrace open-source software

    Begin to understand what is required to embrace open-source software in your organization.

    A diagram of open-source community.

    State the Value of Open Source: Discuss current business and IT priorities, use cases, and value opportunities to determine what to expect from open-source versus commercial software.

    Select Your Open-Source Software: Clarify the driving factors in your evaluation of open-source and commercial software using your existing IT procurement practices as a starting point.

    Prepare for Open Source: Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of open-source software.

    Step 1.1: State the Value of Open Source

    Diagram of step 1.1

    Activities

    1.1.1 Outline the value you expect to gain from open-source software

    This step involves the following participants:

    • Applications team
    • Product owner

    Outcomes of this step:

    • Value proposition for open source
    • Potential open-source use cases

    Use a canvas to frame your open-source evaluation

    A photo of open-source canvas

    This canvas is intended to provide a single pane of glass to start collecting your thoughts and framing your future conversations on open-source software selection and adoption.

    Record the results in the “Open-Source Canvas” tab in the Open-Source Readiness Assessment.

    Open source presents unique software and tooling opportunities

    Innovation

    Many leading-edge and bleeding-edge technologies are collaborated and innovated in open-source projects, especially in areas that are beyond the vision and scope of vendor products and priorities.

    Niche Solutions

    Open-source projects are focused. They are designed and built to solve specific business and technology problems.

    Flexible & Customizable

    All aspects of the open-source software are customizable, including source code and integrations. They can be used to extend, complement, or replace internally developed code. Licenses define how open-source code should be and must be used, productized, and modified.

    Brand & Recognition

    Open-source communities encourage contribution and collaboration among their members to add functionality and improve quality and adoption.

    Cost

    Open-source software is accessible to everyone, free of charge. Communities do not need be consulted prior to acquisition, but the software’s use, configurations, and modifications may be restricted by its license.

    However, myths continue to challenge adoption

    • Open source is less secure or poorer quality than proprietary solutions.
    • Open source is free from risk of intellectual property (IP) infringement.
    • Open source is cheaper than proprietary solutions.

    What are the top perceived barriers to using enterprise open source?

    • Concerns about the level of support
    • Compatibility concerns
    • Concerns about inherent security of the code
    • Lack of internal skills to manage and support it

    Source: Red Hat, 2022

    Apply Design Thinking to Build Empathy With the Business

    • Buy Link or Shortcode: {j2store}89|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $20,772 Average $ Saved
    • member rating average days saved: 13 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • Business satisfaction with IT is low.
    • IT and the business have independently evolving strategy, initiatives, and objectives.
    • IT often exceeds their predicted project costs and has difficulty meeting the business’ expectations of project quality and time-to-market.

    Our Advice

    Critical Insight

    • Business needs are unclear or ambiguous.
    • IT and the business do not know how to leverage each other’s talent and resources to meet their common goals.
    • Not enough steps are taken to fully understand and validate problems.
    • IT can’t pivot fast enough when the business’s needs change.

    Impact and Result

    Product, service, and process design should always start with an intimate understanding of what the business is trying to accomplish and why it is important.

    Apply Design Thinking to Build Empathy With the Business Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should apply experience design to partner with the business, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Research

    Identify goals and objectives for experience design, establish targeted stakeholders, and conduct discovery interviews.

    • Apply Design Thinking to Build Empathy With the Business – Phase 1: Research
    • Stakeholder Discovery Interview Template

    2. Map and iterate

    Create the journey map, design a research study to validate your hypotheses, and iterate and ideate around a refined, data-driven understanding of stakeholder problems.

    • Apply Design Thinking to Build Empathy With the Business – Phase 2: Map and Iterate
    • Journey Map Template
    • Research Study Log Tool
    [infographic]

    Workshop: Apply Design Thinking to Build Empathy With the Business

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Introduction to Journey Mapping

    The Purpose

    Understand the method and purpose of journey mapping.

    Key Benefits Achieved

    Initial understanding of the journey mapping process and the concept of end-user empathy.

    Activities

    1.1 Introduce team and discuss workshop motivations and goals.

    1.2 Discuss overview of journey mapping process.

    1.3 Perform journey mapping case study activity.

    Outputs

    Case Study Deliverables – Journey Map and Empathy Maps

    2 Persona Creation

    The Purpose

    Begin to understand the goals and motivations of your stakeholders using customer segmentation and an empathy mapping exercise.

    Key Benefits Achieved

    Understand the demographic and psychographic factors driving stakeholder behavior.

    Activities

    2.1 Discuss psychographic stakeholder segmentation.

    2.2 Create empathy maps for four segments.

    2.3 Generate problem statements.

    2.4 Identify target market.

    Outputs

    Stakeholder personas

    Target market of IT

    3 Interview Stakeholders and Start a Journey Map

    The Purpose

    Get first-hand knowledge of stakeholder needs and start to capture their perspective with a first-iteration journey map.

    Key Benefits Achieved

    Capture the process stakeholders use to solve problems and empathize with their perspectives, pains, and gains.

    Activities

    3.1 Review discovery interviewing techniques.

    3.2 Review and modify the discovery questionnaire

    3.3 Demonstrate stakeholder interview.

    3.4 Synthesize learnings and begin creating a journey map.

    Outputs

    Customized discovery interview template

    Results of discovery interviewing

    4 Complete the Journey Map and Create a Research Study

    The Purpose

    Hypothesize the stakeholder journey, identify assumptions, plan a research study to validate your understanding, and ideate around critical junctures in the journey.

    Key Benefits Achieved

    Understand the stakeholder journey and ideate solutions with the intention of improving their experience with IT.

    Activities

    4.1 Finish the journey map.

    4.2 Identify assumptions and create hypotheses.

    4.3 Discuss field research and hypothesis testing.

    4.4 Design the research study.

    4.5 Discuss concluding remarks and next steps.

    Outputs

    Completed journey map for one IT process, product, or service

    Research study design and action plan

    Implement DevOps Practices That Work

    • Buy Link or Shortcode: {j2store}155|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $42,916 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • In today’s world, business agility is essential to stay competitive. Quick responses to business needs through efficient development and deployment practices are critical for business value delivery.
    • Organizations are looking to DevOps as an approach to rapidly deliver changes, but they often lack the foundations to use DevOps effectively.

    Our Advice

    Critical Insight

    Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.

    Impact and Result

    • Understand the basics of DevOps-related improvements.
    • Assess the health and conduciveness of software delivery process through Info-Tech Research Group’s MATURE framework.

    Implement DevOps Practices That Work Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement DevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Examine your current state

    Understand the current state of your software delivery process and categorize existing challenges in it.

    • DevOps Readiness Survey

    2. MATURE your delivery lifecycle

    Brainstorm solutions using Info-Tech Research Group’s MATURE framework.

    • DevOps Roadmap Template

    3. Choose the right metrics and tools for your needs

    Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.

    • DevOps Pipeline Maturity Assessment

    4. Select horizons for improvement

    Lay out a schedule for enhancements for your software process to make it ready for DevOps.

    [infographic]

    Workshop: Implement DevOps Practices That Work

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Examine Your Current State

    The Purpose

    Set the context for improvement.

    Key Benefits Achieved

    Provide a great foundation for an actionable vision and goals that people can align to.

    Activities

    1.1 Review the outcome of the DevOps Readiness Survey.

    1.2 Articulate the current-state delivery process.

    1.3 Categorize existing challenges using PEAS.

    Outputs

    Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process

    A categorized list of challenges currently evident in the delivery process

    2 MATURE Your Delivery Lifecycle

    The Purpose

    Brainstorm solutions using the MATURE framework.

    Key Benefits Achieved

    Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.

    Activities

    2.1 Brainstorm solutions for identified challenges.

    2.2 Understand different DevOps topologies within the context of strong communication and collaboration.

    Outputs

    A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles

    (Optional) Identify a team topology that works for your organization.

    3 Choose the Right Metrics and Tools for Your Needs

    The Purpose

    Select metrics and tools for your DevOps-inspired delivery pipeline.

    Key Benefits Achieved

    Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.

    Activities

    3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.

    3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.

    3.3 (Optional) Assess DevOps pipeline maturity.

    Outputs

    A list of metrics that will assist in measuring the progress of your organization’s DevOps transition

    A list of tools that meet enterprise standards and enhance delivery processes

    4 Define Your Release, Communication, and Next Steps

    The Purpose

    Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.

    Key Benefits Achieved

    Roadmap of steps to take in the coming future.

    Activities

    4.1 Create a roadmap for future-state delivery process.

    Outputs

    Roadmap for future-state delivery process

    Understand the Data and Analytics Landscape

    • Buy Link or Shortcode: {j2store}131|cart{/j2store}
    • member rating overall impact: 9.8/10 Overall Impact
    • member rating average dollars saved: $2,000 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The data and analytics landscape comprises many disciplines and components; organizations may find themselves unsure of where to start or what data topic or area they should be addressing.
    • Organizations want to better understand the components of the data and analytics landscape and how they are connected.

    Our Advice

    Critical Insight

    • This deck will provide a base understanding of the core data disciplines and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

    Impact and Result

    • This deck will provide a base understanding of the core disciplines of the data and analytics landscape and will point to the various Info-Tech blueprints that dive deeper into each of the areas.

    Understand the Data and Analytics Landscape Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the data and analytics landscape

    Get an overview of the core disciplines of the data and analytics landscape.

    • Understand the Data and Analytics Landscape Storyboard

    Infographic

    Plan Your Digital Transformation on a Page

    • Buy Link or Shortcode: {j2store}81|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $34,649 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy
    • Digital investments often under deliver on expectations of return, and there is no cohesive approach to managing the flow of capital into digital.
    • The focus of the business has historically been to survive technological disruption rather than to thrive in it.
    • Strategy is based mostly on opinion rather than an objective analysis of the outcomes customers want from the organization.
    • Digital is considered a buzzword – nobody has a clear understanding of what it is and what it means in the organization’s context.

    Our Advice

    Critical Insight

    • The purpose of going digital is getting one step closer to the customer. The mark of a digital organization lies in how they answer the question, “How does what we’re doing contribute to what the customer wants from us?”
    • The goal of digital strategy is digital enablement. An organization that is digitally enabled no longer needs a digital strategy, it’s just “the strategy.”

    Impact and Result

    • Focus strategy making on delivering the digital outcomes that customers want.
      • Leverage the talent, expertise, and perspectives within the organization to build a customer-centric digital strategy.
    • Design a balanced digital strategy that creates value across the five digital value pools:
      • Digital marketing, digital channels, digital products, digital supporting capabilities, and business model innovation.
    • Ask how disruption can be leveraged, or even become the disruptor.
      • Manage disruption through quick-win approaches and empowering staff to innovate.
    • Use a Digital Strategy-on-a-Page to spark the digital transformation.
      • Drive awareness and alignment on the digital vision and spark your organization’s imagination around digital.

    Plan Your Digital Transformation on a Page Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand how digital disruption is driving the need for transformation, and how Info-Tech’s methodology can help.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Scope the digital transformation

    Learn how to apply the Digital Value Pools thought model and scope strategy around them.

    • Plan Your Digital Transformation on a Page – Phase 1: Scope the Digital Transformation

    2. Design the digital future state vision

    Identify business imperatives, define digital outcomes, and define the strategy’s guiding principles.

    • Plan Your Digital Transformation on a Page – Phase 2: Design the Digital Future State Vision
    • Digital Strategy on a Page

    3. Define the digital roadmap

    Define, prioritize, and roadmap digital initiatives and plan contingencies.

    • Plan Your Digital Transformation on a Page – Phase 3: Define the Digital Roadmap

    4. Sustain digital transformation

    Create, polish, and socialize the Digital Strategy-on-a-Page.

    • Plan Your Digital Transformation on a Page – Phase 4: Sustain Digital Transformation
    [infographic]

    Workshop: Plan Your Digital Transformation on a Page

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Scope the Digital Transformation

    The Purpose

    Identify the need for and use of digital strategy and determine a realistic scope for the digital strategy.

    Key Benefits Achieved

    The digital strategy project is planned and scoped around a subset of the five digital value pools.

    Activities

    1.1 Introduction to digital strategy.

    1.2 Establish motivation for digital.

    1.3 Discuss in-flight digital investments.

    1.4 Define the scope of digital.

    1.5 Identify stakeholders.

    1.6 Perform discovery interviews.

    1.7 Select two value pools to focus day 2, 3, and 4 activities.

    Outputs

    Business model canvas

    Stakeholder power map

    Discovery interview results

    Two value pools for focus throughout the workshop

    2 Design the Digital Future State Vision

    The Purpose

    Create guiding principles to help define future digital initiatives. Generate the target state with the help of strategic goals.

    Key Benefits Achieved

    Establish the basis for planning out the initiatives needed to achieve the target state from the current state.

    Activities

    2.1 Identify digital imperatives.

    2.2 Define key digital outcomes.

    2.3 Create a digital investment thesis.

    2.4 Define digital guiding principles.

    Outputs

    Corporate strategy analysis, PESTLE analysis, documented operational pain points (value streams)

    Customer needs assessment (journey maps)

    Digital investment thesis

    Digital guiding principles

    3 Define the Digital Roadmap

    The Purpose

    Understand the gap between the current and target state. Create transition options and assessment against qualitative and quantitative metrics to generate a list of initiatives the organization will pursue to reach the target state. Build a roadmap to plan out when each transition initiative will be implemented.

    Key Benefits Achieved

    Finalize the initiatives the organization will use to achieve the target digital state. Create a roadmap to plan out the timing of each initiative and generate an easy-to-present document for digital strategy approval.

    Activities

    3.1 Identify initiatives to achieve digital outcomes.

    3.2 Align in-flight initiatives to digital initiatives.

    3.3 Prioritize digital initiatives.

    3.4 Document architecturally significant requirements for high-priority initiatives.

    Outputs

    Digital outcomes and KPIs

    Investment/value pool matrix

    Digital initiative prioritization

    Architecturally significant requirements for high-priority initiatives

    4 Define the Digital Roadmap

    The Purpose

    Plan your approach to socializing the digital strategy to help facilitate the cultural changes necessary for digital transformation.

    Key Benefits Achieved

    Plant the seed of digital and innovation to start making digital a part of the organization’s DNA.

    Activities

    4.1 Review and refine Digital Strategy on a Page.

    4.2 Assess company culture.

    4.3 Define high-level cultural changes needed for successful transformation.

    4.4 Define the role of the digital transformation team.

    4.5 Establish digital transformation team membership and desired outcomes.

    Outputs

    Digital Strategy on a Page

    Strategyzer Culture Map

    Digital transformation team charter

    Capture and Market the ROI of Your VMO

    • Buy Link or Shortcode: {j2store}212|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $108,234 Average $ Saved
    • member rating average days saved: 9 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • All IT organizations are dependent on their vendors for technology products, services, and solutions to support critical business functions.
    • Measuring the impact of and establishing goals for the vendor management office (VMO) to maximize its effectiveness requires an objective and quantitative approach whenever possible.
    • Sharing the VMO’s impact internally is a balancing act between demonstrating value and self-promotion.

    Our Advice

    Critical Insight

    • The return on investment (ROI) calculation for your VMO must be customized. The ROI components selected must match your VMO ROI maturity, resources, and roadmap. There is no one-size-fits-all approach to calculating VMO ROI.
    • ROI contributions come from many areas and sources. To maximize the VMO’s ROI, look outside the traditional framework of savings and cost avoidance to vendor-facing interactions and the impact the VMO has on internal departments.

    Impact and Result

    • Quantifying the contributions of the VMO takes the guess work out of whether the VMO is performing adequately.
    • Taking a comprehensive approach to measuring the value created by the VMO and the ROI associated with it will help the organization appreciate the importance of the VMO.
    • Establishing goals for the VMO with the help of the executives and key stakeholders ensures that the VMO is supporting the needs of the entire organization.

    Capture and Market the ROI of Your VMO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should calculate and market internally your VMO’s ROI, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get organized

    Begin the process by identifying your VMO’s ROI maturity level and which calculation components are most appropriate for your situation.

    • Capture and Market the ROI of the VMO – Phase 1: Get Organized
    • VMO ROI Maturity Assessment Tool
    • VMO ROI Calculator and Tracker
    • VMO ROI Data Source Inventory and Evaluation Tool
    • VMO ROI Summary Template

    2. Establish baseline

    Set measurement baselines and goals for the next measurement cycle.

    • Capture and Market the ROI of the VMO – Phase 2: Establish Baseline
    • VMO ROI Baseline and Goals Tool

    3. Measure and monitor results

    Measure the VMO's ROI and value created by the VMO’s efforts and the overall internal satisfaction with the VMO.

    • Capture and Market the ROI of the VMO – Phase 3: Measure and Monitor Results
    • RFP Cost Estimator
    • Improvements in Working Capital Estimator
    • Risk Estimator
    • General Process Cost Estimator and Delta Estimator
    • VMO Internal Client Satisfaction Survey
    • Vendor Security Questionnaire
    • Value Creation Worksheet
    • Deal Summary Report Template

    4. Report results

    Report the results to key stakeholders and executives in a way that demonstrates the value added by the VMO to the entire organization.

    • Capture and Market the ROI of the VMO – Phase 4: Report Results
    • Internal Business Review Agenda Template
    • IT Spend Analytics
    • VMO ROI Reporting Worksheet
    • VMO ROI Stakeholder Report Template
    [infographic]

    Workshop: Capture and Market the ROI of Your VMO

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Get Organized

    The Purpose

    Determine how you will measure the VMO’s ROI.

    Key Benefits Achieved

    Focus your measurement on the appropriate activities.

    Activities

    1.1 Determine your VMO’s maturity level and identify applicable ROI measurement categories.

    1.2 Review and select the appropriate ROI formula components for each applicable measurement category.

    1.3 Compile a list of potential data sources, evaluate the viability of each data source selected, and assign data collection and analysis responsibilities.

    1.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    VMO ROI maturity level and first step of customizing the ROI formula components.

    Second and final step of customizing the ROI formula components…what will actually be measured.

    Viable data sources and assignments for team members.

    A progress report for key stakeholders and executives.

    2 Establish Baseline

    The Purpose

    Set baselines to measure created value against.

    Key Benefits Achieved

    ROI contributions cannot be objectively measured without baselines.

    Activities

    2.1 Gather baseline data.

    2.2 Calculate/set baselines.

    2.3 Set SMART goals.

    2.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.

    Outputs

    Data to use for calculating baselines.

    Baselines for measuring ROI contributions.

    Value creation goals for the next measurement cycle.

    An updated progress report for key stakeholders and executives.

    3 Measure and Monitor Results

    The Purpose

    Calculate the VMO’s ROI.

    Key Benefits Achieved

    An understanding of whether the VMO is paying for itself.

    Activities

    3.1 Assemble the data and calculate the VMO’s ROI.

    3.2 Organize the data for the reporting step.

    Outputs

    The VMO’s ROI expressed in terms of how many times it pays for itself (e.g. 1X, 3X, 5X).

    Determine which supporting data will be reported.

    4 Report Results

    The Purpose

    Report results to stakeholders.

    Key Benefits Achieved

    Stakeholders understand the value of the VMO.

    Activities

    4.1 Create a reporting template.

    4.2 Determine reporting frequency.

    4.3 Decide how the reports will be distributed or presented.

    4.4 Send out a draft report and update based on feedback.

    Outputs

    A template for reporting ROI and supporting data.

    A decision about quarterly or annual reports.

    A decision regarding email, video, and in-person presentation of the ROI reports.

    Final ROI reports.

    Enterprise Storage Solution Considerations

    • Buy Link or Shortcode: {j2store}507|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Storage & Backup Optimization
    • Parent Category Link: /storage-and-backup-optimization
    • Enterprise storage technology and options are challenging to understand.
    • There are so many options. How do you decide what the best solution is for your storage challenge??
    • Where do you start when trying to solve your enterprise storage challenge?

    Our Advice

    Critical Insight

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Impact and Result

    Look to existing use cases based on actual Info-Tech analyst calls to help in your decision-making process.

    Enterprise Storage Solution Considerations Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Storage Solution Considerations – Narrow your focus with the right product type and realize efficiencies.

    Explore the building blocks of enterprise storage so you can select the best solution, narrow your focus with the correct product type, explore the features that should be considered when evaluating enterprise storage offerings, and examine use cases based on actual Info-Tech analyst calls to find a storage solution for your situation.

    • Enterprise Storage Solution Considerations Storyboard

    2. Modernize Enterprise Storage Workbook – Understand your data requirements.

    The first step in solving your enterprise storage challenge is identifying your data sources, data volumes, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions. This tool can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.

    • Modernize Enterprise Storage Workbook
    [infographic]

    Further reading

    Enterprise Storage Solution Considerations

    Narrow your focus with the right product type and realize efficiencies.

    Analyst Perspective

    The vendor landscape is continually evolving, as are the solutions they offer. The options and features are increasing and appealing.

    The image contains a picture of P.J. Ryan.

    To say that the current enterprise storage landscape looks interesting would be an understatement. The solutions offered by vendors continue to grow and evolve. Flash and NVMe are increasing the speed of storage media and reducing latency. Software-defined storage is finding the most efficient use of media to store data where it is best served while managing a variety of vendor storage and older storage area networks and network-attached storage devices.

    Storage as a service is taking on a new meaning with creative solutions that let you keep the storage appliance on premises or in a colocated data center while administration, management, and support are performed by the vendor for a nominal monthly fee.

    We cannot discuss enterprise storage without mentioning the cloud. Bring a thermometer because you must understand the difference between hot, warm, and cold storage when discussing the cloud options. Very hot and very cold may also come into play.

    Storage hardware can assume a higher total cost of ownership with support options that replace the controllers on a regular basis. The options with this type of service are also varied, but the concept of not having to replace all disks and chassis nor go through a data migration is very appealing to many companies.

    The cloud is growing in popularity when it comes to enterprise storage, but on-premises solutions are still in demand, and whether you choose cloud or on premises, you can be guaranteed an array of features and options to add stability, security, and efficiency to your enterprise storage.

    P.J. Ryan
    Research Director, Infrastructure & Operations
    Info-Tech Research Group

    Executive Summary

    Info-Tech Insight

    The vendor landscape is continually evolving, as are the solutions they offer.

    Storage providers are getting acquired by bigger players, “outside the box” thinking is disrupting the storage support marketplace, “as a service” storage offerings are evolving, and what is a data lake and do I need one? The traditional storage vendors are not alone in the market, and the solutions they offer are no longer traditional either. Explore the landscape and understand your options before you make any enterprise storage solution purchases.

    Understand the building blocks of storage so you can select the best solution.

    There are multiple storage formats for data, along with multiple hardware form factors and disk types to hold those various data formats. Software plays a significant role in many of these storage solutions, and cloud offerings take advantage of all the various formats, form factors, and disks. The challenge is matching your data type with the correct storage format and solution.

    Look to existing use cases to help in your decision-making process.

    Explore previous experiences from others by reading use cases to determine what the best solution is for your challenge. You’re probably not the first to encounter the challenge you’re facing. Another organization may have previously reached out for assistance and found a viable solution that may be just what you also need.

    Enterprise storage has evolved, with more options than ever

    Data is growing, data security will always be a concern, and vendors are providing more and more options for enterprise storage.

    “By 2025, it’s estimated that 463 exabytes of data will be created each day globally – that’s the equivalent of 212,765,957 DVDs per day!” (Visual Capitalist)

    “Modern criminal groups target not only endpoints and servers, but also central storage systems and their backup infrastructure.” (Continuity Software)

    Cloud or on premises? Maybe a hybrid approach with both cloud and on premises is best for you. Do you want to remove the headaches of storage administration, management, and support with a fully managed storage-as-a-service solution? Would you like to upgrade your controllers every three or four years without a major service interruption? The options are increasing and appealing.

    High-Level Considerations

    1. Understand Your Data

    Understand how much data you have and where it is located. This will be crucial when evaluating enterprise storage solutions.

    2. Plan for Growth

    Your enterprise storage considerations should include your data needs now and in the future.

    3. Understand the Mechanics

    Take the time to understand the various data storage formats, disk types, and associated technology, as well as the cloud-based and on-premises options. This will help you select the right tool for your needs.

    Storage formats, disk drives, and technology

    Common data storage formats, technology, and drive types are outlined below. Understanding how data is stored as well as the core building blocks for larger systems will help you decide which solution is best for your storage needs.

    Format

    What it is

    Disk Drives and Technology

    File Storage

    File storage is hierarchical storage that uses files, folders, subfolders, and directories. You enter a specific filename and path to access the file, such as P:\users\johndoe\strategy\cloud.doc. If you ever saved a file on a server, you used file storage. File storage is usually managed by some type of file manager, such as File Explorer in Windows. Network-attached storage (NAS) devices use file storage.

    Hard Disk Drives (HDD)

    HDD use a platter of spinning disks to magnetically store data. The disks are thick enough to make them rigid and are referred to as hard disks.

    HDD is older technology but is still in demand and offered by vendors.

    Object Storage

    Object storage is when data is broken into distinct units, called objects. These objects are stored in a flat, non-hierarchical structure in a single location or repository. Each object is identified by its associated ID and metadata. Objects are accessed by an application programming interface (API).

    Flash

    Flash storage uses flash memory chips to store data. The flash memory chips are written with electricity and contain no moving parts. Flash storage is very fast, which is how the technology got its name (“Flash vs. SSD Storage,” Enterprise Storage Forum, 2018).

    Block Storage

    Block storage is when data is divided up into fixed-size blocks and stored with a unique identifier. Blocks can be stored in different environments, such as Windows or Linux. Storage area networks (SANs) use block storage.

    Solid-State Drive (SSD)

    SSD is a storage mechanism that also does not use any moving parts. Most SSD drives use flash storage, but other options are available for SSD.

    Nonvolatile Memory Express (NVMe)

    NVMe is a communications standard developed specially for SSDs by a consortium of vendors including Intel, Samsung, SanDisk, Dell, and Seagate. It operates across the PCIe bus (hence the “Express” in the name), which allows the drives to act more like the fast memory that they are rather than the hard disks they imitate (PCWorld).

    Narrow your focus with the right product type

    On-premises enterprise storage solutions fit into a few distinct product types.

    Network-Attached Storage

    Storage Area Network

    Software-Defined Storage

    Hyperconverged Infrastructure

    NAS refers to a storage device that is connected directly to your network. Any user or device with access to your network can access the available storage provided by the NAS. NAS storage is easily scalable and can add data redundancy through RAID technology. NAS uses the file storage format.

    NAS storage may or may not be the first choice in terms of enterprise storage, but it does have a solid market appeal as an on-premises primary backup storage solution.

    A SAN is a dedicated network of pooled storage devices. The dedicated network, separate from the regular network, provides high speed and scalability without concern for the regular network traffic. SANs use block storage format and can be divided into logical units that can be shared between servers or segregated from other servers. SANs can be accessed by multiple servers and systems at the same time. SANs are scalable and offer high availability and redundancy through RAID technology.

    SANs can use a variety of disk types and sizes and are quite common among on-premises storage solutions.

    “Software-defined storage (SDS) is a storage architecture that separates storage software from its hardware. Unlike traditional network-attached storage (NAS) or storage area network (SAN) systems, SDS is generally designed to perform on any industry-standard or x86 system, removing the software’s dependence on proprietary hardware.” (RedHat)

    SDS uses software-based policies and rules to grow and protect storage attached to applications.

    SDS allows you to use server-based storage products to add management, protection, and better usage.

    Hyperconverged storage uses virtualization and software-defined storage to combine the storage, compute, and network resources along with a hypervisor into one appliance.

    Hyperconverged storage can scale out by adding more nodes or appliances, but scaling up, or adding more resources to each appliance, can have limitations. There is flexibility as hyperconverged storage can work with most network and compute manufacturers.

    Cloud storage

    • Cloud storage is online storage offered by a cloud provider. Cloud storage is available almost anywhere and is set up with high availability features such as data duplication, redundancy, backup, and power failure protection.
    • Cloud storage is very scalable and typically is offered as object storage, block storage, or file storage. Cloud storage vendors may have their own naming scheme for object, block, or file storage.
    • Cloud-hosted data is marketed according to the frequency of access and length of time in storage. There are typically three main levels of storage: hot, warm, or cold. Vendors may have their own naming convention for hot, warm, and cold storage. Some may also add more layers such as very hot or very cold.
      • Hot storage is for data that is frequently accessed and modified. It is available on demand and is the most costly of the storage levels.
      • Cold storage is for data that will sit for a long period of time and not need to be accessed. Cold storage is usually only available after several hours or days. Cold storage is very low cost and, in some cases, even free, but retrieval or restoration for the free services can be costly.
      • Warm storage sits in between hot and cold storage. It is for data that is infrequently needed. The cost of warm storage is also in between hot and cold storage costs, and access times are measured in terms of minutes or hours.
      • It is not uncommon for data to start in hot storage and, as it ages, move to warm and eventually cold storage.

    “Enterprise cloud storage offers nearly unlimited scalability. Enterprises can add storage quickly and easily as it is needed, eliminating the risk and cost of over-provisioning.”

    – Spectrum Enterprise

    “Hot data will operate on fresh data. Cold data will operate on less frequent data and [is] used mainly for reporting and planning. Warm data is a balance between the two.”

    – TechBlost

    Enterprise storage features

    The features listed below, while not intended to cover all features offered by all vendors, should be considered and could act as a baseline for discussions with storage providers when evaluating enterprise storage offerings.

    • Scalability
      • What are the options to expand, and how easy or difficult it is to expand capacity in the future?
    • Security
      • Does the solution offer data encryption options as well as ransomware protections?
    • Integration options
      • Can the solution support seamless connectivity with other solutions and applications, such as cloud-based storage or backup software?
    • Storage reduction
      • Does the solution offer space-reduction options such as deduplication or data compression?
    • Replication
      • Does the solution offer replication options such as device to device on premises, device to device when geographically separated, device to cloud, or a combination of these scenarios?
    • Performance
      • “Enterprise storage systems have two main ‘speed’ measurements: throughput and IOPS. Throughput is the data transfer rate to and from storage media, measured in bytes per second; IOPS measures the number of reads and writes – input/output (I/O) operations – per second.” (Computer Weekly)
    • Protocol support
      • Does the solution support object-based, block-based, and file-based storage protocols?
    • Storage Efficiency
      • How efficient is the solution? Can they prove it?
      • Storage efficiencies must be available and baselined.
    • Management platform
      • A management/reporting platform should be a component included in the system.
    • Multi-parity
      • Does the solution offer multi-level block “parity” for RAID 6 protection equivalency, which would allow for the simultaneous failure of two disks?
    • Proactive support
      • Features such as call home, dial in, or remote support must be available on the system.
    • Financial considerations
      • The cost is always a concern, but are there subscription-based or “as-a-service” options?
      • Internally, is it better for this expenditure to be a capital expenditure or an ongoing operating expense?

    What’s new in enterprise storage

    • Data warehouses are not a new concept, but the data storage evolution and growth of data means that data lakes and data lakehouses are growing in popularity.
      • “A data lake is a centralized repository that allows you to store all your structured and unstructured data at any scale. You can store your data as-is, without having to first structure the data” (Amazon Web Services).
      • Analytics with a data lake is possible, but manipulation of the data is hindered due to the nature of the data. A data lakehouse adds data management and analytics to a data lake, similar to the data warehouse functionality added to databases.
    • Options for on-premises hardware support is changing.
      • Pure Storage was the first to shake up the SAN support model with its Evergreen support option. Evergreen//Forever support allows for storage controller upgrades without having to migrate data or replace your disks or chassis (Pure Storage).
      • In response to the Pure Storage Evergreen offering, Dell, HPE, NetApp, and others have come out with similar programs that offer controller upgrades while maintaining the data, disks, and chassis.
    • “As a service” is available as a hybrid solution.
      • Storage as a service (STaaS) originally referred to hosted, fully cloud-based offerings without the need for any on-premises hardware.
      • The latest STaaS offerings provide on-premises or colocated hardware with pay-as-you-go subscription pricing for data consumption. Administration, management, and support are included. The vendor will supply support and manage everything on your behalf.
      • Most of the major storage vendors offer a variation of storage as a service.

    “Because data lakes mostly consist of raw unprocessed data, a data scientist with specialized expertise is typically needed to manipulate and translate the data.”

    – DevIQ

    “A Lakehouse is also a type of centralized data repository, integrated from heterogeneous sources. As can be expected from its name, It shares features with both datawarehouses and data lakes.”

    – Cesare

    “Storage as a service (STaaS) eliminates Capex, simplifies management and offers extensive flexibility.”

    – TechTarget

    Major vendors

    The current vendor landscape for enterprise storage solutions represents a range of industry veterans and the brands they’ve aggregated along the way, as well as some relative newcomers who have come to the forefront within the past ten years.

    Vendors like Dell EMC and HPE are longstanding veterans of storage appliances with established offerings and a back catalogue of acquisitions fueling their growth. Others such as Pure Storage offer creative solutions like all-flash arrays, which are becoming more and more appealing as flash storage becomes more commoditized.

    Cloud-based vendors have become popular options in recent years. Cloud storage provides many options and has attracted many other vendors to provide a cloud option in addition to their on-premises solutions. Some software and hardware vendors also partner with cloud vendors to offer a complete solution that includes storage.

    Info-Tech Insight

    Explore your current vendor’s solutions as a starting point, then use that understanding as a reference point to dive into other players in the market

    Key Players

    • Amazon
    • Cisco
    • Dell EMC
    • Google
    • Hewlett Packard Enterprise
    • Hitachi Vantara
    • IBM
    • Microsoft
    • NetApp
    • Nutanix
    • Pure Storage

    Enterprise Storage Use Cases

    Block, object, or file storage? NAS, SAN, SDS, or HCI? Cloud or on prem? Hot, warm, or cold?
    Which one do you choose?
    The following use cases based on actual Info-Tech analyst calls may help you decide.

    1. Offsite backup solution
    2. Infrastructure consolidation
    3. DR/BCP datacenter duplication
    4. Expansion of existing storage
    5. Complete backup solution
    6. Existing storage solution going out of support soon
    7. Video storage
    8. Classify and offload storage

    Offsite backup solution

    “Offsite” may make you think of geographical separation or even cloud-based storage, but what is the best option and why?

    Use Case: How a manufacturing company dealt with retired applications

    • A leading manufacturing company had to preserve older applications no longer in use.
    • The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies, and although the data they held had been migrated to a replacement solution, executives felt they should hold on to these applications for a period of time, just in case.
    • A modern archiving solution was considered, but a research advisor from Info-Tech Research joined a call with the manufacturing company and helped the client realize that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment.
    • The data could be exported from the legacy application into a nonsequential database, compressed, and stored in cloud-based cold storage for less than $5 per terabyte per month. The manufacturing company staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.
    • Cold storage is inexpensive until you start retrieving that data frequently. The manufacturing company knew they did not have a requirement to retrieve the application and data for a very long time, so cloud-based cold storage was ideal.

    “Data retrieval from cold storage is harder and slower than it is from hot storage. … Because of the longer retrieval time, online cold storage plans are often much cheaper. … The downside is that you’d incur additional costs when retrieving the data.”

    – Ben Stockton, Cloudwards

    Infrastructure consolidation

    Hyperconverged infrastructure combines storage, virtual infrastructure, and associated management into one piece of equipment.

    Use Case: How one company dealt with equipment and storage needs

    • One Info-Tech client had recently started in the role of IT director and realized he had inherited aging infrastructure along with a serious data challenge. The storage appliances were old and out of support. The appliances were performing inadequately, and the client was in need of more data due to ongoing growth, but he also realized that the virtual environment was running on very old servers that were no longer supported. The IT director reached out to Info-Tech to find solutions to the virtualization challenge, but the storage problem also came up throughout the course of the conversation with an analyst.
    • The analyst quickly realized that the IT director was an ideal candidate for a hyperconverged infrastructure (HCI) storage solution, which would also provide the necessary virtual environment.
    • The analyst explained the benefits of having a single appliance that would provide virtualization needs as well as storage needs. The built-in management features would ease the burden of administration, and the software-defined nature of the HCI would allow for the migration of data as well as future expansion options.
    • Hyperconverged infrastructure is offered by many vendors under a variety of names. Most are similar but some may have a better interface or other features. The expansion process is simple, and HCI is a good fit for many organizations looking to consolidate virtual infrastructure and storage.

    “HCI environments use a hypervisor, usually running on a server that uses direct-attached storage (DAS), to create a data center pool of systems and resources.”

    – Samuel Greengard, Datamation

    Datacenter duplication

    SAN providers offer a varied range of options for their products, and those options are constantly evolving.

    Use Case: Independent school district provides better data access using SAN technology

    • An independent school district was expanding by adding a second data center in a new school. This new data center would be approximately 20 miles away from the original data center used by the district. The intent was not to replace the original data center but to use both centers to store data and provide services concurrently. The district’s ideal scenario would be that users would not know or care which data center they were reaching, and there would be no difference in the service received from each data center. The school district reached out to Info-Tech when planning discussions reached the topic of data duplication and replication software.
    • An Info-Tech analyst joined a call with the school district and guided the conversation toward the existing environment to understand what options might be available. The analyst quickly discovered that all the district’s servers were virtual, and all associated data was stored on a single SAN.
    • The analyst informed the school district staff about SAN options, including SAN-to-SAN replication. If the school district had a sufficient link between the two data centers, SAN-to-SAN replication would work for them and provide the two identical copies of data at two locations.
    • The analyst continued to offer explanations of other features that some vendors offer with their SANs, such as the ability to turn on or off deduplication and compression, as well as disk options such as flash or NVMe.
    • The school district was moving to the request for proposal (RFP) stage but hoped to have SAN-to-SAN replication implemented before the next academic year started.

    “SAN-to-SAN replication is a low-cost, highly efficient way to manage mounting quantities of stored data.”

    – Secure Infrastructure & Services

    Expansion of existing storage

    That old storage area network may still have some useful life left in it.

    Use Case: Municipality solves data storage aging and growth challenge

    • A municipality in the United States reached out to Info-Tech for guidance on its storage challenge. The municipality had accumulated multiple SANs from different vendors over the years. These SANs were running out of storage, and more data storage was needed. The municipality’s data was growing at a rapid pace, thanks to municipal growth and expansion of services. The IT team was also concerned with modernizing their storage and not hindering their long-term growth by making the wrong purchase decision for their current storage needs.
    • An analyst from Info-Tech discussed several options with the municipality but in the end advised that software-defined storage may be the best solution.
    • Software-defined storage (SDS) would allow the municipality to gain better visibility into existing storage while making more efficient use of existing and new storage. SDS could take over the management of the existing storage from multiple vendors and add additional storage as required. SDS would also be able to integrate cloud-based storage if that was the direction taken by the municipality in the future.
    • The municipality moved forward with an SDS solution and added some additional storage capacity. They used some of their existing SANs but retired the more troublesome ones. The SDS system managed all the storage instances and data management. The administration of the storage environment was easier for the storage admins, and long-term savings were achieved through better storage management.

    “Often enterprises have added storage on an ad hoc basis as they needed it for various applications. That can result in a mishmash of heterogenous storage hardware from a wide variety of vendors. SDS offers the ability to unify management of these different storage devices, allowing IT to be more efficient.”

    – Cynthia Harvey, Enterprise Storage Forum (“What Is Software Defined Storage?”, 2018)

    Complete backup solution

    Many backup software solutions can provide backups to multiple locations, making two-location backups simple.

    Use Case: How an oil refinery modernized its backup solution

    • A large oil refinery needed a better solution for the storage of backups. The refinery was replacing its backup software solution but also wanted to improve the backup storage situation and move away from tape-based storage. All other infrastructure was reasonably modern and not in need of replacement at this time.
    • A research analyst from Info-Tech helped the client realize that the solution was a modified backup. The general guidance for backups is have a least one copy offsite, so the cloud was the obvious focal point. The analyst also explained that it would be beneficial to have a recent copy of the backup available on site for common restoration requests in addition to having the offsite copy for disaster recovery (DR) purposes.
    • The refinery staff conducted a data analysis to determine how much data was being backed up on a daily basis. The solution proposed by the analyst included network-attached storage (NAS) with adequate storage to hold 30 days' worth of on-premises data. The backup software would also simultaneously copy each backup to a cloud-based storage repository. The backup software was smart enough to only back up and transfer data that had changed since the previous backup, so transfer time and capacity was not a factor.
    • The NAS would allow for the restoration of any local, on-premises data while the cloud storage would provide a safe location offsite for backup data. It could also serve as the backup location for other cloud-based services that required a backup.

    “Data protection demands that enterprises have multiple methods of keeping data safe and replicating it in case of disaster or loss.”

    – Drew Robb, Enterprise Storage Forum, 2021

    Storage going out of support

    SAN solutions have come a long way with improvements in how data is stored and what is used to store the data.

    Use Case: How one organization replaced its old storage with a similar solution

    • A government organization was looking for a solution for its aging storage area network appliances. The SANs were old and would be no longer supported by the manufacturer within four months. The SANs had slower spinning disks and their individual capacity was at its limit through the addition of extra shelves and disks over the years.
    • The organization reached out to Info-Tech for guidance. An analyst arranged a call with them, and they discussed the storage situation in detail, including desired benefits from a storage solution and growth requirements. They also discussed cloud storage, but the government organization was not in a position to move its data to the cloud for a variety of reasons.
    • Although the individual SANs were at their storage capacity limit, the total amount of data was well within the limits of many modern on-premises storage solutions. SSD and flash or NVMe storage can store large amounts of data in small footprints and form factors.
    • The analyst reviewed several vendors with the client and discussed some advantages and disadvantages of each. They explored the features offered as well as scalability options.
    • SANs have been around for a long time but the features and capabilities that come with them has evolved. They are still a very viable solution for many organizations in a variety of scenarios.

    “A rapidly growing portion of SAN deployments leverages all-flash storage to gain its high performance, consistent low latency, and lower total cost when compared to spinning disk.”

    – NetApp

    Video storage

    Cloud storage would not be sufficient if you were using a dial up connection, just as on-premises storage solutions would not suffice if they were using floppy disks.

    Use Case: Body cams and public cameras in municipalities are driving storage growth

    • Municipal law enforcement agencies are wearing body cameras more frequently, for their own protection as well as for the protection of the public. Camera footage can be useful in legal situations as well. Municipalities are also installing more and more public cameras for the purposes of public safety. The recorded video footage from these cameras can result in large data files, which in turn drive data storage requirements.
    • Info-Tech analysts are joining calls about video data storage with increasing frequency. The concerns are repetitive, and the guidance is similar on most of these calls.
    • The “object” storage format is ideal for video and media data. Most cloud-based storage solutions use object storage, but it is also available with on-premises solutions such as NAS or SAN. The challenges clients are expressing are typically related to inadequate bandwidth for cloud-based storage or other storage formats instead of “object” storage. Cloud-based storage can also grow beyond the budgeted numbers, causing an increase in the monthly cloud cost. Older, slower on-premises hardware sometimes reveals itself as the latency culprit.
    • Object storage is well suited for the unstructured data that is video footage. It uses metadata to tag the video file for future retrieval and is easily expandable, which also makes it cost effective.
    • Video data stored in a cloud-based repository will work fine as long as the bandwidth is adequate. On-premises storage of video data is also quite adequate on the right storage format, with fast disks and a reasonably up-to-date network infrastructure.

    “The captured video is stored for days, weeks, months and sometimes years and consumes a lot of space. Data storage plays a new and important role in these systems. Object storage is ideal to store the video data.”

    – Object-Storage.Info

    Classify and offload primary storage

    Some software products have storage options available as a result of agreements with other storage vendors. Several backup and archive software products fall into this category.

    Use Case: Enterprise storage can help reduce data sprawl

    • A large engineering firm was trying to manage its data sprawl. The team sampled a small percentage of their data and quickly realized that when they applied their findings on the 1% of data to their entire data estate, the sheer volume of personal files, older files, and unclassified data was going to be a challenge.
    • They found a solution in archiving software. The archiving software would tag data based on several factors. The software would move older files away from primary storage to an alternate storage platform but still leave a stub of the moved file in place and maintain limited access to those files. This would reduce primary storage requirements and allow the firm to eliminate multiple file servers
    • The engineering firm reached out to Info-Tech and participated in an analyst call. During that call, they laid out their plans, and the analyst made them aware of cloud storage. The positive and negative aspects of cloud storage were discussed, and the firm fully understood that the colder the storage tier, the slower the recovery. The firm's stance was if the files had not been accessed in the past six months, waiting a day or two for retrieval would not be a concern, and the firm was content with cold storage in the cloud.
    • The firm had not purchased the archiving software at the time of the analyst call, and the analyst also explained to them that the archiving software may have an existing agreement with a cloud provider for storage options, which could be more cost effective than purchasing cloud storage separately.
    • Cold cloud-based storage was the preferred solution for this firm, but this use case also highlights the option that some software products carry regarding storage. Several backup and archive products have a cloud storage option that should be investigated, as they may be cost-effective options.

    “Cold storage is perfect for archiving your data. Online backup providers offer low-cost, off-site data backups at the expense of fast speeds and easy access, even though data retrieval often comes at an added cost. If you need to keep your data long-term, but don’t need to access it often, this is the kind of storage you need.”

    – Ben Stockton, Cloudwards

    Understand your data requirements

    Activity

    The first step in solving your enterprise storage challenge is identifying your data sources or drivers, data volume size, and growth rates. This information will give you insight into what data sources could be stored on premises or in the cloud, how much storage you will require for the coming five to ten years, and what to consider when exploring enterprise storage solutions.

    • Info-Tech’s Modernize Enterprise Storage Workbook can be a valuable asset for determining your current storage drivers and future storage needs, structuring a plan for future storage purchases, and determining timelines and total cost of ownership.
    • An example of the Storage Capacity Calculator tab from that workbook is displayed on the right. Using the Storage Capacity Requirements Calculator requires minimal steps.
    1. Enter the current date and planning timeline (horizon) in months
    2. Identify the top sources of data within the business – the current data drivers. Areas of focus could include business applications, file shares, backup, and archives.
    3. For each of these data drivers, include your best estimate of:
    • Current data volume
    • Growth rate
  • Identify the top future data drivers, such as new applications or initiatives that will result from current business plans and priorities, and record the following details:
    • Initial data volumes
    • Projected growth rates
    • Planned implementation date
  • The spreadsheet will automatically calculate the data volume at the planning horizon based on the growth rate.
  • Download the Modernize Enterprise Storage Workbook and take the first step toward understanding your data requirements.

    The image contains a screenshot of the Modernize Enterprise Storage Workbook.

    Download the Modernize Enterprise Storage Workbook

    Related Info-Tech Research

    Modernize Enterprise Storage

    Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

    Modernize Enterprise Storage Workbook

    This workbook will complement the discussions and activities found in the Modernize Enterprise Storage blueprint. Use this workbook in conjunction with the blueprint to develop a strategy for storage modernization.

    Bibliography

    Bakkianathan, Raghunathan. “What is the difference between Hot Warm and Cold data storage?” TechBlost, n.d.. Accessed 14 July 2022.
    Cesare. “Data warehouse vs Data lake vs Lakehouse… and DeltaLake?“ Medium, 14 June 2021. Accessed 26 July 2022.
    Davison, Shawn and Ryan Sappenfield. “Data Lake Vs Lakehouse Vs Data Mesh: The Evolution of Data Transformation.” DevIQ, May 2022. Accessed 23 July 2022.
    Desjardins, Jeff. “Infographic: How Much Data is Generated Each Day?” Visual Capitalist, 15 April 2019. Accessed 26 July 2022.
    Greengard, Samuel. “Top 10 Hyperconverged Infrastructure (HCI) Solutions.” Datamation, 22 December 2020. Accessed 23 July 2022.
    Harvey, Cynthia. “Flash vs. SSD Storage: Is there a Difference?” Enterprise Storage Forum, 10 July 2018. Accessed 23 July 2022.
    Harvey, Cynthia. “What Is Software Defined Storage? Features & Benefits.” Enterprise Storage Forum, 22 February 2018. Accessed 23 July 2022.
    Hecht, Gil. “4 Predictions for storage and backup security in 2022.” Continuity Software, 09 January 2022. Accessed 22 July 2022.
    Jacobi, Jonl. “NVMe SSDs: Everything you need to know about this insanely fast storage.” PCWorld, 10 March 2019. Accessed 22 July 2022
    Pritchard, Stephen. “Briefing: Cloud storage performance metrics.” Computer Weekly, 16 July 2021. Accessed 23 July 2022
    Robb, Drew. “Best Enterprise Backup Software & Solutions 2022.” Enterprise Storage Forum, 09 April 2021. Accessed 23 July 2022.
    Sheldon, Robert. “On-premises STaaS shifts storage buying to Opex model.” TechTarget, 10 August 2020. Accessed 22 July 2022.
    “Simplify Your Storage Ownership, Forever.” PureStorage. Accessed 20 July 2022.
    Stockton, Ben. “Hot Storage vs Cold Storage in 2022: Instant Access vs Long-Term Archives.” Cloudwards, 29 September 2021. Accessed 22 July 2022.
    “The Cost Savings of SAN-to-SAN Replication.” Secure Infrastructure and Services, 31 March 2016. Accessed 16 July 2022.
    “Video Surveillance.” Object-Storage.Info, 18 December 2019. Accessed 25 July 2022.
    “What is a Data Lake?” Amazon Web Services, n.d. Accessed 17 July 2022.
    “What is enterprise cloud storage?” Spectrum Enterprise, n.d. Accessed 28 July 2022.
    “What is SAN (Storage Area Network).” NetApp, n.d. Accessed 25 July 2022.
    “What is software-defined storage?” RedHat, 08 March 2018. Accessed 16 July 2022.

    Optimize the IT Operations Center

    • Buy Link or Shortcode: {j2store}449|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Your team’s time is burned up by incident response.
    • Manual repetitive work uses up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Our Advice

    Critical Insight

    • Sell the project to the business.
    • Leverage the Operations Center to improve IT Operations.

    Impact and Result

    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Optimize the IT Operations Center Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should Optimize the IT Operations Center, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    Get quick wins to demonstrate early value for investments in IT Operations.

    • Optimize the IT Operations Center – Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

    2. Get buy-in

    Get buy-in from business stakeholders by speaking their language.

    • Optimize the IT Operations Center – Phase 1: Get Buy-In
    • IT Operations Center Prerequisites Assessment Tool
    • IT Operations Center Stakeholder Buy-In Presentation
    • IT Operations Center Continual Improvement Tracker

    3. Define accountability and metrics

    Formalize process and task accountability and develop targeted metrics.

    • Optimize the IT Operations Center – Phase 2: Define Accountability and Metrics
    • IT Operations Center RACI Charts Template

    4. Assess gaps and prioritize initiatives

    Identify pain points and determine the top solutions.

    • Optimize the IT Operations Center – Phase 3: Assess Gaps and Prioritize Initiatives
    • IT Operations Center Gap and Initiative Tracker
    • IT Operations Center Initiative Prioritization Tool

    5. Launch initiatives and track metrics

    Lay the foundation for implementation and continual improvement.

    • Optimize the IT Operations Center – Phase 4: Launch Initiatives and Track Metrics
    [infographic]

    Workshop: Optimize the IT Operations Center

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Check Foundation

    The Purpose

    Ensure base maturity in IT Operations processes.

    Key Benefits Achieved

    Verify that foundation is in place to proceed with Operations Center project.

    Activities

    1.1 Evaluate base maturity.

    Outputs

    IT Operations Center Prerequisites Assessment Tool

    2 Define Accountabilities

    The Purpose

    Define accountabilities for Operations processes and tasks.

    Key Benefits Achieved

    Documented accountabilities.

    Activities

    2.1 Pluck low-hanging fruit for quick wins.

    2.2 Complete process RACI.

    2.3 Complete task RACI.

    Outputs

    Project plan

    Process RACI

    Task RACI

    3 Map the Challenge

    The Purpose

    Define metrics and identify accountabilities and gaps.

    Key Benefits Achieved

    List of initiatives to address pain points.

    Activities

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.3 Identify gaps.

    Outputs

    IT Operations Center Gap and Initiative Tracker

    4 Build Action Plan

    The Purpose

    Develop an action plan to boost KPIs.

    Key Benefits Achieved

    Action plan and success criteria.

    Activities

    4.1 Prioritize initiatives.

    Outputs

    IT Operations Center Initiative Prioritization Tool

    5 Map Out Implementation

    The Purpose

    Build an implementation plan for continual improvement.

    Key Benefits Achieved

    Continual improvement against identified metrics and KPIs.

    Activities

    5.1 Build implementation plan.

    Outputs

    IT Operations Center Continual Improvement Tracker

    Further reading

    Optimize the IT Operations Center

    Stop burning budget on non-value-adding activities.

    ANALYST PERSPECTIVE

    The Network Operations Center is not in Kansas anymore.

    "The old-school Network Operations Center of the telecom world was heavily peopled and reactionary. Now, the IT Operations Center is about more than network monitoring. An effective Operations Center provides visibility across the entire stack, generates actionable alerts, resolves a host of different incidents, and drives continual improvement in the delivery of high-quality services.
    IT’s traditional siloed approach cannot provide the value the business demands. The modern Operations Center breaks down these silos for the end-to-end view required for a service-focused approach."

    Derek Shank,
    Research Analyst, Infrastructure & Operations
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • IT Operations Managers
    • IT Infrastructure Managers
    • CIOs

    This Research Will Help You:

    • Improve reliability of services.
    • Reduce the cost of incident response.
    • Reduce the cost of manual repetitive work (MRW).

    This Research Will Also Assist

    • Business Analysts
    • Project Managers
    • Business Relationship Managers

    This Research Will Help Them

    • Develop appropriate non-functional requirements.
    • Integrate non-functional requirements into solution design and project implementation.

    Executive Summary

    Situation

    • Your team’s time is burned up by incident response.
    • MRW burns up expensive resources.
    • You don’t have the visibility to ensure the availability the business demands.

    Complication

    • The increasing complexity of technology has resulted in siloed teams of specialists.
    • The business views IT Operations as a cost center and doesn’t want to provide resources to support improvement initiatives.

    Resolution

    • Pluck low-hanging fruit for quick wins.
    • Obtain buy-in from business stakeholders by speaking their language.
    • Clarify lines of accountability and metrics for success.
    • Implement targeted initiatives and track key metrics for continual improvement.

    Info-Tech Insight

    1. Sell the project to the business. Your first job is a sales job because executive sponsorship is key to project success.
    2. Worship the holy trinity of metrics: impact of downtime, cost of incident response, and time spent on manual repetitive work (MRW).
    3. Invest in order to profit. Improving the Operations Center takes time and money. Expect short-term pain to realize long-term gain.

    The role of the Network Operations Center has changed

    • The old approach was technology siloed and the Network Operations Center (NOC) only cared about the network.
    • The modern Operations Center is about ensuring high availability of end-user services, and requires cross-functional expertise and visibility across all the layers of the technology stack.
    A pie chart is depicted. The data displayed on the chart, in decreasing order of size, include: Applications; Servers; LAN; WAN; Security; Storage. Source: Metzler, n.d.

    Most organizations lack adequate visibility

    • The rise of hybrid cloud has made environments more complex, not less.
    • The increasing complexity makes monitoring and incident response more difficult than ever.
    • Only 31% of organizations use advanced monitoring beyond what is offered by cloud providers.
    • 69% perform no monitoring, basic monitoring, or rely entirely on the cloud provider’s monitoring tools.
    A Pie chart is depicted. Two data are represented on the chart. The first, representing 69% of the chart, is: Using no monitoring, basic monitoring, or relying only on the cloud vendor's monitoring. the second, representing 31% of the chart, is Using advanced monitoring beyond what cloud vendors provide. Source: InterOp ITX, 2018

    Siloed service level agreements cannot ensure availability

    You can meet high service level agreements (SLAs) for functional silos, but still miss the mark for service availability. The business just wants things to work!

    this image contains Info-Tech's SLA-compliance rating chart, which displays the categories: Available, behaving as expected; Slow/degraded; and Unavailable, for each of: Webserver; Database; Storage; Network; Application; and, Business Service

    The cost of downtime is massive

    Increasing reliance on IT makes downtime hurt more than ever.
    98% of enterprises lose $100,000+.
    81% of enterprises lose $300,000+ per hour of downtime.

    This is a bar graph, showing the cost per hour of downtime, against the percentage of enterprises.

    Source: ITIC, 2016

    IT is asked to do more with less

    Most IT budgets are staying flat or shrinking.

    57% of IT departments expect their budget to stay flat or to shrink from 2018 to 2019.

    This image contains a pie chart with two data, one is labeled: Increase; representing 43% of the chart. The other datum is labeled: Shrink or stay flat, and represents 57% of the chart.

    Unify and streamline IT Operations

    A well-run Operations Center ensures high availability at reasonable cost. Improving your Operations Center results in:

    • Higher availability
    • Increased reliability
    • Improved project capacity
    • Higher business satisfaction

    Measure success with the holy trinity of metrics

    Focus on reducing downtime, cost of incident response, and MRW.

    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Start from the top and employ a targeted approach

    Analyze data to get buy-in from stakeholders, and use our tools and templates to follow the process for continual improvement in IT Operations.

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Optimize the IT Operations Center – project overview

    Launch the Project

    Identify Enterprise Services

    Identify Line of Business Services

    Complete Service Definitions

    Best-Practice Toolkit

    🗲 Pluck Low-Hanging Fruit for Quick Wins

    1.1 Ensure Base Maturity Is in Place

    1.2 Make the Case

    2.1 Define Accountabilities

    2.2 Define Metrics

    3.1 Assess Gaps

    3.2 Plan Initiatives

    4.1 Lay Foundation

    4.2 Launch and Measure

    Guided Implementations

    Discuss current state.

    Review stakeholder presentation.

    Review RACIs.

    Review metrics.

    Discuss gaps.

    Discuss initiatives.

    Review plan and metric schedule.

    Onsite Workshop Module 1:

    Clear understanding of project objectives and support obtained from the business.

    Module 2:

    Enterprise services defined and categorized.

    Module 3:

    LOB services defined based on user perspective.

    Module 4:

    Service record designed according to how IT wishes to communicate to the business.

    Phase 1 Results:

    Stakeholder presentation

    Phase 2 Results:
    • RACIs
    • Metrics
    Phase 3 Results:
    • Gaps list
    • Prioritized list of initiatives
    Phase 4 Results:
    • Implementation plan
    • Continual improvement tracker

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Check Foundation

    Define Accountabilities

    Map the Challenge

    Build Action Plan

    Map Out Implementation

    1.1 Ensure base maturity.

    🗲 Pluck low-hanging fruit for quick wins.

    2.1 Complete process RACI.

    2.2 Complete task RACI.

    3.1 Define metrics.

    3.2 Define accountabilities.

    3.2 Identify gaps.

    4.1 Prioritize initiatives.

    5.1 Build implementation plan.

    Deliverables
    1. IT Operations Center Prerequisites Assessment Tool
    1. IT Operations Center RACI Charts Template
    1. IT Operations Center Gap and Initiative Tracker
    1. IT Operations Center Initiative Prioritization Tool
    1. IT Operations Center Continual Improvement Tracker

    PHASE 🗲

    Pluck Low-Hanging Fruit for Quick Wins

    Optimize the IT Operations Center

    Conduct a ticket-trend analysis

    Generate reports on tickets from your IT service management (ITSM) tool. Look for areas that consume the most resources, such as:

    • Recurring tickets.
    • Tickets that have taken a long time to resolve.
    • Tickets that could have been resolved at a lower tier.
    • Tickets that were unnecessarily or improperly escalated.

    Identify issues

    Analyze the tickets:

    • Look for recurring tickets that may indicate underlying problems.
    • Ask tier 2 and 3 technicians to flag tickets that could have been resolved at a lower tier.
    • Identify painful and/or time consuming service requests.
    • Flag any manual repetitive work.

    Write the issues on a whiteboard.

    Oil & Gas IT reduces manual repetitive maintenance work

    CASE STUDY
    Industry Oil & Gas
    Source Interview

    Challenge

    The company used a webserver to collect data from field stations for analytics. The server’s version did not clear its cache – it filled up its own memory and would not overwrite, so it would just lock up and have to be rebooted manually.

    Solution

    The team found out that the volumes and units of data would cause the memory to fill at a certain time of the month. They wrote a script to reboot the machine and set up a planned outage during the appropriate weekend each month.

    Results

    The team never had to do manual reboots again – though they did have to tweak their reboot script not to rely on their calendar, after a shift in production broke the pattern between memory consumption and the calendar.

    Rank the issues

    🗲.1.1 10 minutes

    1. Assign each participant five sticky dots to use for voting.
    2. Have each participant place any number of dots beside the issue(s) of their choice.
    3. Count the dots and rank the top three most important issues.

    INPUT

    • List of issues

    OUTPUT

    • Top three issues

    Materials

    • Whiteboard
    • Markers
    • Sticky dots

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Brainstorm solutions

    🗲.1.2 10 minutes

    1. Write the three issues at the top of a whiteboard, each at the head of its own column.
    2. Focusing on one issue at a time, brainstorm potential solutions for each issue. Have one person write all the proposed solutions on the board beneath the issue.

    Info-Tech Best Practice

    Do not censor or evaluate the proposed solutions at this time. During brainstorming, focus on coming up with as many potential solutions as possible, no matter how infeasible or outlandish.

    INPUT

    • Top three issues

    OUTPUT

    • Potential solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Evaluate and rank potential solutions

    🗲.1.3 30 minutes

    1. Score the solutions from 1-5 on each of the two dimensions:
    • Attainability
    • Probable efficacy
  • Identify the top scoring solution for each issue. In the event of a tie, vote to determine the winner.
  • Info-Tech Insight

    Quick wins are the best of both worlds. To get a quick win, pick a solution that is both readily attainable and likely to have high impact.

    INPUT

    • Potential solutions

    OUTPUT

    • Ranked list of solutions

    Materials

    • Whiteboard
    • Markers

    Participants

    • Operations Manager
    • Infrastructure Manager
    • I&O team members

    Develop metrics to measure the effectiveness of solutions

    You should now have a top potential solution for each pain point.

    For each pain point and proposed solution, identify the metric that would indicate whether the solution had been effective or not. For example:

    • Pain point: Too many unnecessary escalations for SharePoint issues.
    • Solution: Train tier 1 staff to resolve SharePoint tickets.
    • Metric: % of SharePoint tickets resolved at tier 1.

    Design solutions

    • Some solutions explain themselves. E.g., hire an extra service desk person.
    • Others require more planning and design, as they involve a bespoke solution. E.g., improve asset management process or automate onboarding of new users.
    • For the solutions that require planning, take the time to design each solution fully before rushing to implement it.

    Build solutions

    • Build any of the solutions that require building. For example, any scripting for automations requires the writing of those scripts, and any automated ticket routing requires configuration of your ITSM tool.
    • Part of the build phase for many solutions should also involve designing the tests of those solutions.

    Test solutions – refine and iterate

    • Think about the expected outcome and results of the solutions that require testing.
    • Test each solution under production-like circumstances to see if the results and behavior are as expected.
    • Refine and iterate upon the solutions as necessary, and test again.

    Implement solutions and measure results

    • Before implementing each solution, take a baseline measurement of the metric that will measure success.
    • Implement the solutions using your change management process.
    • After implementation, measure the success of the solution using the appropriate metric.
    • Document the results and judge whether the solution has been effective.

    Use the top result as a case study to obtain buy-in

    Your most effective solution will make a great case study.

    Write up the results and input the case study into the IT Operations Center Stakeholder Buy-In Presentation.

    This image contains a screenshot of info-tech's default format for presenting case studies.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    🗲.1.2 This image contains a screenshot from section 🗲.1.2 of this blueprint.

    Identify issues

    Look for areas that aren’t working optimally.

    🗲.1.3 this image contains a screenshot from section 🗲.1.3 of this blueprint.

    Evaluate and rank potential solutions

    Sort the wheat from the chaff and plan for quick wins.

    PHASE 1

    Get Buy-In

    Optimize the IT Operations Center

    Step 1.1: Ensure Base Maturity Is in Place

    This step will walk you through the following activities:

    • Assess maturity of base IT Operations processes.

    Outcomes of this step

    • Completed IT Operations Center Prerequisites Assessment Tool

    Base processes underpin the Operations Center

    • Before you optimize your Operations Center, you should have foundational ITSM processes in place: service desk, and incident, problem, and change management.
    • Attempting to optimize Operations before it rests on a solid foundation can only lead to frustration.

    IT Operations Center

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    Info-Tech Insight

    ITIL isn’t dead. New technology such as cloud solutions and advanced monitoring tools have transformed how ITSM processes are implemented, but have not obviated them.

    Assess maturity of prerequisite processes

    1.1.1 IT Operations Center Prerequisites Assessment Tool

    • Don’t try to prematurely optimize your Operations Center.
    • Before undertaking this project, you should already have a base level of maturity in the four foundational IT Operations processes.
    • Complete the IT Operations Center Prerequisites Assessment Tool to assess your current level in service desk, incident management, problem management, and change management.
    this image contains a screenshot from Info-Tech's IT Operations Center Prerequisite Assessment

    Make targeted improvements on prerequisite processes if necessary

    If there are deficiencies in any of your foundational processes, take the time to remedy those first before proceeding with Optimize the IT Operations Center. See Info-Tech’s other blueprints:

    Standardize the Service Desk

    Strengthen your service desk to build a strong ITSM foundation.

    Incident and Problem Management

    Don’t let persistent problems govern your department.

    Optimize Change Management

    Turn and face the change with a right-sized change management process.

    Step 1.2: Make the Case

    This step will walk you through the following activities:

    • Estimate the impact of downtime for top five applications.
    • Estimate the cost of incident response.
    • Estimate the cost of MRW.
    • Set success metrics and estimate the ROI of the Operations Center project.
    • IT Operations Center Stakeholder Buy-In Presentation

    Obtaining buy-in is critical

    Buy-in from top-level stakeholders is critical to the success of the project.

    Before jumping into your initiatives, take the time to make the case and bring the business on board.

    Factors that “prevent us from improving the NOC”

    This image contains a graph of factors that prevent us from improving the NOC. In decreasing order, they include: Lack of strategic guidance from our vendors; The unwillingness of our management to accept new risk; Lack of adequate software tools; Our internal processes; Lack of management vision; Lack of funding; and Lack of personnel resources. There is a red circle drawn around the last three entries, with the words: Getting Buy-in Removes the Top Three Roadblocks to Improvement!. Source: Metzier, n.d

    List your top five applications

    List your top five applications for business criticality.

    Don’t agonize over decisions at this point.

    Generally, the top applications will be customer facing, end-user facing for the most critical business units, or critical for health and safety.

    Estimate impact of downtime

    • Come up with a rough, back-of-the-napkin estimate of the hourly cost of downtime for each application.
    • Complete page two of the IT Operations Center Stakeholder Buy-In Presentation.
    • Estimate loss of revenue per hour, loss of productivity per hour, and IT cost per incident resolution hour.
    • Pull a report on incident hours/outages in the past year from your ITSM tool. Multiply the total cost per incident hour by the incident hours per year to determine the current cost per year of service disruptions for each service.
    • Add up the cost for each of the top five services.
    • Now you can show the business a hard value number that quantifies your availability issues.

    Estimate salary cost of non-value-adding work

    Complete page three of the IT Operations Center Stakeholder Buy-In Presentation.

    • Estimate annual wage cost of incident response: multiply incident response hours per year (take from your ITSM tool) by the average hourly wage of incident responders.
    • Estimate annual cost of MRW: multiply MRW hours per year (take from ITSM tool or from time-keeping tool, or use best guess based on talking to staff members) by the average hourly wage of IT staff performing MRW.
    • Add the two numbers together to calculate the non-value-adding IT salary cost per year.
    • Express the previous number as a percentage of total IT salary. Everything that is not incident response or MRW is value-adding work.

    Now you have the holy trinity of metrics: set some targets

    The holy trinity of metrics:

    • Cost of downtime
    • % of salary on incident response
    • % of salary on MRW

    You want to reduce the above numbers. Set some back-of-the-napkin targets for percentage reductions for each of these areas. These are high-level metrics that business stakeholders will care about.

    Take your best guess at targets. Higher maturity organizations will have less potential for reduction from a percentage point of view (eventually you hit diminishing returns), while organizations just beginning to optimize their Operations Center have the potential for huge gains.

    Calculate the potential gains of targets

    Complete page five of the IT Operations Center Stakeholder Buy-In Presentation.

    • Multiply the targeted/estimated % reductions of the costs by your current costs to determine the potential savings/benefits.
    • Do a back-of-the napkin estimate of the cost of the Operations Center improvement project. Use reasonable numbers for cost of personnel time and cost of tools, and be sure to include ongoing personnel time costs – your time isn’t free and continual improvement takes work and effort.
    • Calculate the ROI.

    Fill out the case study

    • Complete page six of the IT Operations Center Stakeholder Buy-In Presentation. If you completed the lightning phase, use the results of your own quick win project(s) as an example of feasibility.
    • If you did not complete the lightning phase, delete this slide, or use an example of what other organizations have achieved to demonstrate feasibility.
    This image contains a screenshot of info-tech's default format for presenting case studies.

    Present to stakeholders

    • Deliver the presentation to key stakeholders.
    • Focus on the high-level story that the current state is costing real dollars and wages, and that these losses can be minimized through process improvements.
    • Be up front that many of the numbers are based on estimates, but be prepared to defend the reasonableness of the estimates.

    Gain buy-in and identify project sponsor

    • If the business is on board with the project, determine one person to be the executive sponsor for the project. This person should have a strong desire to see the project succeed, and should have some skin in the game.

    Formalize communication with the project sponsor

    • Establish how you will communicate with the sponsor throughout the project (e.g. weekly or monthly e-mail updates, bi-weekly meetings).
    • Set up a regular/recurring cadence and stick to it, so it can be put on auto-pilot. Be clear about who is responsible for initiating communication and sticking to the reporting schedule.

    Info-Tech Insight

    Tailor communication to the sponsor. The project sponsor is not the project manager. The sponsor’s role is to drive the project forward by allocating appropriate resources and demonstrating highly visible support to the broader organization. The sponsor should be kept in the loop, but not bothered with minutiae.

    Note the starting numbers for the holy trinity

    Use the IT Operations Center Continual Improvement Tracker:

    • Enter your starting numbers for the holy trinity of metrics.
    • After planning and implementing initiatives, this tracker will be used to update against the holy trinity to assess the success of the project on an ongoing basis and to drive continual improvement.

    PHASE 2

    Define Accountability and Metrics

    Optimize the IT Operations Center

    Step 2.1: Define Accountabilities

    This step will walk you through the following activities:

    • Formalize RACI for key processes.
    • Formalize RACI for key tasks.

    Outcomes of this step

    • Completed RACIs

    List key Operations Center processes

    Compile a list of processes that are key for the Operations Center.

    These processes should include the four foundational processes:

    • Service Desk
    • Incident Management
    • Problem Management
    • Change Management

    You may also want to include processes such as the following:

    • Event Management
    • Configuration Management

    Avoid listing processes you have yet to develop – stick with those already playing a role in your current state.

    Formalize RACI for key processes

    Use the IT Operations Center RACI Charts Template. Complete a RACI for each of the key processes involved in the IT Operations Center.

    RACI:

    • Responsible (does the work on a day-to-day basis)
    • Accountable (reviews, signs off, and is held accountable for outcomes)
    • Consulted (input is sought to feed into decision making)
    • Informed (is given notification of outcomes)

    As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

    Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

    Formalize RACI for IT tasks

    Now think about the actual tasks or work that goes on in IT. Which roles and individuals are accountable for which tasks or pieces of work?

    In this case, more than one role/person can be listed as responsible or accountable in the RACI because we’re talking about types or categories of work. No conflict will occur because these individuals will be responsible or accountable for different pieces of work or individual tasks of the same type. (e.g. all service desk staff are responsible for answering phones and inputting tickets into the ITSM tool, but no more than one staff member is responsible for the input of any given ticket from a specific phone call).

    Step 2.2: Define Metrics

    This step will walk you through the following activities:

    • Cascade operational metrics from the holy trinity.
    • Evaluate metrics and identify key performance indicators (KPIs).
    • Cascade performance assessment (PA) metrics to support KPIs.
    • Build feedback loop for PA metrics.

    Outcomes of this step

    • KPIs
    • PA metrics

    Metrics must span across silos for shared accountability

    To adequately support the business goals of the organization, IT metrics should span across functional silos.

    Metrics that span across silos foster shared accountability across the IT organization.

    Metrics supported by all groups

    three grain silos are depicted. below, are the words IT Groups, with arrows pointing from the words to each of the three silos.

    Cascade operational metrics from the holy trinity

    Focus on the holy trinity of metrics.

    From these, cascade down to operational metrics that contribute to the holy trinity. It is possible that an operational metric may support more than one trinity metric. For example:

    a flow chart is depicted. two input circles point toward a central circle, and two output circles point away. the input circles include: Cost of Downtime; Cost of Incident Response. The central circle reads: Mean time to restore service. the output circles include the words: Tier 1 Resolution Rate; %% of Known Errors Captured in ITSM Tool.

    Evaluate metrics and identify KPIs

      • Evaluate your operational metrics and determine which ones are likely to have the largest impact on the holy trinity of metrics.
      • Identify the ten metrics likely to have the most impact: these will be your KPIs moving forward.
      • Enter these KPIs into the IT Operations Center Continual Improvement Tracker.
      this image depicts a cycle around the term KPI. The cycle includes: Objective; Measurement; optimization; strategy; performance; evaluation

    Beware how changing variables/context can affect metrics

    • Changes in context can affect metrics drastically. It’s important to keep the overall context in mind to avoid being led astray by certain numbers taken in isolation.
    • For example, a huge hiring spree might exhaust the stock of end-user devices, requiring time to procure hardware before the onboarding tickets can be completely fulfilled. You may have improved your onboarding process through automation, but see a large increase in average time to onboard a new user. Keep an eye out for such anomalies or fluctuations, and avoid putting too much stock in any single operational KPI.
    • Remember, operational KPIs are just a heuristic tool to support the holy trinity of metrics.

    Determine accountability for KPIs

    • For each operational KPI, assign one person to be accountable for that KPI.
    • Be sure the person in charge has the necessary authority and oversight over the processes and personnel that most affect that KPI – otherwise it makes little sense to hold the individual accountable.
    • Consulting your process RACIs is a good place to start.
    • Record the accountable person for each KPI in the IT Operations Center Continual Improvement Tracker.

    Info-Tech Best Practice

    Match accountability with authority. The person accountable for each KPI should be the one who has the closet and most direct control over the work and processes that most heavily impact that KPI.

    Cascade PA metrics to support KPIs

    KPIs are ultimately driven by how IT does its work, and how individuals work is driven by how their performance is assessed and evaluated.

    For the top KPIs, be sure there are individual PA metrics in place that support the KPI, and if not, develop the appropriate PA metrics.

    For example:

    • KPI: Mean time to resolve incidents
    • PA metric: % of escalations that followed SOP (e.g. not holding onto a ticket longer than supposed to)
    • KPI: Number of knowledge base articles written
    • PA metric: Number of knowledge base articles written/contributed to

    Communicate key changes in PA metrics

    Any changes from the previous step will take time and effort to implement and make stick.

    Changing people’s way of working is extremely difficult.

    Build a communication and implementation plan about rolling out these changes, emphasize the benefits for everyone involved, and get buy-in from the affected staff members.

    Build feedback loops for PA metrics

    Now that PA metrics support your Operations Center’s KPIs, you should create frequent feedback loops to drive and boost those PA metrics.

    Once per year or once per quarter is not frequent enough. Managers should meet with their direct reports at least monthly and review their reports’ performance against PA metrics.

    Use a “set it and forget it” implementation, such as a recurring task or meeting in your calendar.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    2.2.1 This image contains a screenshot from section 2.2.1 of this blueprint.

    Cascade operational metrics from the holy trinity

    Rank goals based on business impact and stakeholder pecking order.

    2.2.2 this image contains a screenshot from section 2.2.2 of this blueprint.

    Determine accountability for KPIs

    Craft a concise and compelling elevator pitch that will drive the project forward.

    PHASE 3

    Assess Gaps and Prioritize Initiatives

    Optimize the IT Operations Center

    Step 3.1: Assess Gaps

    This step will walk you through the following activities:

    • Assess visibility provided by monitoring.
    • Assess process workflows and identify areas for automation.
    • Assess requests and identify potential for automation.
    • Assess Operations Center staff capabilities.
    • Conduct a root cause analysis on the gaps/pain points.

    Outcomes of this step

    • List of gaps
    • List of root causes

    Measure current state of KPIs and identify lagging ones

    Take a baseline measurement of each operational KPI.

    If historical data is available, compare the present state measurement to data points collected over the last year or so.

    Review the measured KPIs.

    Identify any KPIs that seem lagging or low, or that may be particularly important to influence.

    Record lagging KPIs in the IT Operations Center Gap and Initiative Tracker tool.

    Assess visibility provided by monitoring

    List the top five most critical business services supported by IT.
    Assess the current state of your monitoring tools.

    For each business service, rate the level of visibility your monitoring tools allow from the following options:

    1. We have no visibility into the service, or lack visibility into crucial elements.
    2. We have basic visibility (up/down) into all the IT components that support the service.
    3. We have basic visibility (up/down) into the end service itself, in addition to all the IT components that make it up.
    4. We have some advanced visibility into some aspects of the service and/or its IT components.
    5. We have a full, end-to-end view of performance across all the layers of the stack, as well as the end business service itself.

    Identify where more visibility may be necessary

    For most organizations it isn’t practical to have complete visibility into everything. For the areas in which visibility is lacking into key services, think about whether more visibility is actually required or not. Consider some of the following questions:

    • How great is the impact of this service being unavailable?
    • Would greater visibility into the service significantly reduce the mean time to restore the service in the event of incidents?

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Assess alerting

    Assess alerting for your most critical services.

    Consider whether any of the following problems occur:

    • Often receive no alert(s) in the event of critical outages of key services (we find out about critical outages from the service desk).
    • We are regularly overwhelmed with too many alerts to investigate properly.
    • Our alerts are rarely actionable.
    • We often receive many false alerts.

    Identify areas for potential improvement in the managing of alerts. Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess process workflows and identify areas for automation

    Review your process flows for base processes such as Service Desk, Incident Management, Problem Management, and Change Management.

    Identify areas in the workflows where there may be defects, inefficiencies, or potential for improvement or automation.

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    See the blueprint Prepare for Cognitive Service Management for process workflows and areas to look for automation possibilities.

    Prepare for Cognitive Service Management

    Make ready for AI-assisted IT operations.

    Assess requests and identify potential for automation

    • Assess the most common work orders or requests handled by the Operations Center group (i.e. this does not include requests fulfilled by the help desk).
    • Which work orders are the most painful? That is, what common work orders involve the greatest effort or the most manual work to fulfill?
    • Fulfillment of common, recurring work orders is MRW, and should be reduced or removed if possible.
    • Consider automation of certain work orders, or self-service delivery.
    • Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Assess Operations Center staff capabilities

    • Assess the skills and expertise of your team members.
    • Consider some of the following:
      • Are there team members who could perform their job more effectively by picking up certain skills or proficiencies?
      • Are there team members who have the potential to shift into more valuable or useful roles, given the appropriate training?
      • Are there individual team members whose knowledge is crucial for operations, and whose function cannot be taken up by others?

    Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

    Info-Tech Insight

    Train to avoid pain. All too often organizations expose themselves to significant key person risk by relying on the specialized skills and knowledge of one team member. Use cross training to remedy such single points of failure before the risk materializes.

    Brainstorm pain points

    Brainstorm any pain points not discussed in the previous areas.

    Pain points can be specific operational issues that have not yet been considered. For example:

    • Tom is overwhelmed with tickets.
    • Our MSP often breaches SLA.
    • We don’t have a training budget.

    Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

    Conduct a root cause analysis on the gaps/pain points

    • Pain points can often be symptoms of other deficiencies, or somewhat removed from the actual problem.
    • Using the 5 Whys, conduct a root cause analysis on the pain points for which the causes are not obvious.
    • For each pain point, ask “why” for a sequence of five times, attempting to proceed to the root cause of the issue. This root cause is the true gap that needs to be remedied to resolve the pain point.
    • For example:
      • The Wi-Fi network often goes down in the afternoon.
        • Why?: Its bandwidth gets overloaded.
        • Why?: Many people are streaming video.
        • Why?: There’s a live broadcast of a football game at that time.
      • Possible solutions:
        • Block access to the streaming services.
        • Project the game on a screen in a large conference room and encourage everyone to watch it there.

    Step 3.2: Plan Initiatives

    This step will walk you through the following activities:

    • Brainstorm initiatives to boost KPIs and address gaps.
    • Prioritize potential initiatives.
    • Decide which initiatives to include on the roadmap.

    Outcomes of this step

    • Targeted improvement roadmap

    Brainstorm initiatives to boost KPIs and address gaps

    Prioritize potential initiatives

    3.2.1 IT Operations Center Initiative Prioritization Tool

    • Use the IT Operations Center Initiative Prioritization Tool.
    • Enter the initiatives into the tool.
    • For each initiative, input the following ranking criteria:
      • The metric/KPI’s estimated degree of impact on the holy trinity.
      • The gap or pain point’s estimated degree of impact on the metric/KPI.
      • The initiative’s estimated degree of positive impact on the gap or pain point
      • The initiative’s attainability.
    • Estimate the resourcing capacity required for each initiative.
    • For accurate capacity assessment, input as “force include” all current in-flight projects handled by the Operations Center group (including those unrelated to the Operations Center project).

    Decide which initiatives to include on the roadmap

    • Not all initiatives will be worth pursuing – and especially not all at once.
    • Consider the results displayed on the final tab of the IT Operations CenterInitiative Prioritization Tool.
    • Based on the prioritization and taking capacity into account, decide which initiatives to include on your roadmap.
    • Sometimes, for operational or logistical reasons, it may make sense to schedule an initiative at a time other than its priority might dictate. Make such exceptions on a case-by-case basis.

    Assign an owner to each initiative, and provide resourcing

    • For each initiative, assign one person to be the owner of that initiative.
    • Be sure that person has the authority and the bandwidth necessary to drive the initiative forward.
    • Secure additional resourcing for any initiatives you want to include on your roadmap that are lacking capacity.

    Info-Tech Insight

    You must invest resources in order to reduce the time spent on non-value-adding work.

    "The SRE model of working – and all of the benefits that come with it – depends on teams having ample capacity for engineering work. If toil eats up that capacity, the SRE model can’t be launched or sustained. An SRE perpetually buried under toil isn’t an SRE, they are just a traditional long-suffering SysAdmin with a new title."– David N. Blank-Edelman

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    3.1.1 This image contains a screenshot from section 3.1.1 of this blueprint.

    Conduct a root cause analysis on the gaps/pain points

    Find out the cause, so you can come up with solutions.

    3.2.1 this image contains a screenshot from section 3.2.1 of this blueprint.

    Prioritize potential initiatives

    Don’t try to boil the ocean. Target what’s manageable and what will have the most impact.

    PHASE 4

    Launch Initiatives and Track Metrics

    Optimize the IT Operations Center

    Step 4.1: Lay Foundation

    This step will walk you through the following activities:

    • Build initiative communication plan.
    • Develop a testing plan for each technical initiative.

    Outcomes of this step

    • Communication plan
    • Testing plan(s)

    Expect resistance to change

    • It’s not as simple as rolling out what you’ve designed.
    • Anything that affects people’s way of working will inevitably be met with suspicion and pushback.
    • Be prepared to fight the battle.
    • "The hardest part is culture. You must get people to see the value of automation. Their first response is ‘We've been doing it this way for 10 years, why do we need to do it another way?’ It's hard to get someone out of their comfort zone to learn something new, especially when they've been at an organization for 20 years. You need to give them incentives."– Cyrus Kalatbari, Senior IT Architect, Infrastructure/Cloud

    Communicate changes in advance, along with their benefits!

    • Communicate changes well in advance of the date(s) of implementation.
    • Emphasize the benefits of the changes – not just for the organization, but for employees and staff members.
    • Advance communication of changes helps make them more palatable, and builds trust in employees by making them feel informed of what’s going on.

    Involve IT staff in design and implementation of changes

    • As you communicate the coming changes, take the opportunity to involve any affected staff members who have not yet participated in the project.
    • Solicit their feedback and get them to help design and implement the initiatives that involve significant changes to their roles.

    Develop a testing plan for each technical initiative

    • Some initiatives, such as appointing a new change manager or hiring a new staff member, do not make sense to test.
    • On the other hand, technical initiatives such as automation scripts, new monitoring tools or dashboards, and changed alert thresholds should be tested thoroughly before implementation.
    • For each technical initiative, think about the expected results and performance if it were to run in production, and build a test plan to ensure it behaves as expected and there are no corner cases.

    Test technology initiatives and iterate if necessary

    • Test each technical initiative under a variety of circumstances, with as close an environment to production as possible.
    • Try to develop corner cases or unusual or unexpected situations, and see if any of these will break the functionality or produce unintended or unexpected results.
    • Document the results of the testing, and iterate on the initiative and test again if necessary.

    "The most important things – and the things that people miss – are prerequisites and expected results. People jump out and build scripts, then the scripts go into the ditch, and they end up debugging in production." – Darin Stahl, Research Director, Infrastructure & Operations

    Step 4.2: Launch and Measure

    This step will walk you through the following activities:

    • Launch initiatives and track adoption and effectiveness.
    • Investigate initiatives that appear ineffective.
    • Measure success with the holy trinity.

    Outcomes of this step

    • Continual improvement roadmap

    Establish a review cycle for each metric

    Info-Tech Best Practice

    Don’t measure what doesn’t matter. If a metric is not going to be reviewed or reported on for informational or decision-making purposes, it should not be tracked.

    Launch initiatives and track adoption and effectiveness

    • Launch the initiatives.
    • Some initiatives will need to proceed through your change management process in order to roll out, but others will not.
    • Track the adoption of initiatives that require it.
      • Some initiatives will require tracking of adoption, whereas others will not.
      • For example, hiring a new service desk staff member does not require tracking of adoption, but implementing a new process for ticket handling does.
      • The implementation plan should include a way to measure the adoption of such initiatives, and regularly review the numbers to see if the implementation has been successful.
    • For all initiatives, measure their effectiveness by continuing to track the KPI/metric that the initiative is intended to influence.

    Assess metrics according to review cycle for continual improvement

    • Assess metrics according to the review cycle.
    • Note whether metrics are improving in the right direction or not.
    • Correlate changes in the metrics with measures of the adoption of the initiatives – see whether initiatives that have been adopted are moving the needle on the KPIs they are intended to.

    Investigate initiatives that appear ineffective

    • If the adoption of an initiative has succeeded, but the expected impact of that initiative on the KPI has not taken place, investigate further and conduct a root causes analysis to determine why this is the case.
    • Sometimes, anomalies or fluctuations will occur that cause the KPI not to move in accordance with the success of the initiative. In this case, it’s just a fluke and the initiative can still be successful in influencing the KPI over the long term.
    • Other times, the initiative may prove mostly or entirely ineffective, either due to misdesign of the initiative itself, a change of circumstances, or other compounding factors or complexities. If the initiative proves ineffective, consider iterating modifications of the initiative and continuing to measure the effect on KPIs – or perhaps killing the initiative altogether.
    • Remember that experimentation is not a bad thing – it’s okay that not every initiative will always prove worthwhile.

    Measure success with the holy trinity

    • Report to business stakeholders on the effect on the holy trinity of metrics at least annually.
    • Calculate the ROI of the project after two years and compare the results to the targeted ROI you initially presented in the IT Operations Center Stakeholder Buy-In Presentation.
    This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

    Iterate on the Operations Center process for continual improvement

    This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    this is a picture of an Info-Tech Analyst

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
    The following are sample activities that will be conducted by Info-Tech analysts with your team:
    4.1.1This image contains a screenshot from section 3.1.1 of this blueprint.

    Communicate changes in advance, along with their benefits!

    Rank goals based on business impact and stakeholder pecking order.

    4.1.2 this image contains a screenshot from section 3.2.1 of this blueprint.

    Develop a testing plan for each technical initiative

    Craft a concise and compelling elevator pitch that will drive the project forward.

    Research contributors and experts
    This is a picture of Cyrus Kalatbari, IT infrastructure/cloud architect

    Cyrus Kalatbari, IT Infrastructure/Cloud Architect

    Cyrus’ in-depth knowledge cutting across I&O and service delivery has enhanced the IT operations of multiple enterprise-class clients.

    This is a picture of Derek Cullen, Chief Technology Officer

    Derek Cullen, Chief Technology Officer

    Derek is a proven leader in managing enterprise-scale development, deployment, and integration of applications, platforms, and systems, with a sharp focus on organizational transformation and corporate change.

    This is a picture of Phil Webb, Senior Manager

    Phil Webb, Senior Manager – Unified Messaging and Mobility

    Phil specializes in service delivery for cloud-based and hybrid technology solutions, spanning requirements gathering, solution design, new technology introduction, development, integration, deployment, production support, change/release delivery, maintenance, and continuous improvement.

    This is a picture of Richie Mendoza, IT Services Delivery Consultant

    Richie Mendoza, IT Services Delivery Consultant

    Ritchie’s accomplishments include pioneering a cloud capacity management process and presenting to the Operations team and to higher management, while providing a high level of technical leadership in all phases of capacity management activities.

    This is a picture of Rob Thompson, Solutions Architect

    Rob Thomson, Solutions Architect

    Rob is an IT leader with a track record of creating and executing digital transformation initiatives to achieve the desired outcomes by integrating people, process, and technology into an efficient and effective operating model.

    Related Info-Tech research

    Create a Configuration Management Roadmap

    Right-size your CMDB to improve IT operations.

    Harness Configuration Management Superpowers

    Build a CMDB around the IT services that are most important to the organization.

    Develop an IT Infrastructure Services Playbook

    Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

    Develop an Availability and Capacity Management Plan

    Manage capacity to increase uptime and reduce costs.

    Establish a Program to Enable Effective Performance Monitoring

    Maximize the benefits of infrastructure monitoring investments by diagnosing and assessing transaction performance, from network to server to end-user interface.

    Bibliography

    Baker, Dan, and Hal Baylor. “How Benchmarking & Streamlining NOC Operations Can Lower Costs & Boost Effectiveness.” Top Operator, Mar. 2017. Web.

    Blank-Edelman, David. Seeking SRE: Conversations About Running Production Systems at Scale. O'Reilly, 2018. Web.

    CA Technologies. “IT Transformation to Next-Generation Operations Centers: Assure Business Service Reliability by Optimizing IT Operations.” CA Technologies, 2014. Web.

    Ditmore, Jim. “Improving Availability: Where to Start.” Recipes for IT, n.d. Web.

    Ennis, Shawn. “A Phased Approach for Building a Next-Generation Network Operations Center.” Monolith Software, 2009. Web.

    Faraclas, Matt. “Why Does Infrastructure Operations Still Suck?” Ideni, 25 Feb. 2016. Web.

    InterOp ITX. “2018 State of the Cloud.” InterOp ITX, Feb. 2018. Web.

    ITIC. “Cost of Hourly Downtime Soars: 81% of Enterprises Say it Exceeds $300K On Average.” ITIC, 2 Aug. 2016. Web.

    Joe the IT Guy. “Availability Management Is Harder Than it Looks.” Joe the IT Guy, 10 Feb. 2016. Web.

    ---. “Do Quick Wins Exist for Availability Management?” Joe the IT Guy, 15 May 2014. Web.

    Lawless, Steve. “11 Top Tips for Availability Management.” Purple Griffon, 4 Jan. 2019. Web.

    Metzler, Jim. “The Next Generation Network Operations Center: How the Focus on Application Delivery is Redefining the NOC.” Ashton, Metzler & Associates, n.d. Web.

    Nilekar, Shirish. “Beyond Redundancy: Improving IT Availability.” Network Computing, 28 Aug. 2015. Web.

    Slocum, Mac. “Site Reliability Engineering (SRE): A Simple Overview.” O’Reilly, 16 Aug. 2018. Web.

    Spiceworks. “The 2019 State of IT.” Spiceworks, 2019. Web

    First 30 Days Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}418|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

    Our Advice

    Critical Insight

    • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

    Impact and Result

    • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

    First 30 Days Pandemic Response Plan Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a response plan for the first 30 days of a pandemic

    Manage organizational risk and viability during the first 30 days of a crisis.

    • First 30 Days Pandemic Response Plan Storyboard
    • Crisis Matrix Communications Template: Business As Usual
    • Crisis Matrix Communications Template: Organization Closing
    • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
    • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
    [infographic]

    Develop Infrastructure & Operations Policies and Procedures

    • Buy Link or Shortcode: {j2store}452|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $46,324 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Our Advice

    Critical Insight

    • Document what you need to document and forget the rest. Always check to see if you can use a previously approved policy before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.

    Impact and Result

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Develop Infrastructure & Operations Policies and Procedures Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should change your approach to developing Infrastructure & Operations policies and procedures, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify policy and procedure gaps

    Create a prioritized action plan for documentation based on business need.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 1: Identify Policy and Procedure Gaps

    2. Develop policies

    Adapt policy templates to meet your business requirements.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 2: Develop Policies
    • Availability and Capacity Management Policy
    • Business Continuity Management Policy
    • Change Control – Freezes & Risk Evaluation Policy
    • Change Management Policy
    • Configuration Management Policy
    • Firewall Policy
    • Hardware Asset Management Policy
    • IT Triage and Support Policy
    • Release Management Policy
    • Software Asset Management Policy
    • System Maintenance Policy – NIST
    • Internet Acceptable Use Policy

    3. Document effective procedures

    Improve policy adherence and service effectiveness through procedure standardization and documentation.

    • Develop Infrastructure & Operations Policies and Procedures – Phase 3: Document Effective Procedures
    • Capacity Plan Template
    • Change Management Standard Operating Procedure
    • Configuration Management Standard Operation Procedures
    • Incident Management and Service Desk SOP
    • DRP Summary Template
    • Service Desk Standard Operating Procedure
    • HAM Standard Operating Procedures
    • SAM Standard Operating Procedures
    [infographic]

    Further reading

    Develop Infrastructure & Operations Policies and Procedures

    Document what you need to document and forget the rest.

    Table of contents

    Project Rationale

    Project Outlines

    • Phase 1: Identify Policy and Procedure Gaps
    • Phase 2: Develop Policies
    • Phase 3: Document Effective Procedures

    Bibliography

    ANALYST PERSPECTIVE

    Document what you need to document now and forget the rest.

    "Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.

    The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.

    At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."

    (Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)

    Our understanding of the problem

    This Research Is Designed For:

    • Infrastructure Managers
    • Chief Technology Officers
    • IT Security Managers

    This Research Will Help You:

    • Address policy gaps
    • Develop effective procedures and procedure documentation to support policy compliance

    This Research Will Also Assist:

    • Chief Information Officers
    • Enterprise Risk and Compliance Officers
    • Chief Human Resources Officers
    • Systems Administrators and Engineers

    This Research Will Help Them:

    • Understand the importance of a coherent approach to policy development
    • Understand the importance of Infrastructure & Operations policies
    • Support Infrastructure & Operations policy development and enforcement

    Info-Tech Best Practice

    This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.

    Executive Summary

    Situation

    • Time and money are wasted dealing with mistakes or missteps that should have been addressed by procedures or policies.
    • Standard operating procedures are less effective without a policy to provide a clear mandate and direction.

    Complication

    • Existing policies were written, approved, signed – and forgotten for years because no one has time to maintain them.
    • Adhering to policies is rarely a priority, as compliance often feels like an impediment to getting work done.
    • Processes aren’t measured or audited to assess policy compliance, which makes enforcing the policies next to impossible.

    Resolution

    • Start with a comprehensive policy framework to help you identify policy gaps. Prioritize and address those policy gaps.
    • Create effective policies that are reasonable, measurable, auditable, and enforceable.
    • Create and document procedures to support policy changes.

    Info-Tech Insight

    1. Document what you need to document and forget the rest.
      Always check if a previously approved policy exists before you create a new one. You may only need to create new guidelines or standards rather than approve a new policy.
    2. Support policies with documented procedures.
      Build procedures that embed policy adherence in daily operations. Find opportunities to automate policy adherence (e.g. removing local admin rights from user computers).

    What are policies, procedures, and processes?

    A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).

    In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.

    A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.

    Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.

    Visualization of policies, procedures, and processes using pillars. Two separate structures, 'Policy A' and 'Policy B', are each held up by three pillars labelled 'Standards', 'Procedures', and 'Guidelines'. Two lines pass through the pillars of both structures and are each labelled 'Value-creating process'.

    Document to improve governance and operational processes

    Deliver value

    Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.

    Simplify Training

    Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.

    Maintain compliance

    Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.

    Provide transparency

    Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Document what you need to document – and forget the rest

    Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))

    Pie chart with three sections labelled 'Too Many Policies and Procedures 14%', 'Adequate Policies and Procedures 37%', 'Insufficient Policies and Procedures 49%'

    Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))

    Two bar charts labelled 'Policy Adherence' and 'Policy Quality' each with three bars representing 'Too Many Policies and Procedures', 'Insufficient Policies and Procedures', and 'Adequate Policies and Procedures'. The values shown are an average score out of 5. For Policy Adherence: Too Many is 2.4, Insufficient is 2.1, and Adequate is 3.2. For Policy Quality: Too Many is 2.9, Insufficient is 2.6, and Adequate is 4.1.

    77% of IT professionals believe their policies require improvement. (Kaspersky Lab)

    Presenting: A COBIT-aligned policy suite

    We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.

    Policy templates and the related aspects of Info-Tech's IT Management & Governance Framework

    Info-Tech Best Practice

    Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.

    Project outline

    Phases

    1. Identify policy and procedure gaps 2. Develop policies 3. Document effective procedures

    Steps

    • Review and right-size the existing policy set
    • Create an action plan to address policy gaps
    • Modify policy templates and gather feedback
    • Implement, enforce, measure, and maintain new policies
    • Scope and outline procedures
    • Document and maintain procedures

    Outcomes

    Action list of policy and procedure gaps New or updated Infrastructure & Operations policies Procedure documentation

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Accelerate policy development with a Guided Implementation

    Your trusted advisor is just a call away.

    • Identify Policy and Procedure Gaps (Calls 1-2)
      Assess current policies, operational challenges, and gaps. Mitigate significant risks first.
    • Create and Review Policies (Calls 2-4)
      Modify and review policy templates with an Info-Tech analyst.
    • Create and Review Procedures (Calls 4-6)
      Workflow procedures, using templates wherever possible. Review documentation best practices.

    Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 1

    Identify Policy and Procedure Gaps

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.1: Review and right-size the existing policy set

    This step will walk you through the following activities:

    • Identify gaps in your existing policy suite
    • Document challenges to core Infrastructure & Operations processes
    • Identify documentation that can close gaps
    • Prioritize your documentation effort

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: A review of the existing policy suite and identification of opportunities for improvement.
    • Insights: Not all gaps necessarily require a fresh policy. Repurpose, refresh, or supplement existing documentation wherever appropriate.

    Conduct a policy review

    Associated Activity icon 1(a) 30 minutes per policy

    You’ve got time to review your policy suite. Make the most of it.

    1. Start with organizational requirements.
      • What initiatives are on the go? What policies or procedures do you have a mandate to create?
    2. Weed out expired and dated policies.
      • Gather your existing policies. Identify when each one was published or last reviewed.
      • Decide whether to retire, merge, or update expired or obviously dated policy.
    3. Review policy statements.
      • Check that the organization is adequately supporting policy statements with SOPs, standards, and guidelines. Ensure role-related information is up to date.
    4. Document and bring any gaps forward to the next activity. If no action is required, indicate that you have completed a review and submit the findings for approval.

    But they just want one policy...

    A review of your policy suite is good practice, especially when it hasn’t been done for a while. Why?
    • Existing policies may address what you’re trying to do with a new policy. Using or modifying an existing policy avoids overlap and contradiction and saves you the effort required to create, communicate, approve, and maintain a new policy.
    • Review the suite to validate that you’re addressing the most important challenges first.

    Brainstorm improvements for core Infrastructure & Operations processes

    Associated Activity icon 1(b) 1 hour

    Supplement the list of gaps from your policy review with process challenges.

    1. Write out key Infra & Ops–related processes – one piece of flipchart paper per process. You can work through all of these processes or cherry-pick the processes you want to improve first.
    2. With participants, write out in point form how you currently execute on these processes (e.g. for Asset Management, you might be tagging hardware, tracking licenses, etc.)
    3. Work through a “Start – Stop – Continue” exercise. Ask participants: What should we start doing? What must we stop doing? What do we do currently that’s valuable and must continue? Write ideas on sticky notes.
    4. Once you’ve worked through the “Start – Stop – Continue” exercise for all processes, group similar suggestions for improvements.

    Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.

    Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.

    Business Continuity Management: Continue operation of critical business processes and IT services.

    Change Management: Deliver technical changes in a controlled manner.

    Configuration Management: Define and maintain relationships between technical components.

    Problem Management: Identify incident root cause.

    Operations Management: Coordinate operations.

    Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.

    Service Desk: Respond to user requests and all incidents.

    PHASE 1: Identify Policy and Procedure Gaps

    Step 1.2: Create an action plan to address policy gaps

    This step will walk you through the following activities:

    • Identify challenges and gaps that can be addressed via documentation
    • Prioritize high-value, high-risk gaps

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan to tackle policy and procedures gaps, aligned with business requirements and business value.
    • Insights: Not all documentation is equally valuable. Prioritize documentation that delivers value and mitigates risk.

    Support policies with procedures, standards, and guidelines

    Use a working definition for each type of document.

    Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.

    • Standards: Prescriptive, uniform requirements.
    • Procedures: Specific, detailed, step-by-step instructions for completing a task.
    • Guidelines: Non-enforceable, recommended best practices.

    Info-Tech Best Practice

    Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.

    Answer the following questions to decide if governance documentation can help close gaps

    Associated Activity icon 1(c) 30 minutes

    Documentation supports knowledge sharing, process consistency, compliance, and transparency. Ask the following questions:

    1. What is the purpose of the documentation?
      Procedures support task completion. Policies set direction and manage organizational risk.
    2. Should it be enforceable?
      Policies and standards are enforceable; guidelines are not. Procedures are enforceable in that they should support policy enforcement.
    3. What is the scope?
      To document a task, create a procedure. Set overarching rules with policies. Use standards and guidelines to set detailed rules and best practices.
    4. What’s the expected cadence for updates?
      Policies should be revisited and revised less frequently than procedures.

    Info-Tech Best Practice

    Reinvent the wheel? I don’t think so!

    Always check to see if a gap can be addressed with existing tools before drafting a new policy

    • Is there an existing policy that could be supported with new or updated procedures, technical standards, or guidelines?
    • Is there a technical control you can deploy that would enforce the terms of an existing, approved policy?
    • It may be simpler to amend an existing policy instead of creating a new one.

    Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.

    Tackle high-value, high-risk gaps first

    Associated Activity icon 1(d) 30 minutes

    Prioritize your documentation effort.

    1. List each proposed piece of documentation on the board.
    2. Assign a score to the risk posed to the business by the lack of documentation and to the expected benefit of completing the documentation. Use a scoring scale between 1 and 3 such as the one on the right.
    3. Prioritize documentation that mitigates risks and maximizes benefits.
    4. If you need to break ties, consider effort required to develop, implement, and enforce policies or procedures.

    Example Scoring Scale

    Score Business risk of missing documentation Business benefit of value of documentation

    1

    Low: Affects ad hoc activities or non-critical data. Low: Minimal impact.

    2

    Moderate: Impacts productivity or internal goodwill. Moderate: Required periodically; some cross-training opportunities.

    3

    High: Impacts revenue, safety, or external goodwill. High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer.

    Info-Tech Insight

    Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.

    Phase 1: Review accomplishments

    Policy pillars: Standards, Procedures, Guidelines

    Summary of Accomplishments

    • Identified gaps in the existing policy suite and identified pain points in existing Infra & Ops processes.
    • Developed a list of policies and procedures that can address existing gaps and prioritized the documentation effort.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 2

    Develop Policies

    PHASE 2: Develop Policies

    Step 2.1: Modify policy templates and gather feedback

    This step will walk you through the following activities:

    • Modify policy templates

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer

    Results & Insights

    • Results: Your own COBIT-aligned policies built by modifying Info-Tech templates.
    • Insights: Effective policies are easy to read and navigate.

    Write Good-er: Be Clear, Consistent, and Concise

    Effective policies adhere to the three Cs of documentation.

    1. Be clear. Make it as easy as possible for a user to learn how to comply with your policy.
    2. Be consistent. Write policies that complement each other, not contradict each other.
    3. Be concise. Make it as quick and easy as possible to read and understand your policy.

    Info-Tech Best Practice

    To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.

    Use the three Cs: Be Clear

    Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.

    1. Choose a skilled writer. Select a writer who can write clearly and succinctly.
    2. Default to simple language and define key terms. Define scope and key terms upfront. Avoid using technical terms outside of technical documentation; if they’re necessary be sure to define them as well.
    3. Use active, positive language. Where possible, tell people what they can do, not what they can’t.
    4. Keep the structure simple. Complicated documents are less likely to be understood and read. Use short sentences and paragraphs. Lists are a helpful way to summarize important information. Guide your reader through the document with appropriately named section headers, tables of contents, and numeration.
    5. Add a process for handling exceptions. Refer to procedures, standards, and guidelines documentation. Try to keep these links as static as possible. Also, refer to a process for handling exceptions.
    6. Manage the integrity of electronic documents. When published electronically, the policy should have restricted editing access or should be published in a non-editable format. Access to the procedure and policy storage database for employees should be read-only.

    Info-Tech Insight

    Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.

    Use the three Cs: Be Consistent

    Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.

    1. Use standard sentences and paragraphs. Policies are usually expressed in short, standard sentences. Lists should also be used when necessary or appropriate.
    2. Remember the three Ws. When writing a policy, always be sure to clearly state what the rule is, when it should be applied, and who needs to follow it. Policies should clearly define their scope of application and whether directives are mandatory or recommended.
    3. Use an outline format. Using a numbered or outline format will make a document easier to read and will make content easier to look up when referring back to the document at a later time.
    4. Avoid amendments. Avoid the use of information that is quickly outdated and requires regular amendment (e.g. names of people).
    5. Reference a set of supplementary documents. Codify your tactics outside of the policy document, but make reference to them within the text. This makes it easier to ensure consistency in the behavior prescribed by your policies.

    "One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)

    Use the three Cs: Be Concise

    Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?

    1. Be direct. The quicker you get to the point, the easier it is for the reader to interpret and comply with your policy.
    2. Your policy is a rule, not a recipe. Your policy should outline what needs to be accomplished and why – your standards, guidelines, and SOPs address the how.
    3. Keep policies short. Nobody wants to read a huge policy book, so keep your policies short.
    4. Use additional documentation where needed. In addition to making consistency easier, this shortens the length of your policies, making them easier to read.
    5. Policy still too large? Modularize it. If you have an extremely large policy, it’s likely that it’s too widely scoped or that you’re including statements that should be part of procedure documentation. Consider breaking your policy into smaller, focused, more digestible documents.

    "If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    "I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)

    Customize policy documents

    Associated Activity icon 2(a) 1-2 hours per policy

    Use the policies templates to support key Infrastructure & Operations programs.

    INPUT: List of prioritized policies

    OUTPUT: Written policy drafts ready for review

    Materials: Policy templates

    Participants: Policy writer, Signing authority

    No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.

    1. Work through policies from highest to lowest priority as defined in Phase 1.
    2. Follow the instructions written in grey text to customize the policy. Follow the three Cs when you write your policy.
    3. When your draft is finished, prepare to request signoff from your signing authority by reviewing the draft with an Info-Tech analyst.
    4. Complete the highest ranked three or four draft policies. Review all these policies with relevant stakeholders and include all relevant signing authorities in the signoff process.
    5. Rinse and repeat. Iterate until all relevant polices are complete.

    Request, Incident, and Problem Management

    An effective, timely service desk correlates with higher overall end-user satisfaction across all other IT services. (Info-Tech Research Group, 2016 (N=25,998))

    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template.

    Use the following template to create a policy that outlines the goals and mandate for your service and support organization:

    • IT Triage and Support Policy

    Support the program and associated policy statements using Info-Tech’s research:

    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Embrace Standardization

    • Outline the support and service mandate with the policy. Support the policy with the methodology in Info-Tech’s research.
    • Over time, organizations without standardized processes face confusion, redundancies, and cost overruns. Standardization avoids wasting energy and effort building new solutions to solved issues.
    • Standard processes for IT services define repeatable approaches to work and sandbox creative activities.
    • Create tickets for every task and categorize them using a standard classification system. Use the resulting data to support root-cause analysis and long-term trend management.
    • Create a single point of contact for users for all incidents and requests. Escalate and resolve tickets faster.
    • Empower end users and technicians with knowledge bases that help them solve problems without intervention.

    Change, Release, and Patch Management

    Slow turnaround, unauthorized changes, and change-related incidents are all too familiar to many managers.

    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template.

    Use the following templates to create policies that define effective patch, release, and change management:

    • Change Management Policy
    • Release and Patch Management Policy
    • Change Control – Freezes & Risk Evaluation Policy

    Ensure the policy is supported by using the following Info-Tech research:

    • Optimize Change Management

    Embrace Change

    • IT system owners resist change management when they see it as slow and bureaucratic.
    • At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up to date, so preventable conflicts get missed.
    • No process exists to support the identification and deployment of critical security patches. Tracking down users to find a maintenance window takes significant, dedicated effort and intervention from the management team.
    • Create a unified change management process that reduces risk and is balanced in its approach toward deploying changes, while also maintaining throughput of patches, fixes, enhancements, and innovation.

    IT Asset Management (ITAM)

    A proactive, dynamic ITAM program will pay dividends in support, contract management, appropriate provisioning, and more.

    An icon for the 'BAI09 Asset Management' template.

    Start by outlining the requirements for effective asset management:

    • Hardware Asset Management Policy
    • Software Asset Management Policy

    Support ITAM policies with the following Info-Tech research:

    • Implement IT Asset Management

    Leverage Asset Data

    • Create effective, directional policies for your asset management program that provide a mandate for action. Support the policies with robust procedures, capable staff, and right-fit technology solutions.
    • Poor management of assets generally leads to higher costs due to duplicated purchases, early replacement, loss, and so on.
    • Visibility into asset location and ownership improves security and accountability.
    • A centralized repository of asset data supports request fulfilment and incident management.
    • Asset management is an ongoing program, not a one-off project, and must be resourced accordingly. Organizations often implement an asset management program and let it stagnate.

    "Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Business Continuity Management (BCM)

    Streamline the traditional approach to make BCM practical and repeatable.

    An icon for the 'DSS04 DR and Business Continuity' template.

    Set the direction and requirements for effective BCM:

    • Business Continuity Management Policy

    Support the BCM policy with the following Info-Tech research:

    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan

    Build Organizational Resilience

    • Evidence of disaster recovery and business continuity planning is increasingly required to comply with regulations, mitigate business risk, and meet customer demands.
    • IT leaders are often asked to take the lead on business continuity, but overall accountability for business continuity rests with the board of directors, and each business unit must create and maintain its business continuity plan.
    • Set an organizational mandate for BCM with the policy.
    • Divide the business continuity mandate into manageable parcels of work. Follow Info-Tech’s practical methodology to tackle key disaster recovery and business continuity planning activities one at a time.

    Info-Tech Best Practice

    Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.

    Availability, Capacity, and Operations Management

    What was old is new again. Use time-tested techniques to manage and plan cloud capacity and costs.

    An icon for the 'BAI04 Availability and Capacity Management' template. An icon for the 'DSS01 Operations Management' template. An icon for the 'BAI10 Configuration Management' template.

    Set the direction and requirements for effective availability and capacity management:

    • Availability and Capacity Management Policy
    • System Maintenance Policy – NIST

    Support the policy with the following Info-Tech research:

    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook

    Mature Service Delivery

    • Hybrid IT deployments – managing multiple locations, delivery models, and service providers – are the future of IT. Hybrid deployments significantly complicate capacity planning and operations management.
    • Effective operations management practices develop structured processes to automate activities and increase process consistency across the IT organization, ultimately improving IT efficiency.
    • Trying to add mature service delivery can feel like playing whack-a-mole. Systematically improve your service capabilities using the tactical, iterative approach outlined in Improve IT Operations Management.

    Enhance your overall security posture with a defensible, prescriptive policy suite

    Align your security policy suite with NIST Special Publication 800-171.

    Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.

    • Start with a security charter that aligns the security program with organizational objectives.
    • Prioritize security policies that address significant risks.
    • Work with technical and business stakeholders to adapt Info-Tech’s NIST SP 800-171–aligned policy templates (at right) to reflect your organizational objectives.

    A diagram listing all the different elements in a 'Security Charter': 'Access Control', 'Audit & Acc.', 'Awareness and Training', 'Config. Mgmt.', 'Identification and Auth.', 'Incident Response', 'Maintenance', 'Media Protection', 'Personnel Security', 'Physical Protection', 'Risk Assessment', 'Security Assessment', 'System and Comm. Protection', and 'System and Information Integrity'.

    Review and download Info-Tech's blueprint Develop and Deploy Security Policies.

    Info-Tech Best Practice

    Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.

    PHASE 2: Develop Policies

    Step 2.2: Implement, enforce, measure, and maintain new policies

    This step will walk you through the following activities:

    • Gather stakeholder feedback
    • Identify preventive and detective controls
    • Identify required supports
    • Seek policy approval
    • Establish roles and responsibilities for policy maintenance

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Infrastructure Supervisors
    • Technical Writer
    • Policy Stakeholders

    Results & Insights

    • Results: Well-supported policies that have received signoff.
    • Insights: If you’re not prepared to enforce the policy, you might not actually need a policy. Use the policy statements as guidelines or standards, create and implement procedures, and build a culture of compliance. Once you can confidently execute on required controls, seek signoff.

    Gather feedback from users to assess the feasibility of the new policies

    Associated Activity icon 2(b) Review period: 1-2 weeks

    Once the policies are drafted, roundtable the drafts with stakeholders.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    1. Form a test group of users who will be affected by the policy in different ways. Keep the group to around five staff.
    2. Present new policies to the testers. Allow them to read the documents and attempt to comply with the new policies in their daily routines.
    3. Collect feedback from the group.
      • Consider using interviews, email surveys, chat channels, or group discussions.
      • Solicit ideas on how policy statements could be improved or streamlined.
    4. Make reasonable changes to the first draft of the policies before submitting them for approval. Policies will only be followed if they’re realistic and user friendly.

    Info-Tech Best Practice

    Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.

    Develop mechanisms for monitoring and enforcement

    Associated Activity icon 2(c) 20 minutes per policy

    Brainstorm preventive and detective controls.

    INPUT: Draft policies

    OUTPUT: Reviewed policy drafts ready for approval

    Materials: Policy drafts

    Participants: Policy stakeholders

    Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)

    Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)

    Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.

    Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.

    Suggestions:

    1. Have staff sign off on policies. Disclose any monitoring/surveillance.
    2. Ensure consequences match the severity of the infraction. Document infractions and ensure that enforcement is applied consistently across all infractions.
    3. Automatic controls shouldn’t get in the way of people’s ability to do their jobs. Test controls with users before you roll them out widely.

    Support the policy before seeking approval

    A policy is only as strong as its supporting pillars.

    Create Standards

    Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.

    Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.

    Create Guidelines

    If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.

    Create Procedures: We’ll cover procedure development and documentation in Phase 3.

    Info-Tech Insight

    In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.

    Seek approval and communicate the policy

    Policies ultimately need to be accepted by the business.

    • Once the drafts are completed, identify who is in charge of approving the policies.
    • Ensure all stakeholders understand the importance, context, and repercussions of the policies.
    • The approvals process is about appropriate oversight of the drafted policies. For example:
      • Do the policies satisfy compliance and regulatory requirements?
      • Do the policies work with the corporate culture?
      • Do the policies address the underlying need?

    If the draft is rejected:

    • Acquire feedback and make revisions.
    • Resubmit for approval.

    If the draft is approved:

    • Set the effective date and a review date.
    • Begin communication, training, and implementation.
    • Employees must know that there are new policies and understand the steps they must take to comply with the policies in their work.
    • Employees must be able to interpret, understand, and know how to act upon the information they find in the policies.
    • Employees must be informed on where to get help or ask questions and from whom to request policy exceptions.

    "A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)

    Identify policy management roles and responsibilities

    Associated Activity icon 2(d) 30 minutes

    Discuss and assign roles and responsibilities for ongoing policy management.

    Role

    Responsibilities

    Executive sponsor

  • Supports the program at the highest levels of the business, as needed
  • Program lead

  • Leads the Infrastructure & Operations policy management program
  • Identifies and communicates status updates to the executive sponsor and the project team
  • Coordinates business demands and interviews and organizes stakeholders to identify requirements
  • Manages the work team and coordinates policy rollout
  • Policy writer

  • Authors and updates policies based on requirements
  • Coordinates with outsourced editor for completion of written documents
  • IT infrastructure SMEs

  • Provide technical insight into capabilities and limitations of infrastructure systems
  • Provide advice on possible controls that can aid policy rollout, monitoring, and enforcement
  • Legal expert

  • Provides legal advice on the policy’s legal terms and enforceability
  • "Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)

    Phase 2: Review accomplishments

    Effective Policies: Clear, Consistent, and Concise

    An icon for the 'DSS02 Service Desk' template.

    An icon for the 'DSS03 Incident and Problem Management' template.

    An icon for the 'BAI06 Change Management' template.

    An icon for the 'BAI07 Release Management' template.

    An icon for the 'BAI09 Asset Management' template.

    An icon for the 'DSS04 DR and Business Continuity' template.

    An icon for the 'BAI04 Availability and Capacity Management' template.

    An icon for the 'DSS01 Operations Management' template.

    An icon for the 'BAI10 Configuration Management' template.

    Summary of Accomplishments

    • Built priority policies based on templates aligned with the IT Management & Governance Framework and COBIT 5.
    • Reviewed controls and policy supports.
    • Assigned roles and responsibilities for ongoing policy maintenance.

    Develop Infrastructure & Operations Policies and Procedures

    Phase 3

    Document Effective Procedures

    PHASE 3: Document Effective Procedures

    Step 3.1: Scope and outline procedures

    This step will walk you through the following activities:

    • Prioritize SOP documentation
    • Draft workflows using a tabletop exercise
    • Modify templates, as applicable

    This step involves the following participants:

    • Infrastructure & Operations Manager
    • Technical Writer
    • Infrastructure Supervisors

    Results & Insights

    • Results: An action plan for SOP documentation and an outline of procedure workflows.
    • Insights: Don’t let tools get in the way of documentation – low-tech solutions are often the most effective way to build and analyze workflows.

    Prioritize your SOP documentation effort

    Associated Activity icon 3(a) 1-2 hours

    Build SOP documentation that gets used and doesn’t just check a box.

    1. Review the list of procedure gaps from Phase 1. Are any other procedures needed? Are some of the procedures now redundant?
    2. Establish the scope of the proposed procedures. Who are the stakeholders? What policies do they support?
    3. Run a basic prioritization exercise using a three-point scale. Higher scores mean greater risks or greater benefits. Score the risk of the undocumented procedure to the business (e.g. potential effect on data, productivity, goodwill, health and safety, or compliance). Score the benefit to the business of documenting the procedure (e.g. throughput improvements or knowledge transfer).
    4. Different procedures require different formats. Decide on one or more formats that can help you effectively document the procedure:
      • Flowcharts: Depict workflows and decision points. Provide an at-a-glance view that is easy to follow. Can be supported by checklists and diagrams where more detail is required.
      • Checklists: A reminder of what to do, rather than how to do it. Keep instructions brief.
      • Diagrams: Visualize objects, topologies, and connections for reference purposes.
      • Tables: Establish relationships between related categories.
      • Prose: Use full-text instructions where other documentation strategies are insufficient.

    Modify the following Info-Tech templates for larger SOPs

    Support these processes...

    ...with these blueprints...

    ...to create SOPs using these templates.

    An icon for the 'DSS04 DR and Business Continuity' template. Create a Right-Sized Disaster Recovery Plan DRP Summary
    An icon for the 'BAI09 Asset Management' template. Implement IT Asset Management HAM SOP and SAM SOP
    An icon for the 'BAI06 Change Management' template. An icon for the 'BAI07 Release Management' template. Optimize Change Management Change Management SOP
    An icon for the 'DSS02 Service Desk' template. An icon for the 'DSS03 Incident and Problem Management' template. Standardize the Service Desk Service Desk SOP

    Use tabletop planning or whiteboards to draft workflows

    Associated Activity icon 3(b) 30 minutes

    Tabletop planning is a paper-based exercise in which your team walks through a particular process and maps out what happens at each stage.

    OUTPUT: Steps in the current process for one SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    1. For this exercise, choose one particular process to document.
    2. Document each step of the process on cue cards, which can be arranged on the table in sequence.
    3. Be sure to include task ownership in your steps.
    4. Map out the process as it currently happens – we’ll think about how to improve it later.
    5. Keep focused. Stay on task and on time.

    Example:

    • Step 3: PM reviews new defects daily
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority

    Info-Tech Insight

    Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.

    Collaborate to optimize the SOP

    Associated Activity icon 3(c) 30 minutes

    Review the tabletop exercise. What gaps exist in current processes?
    How can the processes be made better? What are the outputs and checkpoints?

    OUTPUT: Identify steps to optimize the SOP

    Materials: Tabletop, pen, and cue cards

    Participants: Process owners, SMEs

    Example:

    • Step 3: PM reviews new defects daily
    • NEW STEP: Schedule 10-minute daily defect reviews with PM and tech leads to evaluate ticket priority
    • Step 4: PM assigns defects to tech leads
    • Step 5: Assigned resource updates status – frequency is based on ticket priority
      • Step 5 Subprocess: Ticket status update
      • Step 5 Output: Ticket status moved to OPEN by assigned resource – acknowledges receipt by assigned resource

    A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.

    If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.

    PHASE 3: Document Effective Procedures

    Step 3.2: Document effective procedures

    This step will walk you through the following activities:

    • Document workflows, checklists, and diagrams
    • Establish a cadence for document review and updates

    This step involves the following participants:

    • Infrastructure Manager
    • Technical Writer

    Results & Insights

    • Results: Improved SOP documentation and document management practices.
    • Insights: It’s possible to keep up with changes if you put the right cues and accountabilities in place. Include document review in project and change management procedures and hold staff accountable for completion.

    Document workflows with flowcharting software

    Suggestions for workflow documentation

    • Whether you draft the workflow on a whiteboard or using cue cards, the first iteration is usually messy. Clean up the flow as you document the results of the exercise.
    • Make the workflow as simple as possible and no simpler. Eliminate any decision points that aren’t strictly necessary to complete the procedure.
    • Use standard flowchart shapes (see next slide).
    • Use links to connect to related documentation.
    • Review the documented workflow with participants.

    Download the following workflow examples:

    Establish flowcharting standards

    If you don’t have existing flowchart standards, then keep it simple and stick to basic flowcharting conventions as described below.

    Basic flowcharting convention: a circle can be used for 'Start, End, and Connector'. Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points.
    Basic flowcharting convention: a rounded rectangle can be used for 'Start and End'. Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes.
    Basic flowcharting convention: a rectangle can be used for 'Process Step'. Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately.
    Basic flowcharting convention: a rectangle with double-line on the ends can be used for 'Subprocess'. Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process).
    Basic flowcharting convention: a diamond can be used for 'Decision'. Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues).
    Basic flowcharting convention: a rectangle with a wavy bottom can be used for 'Document/Report Output'. Document/Report Output: For example, the output from a backup process might include an error log.

    Support workflows with checklists and diagrams

    Diagrams

    • Diagrams are a visual representation of real-world phenomena and the connections between them.
    • Be sure to use standard shapes. Clearly label elements of the diagram. Use standard practices, including titles, dates, authorship, and versioning.
    • IT systems and interconnections are layered. Include physical, logical, protocol, and data flow connections.

    Examples:

    • XMPL Recovery Workflows
    • Workflow Library

    Checklists

    • Checklists are best used as short-form reminders on how to complete a particular task.
    • Remember the audience. If the process will be carried out by technical staff, there’s technical background material you won’t need to spell out in detail.

    Examples:

    • Employee Termination Process Checklist
    • XMPL Systems Recovery Playbook

    Establish a cadence for documentation review and maintenance

    Lock-in the work with strong document management practices.

    • Identify documentation requirements as part of project planning.
    • Require a manager or supervisor to review and approve SOPs.
    • Check documentation status as part of change management.
    • Hold staff accountable for documentation.

    "It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)

    Only a quarter of organizations update SOPs as needed

    A bar chart representing how often organizations update SOPs. Each option has two bars, one representing 'North America', the other representing 'Europe and Asia'. 'Never or rarely' is 11% in North America and 3% in Europe and Asia. 'Ad-hoc approach' is 38% in North America and 28% in Europe and Asia. 'For audits/annual reviews' is 33% in North America and 45% in Europe and Asia. 'As needed/via change management' is 18% in North America and 25% in Europe and Asia. Source: Info-Tech Research Group (N=104)

    Info-Tech Best Practice

    Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.

    Phase 3: Review accomplishments

    Workflow documentation: Cue cards into flowcharts

    Summary of Accomplishments

    • Identified priority procedures for documentation activities.
    • Created procedure documentation in the appropriate format and level of granularity to support Infra & Ops policies.
    • Published and maintained procedure documentation.

    Research contributors and experts

    Carole Fennelly, Owner
    cFennelly Consulting

    Picture of Carole Fennelly, Owner, cFennelly Consulting.

    Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).

    Marko Diepold, IT Audit Manager
    audit2advise

    Picture of Marko Diepold, IT Audit Manager, audit2advise.

    Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.

    Research contributors and experts

    Martin Andenmatten, Founder & Managing Director
    Glenfis AG

    Picture of Martin Andenmatten, Founder and Managing Director, Glenfis AG.

    Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.

    Myles F. Suer, CIO Chat Facilitator
    CIO.com/Dell Boomi

    Picture of Myles F. Suer, CIO Chat Facilitator, CIO.com/Dell Boomi.

    Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.

    Research contributors and experts

    Peter Sheingold, Portfolio Manager
    Cybersecurity, Homeland Security Center, The MITRE Corporation

    Picture of Peter Sheingold, Portfolio Manager, Cybersecurity, Homeland Security Center, The MITRE Corporation.

    Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.

    Robert D. Austin, Professor
    Ivey Business School

    Picture of Robert D. Austin, Professor, Ivey Business School.

    Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.

    Research contributors and experts

    Ron Jones, Director of IT Infrastructure and Service Management
    DATA Communications

    Picture of Ron Jones, Director of IT Infrastructure and Service Management, DATA Communications.

    Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.

    Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations
    University of Chicago

    Picture of Scott Genung, Executive Director of Networking, Infrastructure, and Service Operations, University of Chicago.

    Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.

    Research contributors and experts

    Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant
    Point B

    Picture of Steve Weil, CISSP, CISM, CRISC, Information Security Director, Cybersecurity Principal Consultant, Point B.

    Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.

    Tony J. Read, Senior Program/Project Lead & Interim IT Executive
    Read & Associates

    Picture of Tony J. Read, Senior Program/Project Lead and Interim IT Executive, Read and Associates.

    Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.

    Related Info-Tech research

    • Develop and Deploy Security Policies
    • Develop an Availability and Capacity Management Plan
    • Improve IT Operations Management
    • Develop an IT Infrastructure Services Playbook
    • Create a Right-Sized Disaster Recovery Plan
    • Develop a Business Continuity Plan
    • Implement IT Asset Management
    • Optimize Change Management
    • Standardize the Service Desk
    • Incident and Problem Management
    • Design & Build a User-Facing Service Catalog

    Bibliography

    “About Controls.” Ohio University, ND. Web. 2 Feb 2018.

    England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.

    “Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.

    “Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.

    ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.

    “IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.

    King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.

    Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.

    Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.

    “User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.

    “The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.

    Implement Risk-Based Vulnerability Management

    • Buy Link or Shortcode: {j2store}296|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $122,947 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.
    • Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option itself.

    Our Advice

    Critical Insight

    • Patches are often considered the only answer to vulnerabilities, but these are not always the most suitable solution.
    • Vulnerability management does not equal patch management. It includes identifying and assessing the risk of the vulnerability, and then selecting a remediation option which goes beyond just patching alone.
    • There is more than one way to tackle the problem. Leverage your existing security controls to protect the organization.

    Impact and Result

    • After this blueprint, you will have created a full vulnerability management program that allows you to take a risk-based approach to vulnerability remediation.
    • Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.
    • The risk-based approach allows you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities, while allowing your standard remediation cycle to address the medium to low vulnerabilities.
    • With your program defined and developed, you now need to configure your vulnerability scanning tool, or acquire one if you don’t already have a tool in place.
    • Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    Implement Risk-Based Vulnerability Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design and implement a vulnerability management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Implement Risk-Based Vulnerability Management – Phases 1-4

    1. Identify vulnerability sources

    Begin the project by creating a vulnerability management team and determine how vulnerabilities will be identified through scanners, penetration tests, third-party sources, and incidents.

    • Vulnerability Management SOP Template

    2. Triage vulnerabilities and assign priorities

    Determine how vulnerabilities will be triaged and evaluated based on intrinsic qualities and how they may compromise business functions and data sensitivity.

    • Vulnerability Tracking Tool
    • Vulnerability Management Risk Assessment Tool
    • Vulnerability Management Workflow (Visio)
    • Vulnerability Management Workflow (PDF)

    3. Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available. Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

     

    4. Measure and formalize

    Evolve the program continually by developing metrics and formalizing a policy.

    • Vulnerability Management Policy Template
    • Vulnerability Scanning Tool RFP Template
    • Penetration Test RFP Template

    Infographic

    Workshop: Implement Risk-Based Vulnerability Management

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Vulnerability Sources

    The Purpose

    Establish a common understanding of vulnerability management, and define the roles, scope, and information sources of vulnerability detection.

    Key Benefits Achieved

    Attain visibility on all of the vulnerability information sources, and a common understanding of vulnerability management and its scope.

    Activities

    1.1 Define the scope & boundary of your organization’s security program.

    1.2 Assign responsibility for vulnerability identification and remediation.

    1.3 Develop a monitoring and review process of third-party vulnerability sources.

    1.4 Review incident management and vulnerability management

    Outputs

    Defined scope and boundaries of the IT security program

    Roles and responsibilities defined for member groups

    Process for review of third-party vulnerability sources

    Alignment of vulnerability management program with existing incident management processes

    2 Triage and Prioritize

    The Purpose

    We will examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach and prepare for remediation options.

    Key Benefits Achieved

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Activities

    2.1 Evaluate your identified vulnerabilities.

    2.2 Determine high-level business criticality.

    2.3 Determine your high-level data classifications.

    2.4 Document your defense-in-depth controls.

    2.5 Build a classification scheme to consistently assess impact.

    2.6 Build a classification scheme to consistently assess likelihood.

    Outputs

    Adjusted workflow to reflect your current processes

    List of business operations and their criticality and impact to the business

    Adjusted workflow to reflect your current processes

    List of defense-in-depth controls

    Vulnerability Management Risk Assessment tool formatted to your organization

    Vulnerability Management Risk Assessment tool formatted to your organization

    3 Remediate Vulnerabilities

    The Purpose

    Identifying potential remediation options.

    Developing criteria for each option in regard to when to use and when to avoid.

    Establishing exception procedure for testing and remediation.

    Documenting the implementation of remediation and verification.

    Key Benefits Achieved

    Identifying and selecting the remediation option to be used

    Determining what to do when a patch or update is not available

    Scheduling and executing the remediation activity

    Planning continuous improvement

    Activities

    3.1 Develop risk and remediation action.

    Outputs

    List of remediation options sorted into “when to use” and “when to avoid” lists

    4 Measure and Formalize

    The Purpose

    You will determine what ought to be measured to track the success of your vulnerability management program.

    If you lack a scanning tool this phase will help you determine tool selection.

    Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    Key Benefits Achieved

    Outline of metrics that you can then configure your vulnerability scanning tool to report on.

    Development of an inaugural policy covering vulnerability management.

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Activities

    4.1 Measure your program with metrics, KPIs, and CSFs.

    4.2 Update the vulnerability management policy.

    4.3 Create an RFP for vulnerability scanning tools.

    4.4 Create an RFP for penetration tests.

    Outputs

    List of relevant metrics to track, and the KPIs, CSFs, and business goals for.

    Completed Vulnerability Management Policy

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Completed Request for Proposal (RFP) document that can be distributed to vendor proponents

    Further reading

    Implement Risk-Based Vulnerability Management

    Get off the patching merry-go-round and start mitigating risk!

    Table of Contents

    4 Analyst Perspective

    5 Executive Summary

    6 Common Obstacles

    8 Risk-based approach to vulnerability management

    16 Step 1.1: Vulnerability management defined

    24 Step 1.2: Defining scope and roles

    34 Step 1.3: Cloud considerations for vulnerability management

    33 Step 1.4: Vulnerability detection

    46 Step 2.1: Triage vulnerabilities

    51 Step 2.2: Determine high-level business criticality

    56 Step 2.3: Consider current security posture

    61 Step 2.4: Risk assessment of vulnerabilities

    71 Step 3.1: Assessing remediation options

    Table of Contents

    80 Step 3.2: Scheduling and executing remediation

    85 Step 3.3: Continuous improvement

    89 Step 4.1: Metrics, KPIs, and CSFs

    94 Step 4.2: Vulnerability management policy

    97 Step 4.3: Select & implement a scanning tool

    107 Step 4.4: Penetration testing

    118 Summary of accomplishment

    119 Additional Support

    120 Bibliography

    Analyst Perspective

    Vulnerabilities will always be present. Know the unknowns!

    In this age of discovery, technology changes at such a rapid pace. New things are discovered, both in new technology and in old. The pace of change can often be very confusing as to where to start and what to do.

    The ever-changing nature of technology means that vulnerabilities will always be present. Taking measures to address these completely will consume all your department’s time and resources. That, and your efforts will quickly become stale as new vulnerabilities are uncovered. Besides, what about the systems that simply can’t be patched? The key is to understand the vulnerabilities and the levels of risk they pose to your organization, to prioritize effectively and to look beyond patching.

    A risk-based approach to vulnerability management will ensure you are prioritizing appropriately and protecting the business. Reduce the risk surface!

    Vulnerability management is more than just systems and application patching. It is a full process that includes patching, compensating controls, segmentation, segregation, and heightened diligence in security monitoring.

    Jimmy Tom, Research Advisor – Security, Privacy, Risk, and Compliance, Info-Tech Research Group. Jimmy Tom
    Research Advisor – Security, Privacy, Risk, and Compliance
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Vulnerability scanners, industry alerts, and penetration tests are revealing more and more vulnerabilities, and it is unclear how to manage them.

    Organizations are struggling to prioritize the vulnerabilities for remediation, as there are many factors to consider, including the threat of the vulnerability and the potential remediation option.

    Common Obstacles

    Patches are often seen as the answer to vulnerabilities, but these are not always the most suitable solution.

    Some systems deemed vulnerable simply cannot be patched or easily replaced.

    Companies are unaware of the risk implications that come from leaving the vulnerability open and from the remediation option itself.

    Info-Tech’s Approach

    Design and implement a vulnerability management program that identifies, prioritizes, and remediates vulnerabilities.

    Understand what needs to be considered when implementing remediation options, including patches, configuration changes, and defense-in-depth controls.

    Build a process that is easy to understand and allows vulnerabilities to be remediated proactively, instead of in an ad hoc fashion.

    Info-Tech Insight

    Vulnerability management does not always equal patch management. There is more than one way to tackle the problem, particularly if a system cannot be easily patched or replaced. If a vulnerability cannot be completely remediated, steps to reduce the risk to a tolerable level must be taken.

    Common obstacles

    These barriers make vulnerability management difficult to address for many organizations:
    • The value of vulnerability management is not well articulated in many organizations. As a result, investment in vulnerability scanning technology is often insufficient.
    • Many organizations feel that a “patch everything” approach is the most effective path.
    • Vulnerability management is commonly misunderstood as being a process that only supports patch management.
    • There is often misalignment between SecOps and ITOps in remediation action and priority, affecting the timeliness of remediation.
    CVSS Score Distribution From the National Vulnerability Database: Pie Charts presenting the CVSS Core Distribution for the National Vulnerability Database. The left circle represents 'V3' and the right 'V2', where V3 has an extra option for 'Critical', above 'High', 'Medium', and 'Low', and V2 does not.
    (Source: NIST National Vulnerability Database Dashboard)

    Leverage risk to sort, triage, and prioritize vulnerabilities

    Reduce your risk surface to avoid cost to your business; everything else is table stakes.

    Reduce the critical and high vulnerabilities below the risk threshold and operationalize the remediation of medium/low vulnerabilities by following your effective vulnerability management program cycles.

    Identify vulnerability sources

    An inventory of your scanning tool and vulnerability threat intelligence data sources will help you determine a viable strategy for addressing vulnerabilities. Defining roles and responsibilities ahead of time will ensure you are not left scrambling when dealing with vulnerabilities.

    Triage and prioritize

    Bring the vulnerabilities into context by assessing vulnerabilities based on your security posture and mechanisms and not just what your data sources report. This will allow you to gauge the true urgency of the vulnerabilities based on risk and determine an effective mitigation plan.

    Remediate vulnerabilities

    Address the vulnerabilities based on their level of risk. Patching isn't the only risk mitigation action; some systems simply cannot be patched, but other options are available.

    Reduce the risk down to medium/low levels and engage your regular operational processes to deal with the latter.

    Measure and formalize

    Upon implementation of the program, measure with metrics to ensure that the program is successful. Improve the program with each iteration of vulnerability mitigation to ensure continuous improvement.

    Tactical Insight 1

    All actions to address vulnerabilities should be based on risk and the organization’s established risk tolerance.

    Tactical Insight 2

    Reduce the risk surface down below the risk threshold.

    The industry has shifted to a risk-based approach

    Traditional vulnerability management is no longer viable.

    “For those of us in the vulnerability management space, ensuring that money, resources, and time are strategically spent is both imperative and difficult. Resources are dwindling fast, but the vulnerability problem sure isn’t.” (Kenna Security)

    “Using vulnerability scanners to identify unpatched software is no longer enough. Keeping devices, networks, and digital assets safe takes a much broader, risk-based vulnerability management strategy – one that includes vulnerability assessment and mitigation actions that touch the entire ecosystem.” (Balbix)

    “Unlike legacy vulnerability management, risk-based vulnerability management goes beyond just discovering vulnerabilities. It helps you understand vulnerability risks with threat context and insight into potential business impact.” (Tenable)

    “A common mistake when prioritizing patching is equating a vulnerability’s Common Vulnerability Scoring System (CVSS) score with risk. Although CVSS scores can provide useful insight into the anatomy of a vulnerability and how it might behave if weaponized, they are standardized and thus don’t reflect either of the highly situational variables — namely, weaponization likelihood and potential impact — that factor into the risk the vulnerability poses to an organization.” (SecurityWeek)

    Why a take risk-based approach?

    Vulnerabilities, by the numbers

    60% — In 2019, 60% of breaches were due to unpatched vulnerabilities.

    74% — In the same survey, 74% of survey responses said they cannot take down critical applications and systems to patch them quickly. (Source: SecurityBoulevard, 2019)

    Info-Tech Insight

    Taking a risk-based approach will allow you to focus on mitigating risk, rather than “just patching” your environment.

    The average cost of a breach in 2020 is $3.86 million, and “…the price tag was much less for mature companies and industries and far higher for firms that had lackluster security automation and incident response processes.” (Dark Reading)

    Vulnerability Management

    A risk-based approach

    Reduce the risk surface to avoid cost to your business, everything else is table stakes

    Logo for Info-Tech.
    Logo for #iTRG.

    1

    Identify

    4

    Address

      Mitigate the risk surface by reducing the time across the phases › Mitigate the risk by implementing:
    • patch systems & apps
    • compensating controls
    • systems and apps hardening
    • systems segregation
    Chart presenting an example of 'Risk Surface' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. The area between the line and your organization's risk tolerance is labelled 'Risk Surface'.

    Objective: reduce risk surface by reducing time to address

    Your organization's risk tolerance threshold

      Identify vulnerability management scanning tools & external threat intel sources (Mitre CVE, US-CERT, vendor alerts, etc.) Vulnerability information feeds:
    • scanning tool
    • external threat intel
    • internal threat intel

    2

    Analyze

      Assign actual risk (impact x urgency) to the organization based on current security posture

    Triage based on risk ›

    Your organization's risk tolerance threshold

    Risk tolerance threshold map with axes 'Impact' and 'Likelihood'. High levels of one and low levels of the other, or medium levels of both, is 'Medium', High level of one and Medium levels of the other is 'High', and High levels of both is 'Critical'.

    3

    Assess

      Plan risk mitigation strategy › Consider:
    • risk tolerance
    • compensating controls
    • business impact

    Info-Tech’s vulnerability management methodology

    Focus on developing the most efficient processes.

    Vulnerability management isn’t “old school.”

    The vulnerability management market is relatively mature; however, vulnerability management remains a very relevant and challenging topic.

    Security practitioners are inundated with the advice they need to prioritize their vulnerabilities. Every vulnerability scanning vendor will proclaim their ability to prioritize the identified vulnerabilities.

    Third-party prioritization methodology can’t be effectively applied across all organizations. Each organization is too unique with different constraints. No tool or service can account for these variables.

    Equation to find 'Vulnerability Priority'.

    When patching is not possible, other options exist: configuration changes (hardening), defense-in-depth, compensating controls, and even elevated security monitoring are possible options.

    Info-Tech Insight

    Vulnerability management is not only patch management. Patching is only one aspect.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Vulnerability Management SOP

    The Standard operating procedure (SOP) will comprise the end-to-end description of the program: roles & responsibilities, data flow, and expected outcomes of the program.

    Sample of the key deliverable, Vulnerability Management SOP.
    Vulnerability Management Policy

    Template for your vulnerability management policy.

    Sample of the Vulnerability Management Policy blueprint. Vulnerability Tracking Tool

    This tool offers a template to track vulnerabilities and how they are remedied.

    Sample of the Vulnerability Tracking Tool blueprint.
    Vulnerability Scanning RFP Template

    Request for proposal template for the selection of a vulnerability scanning tool.

    Sample of the Vulnerability Scanning RFP Template blueprint. Vulnerability Risk Assessment Tool

    Methodology to assess vulnerability risk by determining impact and likelihood.

    Sample of the Vulnerability Risk Assessment Tool blueprint.

    Blueprint benefits

    IT Benefits

    • A standardized, consistent methodology to assess, prioritize, and remediate vulnerabilities.
    • A risk-based approach that aligns with what’s important to the business.
    • A way of dealing with the high volumes of vulnerabilities that your scanning tool is reporting.
    • Identification of “where to start” in terms of vulnerability management.
    • Ability to not lose yourself in the patch madness but rather take a sound approach to scheduling and prioritizing patches and updates.
    • Knowledge of what to do when patching is simply not possible or feasible.

    Business Benefits

    • Alignment with IT in ensuring that business processes are only interrupted when absolutely necessary while maintaining a regular cadence of vulnerability remediation.
    • A consistent program that the business can plan around and predict when interruptions will occur.
    • IT’s new approach being integrated with existing IT operations processes, offering the most efficient yet expedient method of dealing with vulnerabilities.

    Info-Tech’s process can save significant financial resources

    Phase Measured Value
    Phase 1: Identify vulnerability sources
      Define the process, scope, roles, vulnerability sources, and current state
      • Consultant at $100 an hour for 16 hours = $1,600
    Phase 2: Triage vulnerabilities and assign urgencies
      Establish triaging and vulnerability evaluation process
      • Consultant at $100 an hour for 16 hours = $1,600
      Determine high-level business criticality and data classifications
      • Consultant at $100 an hour for 40 hours = $4,000
      Assign urgencies to vulnerabilities
      • Consultant at $100 an hour for 8 hours = $800
    Phase 3: Remediate vulnerabilities
      Prepare documentation for the vulnerability process
      • Consultant at $100 an hour for 8 hours = $800
      Establish defense-in-depth modelling
      • Consultant at $100 an hour for 24 hours = $2,400
      Identify remediation options and establish criteria for use
      • Consultant at $100 an hour for 40 hours = $4,000
      Formalize backup and testing procedures, including exceptions
      • Consultant at $100 an hour for 8 hours = $800
      Remediate vulnerabilities and verify
      • Consultant at $100 an hour for 24 hours = $2,400
    Phase 4: Continually improve the vulnerability management process
      Establish a metrics program for vulnerability management
      • Consultant at $100 an hour for 16 hours = $1,600
      Update vulnerability management policy
      • Consultant at $100 an hour for 8 hours = $800
      Develop a vulnerability scanning tool RFP
      • Consultant at $100 an hour for 40 hours = $4,000
      Develop a penetration test RFP
      • Consultant at $100 an hour for 40 hours = $4,000
    Potential financial savings from using Info-Tech resources Phase 1 ($1,600) + Phase 2 ($6,400) + Phase 3 ($10,400) + Phase 4 ($10,400) = $28,800

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Discuss current state and vulnerability sources.

    Call #3: Identify triage methods and business criticality.

    Call #4:Review current defense-in-depth and discuss risk assessment.

    Call #5: Discuss remediation options and scheduling.

    Call #6: Review release and change management and continuous improvement.

    Call #7: Identify metrics, KPIs, and CSFs.

    Call #8: Review vulnerability management policy.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

      Day 1 Day 2 Day 3 Day 4 Day 5
    Activities
    Identify vulnerability sources

    1.1 What is vulnerability management?

    1.2 Define scope and roles

    1.3 Cloud considerations for vulnerability management

    1.4 Vulnerability detection

    Triage and prioritize

    2.1 Triage vulnerabilities

    2.2 Determine high-level business criticality

    2.3 Consider current security posture

    2.4 Risk assessment of vulnerabilities

    Remediate vulnerabilities

    3.1 Assess remediation options

    3.2 Schedule and execute remediation

    3.3 Drive continuous improvement

    Measure and formalize

    4.1 Metrics, KPIs & CSFs

    4.2 Vulnerability Management Policy

    4.3 Select & implement a scanning tool

    4.4 Penetration testing

    Next Steps and Wrap-Up (offsite)

    5.1 Complete in-progress deliverables from previous four days

    5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables
    1. Scope and boundary definition of vulnerability management program
    2. Responsibility assignment for vulnerability identification and remediation
    3. Monitoring and review process of third-party vulnerability sources
    4. Incident management and vulnerability convergence
    1. Methodology for evaluating identified vulnerabilities
    2. Identification of high-level business criticality
    3. Defined high-level data classifications
    4. Documented defense-in-depth controls
    5. Risk assessment criteria for impact and likelihood
    1. Documented risk assessment methodology and remediation options
    1. Defined metrics, key performance indicators (KPIs), and critical success factors (CSFs)
    2. Initial draft of vulnerability management policy
    3. Scanning tool selection criteria
    4. Introduction to penetration testing
    1. Completed vulnerability management standard operating procedure
    2. Defined vulnerability management risk assessment criteria
    3. Vulnerability management policy draft

    Implement Risk-Based Vulnerability Management

    Phase 1

    Identify Vulnerability Sources

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Establish a common understanding of vulnerability management, define the roles, scope, and information sources of vulnerability detection.

    This phase involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Step 1.1

    Vulnerability Management Defined

    Activities

    None for this section

    This step will walk you through the following activities:

    Establish a common understanding of vulnerability management and its place in the IT organization.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Foundational knowledge of vulnerability management in your organization.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    What is vulnerability management?

    It’s more than just patching.

    • Vulnerability management is the regular and ongoing practice of scanning an operating environment to uncover vulnerabilities. These vulnerabilities can be outdated applications, unpatched operating systems and software, open ports, obsolete hardware, or any combination of these.
    • The scanning and detection of vulnerabilities is the first step. Planning and executing of remediation is next, along with the approach, prioritized sequence of events, and timing.
    • A vendor-supplied software patch or firmware update is often the easy answer, however, this is not always a viable solution. What if you can’t patch in a timely fashion? What if patching is not possible as it will break the application and bring down operations? What if no patch exists due to the age of the application or operating platform?

    “Most organizations do not have a formal process for vulnerability management.” (Morey Haber, VP of Technology, BeyondTrust, 2016)

    Effective vulnerability management

    It’s not easy, but it’s much harder without a process in place.
    • Effective vulnerability management requires a formal process for organizations to follow; without one, vulnerabilities are dealt with in an ad hoc fashion.
    • Patching isn’t the only solution, but it’s the one that often draws focus.
    • Responsibilities for the different aspects of vulnerability management are often unclear, such as for testing, remediation, and implementation.
    • Identifying new threats without proper vulnerability scanning tools can be a near-impossible task.
    • Determining which vulnerabilities are most urgent can be an inconsistent process, increasing the organizational risk.
    • Measuring the effectiveness of your vulnerability remediation activities can help you better manage resources in SecOps and ITOps. Your staff will be spending the appropriate effort on vulnerabilities that warrant that level of attention.

    You’re not just doing this for yourself. It’s also for your auditors.

    Many compliance and regulatory obligations require organizations to have thorough documentation of their vulnerability management practices.

    Vulnerability management revolves around your asset security services

    Diagram with 'Asset Security Services' at the center. On either side are 'Network Security Services' and 'Identity Security Services', all three of which flow up into 'Security Analytics | Security Incident Response', and all four share a symbiotic flow with 'Management' below and contribute to 'Mega Trend Mapping' above. Management is supported by 'Governance'. Vulnerabilities can be found primarily within your assets but also connect to your information risk management. These must be effectively managed as part of a holistic security program.

    Without management, vulnerabilities left unattended can be easy for attackers to exploit. It becomes difficult to identify the correct remediation option to mitigate against the vulnerabilities.

    Vulnerability management works in tandem with SecOps and ITOps

    Vulnerability Management Process Inputs/Outputs:
    'Vulnerability Management (Process and Tool)' outputs are 'Incident Management', 'Release Management', 'Change Management', 'IT Asset Management', 'Application Security Testing', 'Threat Intelligence', and 'Security Risk Management'; inputs are 'Vulnerability Disclosure', 'Threat Intelligence', and 'Security Risk Management'.

    Arrows denote direction of information feed

    Vulnerability management serves as the input into a number of processes for remediation, including:
    • Incident management, to deal with issues
    • Release management, for patch management
    • Change management, for change control
    • IT asset management, to track version information, e.g. for patching
    • Application security testing, for the verification of vulnerabilities

    A two-way data flow exists between vulnerability management and:

    • Security risk management, for the overall risk posture of the organization
    • Threat intelligence, as vulnerability management reveals only one of several threat vectors

    For additional information please refer to Info-Tech’s research for each area:

    • Vulnerability management can leverage your existing processes to gain an operational element for the program.
    • As you strive to mature each of the processes on their own, vulnerability management will benefit accordingly.
    • Review our research for each of these areas and speak to one of our analysts if you wish to improve any of the listed processes.

    Info-Tech’s Information Security Program Framework

    Vulnerability management is a component of the Infrastructure Security section of Security Management

    Information Security Framework with Level 1 and Level 2 capabilities in two main sections, 'Management' and 'Governance'. Level 2 capabilities are grouped within Level 1 capabilities. For more information, review our Build an Information Security Strategy blueprint, or speak to one of our analysts.

    Info-Tech Insight

    Vulnerability management is but one piece of the information security puzzle. Ensure that you have all the pieces!

    Case Study

    Logo for Cimpress.
    INDUSTRY: Manufacturing
    SOURCE: Cimpress, 2016

    One organization is seeing immediate benefits by formalizing its vulnerability management program.

    Challenge

    Cimpress was dealing with many challenges in regards to vulnerability management. Vulnerability scanning tools were used, but the reports that were generated often gave multiple vulnerabilities that were seen as critical or high and required many resources to help address them. Scanning was done primarily in an attempt to adhere to PCI compliance rather than to effectively enable security. After re-running some scans, Cimpress saw that some vulnerabilities had existed for an extended time period but were deemed acceptable.

    Solution

    The Director of Information Security realized that there was a need to greatly improve this current process. Guidelines and policies were formalized that communicated when scans should occur and what the expectations for remediations should be. Cimpress also built a tiered approach to prioritize vulnerabilities for remediation that is specific to Cimpress instead of relying on scanning tool reports.

    Results

    Cimpress found better management of the vulnerabilities within its system. There was no pushback to the adoption of the policies, and across the worldwide offices, business units have been proactively trying to understand if there are vulnerabilities. Vulnerability management has been expanded to vendors and is taken into consideration when doing any mergers and acquisitions. Cimpress continues to expand its program for vulnerability management to include application development and vulnerabilities within any existing legacy systems.

    Step 1.2

    Defining the scope and roles

    Activities
    • 1.2.1 Define the scope and boundary of your organization’s security program
    • 1.2.2 Assign responsibility for vulnerability identification and remediation

    This step will walk you through the following activities:

    Define and understand the scope and boundary of the security program. For example, does it include OT? Define roles and responsibilities for vulnerability identification and remediation

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand how far vulnerability management extends and what role each person in IT plays in the remediation of vulnerabilities

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Determine the scope of your security program

    This will help you adjust the depth and breadth of your vulnerability management program.
    • Determining the scope will help you decide how much organizational risk the vulnerability management program will oversee.
    • Scope can be defined along four aspects:
      • Data Scope – What data elements in your organization does your security program cover? How is data classified?
      • Physical Scope – What physical scope, such as geographies, does the security program cover?
      • Organizational Scope – How are business units engaged with security initiatives? Does the scope cover all subsidiary organizations?
      • IT Scope – What parts of the organization does IT cover? Does their coverage include operational technology (OT) and industrial control systems (ICS)?
    Stock image of figures standing in connected circles.

    1.2.1 Define the scope and boundary of your organization’s security program

    60 minutes

    Input: List of Data Scope, Physical Scope, Organization Scope, and IT Scope

    Output: Defined scope and boundaries of the IT security program

    Materials: Whiteboard/Flip Charts, Sticky Notes, Markers, Vulnerability Management SOP Template

    Participants: Business stakeholders, IT leaders, Security team members

    1. On a whiteboard, write the headers: Data Scope, Physical Scope, Organizational Scope, and IT Scope.
    2. Give each group member a handful of sticky notes. Ask them to write down as many items as possible for the organization that could fall under one of the four scope buckets.
    3. In a group, discuss the sticky notes and the rationale for including them. Discuss your security-related locations, data, people, and technologies, and define their scope and boundaries.

    The goal is to identify what your vulnerability management program is responsible for and document it.

    Consider the following:

    How is data being categorized and classified? How are business units engaged with security initiatives? How are IT systems connected to each other? How are physical locations functioning in terms of information security management?

    Download the Vulnerability Management SOP Template

    Assets are part of the scope definition

    An inventory of IT assets is necessary if there is to be effective vulnerability management.

    • Organizations need an up-to-date and comprehensive asset inventory for vulnerability management. This is due to multiple reasons:
      • When vulnerabilities are announced, they will need to be compared to an inventory to determine if the organization has any relevant systems or versions.
      • It indicates where all IT assets can be found both physically and logically.
      • Asset inventories typically have owners assigned to the assets and systems whose responsibility it is to carry out remediations for vulnerabilities.
    • Furthermore, asset inventories can provide insight into where data can be found within the organization. This is extremely useful within a formal data classification program, which plays a large factor in vulnerability management.
    If you need assistance building your asset inventory, review Info-Tech’s Implement Hardware Asset Management and Implement Software Asset Management blueprints.

    Info-Tech Insight

    Create a formal IT asset inventory before continuing with the rest of this project. Otherwise, you risk being at the mercy of a weak vulnerability management program.

    Assign responsibility for vulnerability identification and remediation

    Determine who is critical to effectively detecting and managing vulnerabilities.
    • Some of the remediation steps will involve members of IT management to identify the true organizational risk of a vulnerability.
    • Vulnerability remediation comes in different shapes and sizes. In addition to patching, this can include implementing compensating controls, server and application hardening, or the segregating of vulnerable systems.
      • Who carries out each of these activities? Who coordinates the activities and tracks them to ensure completion?
    • The people involved may be members outside of the security team, such as members from IT operations, infrastructure, and applications. The specific roles that each of these groups play should be clearly identified.
    Stock image of many connected profile photos in a cloud network.

    1.2.2 Assign responsibility for vulnerability identification and remediation

    60 minutes

    Input: Sample list of vulnerabilities and requisite actions from each group, High-level organizational chart with area functions

    Output: Defined set of roles and responsibilities for member groups

    Materials: Vulnerability Management SOP Template

    Participants: CIO, CISO, IT Management representatives for each area of IT

    1. Display the table of responsibilities that need to be assigned.
    2. List all the positions within the IT security team.
    3. Map these to the positions that require IT security team members.
    4. List all positions that are part of the IT team.
    5. Map these to the positions that require IT team members.

    If your organization does not have a dedicated IT security team, you can perform this exercise by mapping the relevant IT staff to the different positions shown on the right.

    Download the Vulnerability Management SOP Template Sample of the Roles and Responsibilities table from the Vulnerability Management SOP Template.

    Step 1.3

    Cloud considerations for vulnerability management

    Activities

    None for this section.

    This step will walk you through the following activities:

    Review cloud considerations for vulnerability management

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Understand the various types of cloud offerings and the implications (and limitations) of vulnerability management in a cloud environment.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Cloud considerations

    Cloud will change your approach to vulnerability management.
    • There will be a heavy dependence on the cloud service provider to ensure that vulnerabilities in their foundational technologies have been addressed.
    • Depending on the level of “as-a-Service,” customers will have varying degrees of control and visibility into the underlying operations.
    • With vendor acquiescence, you can set your tool to scan a given cloud environment, depending on how much visibility you have into their environment based on the service you have purchased.
    • Due to compliance obligations of their customers, there is a growing trend among cloud providers to allow more scanning of cloud environments.
    • In the absence of customer scanning capability, vendors may offer attestation of vulnerability management and remediation.
    Table outlining who has control, between the 'Organization' and the 'Vendor', of different cloud capabilities in different cloud strategies.

    For more information, see Info-Tech Research Group’s Document Your Cloud Strategy blueprint.

    Cloud environment scanning

    Cloud scanning is becoming a more common necessity but still requires special consideration.

    An organization’s cloud environment is just an extension of its own environment. As such, cloud environments need to be scanned for vulnerabilities.

    Private Cloud
    If your organization owns a private cloud, these environments can be tested normally.
    Public Cloud
    Performing vulnerability testing against public, third-party cloud environments is an area experiencing rapid growth and general acceptance, although customer visibility will still be limited.

    In many cases, a customer must rely on the vendor’s assurance that vulnerabilities are being addressed in a sufficient manner.

    Security standards’ compliance requirements are driving the need for cloud suppliers to validate and assure that they are appropriately scanning for and remediating vulnerabilities.

    Infrastructure- or Platform-as-a-Service (IaaS or PaaS) Environments
    • There is a general trend for PaaS and IaaS vendors to allow testing if given due notice.
    • Your contract with the cloud vendor or the vendor’s terms and conditions will outline the permissibility of customer vulnerability scanning. In some cases, a cloud vendor will deny the ability to do vulnerability scanning if they already provide a solution as part of their service.
    • Always ensure that the vendor is aware of your vulnerability scanning activity so that false positives aren’t triggering their security measures as possible denial-of-service (DoS) attacks.
    Software-as-a-Service (SaaS) Environments
    • SaaS offers very limited visibility to the services behind the software that the customer sees. You therefore cannot test for patch levels or vulnerabilities.
    • SaaS customers must rely exclusively on the provider for the regular scanning and remediation of vulnerabilities in the back-end technologies supporting the SaaS application.
    • You can only test the connection points to SaaS environments. This involves trying to figure out what you can see, e.g. looking for encrypted traffic.

    Certain testing (e.g. DoS or load testing) will be very limited by your cloud vendor. Cloud vendors won’t open themselves to testing that would possibly impact their operations.

    Step 1.4

    Vulnerability detection

    Activities
    • 1.4.1 Develop a monitoring and review process of third-party vulnerability sources
    • 1.4.2 Incident management and vulnerability management

    This step will walk you through the following activities:

    Create an inventory of your vulnerability monitoring capability and third-party vulnerability information sources.

    Determine how incident management and vulnerability management interoperate.

    This step involves the following participants:

    • Security operations team
    • IT Security Manager
    • IT Director
    • CISO

    Outcomes of this step

    Catalog of vulnerability information data sources. Understanding of the intersection of incident management and vulnerability management.

    Identify vulnerability sources
    Step 1.1 Step 1.2 Step 1.3 Step 1.4

    Vulnerability detection

    Vulnerabilities can be identified through numerous mediums.

    Info-Tech has determined the following to be the four most common ways to identify vulnerabilities.

    Vulnerability Assessment and Scanning Tools
    • Computer programs that function to identify and assess security vulnerabilities and weaknesses within computers, computer systems, applications, or networks.
    • Using a known vulnerability database, the tool scans targeted hosts or systems to identify flaws and generate reports and recommendations based on the results.
    • There are four main types of tools under this category: network and operating system vulnerability scanners, application scanning and testing tools, web application scanners, and exploitation tools.
    Penetration Tests
    • The act of identifying vulnerabilities on computers, computer systems, applications, or networks followed by testing of the vulnerability to validate the findings.
    • Penetration tests are considered a service that is offered by third-parties in which a variety of products, tools, and methods are used to exploit systems and gain access to data.
    Open Source Monitoring
    • New vulnerabilities are detected daily with each vulnerability’s information being uploaded to an information-sharing platform to enable other organizations to be able to identify the same vulnerability on their systems.
    • Open source platforms are used to alert and distribute information on newly discovered vulnerabilities to security professionals.
    Security Incidents
    • Any time an incident response plan is called into action to mitigate an incident, there should be formal communication with the vulnerability management team.
    • Any IT incident an organization experiences should provide a feed for analysis into your vulnerability management program.

    Automate with a vulnerability scanning tool

    Vulnerabilities are too numerous for manual scanning and detection.
    • Vulnerability management is not only the awareness of the existence of vulnerabilities but that they are actively present in your environment.
    • A vulnerability scanner will usually report dozens, if not hundreds, of vulnerabilities on a regular and recurring basis. Typical IT environments have several dozen, if not hundreds, of servers. We haven’t even considered the amount of network equipment or the hundreds of user workstations in an environment.
    • This tool will give you information of the presence of a vulnerability in your environment and the host on which the vulnerability exists. This includes information on the version of software that contains a vulnerability and whether you are running that version. The tool will also report on the criticality of the vulnerability based on industry criticality ratings.
    • The tools are continually updated by the vendor with the latest definition updates for the latest vulnerabilities out there. This ensures you are always scanning for the greatest number of potential vulnerabilities.
    Automation requires oversight.
    1. Vulnerability scanners bring great automation to the task of scanning and detecting vulnerabilities in high numbers.
    2. Vulnerability scanners, however, do not have your level of intelligence. Any compensating controls, network segregation, or other risk mitigation features that you have in place will not be known by the tool.
    3. Determining the risk and urgency of a vulnerability within the context of your specific environment will still require internal review by you or your SecOps team.

    For guidance on tool selection

    Refer to section 4.3 Selecting and Implement a Scanning Tool in this blueprint.

    Vulnerability scanning tool considerations

    Select a vulnerability scanning tool with the features you need to be effective.
    • Vulnerability scanning tool selection can be an exciting and confusing process. You will need to consider what features you desire in a tool and whether you want the tool to go beyond just scanning and reporting.
    • In addition to vulnerability scanning, some tools will integrate with your IT service management (service desk ticketing system) tool and asset, configuration, and change management modules. This can facilitate the necessary workflow that the remediation process follows once a vulnerability is discovered.
    • A number of vulnerability scanning tool vendors have started offering remediation as part of their software features. This includes the automation and orchestration functionality and configuration and asset management to track its remediation activities.
    • A side benefit of the asset discovery feature in vulnerability scanning tools is that it can help enhance an organization’s asset inventory and license compliance, particularly in cases where end users are able to install software on their workstations.
    Stock photo of a smartphone scanning a barcode.

    For guidance on tool vendors

    Visit SoftwareReviews for information on vulnerability management tools and vendors.

    Vulnerability scanning tool best practices

    How often should scans be performed?

    One-off scans provide snapshots in time. Repeated scans over time provide tracking for how systems are changing and how well patches are being applied and software is being updated.

    The results of a scan (asset inventory, configuration data, and vulnerability data) are basic information needed to understand your security posture. This data needs to be as up to date as possible.

    ANALYST PERSPECTIVE: Organizations should look for continuous scanning

    Continuous scanning is the concept of providing continual scanning of your systems so any asset, configuration, or vulnerability information is up to date. Most vendors will advertise continuous scanning but you need to be skeptical of how this feature is met.

    Continuous Scanning Methods

    Continuous agent scanning

    Real-time scanning that is completed through agent-based scanning. Provides real-time understanding of system changes.

    On-demand scanning

    Cyclical scanning is the method where once you’re done scanning an area, you start it again. This is usually done because doing some scans on some areas of your network take time. How long the scan takes depends on the scan itself. How often you perform a scan depends on how long a scan takes. For example, if a scan takes a day, you perform a daily scan.

    Cloud-based scanning

    Cloud-scanning-as-a-Service can provide hands-free continuous monitoring of your systems. This is usually priced as a subscription model.

    Vulnerability scanning tool best practices

    Where to perform a scan.

    What should be scanned How to point a scanner
    The general idea is that you want to scan pretty much everything. Here are considerations for three environments:
    Mobile Devices

    You need to scan mobile devices for vulnerabilities, but the problem is these can be hard to scan and often come and go on your network. There are always going to be some devices that aren’t on the network when scanning occurs.

    Several ways to scan mobile devices:

    • Intercept the device when it remotes into your network using a VPN. You catch the device with a remote scan. This can only be done if a VPN is required.
    • An agent-based approach can be used for mobile devices. Locally installed software gives the information needed to evaluate the security posture of a device. Discernibly, concerns around device processing, memory, and network bandwidth come into play. Ease of installation becomes key for agents.
    Virtualization
    • In a virtual environment, you will have servers being dynamically spun up. Ensure your tool is able to scan these new servers automatically.
    • Often, vulnerability scanning tool providers will restrict scanning to preapproved scanners. Look for tools that are preapproved by the VM vendors.
    Cloud Environments
    • You can set your tool to scan a given cloud environment. The main concern here is who owns the cloud. If it is a private cloud, there is little concern.
    • If it is a third-party cloud (AWS, Azure, etc.) you need to confirm with the cloud service provider that scanning of your cloud environment can occur.
    • There is a trend to allow more scanning of cloud environments.
    • You need to tell the scanner an IP address, a group of IP addresses, an asset group, or a combination of those.
    • You can categorize by functional classifications – internet-facing servers, workstations, network devices, etc., or by organizational structure – Finance, HR, Legal, etc.
    • If you have a strong change management system, you can better hone when and where to perform a scan based on actual changes.
    • You can set the number of concurrent outbound TCP connections that are being made. For example, set the tool so it sends out to 10 ports at a time, rather than pinging at 64k ports on a machine, which would flood the NIC.
    • Side Note: Flooding a host with pings from a scanning tool can be done to find out DoS thresholds on a machine. There are no bandwidth concerns for a network DoS, however, because the packets are so small.

    Vulnerability scanning tool best practices

    Communication and measurement

    Pre-Scan Communication With Users

    • It is always important to inform owners and users of systems that a scan will be happening.
    • Although it is unlikely any performance issues will arise, it is important to notify end users of potential impact.
    • Local admins or system owners may have controls in place that stop vulnerability scans and you need to inform the owners so that they can safelist the scanner you will be using.
    Vulnerability Scanning Tool Tracking Metrics
    • Vulnerability score by operating system, application, or organization division.
      • This provides a look at the widely accepted severity of the vulnerability as it relates across the organization’s systems.
    • Most vulnerable applications and application version.
      • This provides insight into how outdated applications are creating risk exposure for an organization.
      • This will also provide metrics on the effectiveness of your patching program.
    • Number of assets scanned within the last number of days.
      • This provides visibility into how often your assets are being scanned and thus protected.
    • Number of unowned devices or unapproved applications.
      • This metric will track how many unowned devices or unapproved applications may be on your network. Unowned devices may be rogue devices or just consultant/contractor devices.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Proactively identify new vulnerabilities as they are announced.

    By monitoring for vulnerabilities as they are announced through industry alerts and open-source mechanisms, it is possible to identify vulnerabilities beyond your scanning tool’s penetration tests.

    Common sources:
    • Vendor websites and mailing lists
      • Vendors are the trusted sources for vulnerability and patch information on their products, particularly with new industry vulnerability disclosure requirements. Vendors are the most familiar with their products, downloads are most likely malware free, and additional information is often included.
      • There are some issues: vendors won’t announce a vulnerability until a patch is created, which creates a potential unknown risk exposure; numerous vendor sites will have to be monitored continually.
    • Third-party websites
      • A non-vendor site providing information on vulnerabilities. They often will cover a specific technology or an industry section, becoming a potential “one-stop shop” for some. They will often provide vulnerability information that is augmented with different remediation recommendations faster than vendors.
      • However, it’s more likely that malicious code could be downloaded and it will often not be comprehensive information on patching.
    • Third-party mailing lists, newsgroups, live paid subscriptions, and live open-source feeds
      • These are alerting and notification services for the detection and dissemination of vulnerability information. They provide information on the latest and most critical vulnerabilities, e.g. US-CERT Cybersecurity Alerts.
    • Vulnerability databases
      • These usually consist of dedicated databases on vulnerabilities. They perform the hard work of identifying and aggregating vulnerability and patch information into a central repository for end-user consumption. The commentary features on these databases provide excellent insight for practitioners, e.g. National Vulnerability Database (NVD).
    Stock photo of a student checking a bulletin board.

    Third-party vulnerability information sources

    IT security forums and mailing lists are another source of vulnerability information.

    Third-party sources for vulnerabilities

    • Open Source Vulnerability Database (OSVDB)
      • An open-source database that is run independently of any vendors.
    • Common Vulnerabilities and Exposures (CVE)
      • Free, international dictionary of publicly known information security vulnerabilities and exposures.
    • National Vulnerability Database (NVD)
      • Through NIST, the NVD is the US government’s repository of vulnerabilities and includes product names, flaws, and any impact metrics.
      • The National Checklist Repository Program (NCRP), also provided by NIST, provides security checklists for configurations of operating systems and applications.
      • The Center for Internet Security, a separate entity unrelated to NIST, provides configuration benchmarks that are often referenced by the NCRP.
    • Open Web Application Security Project (OWASP)
      • OWASP is another free project helping to expose vulnerabilities within software.
    • US-CERT National Cyber Alert System (US-CERT Alerts)
      • Cybersecurity Alerts – Provide timely information about current security issues, vulnerabilities, and exploits.
      • Cybersecurity Tips – Provide advice about common security issues for the general public.
      • Cybersecurity Bulletins – Provide weekly summaries of new vulnerabilities. Patch information is provided when available.
    • US-CERT Vulnerability Notes Database (US-CERT Vulnerability Notes)
      • Database of searchable security vulnerabilities that were deemed not critical enough to be covered under US-CERT Alerts. Note that the NVD covers both US-CERT Alerts and US-CERT Notes.
    • Open Vulnerability Assessment Language (OVAL)
      • Coding language for security professionals to discuss vulnerability checking and configuration issues. Vulnerabilities are identified using tests that are disseminated in OVAL definitions (XML executables that can be used by end users).

    1.4.1 Develop a monitoring and review process for third-party vulnerability sources

    60 minutes

    Input: Third-party resources list

    Output: Process for review of third-party vulnerability sources

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, CISO

    1. Identify what third-party resources are useful and relevant.
    2. Shortlist your third-party sources.
    3. Identify what is the best way to receive information from a third party.
    4. Document the method to receive or check information from the third-party source.
    5. Identify who is responsible for maintaining third-party vulnerability information sources
    6. Capture this information in the Vulnerability Management SOP Template.
    Download the Vulnerability Management SOP Template Sample of the Third Party Vulnerability Monitoring tables from the Vulnerability Management SOP Template.

    Incidents and vulnerability management

    Incidents can also be a sources of vulnerabilities.

    When any incident occurs, for example:

    • A security incident, such as malware detected on a machine
    • An IT incident, such as an application becomes unresponsive
    • A crisis occurs, like a worker accident

    There can be underlying vulnerabilities that need to be processed.

    Three Types of IT Incidents exist:
    1. Information Security Incident
    2. IT Incident and/or Problem
    3. Crisis

    Note: You need to have developed your various incident response plans to develop information feeds to the vulnerability mitigation process.
    If you are missing an incident response plan, take a look at Info-Tech’s Related Resources.

    Info-Tech Related Resources:
    If you do not have a formalized information security incident management program, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have a formalized problem management process, take a look at Info-Tech’s blueprint Incident and Problem Management.

    If you do not have a formalized IT incident management process, take a look at Info-Tech’s blueprint Develop and Implement a Security Incident Management Program.

    If you do not have formalized crisis management, take a look at Info-Tech’s blueprint Implement Crisis Management Best Practices.

    1.4.2 Incident management and vulnerability management

    60 minutes

    Input: Existing incident response processes, Existing crisis communications plans

    Output: Alignment of vulnerability management program with existing incident management processes

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    1. Inventory what incident response plans the organization has. These include:
      1. Information Security Incident Response Plan
      2. IT Incident Plan
      3. Problem Management Plan
      4. Crisis Management Plan
    2. Identify what part of those plans contains the post-response recap or final analysis.
    3. Formalize a communication process between the incident response plan and the vulnerability mitigation process.

    Note: Most incident processes will cover some sort of root cause analysis and investigation of the incident. If a vulnerability of any kind is detected within this analysis it needs to be reported on and treated as a detected vulnerability, thus warranting the full vulnerability mitigation process.

    Download the Vulnerability Management SOP Template

    Implement Risk-Based Vulnerability Management

    Phase 2

    Triage & prioritize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    Examine the elements that you will use to triage and analyze vulnerabilities, prioritizing using a risk-based approach, and prepare for remediation options.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Step 2.1

    Triage vulnerabilities

    Activities
    • 2.1.1 Evaluate your identified vulnerabilities

    This step will walk you through the following activities:

    Review your vulnerability information sources and determine a methodology that will be used to consistently evaluate vulnerabilities as your scanning tool alerts you to them.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    A consistent, documented process for the evaluation of vulnerabilities in your environment.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Triaging vulnerabilities

    Use Info-Tech’s methodology to allocate urgencies to your vulnerabilities to assign the appropriate resources to each one.

    When evaluating numerous vulnerabilities, use the following three factors to help determine the urgency of vulnerabilities:

    • The intrinsic qualities of the vulnerability
    • The business criticality of the affected asset
    • The sensitivity of the data stored on the affected asset

    Intrinsic qualities of the vulnerability — Vulnerabilities need to be examined for the inherent risk they pose specifically to the organization, which includes if an exploit has been identified or if the industry views this as a serious and likely threat.

    Business criticality of the affected asset — Assets with vulnerabilities need to be assessed for their criticality to the business. Vulnerabilities on systems that are critical to business operations or customer interactions are usually top of mind.

    Sensitivity of the data of the affected asset — Beyond just the criticality of the business, there must be consideration of the sensitivity of the data that may be compromised or modified as a result of any vulnerabilities.

    Info-Tech Insight

    This methodology allows you to determine urgency of vulnerabilities, but your remediation approach needs to be risk-based, within the context of your organization.

    Triage your vulnerabilities, filter out the noise

    Triaging enables your vulnerability management program to focus on what it should focus on.

    Use the Info-Tech Vulnerability Mitigation Process Template to define how to triage vulnerabilities as they first appear.

    Triaging is an important step in vulnerability management, whether you are facing ten to tens of thousands of vulnerability notifications.
    Many scanning tools already provide the capability to compare known vulnerabilities against existing assets through integration with the asset inventory.

    There are two major use cases for this process:
    1. For organizations that have identified vulnerabilities but do not know their own systems well enough. This can be due to a lack of a formal asset inventory.
    2. For proactive organizations that are regularly staying up to date with industry announcements regarding vulnerabilities. Once an alert has been made publicly, this process can assist in confirming if the vulnerability is relevant to the organization.
    The Info-Tech methodology for initial triaging of vulnerabilities:
    Flowchart of the Info-Tech methodology for initial triaging of vulnerabilities, beginning with 'Vulnerability has been identified' and ending with either 'Vulnerability has been triaged' or 'No action needed'.

    Even if neither of these use cases apply to your organization, triaging still addresses the issues of false positives. Triaging provides a quick way to determine if vulnerabilities are relevant.

    After eliminating the noise, evaluate your vulnerabilities to determine urgency

    Consider the intrinsic risk to the organization.

    Is there an associated, verified exploit?
    • For a vulnerability to become a true threat to the organization, it must be exploited to cause damage. In today’s threat landscape, exploit kits are sold online that allow individuals with low technical knowledge to exploit a vulnerability.
    • Not all vulnerabilities have an associated exploit, but this does not mean that these vulnerabilities can be left alone. In many cases, it is just a matter of time before an exploit is created.
    • Another point to consider is that while exploits can exist theoretically, they may not be verified. Vulnerabilities always pose some level of risk, but if there are no known verified exploits, there is less risk attached.
    Is there a CVSS base score of 7.0 or higher?
    • Common Vulnerability Scoring System (CVSS) is an open-source industry scoring method to assess the potential severity of vulnerabilities.
    • CVSS takes into account: attack vector, complexity, privileges required, user interaction, scope, confidentiality impact, integrity impact, and availability impact.
    • Vulnerabilities that have a score of 4.0 or lower are classified as low vulnerabilities, while scores between 4.0 and 6.9 are put in the medium category. Scores of 7 or higher are in the high and critical categories. As we will review in the Risk Assessment section, you will want to immediately deal with high and critical vulnerabilities.
    Is there potential for significant lateral movement?
    • Even though a vulnerability may appear to be part of an inconsequential asset, it is important to consider whether it can be leveraged to gain access to other areas of the network or system by an attacker.
    • Another consideration should be whether the vulnerability can be exploited by remote or local access. Remote exploits pose a greater risk as this can mean that attackers can perform an exploit from any location. Local exploits carry less risk, although the risk of insider threats should be considered here as well.

    2.1.1 Evaluate your identified vulnerabilities

    60 minutes

    Input: Visio workflow of Info-Tech’s vulnerability management process

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, SecOps team members, ITOps team members, including tiers 1, 2, and 3, CISO, CIO

    Using the criteria from the previous slide, Info-Tech has created a methodology to evaluate your vulnerabilities by examining their intrinsic qualities.

    The methodology categorizes the vulnerabilities into high, medium, and low risk importance categorizations, before assigning final urgency scores in the later steps.

    1. Review the evaluation process in the Vulnerability Management Workflow library.
    2. Determine if this process makes sense for the organization; otherwise, change the flow to include any other considerations of process flows.
    3. As this process is used to evaluate vulnerabilities, document vulnerabilities to an importance category. This can be done in the Vulnerability Tracking Tool or using a similar internal vulnerability tracking document, if one exists.

    Download the Vulnerability Management SOP Template

    Step 2.2

    Determine high-level business criticality

    Activities
    • 2.2.1 Determine high-level business criticality
    • 2.2.2 Determine your high-level data classifications

    This step will walk you through the following activities:

    Determining high-level business criticality and data classifications will help ensure that IT security is aligned with what is critical to the business. This will be very important when decisions are made around vulnerability risk and the urgency of remediation action.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    Understanding and consistency in how business criticality and business data is assessed by IT in the vulnerability management process.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Understanding business criticality is key to determining vulnerability urgency

    Prioritize operations that are truly critical to the operation of the business, and understand how they would be impacted by an exploited vulnerability.

    Use the questions below to help assess which operations are critical for the business to continue functioning.

    For example, email is often thought of as a business-critical operation when this is not always the case. It is important to the business, but as regular operations can continue for some time without it, it would not be considered extremely business critical.

    Questions to ask Description
    Is there a hard-dollar impact from downtime? This refers to when revenue or profits are directly impacted by a business disruption. For example, when an online ordering system is compromised and shut down, it impacts sales, and therefore, revenue.
    Is there an impact on goodwill/ customer trust? If downtime means delays in service delivery or otherwise impacts goodwill, there is an intangible impact on revenue that may make the associated systems mission critical.
    Is regulatory compliance a factor? Depending on the circumstances of the vulnerabilities, it can be a violation of regulatory compliance and would cause significant fines.
    Is there a health or safety risk? Some operations are critical to health and safety. For example, medical organizations have operations that are necessary to ensure that individuals’ health and safety are maintained. An exploited vulnerability that prevents these operations can directly impact the lives of these individuals.
    Don’t start from scratch – your disaster recovery plan (DRP) may have a business impact analysis (BIA) that can provide insight into which applications and operations are considered business critical.

    Analyst Perspective

    When assessing the criticality of business operations, most core business applications may be deemed business critical over the long term.

    Consider instead what the impact is over the first 24 or 48 hours of downtime.

    2.2.1 Determine high-level business criticality

    120 minutes; less time if a Disaster recovery plan business impact analysis exists

    Input: List of business operations, Insight into business operations impacts to the business

    Output: List of business operations and their criticality and impact to the business

    Materials: Vulnerability Management SOP Template

    Participants: Participants from the business, IT Security Manager, CISO, CIO

    1. List your core business operations at a high level.
    2. Use a High, Medium, or Low ranking to prioritize the business operations based on mission-critical criteria and the impact of the vulnerability.
    3. When using the process flow, consider if the vulnerability directly affects any of these business operations and move through the process flow based on the corresponding High, Medium, or Low ranking.
    Example prioritization of business operations for a manufacturing company: Questions to ask:
    1. Is there a hard-dollar impact from downtime?
    2. Is there impact on goodwill or customer trust?
    3. Is regulatory compliance a factor?
    4. Is there a health or safety risk?

    Download the Vulnerability Management SOP Template

    Determine vulnerability urgency by its data classification

    Consider how to classify your data based on if the Confidentiality, Integrity, or Availability (CIA) is compromised.

    To properly classify your data, consider how the confidentiality, integrity, and availability of that data would be affected if it were to be exploited by a vulnerability. Review the table below for an explanation for each objective.
    Confidentiality

    Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information.

    Integrity

    Guarding against improper information modification or destruction, and ensuring information non-repudiation and authenticity.

    Availability

    Ensuring timely and reliable access to and use of information.

    Each piece of data should be ranked as High, medium, or low across confidentiality, integrity, and availability based on adverse effect. Arrow pointing right. Low — Limited adverse effect

    Moderate — Serious adverse effect

    High — Severe or catastrophic adverse effect

    If you wish to build a whole data classification methodology, refer to our Discover and Classify Your Data blueprint.

    How to determine data classification when CIA differs:

    The overall ranking of the data will be impacted by the highest objective’s ranking.

    For example, if confidentiality and availability are low, but integrity is high, the overall impact is high.

    This process was developed in part by Federal Information Processing Standards Publication 199.

    2.2.2 Determine your high-level data classifications

    120 minutes, less time if data classification already exists

    Input: Knowledge of data use and sensitivity

    Output: Adjusted workflow to reflect your current processes, Vulnerability Tracking Tool

    Materials: Whiteboard, Whiteboard markers, Vulnerability Management SOP Template

    Participants: IT Security Manager, CISO, CIO

    If your organization has formal data classification in place, it should be leveraged to determine the high, medium, and low rankings necessary for the process flows. However, if there is no formal data classification in place, the process below can be followed:

    1. List common assets or applications that are prone to vulnerabilities.
    2. Consider the data that is on these devices and provide a high (severe or catastrophic adverse effect), medium (serious adverse effect), or low (limited adverse effect) ranking based on confidentiality, availability, and integrity.
      1. Use the table on the previous slide to assist in providing the ranking.
      2. Remember that it is the highest ranking that dictates the overall ranking of the data.
    3. Document which data belongs in each of the categories to provide contextual evidence.

    Download the Vulnerability Management SOP Template

    This process should be part of your larger data classification program. If you need assistance in building this out, review the Info-Tech research, Discover and Classify Your Data.

    Step 2.3

    Consider current security posture

    Activities
    • 2.3.1 Document your defense-in-depth controls

    This step will walk you through the following activities:

    Your defense-in-depth controls are the existing layers of security technology that protects your environment. These are relevant when considering the urgency and risk of vulnerabilities in your environment, as they will mitigate some of the risk.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Understanding and documentation of your current defense-in-depth controls.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Review your current security posture

    What you have today matters.
    • In most cases, your vulnerability scanning tool alone will not have the context of your security posture in the results of its scans. This can skew the true urgency of detected vulnerabilities in your environment.
    • What you have in place today is what comprises your organization’s overall security posture. This bears high relevance to the determination of the risk that a vulnerability poses to your environment.
    • Elements such as enterprise architecture and defense in depth mechanisms should be factored into determining the risk of a vulnerability and what kind of immediacy is warranted to address it.
    • Details of your current security posture will also contribute to the assessment and selection of remediation options.
    Stock image of toy soldiers split into two colours, facing eachother down.

    Enterprise architecture considerations

    What does your network look like?
    • Most organizations have a network topology that has been put in place with operational needs in mind. These includes specific vLANs or subnets, broadcast domains, or other methods of traffic segregation.
    • The firewall and network ACLs (access control lists) will manage traffic and the routes that data packets follow to traverse a network.
    • Organizations may physically separate data network types, for example, a network for IT services and one for operational technology (OT)(OT is often known as ICS (industrial control systems) or SCADA (supervisory control and data acquisition)) or other types of production technology.
    • The deployment of distribution and access switches across an enterprise can also be a factor, where a flatter network will have fewer network devices within the topology.
    • In a directory services environment such as Windows Active Directory, servers and applications can be segregated by domains and trust relationships, organizational units, and security groups.
    What’s the relevance to vulnerability management?

    For a vulnerability to be exploited, a malicious actor must find a way to access the vulnerable system to make use of the vulnerability in question.

    Any enterprise architecture characteristics that you have in place may lessen the probability of a successful vulnerability exploit.

    This may potentially “buy time” for SecOps to address and remediate the vulnerability.

    Defense-in-depth

    Defense-in-depth provides extra layers of protection to the organization.

    • Defense-in-depth refers to the coordination of security controls to add layers of security to the organization.
      • This means that even if attackers are able to get past one control or layer, they are hindered by additional security.
    • Defense-in-depth is distinct from the previous section on enterprise architecture as these are security controls put in place with the purpose of being lines of defense within your security posture.
    • This can be extremely useful in managing vulnerabilities; thus, it is important to establish the existing defense-in-depth controls. By establishing the base model for your defense-in-depth, it will allow you to leverage these controls to manage vulnerabilities.
    • Controls are typically distributed across endpoints, network infrastructure, servers, and physical security.

    Note: Defense-in-depth controls do not entirely mitigate vulnerability risk. They provide a way in which the vulnerability cannot be exploited, but it continues to exist on the application. This must be kept in mind as the controls or applications themselves change, as it can re-open the vulnerability and cause potential problems.

    Examples of defense-in-depth controls can consist of any of the following:
    • Antivirus software
    • Authentication security
    • Multi-factor authentication
    • Firewalls
    • Demilitarized zones (DMZ)
    • Sandboxing
    • Network zoning
    • Application whitelisting
    • Access control lists
    • Intrusion detection & prevention systems
    • Airgapping
    • User security awareness training

    2.3.1 Document your defense-in-depth controls

    2 hours, less time if a security services catalog exists

    Input: List of technologies within your environment, List of IT security controls that are in place

    Output: List of defense-in-depth controls

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, Infrastructure Manager, IT Director, CISO

    1. Document the existing defense-in-depth controls within your system.
    2. Review the initial list that has been provided and see if these are controls that currently exist.
    3. Indicate any other controls that are being used by the organization. This may already exist if you have a security services catalog.
    4. Indicate who the owners of the different controls are.
    5. Track the information in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Sample table of security controls within a Defense-in-depth model with column headers 'Defense-in-depth control', 'Description', 'Workflow', and 'Control Owner'.

    Step 2.4

    Risk assessment of vulnerabilities

    Activities
    • 2.4.1 Build a classification scheme to consistently assess impact
    • 2.4.2 Build a classification scheme to consistently assess likelihood

    This step will walk you through the following activities:

    Assessing risk will be the cornerstone of how you evaluate vulnerabilities and what priority you place on remediation. This is actual risk to the organization and not simply what the tool reports without the context of your defense-in-depth controls.

    This step involves the following participants:

    • IT Security Manager
    • IT Operations Management
    • CISO
    • CIO

    Outcomes of this step

    A risk matrix tailored to your organization, based on impact and likelihood. This will provide a consistent, unambiguous way to assess risk across the vulnerability types that is reported by your scanning tool.

    Triage & prioritize
    Step 2.1 Step 2.2 Step 2.3 Step 2.4

    Vulnerabilities and risk

    Vulnerabilities must be addressed to mitigate risk to the business.
    • Vulnerabilities are a concern because they are potential threats to the business. Vulnerabilities that are not addressed can turn from potential threats into actual threats; it is only a matter of time and opportunity.
    • Your organization will already be familiar with risk management, as every decision carries a business risk component. There may even be a senior manager assigned as corporate risk officer to manage organizational risk.
    • The organization likely has a risk tolerance level that defines the organization’s risk appetite. This may be measured in dollars, non-productivity time, or other units of inefficiency.
    • The risk of a vulnerability can be calculated using impact and likelihood. Impact is the effect that the vulnerability will have if it is exploited by a malicious actor. Likelihood is the degree to which a vulnerability exploit can possibly occur.
    Stock image of a cartoon character in a tie hanging on the needle of a 'RISK' meter as it sits at 'LOW'.

    Info-Tech Insight

    Risk to the organization is business language that everyone can understand. This is particularly true when the risk is to productivity or to the company’s bottom line.

    A risk-based approach to vulnerability management

    CVSS scores are just the starting point!

    Vulnerabilities are constant.
    • There will always be vulnerabilities in the environment, many of which won’t be reported as they are currently unknown.
    • Don’t focus on trying to resolve all vulnerabilities in your environment. You are neither resourced for it nor can the business tolerate the downtime needed to remediate every single vulnerability.
      • The constant follow of new vulnerabilities will quickly render your efforts useless and it will become a game of “whack-a-mole.”
    • Being able to prioritize which vulnerabilities require appropriate levels of response is crucial to ensuring that an organization stays ahead of the continual flow.
    • Your vulnerability scanning tool will report the severity of a vulnerability, often using an industry Common Vulnerability Scoring System (CVSS) system ranging from 0 to 10. It will then scan your environment for the presence of the vulnerability and report accordingly.
      • Your vulnerability scanning tool will not be aware of any mitigation components in your environment, such as compensating controls, network segregation, server/application hardening, or any other measures that can reduce the risk. That is why determining actual risk is a crucial step.

    Stock image of a whack-a-mole game.

    Info-Tech Insight

    Vulnerability scanning is a valuable function, but it does not tell the full picture. You must determine how urgent a vulnerability truly is, based on your specific environment.

    Prioritize remediation by levels of risk

    Address critical and high risk with high immediacy.

    • Addressing the critical and high-risk vulnerabilities with urgency will ensure that you are addressing a more manageable number of vulnerabilities.
    • An optimized vulnerability management process will address the medium and low risk vulnerabilities within the regular cycle.
    • This may be very similar to what you do today in an ad hoc fashion:
      • Zero-day vulnerabilities tend to warrant a stop in operations and are dealt with immediately (or as soon as a vendor has a fix).
      • The standard remediation process (patching/updating, change of configuration, etc.) happens within a regular controlled time cycle.
    • Formalizing this process will ensure that appropriate attention is given to vulnerabilities that warrant it and that the remaining vulnerabilities are dealt with as a regular, recurring activity.

    Mitigate the risk surface by reducing the time across the phases

    Chart titled 'Mitigate the risk surface by reducing the time across the phases' with the axes 'Risk Level' and 'Time' with lines created by individual risks. The highlighted line begins in 'Critical' and eventually drops to low. A note on the line reads 'Objective: Reduce risk surface by reducing time to address'. The area between the line and your organization's risk tolerance is labelled 'Risk Surface, to be addressed with high priority'. A bracket around Risk levels 'High' and 'Critical' reads 'Priority focus zone (risk surface)'. Risk lines within levels 'Low' and 'Medium' read 'Follow standard vulnerability management cycles'.

    Risk matrix

    Risk = Impact x Likelihood
    • Info-Tech’s Vulnerability Management Risk Assessment Tool provides a method of calculating the risk of a vulnerability. The risk rating is assigned using the impact of the risk and the likelihood or probability that the event may occur.
    • The tool puts the vulnerability into your organization’s context: How many people will be affected? What service types are vulnerable and how does that impact the business? Is there an anticipated update from the vendor of the system being affected?
    • Urgency of remediation should be based on the business consequences if the vulnerability were to be exploited, relative to the business’ risk tolerance.

    Info-Tech Insight

    Risk determination should be done within the context of your current environment and not simply based on what your vulnerability tool is reporting.

    A risk matrix is useful in calculating a risk rating for vulnerabilities. Risk matrix with axes 'Impact' and 'Time' and individual vulnerabilities mapped onto it via their risk rating. The example 'Organizational Risk Tolerance Threshold' line runs diagonally through the 'Medium' squares.

    2.4.1 Build a classification scheme to consistently assess impact

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Impact. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', 'Network vulnerability', and 'Vendor patch release'.

    2.4.2 Build a classification scheme to consistently assess likelihood

    60 minutes

    Input: Knowledge of IT environment, Knowledge of business impact for each IT component or service

    Output: Vulnerability Management Risk Assessment Tool formatted to your organization

    Materials: Vulnerability Management Risk Assessment Tool

    Participants: Functional Area Managers, IT Security Manager, CISO

    Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and the severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.

    1. Define a set of questions to measure risk impact or edit existing questions in the tool.
    2. For each question, assign a weight that should be placed on that factor.
    3. Define criteria for each question that would categorize the risk. The drop-down box content can be modified in the hidden Labels tab.

    Note that you are looking to baseline vulnerability types, rather than categorizing every single vulnerability that your scanning tool reports. The volume of vulnerabilities will be high, but vulnerabilities can be categorized into types on a regular basis.

    Download the Vulnerability Management Risk Assessment Tool

    Screenshot of table from Info-Tech's Vulnerability Management Risk Assessment Tool for assessing Likelihood. Column headers are 'Weight', 'Question', 'OS vulnerability', 'Application vulnerability', and 'Network vulnerability'.

    Prioritize based on risk

    Select the best remediation option to minimize risk.

    Through the combination of the identified risk and remediation steps in this phase, the prioritization for vulnerabilities will become clear. Vulnerabilities will be assigned a priority once their intrinsic qualities and threat potential to business function and data have been identified.

    • Remediation options will be identified for the higher urgency vulnerabilities.
    • Options will be assessed for whether they are appropriate.
    • They will be further tested to determine if they can be used adequately prior to full implementation.
    • Based on the assessments, the remediation will be implemented or another option will be considered.
    Prioritization
    1. Assignment of risk
    2. Identification of remediation options
    3. Assessment of options
    4. Implementation

    Remediation plays an incredibly important role in the entire program. It plays a large part in wider risk management when you must consider the risk of the vulnerability, the risk of the remediation option, and the risk associated with the overall process.

    Implement Risk-Based Vulnerability Management

    Phase 3

    Remediate vulnerabilities

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • Identifying potential remediation options.
    • Developing criteria for each option with regards to when to use and when to avoid.
    • Establishing exception procedure for testing and remediation.
    • Documenting the implementation of remediations and verification.

    This phase involves the following participants:

    • CISO, or equivalent
    • Security Manager/Analyst
    • Network, Administrator, System, Database Manager
    • Other members of the vulnerability management team
    • Risk managers for the risk-related steps

    Determining how to remediate

    Patching is only one option.

    This phase will allow organizations to build out the specific processes for remediating vulnerabilities. The overall process will be the same but what will be critical is the identification of the correct material. This includes building the processes around:
    • Identifying and selecting the remediation option to be used.
    • Determining what to do when a patch or update is not available.
    • Scheduling and executing the remediation activity.
    • Continuous improvement.

    Each remediation option carries a different level of risk that the organization needs to consider and accept by building out this program.

    It is necessary to be prepared to do this in real time. Careful documentation is needed when dealing with vulnerabilities. Use the Vulnerability Tracking Tool to assist with documentation in real time. This is separate from using the process template but can assist in the documentation of vulnerabilities.

    Step 3.1

    Assessing remediation options

    Activities
    • 3.1.1 Develop risk and remediation action

    This step will walk you through the following activities:

    With the risk assessment from the previous activity, we can now examine remediation options and make a decision. This activity will guide us through that.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    List of remediation options and criteria on when to consider each.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Identify remediation options

    There are four options when it comes to vulnerability remediation.

    Patches and Updates

    Patches are software or pieces of code that are meant to close vulnerabilities or provide fixes to any bugs within existing software. These are typically provided by the vendor to ensure that any deployed software is properly protected after vulnerabilities have been detected.

    Configuration Changes

    Configuration changes involve administrators making significant changes to the system or network to remediate against the vulnerability. This can include disabling the vulnerable application or specific element and can even extend to removing the application altogether.

    Remediation

    Compensating Controls

    By leveraging security controls, such as your IDS/IPS, firewalls, or access control, organizations can have an added layer of protection against vulnerabilities beyond the typical patches and configuration changes. This can be used as a measure while waiting to implement another option (if one exists) to reduce the risk of the vulnerability in the short or long term.

    Risk Acceptance

    Whenever a vulnerability is not remediated, either indefinitely or for a short period of time, the organization is accepting the associated risk. Segregation of the vulnerable system can occur in this instance. This can occur in cases where a system or application cannot be updated without detrimental effect to the business.

    Patches and updates

    Patches are often the easiest and most common method of remediation.

    Patches are usually the most desirable remediation solution when it comes to vulnerability management. They are typically provided by the vendor of the vulnerable application or system and are meant to eliminate the existing vulnerability.

    When to use

    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching for the affected systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.

    When to avoid

    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches, which is often the case for critical systems.
    When to consider other remediation options
    • For critical systems, it can be difficult to implement a patch as they often require the system to be rebooted or go through some downtime. There must be consideration towards whether there is a change window approaching if a patch is to be implemented on a business-critical system.
      • If there is no opportunity to implement the patch, or no approaching change window, it is wise to leverage another remediation option.
    • When patches are not currently available from the vendor or they are in production, other remediation options are needed.
    • Other remediation options can be used in tandem with the patch. For example, if a patch is being deferred until the change window, it would be wise to use alternate remediation options to close the vulnerability.

    Compensating controls

    Compensating controls can decrease the risk of vulnerabilities that cannot be (immediately) remediated.

    • Compensating controls are measures put in place when direct remediation measures are impractical or non-existent.
    • Similar to the payment card industry’s PCI DSS 1.0 provision of compensating controls, these are meant to meet the intent or rigor of the original requirement; unlike PCI DSS, these measures are to mitigate risk rather than meet compliance.
    • The compensating control should be viewed as only a temporary measure for dealing with a vulnerability, although circumstances may dictate a degree of permanence in the application of the compensating control.
    • Examples where compensating controls may be needed are:
      • The software vendor is developing an update or patch to address a vulnerability.
      • Through your testing process, a patch will adversely affect the performance or operation of the target system and be detrimental to the business.
      • A critical application will only run on a legacy operating system, the latter of which is no longer supported by the vendor.
      • A legacy application is no longer being supported but is critical to your operations. A replacement, if one exists, will take time to implement.
    Examples of compensating controls
    • Segregating a vulnerable server or application on the network, physically or logically.
    • Hardening the operating system or application.
    • Restricting user logins to the system or application.
    • Implementing access controls on the network route to the system.
    • Instituting application whitelisting.

    Configuration changes

    Configuration changes involve making changes directly to the application or system in which there is a vulnerability. This can vary from disabling or removing the vulnerable element or, in the case of applications built in-house, changing the coding of the application itself. These are commonly used in network vulnerabilities such as open ports.

    When to use

    • A patch is not available.
    • The vulnerable element can be significantly changed, or even disabled, without significantly disrupting the business.
    • The application is built in-house, as the vulnerability must be closed internally.
    • There is adequate testing to ensure that the configuration change does not affect the business.
    • A configuration change in your network or system can affect numerous endpoints or systems, reducing endpoint patching or use of defense-in-depth controls.

    When to avoid

    • When a suitable patch is available.
    • When the vulnerability is on a business-critical element with no nearby change window or it cannot be disabled.
    • When there is no opportunity in which to perform testing to ensure that there are no unintended consequences.
    When to consider other remediation options
    • Configuration changes require careful documentation as changes are occurring to the system and applications. If there is a need to perform a back-out process and return to the original configuration, this can be extremely difficult without clear documentation of what occurred.
    • If business systems are too critical or important to the regular business function to perform any changes, it is necessary to consider other options.

    Info-Tech Insight

    Remember your existing processes: configuration changes may need to be approved and orchestrated through your organization’s configuration and change management processes.

    Case Study

    Remediation options do not have to be used separately. Use the Shellshock 2014 case as an example.

     
    INDUSTRY: All
    SOURCE: Public Domain
    Challenge

    Bashdoor, more commonly known as Shellshock, was announced on September 24, 2014.

    This bug involved the Bash shell, which normally executes user commands, but this vulnerability meant that malicious attackers could exploit it.

    This was rated a 10/10 by CVSS – the highest possible score.

    Within hours of the announcement, hackers began to exploit this vulnerability across many organizations.

    Solution

    Organizations had to react quickly and multiple remediation options were identified:

    • Configuration changes – Companies were recommended to use other shells instead of the Bash shell.
    • Defense-in-depth controls – Using HTTP server logs, it could be possible to identify if the vulnerability had been exploited.
    • Patches – Many vendors released patches to close this vulnerability including Debian, Ubuntu, and Red Hat.
    Results

    Companies began to protect themselves against these vulnerabilities.

    While many organizations installed patches as quickly as possible, some also wished to test the patch and leveraged defense-in-depth controls in the interim.

    However, even today, many still have the Shellshock vulnerability and exploits continue to occur.

    Accept the risk and do nothing

    By choosing not to remediate vulnerabilities, you must accept the associated risk. This should be your very last option.

    Every time that a vulnerability is not remediated, it continues to pose a risk to the organization. While it may seem that every vulnerability needs to be remediated, this is simply not possible due to limited resources. Further, it can take away resources from other security initiatives as opposed to low-priority vulnerabilities that are extremely unlikely to be exploited.

    Common criteria for vulnerabilities that are not remediated:
    • Affected systems are of extremely low criticality.
    • Affected systems are deemed too critical to take offline to perform adequate remediation.
    • Low urgency is assigned to those vulnerabilities.
    • Cost and time required for the remediation are too high.
    • No adequate solutions exist – the vendor has not released a patch, there are weak defense-in-depth controls, and it is not possible to perform a configuration change.

    Risk acceptance is not uncommon…

    • With an ever-increasing number of vulnerabilities, organizations are struggling to keep up and often, intentionally or unintentionally, accept the risk associated.
    • In the end, non-remediation means full acceptance of the risk and any consequences.

    Enterprise risk management
    Arrow pointing up.
    Risk acceptance of vulnerabilities

    While these are common criteria, they must be aligned to the enterprise risk management framework and approved by management.

    Don’t forget the variables that were assessed in Phase 2. This includes the risk from potential lateral movement or if there is an existing exploit.

    Risk considerations

    When determining if risk acceptance is appropriate, consider the cost of not mitigating vulnerabilities.

    Don’t accept the risk because it seems easy. Consider the financial impact of leaving vulnerabilities open.

    With risk acceptance, it is important to review the financial impact of a security incident resulting from that vulnerability. There is always the possibility of exploitation for vulnerabilities. A simple metric taken from NIST SP800-40 to use for this is:

    Cost not to mitigate = W * T * R

    Where (W) is the number of work stations, (T) is the time spent fixing systems or lost in productivity, and (R) is the hourly rate of the time spent.

    As an example provided by NIST SP800-40 Version 2.0, Creating a Patch and Vulnerability Management Program:

    “For an organization where there are 1,000 computers to be fixed, each taking an average of 8 hours of down time (4 hours for one worker to rebuild a system, plus 4 hours the computer owner is without a computer to do work) at a rate of $70/hour for wages and benefits:

    1,000 computers * 8 hours * $70/hour = $560,000”

    Info-Tech Insight

    Always consider the financial impact that can occur from an exploited vulnerability that was not remediated.

    3.1.1 Develop risk and remediation action

    90 minutes

    Input: List of remediation options

    Output: List of remediation options sorted into “when to use” and “when to avoid” lists

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT Infrastructure Manager, IT Operations Manager, Corporate Risk Officer, CISO

    It is important to define and document your organization-specific criteria for when a remediation option is appropriate and inappropriate.

    1. List each remediation option on a flip chart and create two headings: “When to use” and “When to avoid.”
    2. Each person will list “when to use” criteria on a green sticky note and “when to avoid” criteria on a red one for each option; these will be placed on the appropriate flip chart.
    3. Discuss as a group which criteria are appropriate and which should be removed.
    4. Move on to the next remediation option when completed.
      • Ensure to include when there are remediation options that will be connected. For example, the risk may be accepted until the next available change window, or a defense-in-depth control is used before a patch can be fully installed.
    5. Once the criteria has been established, document this in the Vulnerability Management SOP Template.
    When to use:
    • When adequate testing can be performed on the patch to be implemented.
    • When there is a change window approaching, especially for critical systems.
    • When there is standardization across the IT assets to allow for easier installation of patches.
    When to avoid:
    • When the patch cannot be adequately tested.
    • When a patch has been tested, but it has caused an unfavorable consequence such as a system or application failure.
    • When there is no near change window in which to install the patches.
    (Example from the Vulnerability Management SOP Template for Patches.)

    Download the Vulnerability Management SOP Template

    Step 3.2

    Scheduling and executing remediation

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although there are no specific activities for this section, it will walk you through your existing processes configuration and change management to ensure that you are leveraging those activities in your vulnerability remediation actions.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    Gained understanding of how IT operations processes configuration and change management can be leveraged for the vulnerability remediation process. Don’t reinvent the wheel!

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Implementing the remediation

    Vulnerability management converges with your IT operations functions.
    • Once a remediation strategy has been formulated, you can leverage your release and change management processes to orchestrate the testing, version tracking, scheduling, approval, and implementation activities.
    • Each of these processes should exist in your environment in some form. Leveraging these will engage the IT operations team to carry out their tasks in the remediation process.
    • There can be a partial or full handoff to these processes, however, the owner of the vulnerability management program is responsible for verifying the application of the remediation measure and that the overall risk has been reduced.
    • Although full blueprints exist that cover each of these processes in great detail, the following slides provide an overview of each of these IT operations processes and how they intersect with vulnerability management.
    Stock image of a person on a laptop overlaid by an icon with gears indicating settings.

    Release Management

    Control the quality of deployments and releases of software updates.

    • The release management process exists to ensure that new software releases (such as patches and updates) are properly tested and documented with version control prior to their implementation into the production environment.
    • The process should map out the logistics of the deployment process to ensure that it is consistent and controlled.
    • Testing is an important part of release management and the urgency of a vulnerability remediation operation can expedite this process to ensure minimal delays. Once testing has been completed successfully, the update is then “promoted” to production-ready status and submitted into the change management process.
    • Often a separate release team may not exist, however, release management still occurs.

    For guidance on implementing or improving your release management process, refer to Info-Tech’s Stabilize Release and Deployment Management blueprint or speak to one of our experts.

    Info-Tech Insight

    Many organizations don’t have a separate release team. Rather, whomever is doing the deployment will submit a change request and the testing details are vetted through the organization’s change management process.

    For guidance on the change management process review our Optimize Change Management blueprint.

    Change Management

    Leverage change control, interruption management, approval, and scheduling.
    • Change management likely exists in some shape or form in your organization. There is usually someone or a committee, such as a change advisory board (CAB), that gives approval for a change.
    • Leveraging the change management process will ensure that your vulnerability remediation has undergone the proper review and approval before implementation. There will usually be business sign-off as part of a change management approval process.
    • Communication will also be integrated in the change management process, so the change manager will ensure that appropriate, timely communications are sent to the proper key stakeholders.
    • The change management process will link to release management and configuration management processes if they exist.

    For further guidance on implementing or improving your change management process, refer to Info-Tech’s Optimize Change Management blueprint or speak to one of our experts.

    “With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” (VP IT, Federal Credit Union)

    Post-implementation activities

    Vulnerability remediation isn’t a “set it and forget it” activity.
    • Once vulnerability remediation has occurred, it is imperative that the results are reported back to the vulnerability management program manager. This ensures that the loop is closed and the tracking of the remediation activity is done properly.
      • Organizations that are subject to audit by external entities will understand the importance of such documentation.
    • The results of post-implementation review from the change management process will be of great interest, particularly if there was any deviation from the planned activities.
    • Although change execution will usually undergo some form of testing during the maintenance window, there is always the possibility that something has broken as a result of the software update. Be quick to respond to these types of incidents!
      • One example of an issue that is near impossible to test during a maintenance window is one that manifests only when the system or software comes under load. This is what makes for busy Monday mornings after a weekend change window.
    A scan with your vulnerability management software after remediation can be a way to verify that the overall risk has been reduced, if remediation was done by way of patching/updates.

    Info-Tech Insight

    After every change completion, whether due to vulnerability remediation or not, it is a good idea to ensure that your infrastructure team increases its monitoring diligence and that your service desk is ready for any sudden influx of end-user calls.

    Step 3.3

    Continuous improvement

    Activities

    None for this section.

    This step will walk you through the following activities:

    Although this section has no activities, it will review the process by which you may continually improve vulnerability management.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • ITOps team members, including tiers 1, 2, and 3
    • CISO
    • CIO

    Outcomes of this step

    An understanding of the importance of ongoing improvements to the vulnerability management program.

    Remediate vulnerabilities
    Step 3.1 Step 3.2 Step 3.3

    Drive continuous improvement

    • Also known as “Continual Improvement” within the ITIL best practice framework.
    • Your vulnerability management program will not be perfect on first launch. In fact, due to the ever-changing nature of vulnerabilities and the technology designed to detect and combat vulnerabilities, the processes within your vulnerability management program will need to be tweaked from time to time.
    • Continuous improvement is a sustained, proactive approach to process improvement. The practice allows for all process participants to observe and suggest incremental improvements that can help improve the overall process.
    • In many cases, continuous improvement can be triggered by changes in the environment. This makes perfect sense for vulnerability management process improvement as a change in the environment will require vulnerability scanning to ensure that such changes have not introduced new vulnerabilities into the environment, increasing your risk surface.
    • One key method to tracking continuous improvement is through the effective use of metrics, covered in Section 4.1 of this blueprint.
    “The success rate for continual improvement efforts is less than 60 percent. A major – if not the biggest – factor affecting the deployment of long-term continual improvement initiatives today is the fundamental change taking place in the way companies manage and execute work.” (Industry analyst at a consulting firm, 2014)

    Continuous Improvement

    Continuously re-evaluate the vulnerability management process.

    As your systems and assets change, your vulnerability management program may need updates in two ways.

    When new assets and systems are introduced:

    • When new systems and assets are introduced, it is important for organizations to recognize how these can affect vulnerability management.
    • It will be necessary to identify the business criticality of the new assets and systems and the sensitivity of the data that can be found on them.
    • Without doing so, these will be considered rogue systems or assets – there is no clear process for assigning urgencies.
    • This will only cause problems as actions may be taken that are not aligned with the organization’s risk management framework.

    Effective systems and asset management are needed to track this. Review Info-Tech’s Implement Systems Management to Improve Availability and Visibility blueprint for more help.

    Document any changes to the vulnerability management program in the Vulnerability Management SOP Template.

    When defense-in-depth capabilities are modified:

    • As you build an effective security program, more controls will be added that can be used to protect the organization.
    • These should be documented and evaluated based on ability to mitigate against vulnerabilities.
    • The defense-in-depth model that was previously established should be updated to include the new capabilities that can be used.
    • Defense-in-depth models are continually evolving as the security landscape evolves, and organizations must be ready for this.

    To assist in building a defense-in-depth model, review Build an Information Security Strategy.

    Implement Risk-Based Vulnerability Management

    Phase 4

    Measure and formalize

    Phase 1

    1.1 What is vulnerability management?
    1.2 Define scope and roles
    1.3 Cloud considerations for vulnerability management
    1.4 Vulnerability detection

     

    Phase 2

    2.1 Triage vulnerabilities
    2.2 Determine high-level business criticality
    2.3 Consider current security posture
    2.4 Risk assessment of vulnerabilities

     

    Phase 3

    3.1 Assessing remediation options
    3.2 Scheduling and executing remediation
    3.3 Continuous improvement

     

    Phase 4

    4.1 Metrics, KPIs & CSFs
    4.2 Vulnerability management policy
    4.3 Select and implement a scanning tool
    4.4 Penetration testing

    This phase will walk you through the following activities:

    • You will determine what ought to be measured to track the success of your vulnerability management program.
    • If you lack a scanning tool this phase will help you determine tool selection.
    • Lastly, penetration testing is a good next step to consider once you have your vulnerability management program well underway.

    This phase involves the following participants:

    • IT Security Manager
    • SecOps team members
    • Procurement representatives
    • CISO
    • CIO

    Step 4.1

    Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)

    Activities
    • 4.1.1 Measure your program with metrics, KPIs, and CSFs

    This step will walk you through the following activities:

    After a review of the differences between raw metrics, key performance indicators (KPI), and critical success factors (CSF), compile a list of what metrics you will be tracking, why, and the business goals for each.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    Outline of metrics you can configure your vulnerability scanning tool to report on.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    You can’t manage what you can’t measure

    Metrics provides visibility.

    • Management consultant Peter Drucker introduced the concept of metrics tied to key performance indicators (KPIs), and the concept holds true: without metrics, you lack the visibility to manage or improve a process.
    • Metrics aren’t just a collection of statistics, they have to be meaningful, they have to tell the story, and most importantly, they have to answer the “so what?” question. What is the significance of a metric – do they illustrate a trend or an anomaly? What actions should be carried out when a metric hits a certain threshold?
    • It would be prudent to track several metrics that can be combined to tell the full story. For example, tracking the number of critical vulnerabilities alone does not give a sense of the overall risk to the organization, nor does it offer any information on how quickly they have been remediated or what amount of effort was invested.
    Stock image of measuring tape.

    Metrics, KPIs, and CSFs

    Tracking the right information and making the information relevant.
    • There is often confusion between raw metrics, key performance indicators, and critical success factors.
    • Raw metrics are what is trackable from your systems and processes as a set of measurements without any context. Raw metrics in themselves are useful in telling the story of “what are we doing?”
    • KPIs are the specific metric or combination of metrics that help you track or gauge performance. KPIs tell the story of “how are we doing?” or “how well are we doing?”
    • CSFs are the specific KPIs that track the activities that are absolutely critical to accomplish for the business or business unit to be successful.
    The activity tracker on your wrist is a wealth of metrics, KPIs, and CSFs.

    If you wear an activity tracker, you are likely already familiar with the differences between metrics, key performance indicators, and critical success factors:

    • The raw metrics are your heart rate, step count, hours of sleep, caloric intake, etc.
    • KPIs are the individual goals that you have set: maintain a heart rate within the appropriate range for your age/activity level, achieve a step count goal per day, get x hours of sleep per night, consume a calorie range of y per day, etc.
    • CSFs are your overall goal: increase your cardiovascular capacity, lose weight, feel more energetic, etc.

    Your security systems can be similarly measured and tracked – transfer this skill!

    Tracking relevant information

    Tell the story in the numbers.

    Below are a number of suggested metrics to track, and why.

    Business Goal

    Critical Success Factor

    Key Performance Indicator

    Metric to track

    Minimize overall risk exposure Reduction of overall risk due to vulnerabilities Decrease in vulnerabilities Track the number of vulnerabilities year after year.
    Appropriate allocation of time and resources Proper prioritization of vulnerability mitigation activities Decrease of critical and high vulnerabilities Track the number of high-urgency vulnerabilities.
    Consistent timely remediation of threats to the business Minimize risk when vulnerabilities are detected Remediate vulnerabilities more quickly Mean time to detect: track the average time between the identification to remediation.
    Track effectiveness of scanning tool Minimize the ratio, indicating that the tool sees everything Ratio between known assets and what the scanner tracks Scanner coverage compared to known assets in the organization.
    Having effective tools to track and address Accuracy of the scanning tool Difference or ratio between reported vulnerabilities and verified ones Number of critical or high vulnerabilities verified, between the scanning tool’s criticality rating and actual criticality.
    Reduction of exceptions to ensure minimal exposure Visibility into persistent vulnerabilities and risk mitigation measures Number of exceptions granted Number of vulnerabilities in which little or no remediation action was taken.

    4.1.1 Measure your program with metrics, KPIs, and CSFs

    60 minutes

    Input: List of metrics current being measured by the vulnerability management tool

    Output: List of relevant metrics to track, and the KPIs, CSFs, and business goals related to the metric

    Materials: Whiteboard/flip charts, Vulnerability Management SOP Template

    Participants: IT Security Manager, IT operations management, CISO

    Metrics can offer a way to view how the organization is dealing with vulnerabilities and if there is improvement.

    1. Determine the high-level vulnerability management goals for the organization.
    2. Even with a formal process in place, the organization should be considering ways it can improve.
    3. Determine metrics that can help quantify those goals and how they can be measured.
    4. Metrics should always be easy to measure. If it’s a complex process to find the information required, it means that it is not a metric that should be used.
    5. Document your list of metrics in the Vulnerability Management SOP Template.

    Download the Vulnerability Management SOP Template

    Step 4.2

    Vulnerability Management Policy

    Activities
    • 4.2.1 Update the vulnerability management program policy

    This step will walk you through the following activities:

    If you have a vulnerability management policy, this activity may help augment it. Otherwise, if you don’t have one, this would be a great starting point.

    This step involves the following participants:

    • IT Security Manager
    • CISO
    • CIO
    • Human resources representative

    Outcomes of this step

    An inaugural policy covering vulnerability management

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability Management Program Policy

    Policies provide governance and enforcement of processes.
    • Policies offer formal guidance on the “rules” of a program, describing its purpose, scope, detailed program description, and consequences of non-compliance. Often they will have a employee sign-off acknowledging understanding.
    • In many organizations, policies are endorsed by senior executives, which gives the policy its “teeth” across the company. The human resources department will always have input due to the implications of the non-compliance aspect.
    • Policies are written to ensure an outcome of consistent expected behavior and are often written to protect the company from liability.
    • Policies should be easy to understand and unambiguous, reflect the current state, and be enforceable. Enforceability can come in the form of audit, technology, or any other means of determining compliance and enforcing behavior.
    Stock image of a judge's gavel.

    4.2.1 Update the vulnerability management policy

    60 minutes

    Input: Vulnerability Management SOP, HR guidance on policy creation and approval

    Output: Completed Vulnerability Management Policy

    Materials: Vulnerability Management SOP, Vulnerability Management Policy Template

    Participants: IT Security Manager, IT operations management, CISO, Human resources representative

    After having built your entire process in this project, formalize it into a vulnerability management policy. This will set the standards and expectations for vulnerability management in the organization, while the process will be around the specific actions that need to be taken around vulnerability management.

    This is separate and distinct from the Vulnerability Management SOP Template, which is a process and procedure document.
    1. Review Info-Tech’s Vulnerability Management Policy and customize it to your organization’s specifications.
    2. Use your Vulnerability Management SOP as a resource when specifying some of the details within the policy.
    Sample of Info-Tech's Vulnerability Management Policy Template

    Download the Vulnerability Management Policy Template

    Step 4.3

    Select and implement a scanning tool

    Activities
    • 4.3.1 Create an RFP for vulnerability scanning tools

    This step will walk you through the following activities:

    If you need to select a new vulnerability scanning tool, or replace your existing one, this activity will help set up a request for proposal (RFP).

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO

    Outcomes of this step

    The provisions needed for you to create and deploy an RFP for a vulnerability management tool.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Vulnerability management and penetration testing

    Similar in nature, yet provide different security functions.

    Vulnerability Scanning Tools

    Scanning tools focus on the network and operating systems. These tools look for items such as missing patches or open ports. They won’t detect specific application vulnerabilities.

    Exploitation Tools

    These tools will look to exploit a detected vulnerability to validate it.

    Penetration Tests

    A penetration test simulates the actions of an external or internal cyber attacker that aims to breach the information security of the organization. (Formal definition of penetration test)

    ‹————— What’s the difference again? —————›
    Vulnerability scanning tools are just one type of tool. When you add an exploitation tool to the mix, you move down the spectrum. Penetration tests will use scanning tools, exploitation tools, and people.

    What is the value of each?

    • For vulnerability scans, the person performing the scan provides the value – value comes from the organization itself.
    • For exploitation tools on their own, the value comes from the tool itself being used in a safe environment.
    • For penetration tests, the tester is providing the value. They are the value add.

    What’s the implication for me?

    Info-Tech Recommends:
    • A combination of vulnerability scanning and penetration testing. This will improve your security posture through systematic risk reduction and improve your security program through the testing of prevention, detection, and response capabilities with unique recommendations being generated.
    • Start with as much vulnerability scanning as possible to identify gaps to fix and then move onto a penetration test to do a more robust and validated assessment.
    • For penetration tests, start with a transparent box test first, then move to an opaque box. Ideally, this is done with different third parties.

    Vulnerability scanning software

    All organizations can benefit from having one.

    Scanning tools will benefit areas beyond just vulnerability management

    • Network security: It improves the accuracy and granularity of your network security technologies such as WAFs, NGFWs, IDPS, and SIEM.
    • Asset management: Vulnerability scanning can identify new or unknown assets and provide current status information on assets.
    • System management: Information from a vulnerability scan supports baselining activities and determination of high-value and high-risk assets.

    Vulnerability Detection Use Case

    Most organizations use scanners to identify and assess system vulnerabilities and prioritize efforts.

    Compliance Use Case

    Others will use scanners just for compliance, auditing, or larger GRC reasons.

    Asset Discovery Use Case

    Many organizations will use scanners to perform active host and application identification.

    Scanning Tool Market Trends

    Vulnerability scanning tools have expanded value from conventional checking for vulnerabilities to supporting configuration checking, asset discovery, inventory management, patch management, SSL certificate validation, and malware detection.

    Expect to see network and system vulnerability scanners develop larger vulnerability management functions and develop exploitation tool functionality. This will become a table stakes option enabling organizations to provide higher levels of validation of detected vulnerabilities. Some tools already possess these capabilities:

    • Core Impact is an exploitation tool with vulnerability scanning aspects.
    • Metasploit is an exploitation tool with some new vulnerability scanning aspects.
    • Nessus is mainly a vulnerability scanning tool but has some exploitation aspects.

    Device proliferation (BYOD, IoT, etc.) is increasing the need for stronger vulnerability management and scanners. This is driving the need for numerous device types and platform support and the development of baseline and configuration norms to support system management.

    Increased regulatory or compliance controls are also stipulating the need for vulnerability scanning, especially by a trusted third party.

    Organizations are outsourcing security functions or moving to cloud-based deployment options for any security technology they can. Expect to see massive growth of vulnerability scanning as a service.

    Vulnerability scanning market

    There are several technology types or functional differentiators that divide the market up.

    Vulnerability Exploitation Tools

    • These will actually test defences and better emulate real life than just scanning. These tools include packet manipulation tools (such as hping) and password cracking tools (such as John the Ripper or Cain and Abel).
    • These tools will provide much more granular information on your network, operations systems, and applications.
    • The main limitation of these tools is how to use them. If you do not have development or test environments that mimic your real production environments to run the exploit tools, these tools may not be appropriate. It may work if you can find some downtime on production systems, but only in very specific and careful instances.
    • Lower maturity security programs usually just do network and application vulnerability scanning. Higher maturity programs will also use penetration testing, application testing, and vulnerability exploitation tools.
    • Network vulnerability scanning tools should always be used. Once you identify any servers or ports running web applications, then you run a web application vulnerability scanner.
    • Exploitation tools and application testing tools are used in more specific use cases that are often related to more-demanding security programs.

    Scanning Tool Market Trends

    • These are considered baseline tools and are near commoditization.
    • Vulnerability scanning tools are not granular enough to detect application-level vulnerabilities (thus the need for application scanners and testing tools) and they don’t validate the exploitability of the vulnerability (thus the need for exploit tools).

    Web Application Scanning Tools

    These tools perform dynamic application security testing (DAST) and static application security testing (SAST).

    Application Scanning and Testing Tools

    • These perform a detailed scan against an application to detect any problematic or malicious code and try to break the application using known vulnerabilities.
    • These tools will identify if something is vulnerable to an exploit but won’t actually run the exploit.
    • These tools are evaluated based on their ability to detect application-specific issues and validate them.

    Vulnerability scanning tool features

    Evaluate vulnerability scanning tools on specific features or functions that are the best differentiators.

    Differentiator

    Description

    Deployment Options Do you want a traditional on-premises, cloud-based, or managed service?
    Vulnerability Database Coverage Scanners use a library of known vulnerabilities to test for. Evaluate based on the amount of exploits/vulnerabilities the tool can scan for.
    Scanning Method Evaluate if you want agent-based, authenticated active, unauthenticated active, passive, or some combination of those scanning methods.
    Integration What is the breadth of other security and non-security technologies the tool can integrate with?
    Remediation How detailed are the recommended remediation actions? The more granular, the better.
     

    Differentiator

    Description

    Prioritization Does the tool evaluate vulnerabilities based on commonly accepted methods or through a custom-designed prioritization methodology?
    Platform Support What is the breadth of environment, application, and device support in the tool? Consider your need for virtual support, cloud support, device support, and application-specific support. Also consider how often new scanning modules are supported (e.g. how quickly Windows 10 was supported).
    Pricing As with many security controls that have been around for a long time and are commonly used, pricing becomes a main consideration, especially when there are so many open-source options available.

    Common areas people mistake as tool differentiators:

    • Accuracy – Scanning tools are evaluated more on efficiency than effectiveness. Evaluate on the ability to detect, remediate, and manage vulnerabilities rather than real vulnerability detection and the number of false positives. To reduce false positives, you need to use exploitation tools.
    • Performance – Scanning tools have such a small footprint in an environment and the actual scanning itself is such a small impact that evaluation on performance doesn’t matter.

    For more information on vulnerability scanning tools and how they rate, review the Vulnerability Management category on SoftwareReviews.

    Vulnerability scanning deployment options

    Understand the different deployment options to identify which is best for your security program.

    Option

    Description

    Pros

    Cons

    Use Cases

    On-Premises Either an on-premises appliance or an on-premises virtualized machine that performs external and internal scanning.
    • Small resource need, so limited network impact.
    • Strong internal scanning.
    • Easier integration with other technologies.
    • Network footprint and resource usage.
    • Maintenance and support costs.
    • Most common deployment option.
    • Appropriate if you have cloud concerns or strong internal network scanning, or if you require strong integration with other systems.
    Cloud Either hosted on a public cloud infrastructure or hosted by a third party and offered “as a service.”
    • Small network footprint.
    • On-demand scanning as needed.
    • Optimal external scanning capabilities.
    • Can only do edge-related scanning unless authenticated or agent based.
    • No internal network scanning with passive or unauthenticated active scanning methods.
    • Very limited network resources.
    • Compliance obligations that dictate external vulnerability scanning.
    Managed A third party is contracted to manage and maintain your vulnerability scanner so you can dedicate resources elsewhere.
    • Expert management of environment scanning, optimizing tool usage.
    • Most scanning work time is report customization and tuning and remediation efforts; thus, managed doesn’t provide sizable resource alleviation.
    • Third party has and owns the vulnerability information.
    • Limited staff resources or expertise to maintain and manage scanner.

    Vulnerability scanning methods

    Understand the different scanning methods to identify which tool best supports your needs.

    Method

    Description

    Pros

    Cons

    Use Cases

    Agent-Based Scanning Locally installed software gives the information needed to evaluate the security posture of a device.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Device processing, memory, and network bandwidth impact.
    • Asset without an agent is not scanned.
    • Need for continuous scanning.
    • Organization has strong asset management
    Authenticated Active Scanning Tool uses authenticated credentials to log in to a device or application to perform scanning.
    • Provides information that can’t be discovered remotely such as installed applications that aren’t running at a given time.
    • Best accuracy for vulnerability detection across a network.
    • Aggregation and centralization of authenticated credentials creates a major risk.
    • All use cases.
    Unauthenticated Active Scanning Scanning of devices without any authentication.
    • Emulates realistic scan by an attacker.
    • Provides limited scope of scanning.
    • Some compliance use cases.
    • Perform after either agent or authenticated scanning.
    Passive Scanning Scanning of network traffic.
    • Lowest resource impact.
    • Not enough information can be provided for true prioritization and remediation.
    • Augmenting scanning technique to agent or authenticated scanning.

    IP Management and IPv6

    IP management and the ability to manage IPv6 is a new area for scanning tool evaluation.

    Scanning on IPv4

    Scanning tools create databases of systems and devices with IP addresses.
    Info-Tech Recommends:

    • It is easier to do discovery by directing the scanner at a set IP address or range of IP addresses; thus, it’s useful to organize your database by IPs.
    • Do discovery by phases: Start with internet-facing systems. Your perimeter usually is well-defined by IP addresses and system owners and is most open to attack.
    • Stipulate a list of your known IP addresses through the DHCP registration and perform a scan on that.
    • Depending on your IP address space, another option is to scan your entire IP address space.

    Current Problem With IP Addresses

    IP addresses are becoming no longer manageable or even owned by organizations. They are often provided by ISPs or other third parties.

    Even if it is your range, chances are you don't do static IP ranges today.

    Info-Tech Recommends:

    • Agent-based scanning or MAC address-based scanning
    • Use your DHCP for scanning

    Scanning on IPv6

    First, you need to know if your organization is moving to IPv6. IPv6 is not strategically routed yet for most organizations.

    If you are moving to IPv6, Info-Tech recommends the following:

    • Because you cannot point a scanner at an IPv6 IP range, any scanning tool needs to have a strategy around how to handle IPv6 and properly scan based on IP ranges.
    • You need to know IPv4 to IPv6 translations.
    • Evaluate vulnerability scanning tools on whether any IPv6 features are on par with IPv4 features.

    If you are already on IPv6, Info-Tech recommends the following:

    • If you are on an IPv6 native network, it is nearly impossible to scan the network. You have to always scan your known addresses from your DHCP.

    4.3.1 Create an RFP for vulnerability scanning tools

    2 hours

    Input: List of key feature requirements for the new tool, List of intersect points with current software, Network topology and layout of servers and applications

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Vulnerability Scanning Tool RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use a request for proposal (RFP) template to convey your desired scanning tool requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your scanning tool RFP, based on people, process, and technology requirements.
    2. Consider items such as the desired capabilities and the scope of the scanning.
    3. Conduct interviews with relevant stakeholders to determine the exact requirements needed.
    4. Use Info-Tech’s Vulnerability Scanning Tool RFP Template. It lists many requirements but can be customized to your organization’s specific needs.

    Download the Vulnerability Scanning Tool RFP Template

    4.3.1 Create an RFP for vulnerability scanning tools (continued)

    Things to Consider:
    • Ensure there is adequate resource dedication to support and maintenance for vulnerability scanning.
    • Consider if you will benefit from an RFP. If there is a more appropriate option for your need and your organization, consider that instead.
    • If you don’t know the product you want, then perform an RFI.
    • In the RFP, you need to express your driving needs for the tool so the vendor can best understand your use case.
    • Identify who should participate in the RFP creation and evaluation. Make sure they have time available and it does not conflict with other items.
    • Determine if you want to send it to a select few or if you want to send it to a lot of vendors.
    • Determine a response date so you can know who is soliciting your business.
    • You need to have a process to handle questions from vendors.
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Vulnerability Scanning Tool RFP Template

    Step 4.4

    Penetration testing

    Activities
    • 4.1.1 Create an RFP for penetration tests

    This step will walk you through the following activities:

    We will review penetration testing, its distinction from vulnerability management, and why you may want to engage a penetration testing service.

    We provide a request for proposal (RFP) template that we can review if this is an area of interest.

    This step involves the following participants:

    • IT Security Manager
    • SecOps team members
    • CISO
    • CIO

    Outcomes of this step

    An understanding of penetration testing, and guidance on how to get started if there is interest to do so.

    Measure and formalize
    Step 4.1 Step 4.2 Step 4.3 Step 4.4

    Penetration testing

    Penetration tests are critical parts of any strong security program.

    Penetration testing will emulate the methods an attacker would use in the real world to circumvent your security controls and gain access to systems and data.

    Penetration testing is much more than just running a scanner or other automated tools and then generating a report. Penetration testing performs critical exploit validation to create certainty around your vulnerability.

    The primary objective of a penetration test is to identify and validate security weaknesses in an organization’s security systems.

    Reasons to Test:

    • Assess current security control effectiveness
    • Develop an action plan of items
    • Build a business case for a better security program
    • Increased security budget through vulnerability validation
    • Third-party, unbiased validation
    • Adhere to compliance or regulatory requirements
    • Raise security awareness
    • Demonstrate how an attacker can escalate privileges
    • Effective way to test incident response

    Regulatory Considerations:

    • There is a lot of regulatory wording saying that organizations can’t get a system that is managed, integrated, and supported by one vendor and then have it tested by the same vendor.
    • There is the need for separate third-party testing.
    • Penetration testing is required for PCI, cloud providers, and federal entities.

    How and where is the value being generated?

    Penetration testing is a service provided by trained and tested professionals with years of experience. The person behind the test is the most important part of the test. The person is able to emulate a real-life attacker better than any computer. It is just a vulnerability scan if you use tools or executables alone.

    “A penetration test is an audit with validation.” (Joel Shapiro, Vice President Sales, Digital Boundary Group)

    Start by considering the spectrum of penetration tests

    Network Penetration Tests

    Conventional testing of network defences.

    Testing vectors include:

    • Perimeter infrastructure
    • Wireless, WEP/WPA cracking
    • Cloud penetration testing
    • Telephony systems or VoIP
    Types of tests:
    • Denial-of-service testing
    • Out-of-band attacks
    • War dialing
    • Wireless network testing/war driving
    • Spoofing
    • Trojan attacks
    • Brute force attacks
    • Watering hole attacks
    • Honeypots
    • Cloud-penetration testing
    Application Penetration Tests

    Core business functions are now being provided through web applications, either to external customers or to internal end users.

    Types: Web apps, non-web apps, mobile apps

    Application penetration and security testing encompasses:

    • Code review – analyzing the application code for sensitive information of vulnerabilities in the code.
    • Authorization testing – testing systems responsible for user session management to see if unauthorized access can be permitted.
    • Authentication process for user testing.
    • Functionality testing – test the application functionality itself.
    • Website pen testing – active analysis of weaknesses or vulnerabilities.
    • Encryption testing – testing things like randomness or key strength.
    • User-session integrity testing.
    Human-Centric Testing
    • Penetration testing is developing a people aspect as opposed to just being technology focused.
    • End users and their susceptibility to social engineering attacks (spear phishing, phone calls, physical site testing, etc.) is now a common area to test.
    • Social engineering penetration testing is not only about identifying your human vulnerabilities, but also about proactively training your end users. As well as discovering and fixing potential vulnerabilities, social engineering penetration testing will help to raise security awareness within an organization.

    Info-Tech Insight

    Your pen test should use multiple methods. Demonstrating weakness in one area is good but easy to identify. When you blend techniques, you get better success at breaching and it becomes more life-like. Think about prevention, detection, and response testing to provide full insight into your security defenses.

    Penetration testing types

    Evaluate four variables to determine which type of penetration test is most appropriate for your organization.

    Evaluate these dimensions to determine relevant penetration testing.

    Network, Application, or Human

    Evaluate your need to perform different types of penetration testing.

    Some level of network and application testing is most likely appropriate.

    The more common decision point is to consider to what degree your organization requires human-centric penetration testing.

    External or Internal

    External: Attacking an organization’s perimeter and internet-facing systems. For these, you generally provide some level of information to the tester. The test will begin with publicly available information gathering followed by some kind of network scanning or probing against externally visible servers or devices (DNS server, email server, web server, firewall, etc.)

    Internal: Carried out within the organization’s network. This emulates an attack originating from an internal point (disgruntled employee, authorized user, etc.). The idea is to see what could happen if the perimeter is breached.

    Transparent, Semi-Transparent, or Opaque Box

    Opaque Box: The penetration tester is not provided any information. This emulates a real-life attack. Test team uses publicly available information (corporate website, DNS, USENET, etc.) to start the test. These tests are more time consuming and expensive. They often result in exploitation of the easiest vulnerability.
    Use cases: emulating a real-life attack; testing detection and response capabilities; limited network segmentation.

    Transparent Box: Tester is provided full disclosure of information. The tester will have access to everything they need: building floor plans, data flow designs, network topology, etc. This represents what a credentialed and knowledgeable insider would do.
    Use cases: full assessment of security controls; testing of attacker traversal capabilities.

    Aggressiveness of the Test

    Not Aggressive: Very slow and careful penetration testing. Usually spread out in terms of packets being sent and number of calls to individuals. It attempts to not set off any alarm bells.

    Aggressive: A full DoS attack or something similar. These would be DoS attacks that take down systems or full SQL injection attacks all at once versus small injections over time. Testing options cover anything including physical tests, network tests, social engineering, and data extraction and exfiltration. This is more costly and time consuming.

    Assessing Aggressiveness: How aggressive the test should be is based on the threats you are concerned with. Assess who you are concerned with: random individuals on the internet, state-sponsored attacks, criminals, hacktivists, etc. Who you are concerned with will determine the appropriate aggressiveness of the test.

    Penetration testing scope

    Establish the scope of your penetration test before engaging vendors.

    Determining the scope of what is being tested is the most important part of a penetration test. Organizations need to be as specific as possible so the vendor can actually respond or ask questions.

    Organizations need to define boundaries, objectives, and key success factors.

    For scope:
    • If you go too narrow, the realism of the test suffers.
    • If you go too broad, it is more costly and there’s a possible increase in false positives.
    • Balance scope vs. budget.
    Boundaries to scope before a test:
    • IP addresses
    • URLs
    • Applications
    • Who is in scope for social engineering
    • Physical access from roof to dumpsters defined
    • Scope prioritized for high-value assets
    Objectives and key success factors to scope:
    • When is the test complete? Is it at the point of validated exploitation?
    • Are you looking for as many holes as possible, or are you looking for how many ways each hole can be exploited?

    What would be out of scope?

    • Are there systems, IP addresses, or other things you want out of scope? These are things you don’t explicitly want any penetration tester to touch.
    • Are there third-party connections to your environment that you don’t want to be tested? These are instances such as cloud providers, supply chain connections, and various services.
    • Are there things that would be awkward to test? For example, determine if you include high-level people in a social engineering test. Do you conduct social engineering for the CEO? If you get their credentials, it could be an awkward moment.

    Ways to break up a penetration test:

    • Location – This is the most common way to break up a penetration test.
    • Division – Self-contained business units are often done as separate tests so you can see how each unit does.
    • IT systems – For example, you put certain security controls in a firewall and want to test its effectiveness.
    • Applications – For example, you are launching a new website or a new portal and you want to test it.

    Penetration testing appropriateness

    Determine your penetration testing appropriateness.

    Usual instances to conduct a penetration test:
    • Setting up a new physical office. Penetration testing will not only test security capabilities but also resource availability and map out network flows.
    • New infrastructure hardware implemented. All new infrastructure needs to be tested.
    • Changes or upgrades to existing infrastructure. Need for testing varies depending on the size of the change.
    • New application deployment. Need to test before being pushed to production environments.
    • Changes or upgrades to existing applications. When fundamental functional changes occur, perform testing:
      • Before upgrades or patching
      • After upgrades or patching
    • Periodic testing. It is a best practice to periodically test your security control effectiveness. Consider at least an annual test.

    Specific timing considerations: Testing should be completed during non-production times of day. Testing should be completed after a backup has been performed.

    Assess your threats to determine your appropriate test type:

    Penetration testing is about what threats you are concerned about. Understand your risk profile, risk tolerance level, and specific threats to see how relevant penetration tests are.

    • Are external attackers concerning to you? Are you distressed about how an attacker can use brute force to enter your network? If so, focus on ingress points, such as FWs, routers, and DMZ.
    • Is social engineering a concern for you (i.e. phone-based or email-based)? Then you are concerned about a credentialed hacker.
    • Is it an insider threat, a disgruntled employee, etc.? This also includes an internal system that is under command and control (C&C).

    ANALYST PERSPECTIVE: Do a test only after you take a first pass.
    If you have not done some level of vulnerability assessment on your own (performing a scan, checking third-party sources, etc.) don’t waste your money on a penetration test. Only perform a penetration test after you have done a first pass and identified and remediated all the low-hanging fruit.

    4.4.1 Create an RFP for penetration tests

    2 hours

    Input: List of criteria and scope for the penetration test, Systems and application information if white box

    Output: Completed RFP document that can be distributed to vendor proponents

    Materials: Whiteboard/flip charts, Penetration Test RFP Template

    Participants: IT Security Manager, IT operations managers, CISO, Procurement department representative

    Use an RFP template to convey your desired penetration test requirements to vendors and outline the proposal and procurement steps set by your organization.

    1. Determine what kind of requirements will be needed for your penetration test RFP based on people, process, and technology requirements.
      • Consider items such as your technology environment and the scope of the penetration tests.
    2. Conduct an interview with relevant stakeholders to determine the exact requirements needed.
    3. Use Info-Tech’s Penetration Test RFP Template, which lists many requirements but can be customized to your organization’s specific needs.

    Download the Penetration Test RFP Template

    4.4.1 Create an RFP for penetration tests (continued)

    Steps of a penetration test:
    1. Determine scope
    2. Gather targeted intelligence
    3. Review exploit attempts, such as access and escalation
    4. Test the collection of sensitive data
    5. Run reporting
    Info-Tech RFP Table of Contents:
    1. Statement of Work
    2. General Information
    3. Proposal Preparation Instructions
    4. Scope of Work, Specifications, and Requirements
    5. Vendor Qualifications and References
    6. Budget and Estimated Pricing
    7. Vendor Certification

    Download the Penetration Test RFP Template

    Penetration testing considerations – service providers

    Consider what type of penetration testing service provider is best for your organization

    Professional Service Providers

    Professional Services Firms. These firms will often provide a myriad of professional services across auditing, financial, and consulting services. If they offer security-related consulting services, they will most likely offer some level of penetration testing.

    Security Service Firms. These are dedicated security consulting or advisory firms that will offer a wide spectrum of security-related services. Penetration testing may be one aspect of larger security assessments and strategy development services.

    Dedicated Penetration Testing Firms. These are service providers that will often offer the full gamut of penetration testing services.

    Integrators

    Managed Security Service Providers. These providers will offer penetration testing. For example, Dell SecureWorks offers numerous services including penetration testing. For organizations like this, you need to be skeptical of ulterior motives. For example, expect recommendations around outsourcing from Dell SecureWorks.

    Regional or Small Integrators. These are service providers that provide security services of some kind. For example, they would help in the implementation of a firewall and offer penetration testing services as well.

    Info-Tech Recommends:

    • Always be conscientious of who is conducting the testing and what else they offer. Even if you get another party to test rather than your technology provider, they will try to obtain you as a client. Remember that for larger technology vendors, security testing is a small revenue stream for them and it’s a way to find technology clients. They may offer penetration testing for free to obtain other business.
    • Most of the penetration testers were systems administrators (for network testing) or application developers (for application testing) at some point before becoming penetration testers. Remember this when evaluating providers and evaluating remediation recommendations.
    • Evaluate what kind of open-source tools, commercial tools, and proprietary tools are being used. In general, you don’t want to rely on an open-source scanner. For open source, they will have more outdated vulnerability databases, system identification can also be limited compared to commercial, and reporting is often lacking.
    • Above all else, ensure your testers are legally capable, experienced, and abide by non-disclosure agreements.

    Penetration testing best practices – communications

    Communication With Service Provider

    • During testing there should be designated points of contact between the service provider and the client.
    • There needs to be secure channels for communication of information between the tester and the client both during the test and for any results.
    • Results should always be explained to the client by the tester, regardless of the content or audience.
    • There should be a formal debrief with the results report.
    Immediate reporting of issues
    • Before any testing commences, immediate reporting conditions need to be defined. These are instances when you would want immediate notification of something occurring.
    • Stipulate certain systems or data types that if broken into or compromised, you would want to be notified right away.
    • Example:
      • If you are conducting social engineering, require notification for all account credentials that are compromised. Once credentials are compromised, it destroys all accountability for those credentials and the actions associated with those credentials by any user.
      • Require immediate reporting of specific high-critical systems that are compromised or if access is even found.
      • Require immediate reporting when regulated data is discovered or compromised in any way.

    Communication With Internal Staff

    Do you tell your internal staff that this is happening?

    This is sometimes called a “double blind test” when you don’t let your IT team know of the test occurring.

    Pros to notifying:
    • This tests the organization’s security monitoring, incident detection, and response capabilities.
    • Letting the team know they are going to see some activity will make sure they don’t get too worried about it.
    • There may be systems you can’t jeopardize but still need to test so notification beforehand is essential (e.g. you wouldn’t allow ERP testing with notification).
    Cons:
    • It does not give you a real-life example of how you respond if something happens.
    • Potential element of disrespect to IT people.

    Penetration testing best practices – results and remediation

    What to expect from penetration test results report:

    A final results report will state all findings including what was done by the testers, what vulnerabilities or exploitations were detected, how they were compromised, the related risk, and related remediation recommendations.

    Expect four major sections:
    • Introduction. An overview of the penetration test methodology including rating methodology of vulnerabilities.
    • Executive Summary. A management-level description of the test, often including a summary of any recommendations.
    • Technical Review. An overview of each item that was looked at and touched. This area breaks down what was done, how it was done, what was found, and any related remediation recommendations. Expect graphs and visuals in this section.
    • Detailed Findings. An in-depth breakdown of all testing methods used and results. Each vulnerability will be explained regarding how it was detected, what the risk is, and what the remediation recommendation is.
    Two areas that will vary by service provider:

    Prioritization

    • Most providers will boast their unique prioritization methodology.
    • A high, medium, and low rating scale based on some combination of variables (e.g. ease of exploitation, breadth of hole, information accessed resulting in further exploitation).
    • The prioritization won’t take into account asset value or criticality.
    • Keep in mind the penetration test is not an input into ultimate vulnerability prioritization, but it can help determine your urgency.

    Remediation

    • Remediation recommendations will vary across providers.
    • Generally, fairly generic recommendations are provided (e.g. remove your old telnet and input up-to-date SSH).
    • Most of the time, it is along the lines of “we found a hole; close the hole.”

    Summary of Accomplishment

    Problem Solved

    At the conclusion of this blueprint, you will have created a full vulnerability management program that will allow you to take a risk-based approach to vulnerability remediation.

    Assessing a vulnerability’s risk will enable you to properly determine the true urgency of a vulnerability within the context of your organization; this ensures you are not just blindly following what the tool is reporting.

    The risk-based approach will allow you to prioritize your discovered vulnerabilities and take immediate action on critical and high vulnerabilities while allowing your standard remediation cycle to address the medium to low vulnerabilities.

    With your program defined and developed, you now need to configure your vulnerability scanning tool or acquire one if you don’t already have a tool in place.

    Lastly, while vulnerability management will help address your systems and applications, how do you know if you are secure from external malicious actors? Penetration testing will offer visibility, allowing you to plug those holes and attain an environment with a smaller risk surface.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Photo of Jimmy Tom.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Sample of the Implement Vulnerability Management storyboard.
    Review of the Implement Vulnerability Management storyboard
    Sample of the Vulnerability Mitigation SOP template.
    Build your vulnerability management SOP

    Contributors

    Contributors from 2016 version of this project:

    • Morey Haber, Vice President of Technology, BeyondTrust
    • Richard Barretto, Manager, Information Privacy and Security, Cimpress
    • Joel Shapiro, Vice President Sales, Digital Boundary Group

    Contributors from current version of this project:

    • 2 anonymous contributors from the manufacturing sector
    • 1 anonymous contributor from a US government agency
    • 2 anonymous contributors from the financial sector
    • 1 anonymous contributor from the medical technology industry
    • 2 anonymous contributors from higher education
    • 1 anonymous contributor from a Canadian government agency
    • 7 anonymous others; information gathered from advisory calls

    Bibliography

    Arya. “COVID-19 Impact: Vulnerability Management Solution Market | Strategic Industry Evolutionary Analysis Focus on Leading Key Players and Revenue Growth Analysis by Forecast To 2028 – FireMon, Digital Shadows, AlienVault.” Bulletin Line, 6 Aug. 2020. Accessed 6 Aug. 2020.

    Campagna, Rich. “The Lean, Mean Vulnerability Management Machine.” Security Boulevard, 31 Mar. 2020. Accessed 15 Aug. 2020.

    Constantin, Lucian. “What are vulnerability scanners and how do they work?” CSO Online, 10 Apr. 2020. Accessed 1 Sept. 2020.

    “CVE security vulnerabilities published in 2019.” CVE Details. Accessed 22 Sept. 2020.

    Garden, Paul, et al. “2019 Year End Report – Vulnerability QuickView.” Risk Based Security, 2020. Accessed 22 Sept. 2020.

    Keary, Eoin. “2019 Vulnerability Statistics Report.” Edgescan, Feb. 2019. Accessed 22 Sept. 2020.

    Lefkowitz, Josh. ““Risk-Based Vulnerability Management is a Must for Security & Compliance.” SecurityWeek, 1 July 2019. Accessed 1 Nov. 2020.

    Mell, Peter, Tiffany Bergeron, and David Henning. “Creating a Patch and Vulnerability Management Program.” Creating a Patch and Vulnerability Management Program. NIST, Nov. 2005. Web.

    “National Vulnerability Database.” NIST. Accessed 18 Oct. 2020.

    “OpenVAS – Open Vulnerability Assessment Scanner.” OpenVAS. Accessed 14 Sept. 2020.

    “OVAL.” OVAL. Accessed 21 Oct. 2020.

    Paganini, Pierluigi. “Exploiting and Verifying Shellshock: CVE-2014-6271.” INFOSEC, 27 Sept. 2014. Web.

    Pritha. “Top 10 Metrics for your Vulnerability Management Program.” CISO Platform, 28 Nov. 2019. Accessed 25 Oct. 2020.

    “Risk-Based Vulnerability Management: Understanding Vulnerability Risk With Threat Context And Business Impact.” Tenable. Accessed 21 Oct. 2020.

    Stone, Mark. “Shellshock In-Depth: Why This Old Vulnerability Won’t Go Away.” SecurityIntelligence, 6 Aug. 2020. Web.

    “The Role of Threat Intelligence in Vulnerability Management.” NOPSEC, 18 Sept. 2014. Accessed 18 Aug. 2020.

    “Top 15 Paid and Free Vulnerability Scanner Tools in 2020.” DNSstuff, 6 Jan. 2020. Accessed 15 Sept. 2020.

    Truta, Filip. “60% of Breaches in 2019 Involved Unpatched Vulnerabilities.” Security Boulevard, 31 Oct. 2019. Accessed 2 Nov. 2020.

    “Vulnerability Management Program.” Core Security. Accessed 15 Sept. 2020.

    “What is Risk-Based Vulnerability Management?” Balbix. Accessed 15 Sept. 2020.

    White, Monica. “The Cost Savings of Effective Vulnerability Management (Part 1).” Kenna Security, 23 April 2020. Accessed 20 Sept. 2020.

    Wilczek, Marc. “Average Cost of a Data Breach in 2020: $3.86M.” Dark Reading, 24 Aug. 2020. Accessed 5 Nov 2020.

    Master the Art of Stakeholder Management in Small Enterprise Environments

    • Buy Link or Shortcode: {j2store}572|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Stakeholder Management
    • Parent Category Link: /stakeholder-management
    • IT hasn’t taken into account critical stakeholders and their concerns and preferences as they plan projects or operate on daily business.
    • It is difficult to tailor communication and messaging to all of the different personal and professional styles and motivations of stakeholders.
    • Access to stakeholders and getting an accurate understanding of their needs and concerns regarding IT can be difficult to obtain.

    Our Advice

    Critical Insight

    • Small enterprises have an advantage in stakeholder management. Less people and fewer barriers create opportunities for more productive interactions and stronger relationships.
    • The guiding principles for effective stakeholder management are common concepts, but unfortunately not common practice.
    • By stepping back and taking the time to thoughtfully consider the dynamics and needs of important IT stakeholders, you will be better able to position yourself and your department.

    Impact and Result

    • Info-Tech’s guiding principles provide clear and feasible recommendations for how to incorporate stakeholder management into daily interactions.
    • This blueprint’s guidance will enable IT leaders to tailor communication and interactions that will enable them to build stronger and more meaningful relationships with stakeholders.
    • Following this approach and its guiding principles will make IT projects be more successful by reducing their risk of failure due to issues of buy-in, misunderstanding of priorities, or a lack of support from critical stakeholders.

    Master the Art of Stakeholder Management in Small Enterprise Environments Research & Tools

    Executive Overview

    Use Info-Tech’s approach to stakeholder management to guide you in building stronger and more beneficial relationships, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Master the Art of Stakeholder Management in Small Enterprise Environments Storyboard
    • None
    • None

    1. Identify stakeholders

    Determine the stakeholders for an IT department of a singular initiative.

    • Stakeholder Management Analysis Tool

    2. Analyze stakeholders

    Use the guidance of this section to analyze stakeholders on both a professional and personal level.

    3. Manage stakeholders

    Use Info-Tech’s guiding principles of stakeholder management to direct how to best engage key stakeholders.

    4. Review case studies

    Use real-life experiences from Info-Tech’s analysts to understand how to use and apply stakeholder management techniques.

    [infographic]

    Data Protection Notice

    Tymans Group BV processes personal information in compliance with this privacy statement. For further information, questions or comments on our privacy policy, please contact Gert Taeymans at https://tymansgroup.com/gdpr-contact.

    Purposes of the processing

    Tymans Group BV collects and processes customers’ personal data for customer and order management (customer administration, order / delivery follow-up, invoicing, solvency follow-up, profiling and the sending of marketing and personalised advertising).

    Legal foundation for the processing

    Personal data is processed based on several provisions of Article 6.1.

    (a)  consent, which you can revoke at any time,

    (b) required for the implementation of an agreement between you and Tymans Group BV, eg. when you enter into a contract with us,

    (c)  required to satisfy a legal obligation

    (f)  (required for the protection of our legitimate interest in entrepreneurship)] of the General Data Protection Regulation. An actual data item may be subject to multiple provisions.

    Insofar as the processing of personal data takes place based on Article 6.1. a) (consent), customers always have the right to withdraw the given consent.

    Transfer to third parties

    If required to achieve the set purposes, your personal data will be shared with other companies within the European Economic Area, which are linked directly or indirectly with Gert Taeymans BV or with any other partner of Tymans Group BV

    Tymans Group BV guarantees that these recipients will take the necessary technical and organisational measures for the protection of personal data.

    Third party categories that are subject to this provision are:

        Accounting
        Hosting
        Software Engineering (when you order websites or custom development with us)
        Social Media (only as part of Social Media Marketing contracted services by you)

    Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. You must be aware that one can argue that any data transfer from the EU towards the US is now in breach of the law. Other argue that necessary transfers are still allowed, whithout however defining, as far as we know, what "necessary" actually means. This website runs on servers within the EU. We also closely follow the opinions by the scholars and our regulator.

    Retention period

    Personal data processed for customer management will be stored for the time necessary to satisfy legal requirements (in terms of bookkeeping, among others).

    Right to inspection, improvement, deletion, limitation, objection and transferability of personal data

    You have at all times the right to inspect your personal data and can have it improved should it be incorrect or incomplete, have it removed, limit its processing an object to the processing of their personal data based on Article 6.1 (f), including profiling based on said provisions. Any personal data however that is needed for the legal processing of your order cannot be removed after you placed an order, as we need to keep it for legal purposes.

    Furthermore, you are entitled to obtain a copy of your personal data and to have said personal data forwarded to another company.

    In order to exercise the aforementioned rights, you are requested to send an e-mail the following address: dataprivacy@tymansgroup.com.

    Direct marketing

    You are entitled to object free of charge to the processing of any processing of their personal data aimed at direct marketing.

    Complaint

    You have the right to file a complaint with the Belgian Privacy Protection Commission (35 Rue de la Presse, 1000 Brussels - contact@adp-gba.be - 02/ 274 48 00 or 02/ 274 48 35).

    Mergers & Acquisitions: The Buy Blueprint

    • Buy Link or Shortcode: {j2store}325|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 5 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Our Advice

    Critical Insight

    Acquisitions are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    • Transactions that are driven by digital motivations, requiring IT’s expertise.
    • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

    Impact and Result

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Mergers & Acquisitions: The Buy Blueprint Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how your organization can excel its growth strategy by engaging in M&A transactions. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Proactive Phase

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    • One-Pager: M&A Proactive
    • Case Study: M&A Proactive
    • Information Asset Audit Tool
    • Data Valuation Tool
    • Enterprise Integration Process Mapping Tool
    • Risk Register Tool
    • Security M&A Due Diligence Tool

    2. Discovery & Strategy

    Create a standardized approach for how your IT organization should address acquisitions.

    • One-Pager: M&A Discovery & Strategy – Buy
    • Case Study: M&A Discovery & Strategy – Buy

    3. Due Diligence & Preparation

    Evaluate the target organizations to minimize risk and have an established integration project plan.

    • One-Pager: M&A Due Diligence & Preparation – Buy
    • Case Study: M&A Due Diligence & Preparation – Buy
    • IT Due Diligence Charter
    • Technical Debt Business Impact Analysis Tool
    • IT Culture Diagnostic
    • M&A Integration Project Management Tool (SharePoint)
    • SharePoint Template: Step-by-Step Deployment Guide
    • M&A Integration Project Management Tool (Excel)
    • Resource Management Supply-Demand Calculator

    4. Execution & Value Realization

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    • One-Pager: M&A Execution & Value Realization – Buy
    • Case Study: M&A Execution & Value Realization – Buy

    Infographic

    Workshop: Mergers & Acquisitions: The Buy Blueprint

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Pre-Transaction Discovery & Strategy

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for acquiring.

    Formalize the program plan.

    Create the valuation framework.

    Strategize the transaction and finalize the M&A strategy and approach.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Set up crucial elements to facilitate the success of the transaction.

    Have a repeatable transaction strategy that can be reused for multiple organizations.

    Activities

    1.1 Conduct the CIO Business Vision and CEO-CIO Alignment Diagnostics.

    1.2 Identify key stakeholders and outline their relationship to the M&A process.

    1.3 Identify the rationale for the company's decision to pursue an acquisition.

    1.4 Assess the IT/digital strategy.

    1.5 Identify pain points and opportunities tied to the acquisition.

    1.6 Create the IT vision and mission statements and identify IT guiding principles and the transition team.

    1.7 Document the M&A governance.

    1.8 Establish program metrics.

    1.9 Create the valuation framework.

    1.10 Establish the integration strategy.

    1.11 Conduct a RACI.

    1.12 Create the communication plan.

    1.13 Prepare to assess target organization(s).

    Outputs

    Business perspectives of IT

    Stakeholder network map for M&A transactions

    Business context implications for IT

    IT’s acquiring strategic direction

    Governance structure

    M&A program metrics

    IT valuation framework

    Integration strategy

    RACI

    Communication plan

    Prepared to assess target organization(s)

    2 Mid-Transaction Due Diligence & Preparation

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Assess the target organization(s).

    Create the valuation framework.

    Plan the integration roadmap.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Methodology identified to assess organizations during due diligence.

    Methodology can be reused for multiple organizations.

    Integration activities are planned and assigned.

    Activities

    2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

    2.2 Review the business rationale for the acquisition.

    2.3 Establish the integration strategy.

    2.4 Create the due diligence charter.

    2.5 Create a list of IT artifacts to be reviewed in the data room.

    2.6 Conduct a technical debt assessment.

    2.7 Assess the current culture and identify the goal culture.

    2.8 Identify the needed workforce supply.

    2.9 Create the valuation framework.

    2.10 Establish the integration roadmap.

    2.11 Establish and align project metrics with identified tasks.

    2.12 Estimate integration costs.

    Outputs

    Stakeholder map

    IT strategy assessment

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Due diligence charter

    Data room artifacts

    Technical debt assessment

    Culture assessment

    Workforce supply identified

    IT valuation framework

    Integration roadmap and associated resourcing

    3 Post-Transaction Execution & Value Realization

    The Purpose

    Establish the transaction foundation.

    Discover the motivation for integration.

    Plan the integration roadmap.

    Prepare employees for the transition.

    Engage in integration.

    Assess the transaction outcomes.

    Key Benefits Achieved

    All major stakeholders are on the same page.

    Integration activities are planned and assigned.

    Employees are set up for a smooth and successful transition.

    Integration strategy and roadmap executed to benefit the organization.

    Review what went well and identify improvements to be made in future transactions.

    Activities

    3.1 Identify key stakeholders and determine IT transaction team.

    3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

    3.3 Review the business rationale for the acquisition.

    3.4 Establish the integration strategy.

    3.5 Prioritize integration tasks.

    3.6 Establish the integration roadmap.

    3.7 Establish and align project metrics with identified tasks.

    3.8 Estimate integration costs.

    3.9 Assess the current culture and identify the goal culture.

    3.10 Identify the needed workforce supply.

    3.11 Create an employee transition plan.

    3.12 Create functional workplans for employees.

    3.13 Complete the integration by regularly updating the project plan.

    3.14 Begin to rationalize the IT environment where possible and necessary.

    3.15 Confirm integration costs.

    3.16 Review IT’s transaction value.

    3.17 Conduct a transaction and integration SWOT.

    3.18 Review the playbook and prepare for future transactions.

    Outputs

    M&A transaction team

    Stakeholder map

    IT strategy assessed

    IT operating model and IT governance structure defined

    Business context implications for IT

    Integration strategy

    Integration roadmap and associated resourcing

    Culture assessment

    Workforce supply identified

    Employee transition plan

    Employee functional workplans

    Updated integration project plan

    Rationalized IT environment

    SWOT of transaction

    M&A Buy Playbook refined for future transactions

    Further reading

    Mergers & Acquisitions: The Buy Blueprint

    For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A purchase.

    EXECUTIVE BRIEF

    Analyst Perspective

    Don’t wait to be invited to the M&A table, make it.

    Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
    Brittany Lutes
    Research Analyst,
    CIO Practice
    Info-Tech Research Group
    Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
    Ibrahim Abdel-Kader
    Research Analyst,
    CIO Practice
    Info-Tech Research Group

    IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

    To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

    IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

    Executive Summary

    Your Challenge

    There are four key scenarios or entry points for IT as the acquiring organization in M&As:

    • IT can suggest an acquisition to meet the business objectives of the organization.
    • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
    • IT participates in due diligence activities and valuates the organization potentially being acquired.
    • IT needs to reactively prepare its environment to enable the integration.

    Consider the ideal scenario for your IT organization.

    Common Obstacles

    Some of the obstacles IT faces include:

    • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
    • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
    • The people and culture element are forgotten or not given adequate priority.

    These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

    Info-Tech's Approach

    Prepare for a growth/integration transaction by:

    • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
    • Creating a standard strategy that will enable strong program management.
    • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

    Info-Tech Insight

    As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

    The changing M&A landscape

    Businesses will embrace more digital M&A transactions in the post-pandemic world

    • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
    • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
    • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

    The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

    Virtual deal-making will be the preferred method of 55% of organizations in the post-pandemic world. (Wall Street Journal, 2020)

    Your challenge

    IT is often not involved in the M&A transaction process. When it is, it’s often too late.

    • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
    • Additionally, IT’s lack of involvement in the process negatively impacts the business:
      • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates).
      • Weak integration teams contribute to the failure of 70% of M&A integrations (The Wall Street Journal, 2019).
      • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
    • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

    Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

    Common Obstacles

    These barriers make this challenge difficult to address for many organizations:

    • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where integration will be critical to business continuity.
    • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
    • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
    • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

    In hindsight, it’s clear to see: Involving IT is just good business.

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

    40% of acquiring businesses discovered a cybersecurity problem at an acquisition.” (Source: Okta)

    Info-Tech's approach

    Acquisitions & Divestitures Framework

    Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

    1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
    2. Transactions that are driven by digital motivations, requiring IT’s expertise.
    3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
    4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
    A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

    The business’ view of IT will impact how soon IT can get involved

    There are four key entry points for IT

    A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
    1. Innovator: IT suggests an acquisition to meet the business objectives of the organization.
    2. Business Partner: IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspective.
    3. Trusted Operator: IT participates in due diligence activities and valuates the organization potentially being acquired.
    4. Firefighter: IT reactively engages in the integration with little time to prepare.

    Merger, acquisition, and divestiture defined

    Merger

    A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

    Acquisition

    The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

    Divestiture

    An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

    Info-Tech Insight

    A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

    Buying vs. selling

    The M&A process approach differs depending on whether you are the executive IT leader on the buy side or sell side

    This blueprint is only focused on the buy side:

    • More than two organizations could be involved in a transaction.
    • Examples of buy-related scenarios include:
      • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
      • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
      • Your organization is buying components of another organization with the intent of integrating them into your original company.
    • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

    The sell side is focused on:

    • Examples of sell-related scenarios include:
      • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
      • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
      • Your organization is engaging in a divestiture with the intent of:
        • Separating components to be part of the purchasing organization permanently.
        • Separating components to be part of a spinoff and establish a unit as a standalone new company.
    • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

    For more information on divestitures or selling your entire organization, check out Info-Tech’s Mergers & Acquisitions: The Sell Blueprint.

    Core business timeline

    For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

    Info-Tech’s methodology for Buying Organizations in Mergers, Acquisitions, or Divestitures

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    Phase Steps

    1. Identify Stakeholders and Their Perspective of IT
    2. Assess IT’s Current Value and Future State
    3. Drive Innovation and Suggest Growth Opportunities
    1. Establish the M&A Program Plan
    2. Prepare IT to Engage in the Acquisition
    1. Assess the Target Organization
    2. Prepare to Integrate
    1. Execute the Transaction
    2. Reflection and Value Realization

    Phase Outcomes

    Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

    Create a standardized approach for how your IT organization should address acquisitions.

    Evaluate the target organizations successfully and establish an integration project plan.

    Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

    Potential metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Due Diligence & Preparation

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    The IT executive’s role in the buying transaction is critical

    And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

    1. Reduced Risk

      IT can identify risks that may go unnoticed when IT is not involved.
    2. Increased Accuracy

      The business can make accurate predictions around the costs, timelines, and needs of IT.
    3. Faster Integration

      Faster integration means faster value realization for the business.
    4. Informed Decision Making

      IT leaders hold critical information that can support the business in moving the transaction forward.
    5. Innovation

      IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

    The IT executive’s critical role is demonstrated by:

    • Reduced Risk

      47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).
    • Increased Accuracy

      87% of respondents to a Deloitte survey effectively conducted a virtual deal, with a focus on cybersecurity and integration (Deloitte, 2020).
    • Faster Integration

      Integration costs range from as low as $4 million to as high as $3.8 billion, making the process an investment for the organization (CIO Dive).
    • Informed Decision Making

      Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).
    • Innovation

      Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

    Playbook benefits

    IT Benefits

    • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
    • Develop a streamlined method to valuate the potential organization being purchased and ensure risk management concerns are brought to the business’ attention immediately.
    • Create a comprehensive list of items that IT needs to do during the integration that can be prioritized and actioned.

    Business Benefits

    • The business will get accurate and relevant information about the organization being acquired, ensuring that the anticipated value of the transaction is correctly planned for.
    • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority integration tasks.
    • The business can make a fair offer to the purchased organization, having properly valuated all aspects being bought, including the IT environment.

    Insight summary

    Overarching Insight

    As an IT executive, take control of when you get involved in a growth transaction. Do this by proactively identifying acquisition targets, demonstrating the value of IT, and ensuring that integration of IT environments does not lead to unnecessary and costly decisions.

    Proactive Insight

    CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

    Discovery & Strategy Insight

    IT organizations that have an effective M&A program plan are more prepared for the buying transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

    Due Diligence & Preparation Insight

    Most IT synergies can be realized in due diligence. It is more impactful to consider IT processes and practices (e.g. contracts and culture) in due diligence rather than later in the integration.

    Execution & Value Realization Insight

    IT needs to realize synergies within the first 100 days of integration. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

    Blueprint deliverables

    Key Deliverable: M&A Buy Playbook

    The M&A Buy Playbook should be a reusable document that enables your IT organization to successfully deliver on any acquisition transaction.

    Screenshots of the 'M and A Buy Playbook' deliverable.

    M&A Buy One-Pager

    See a one-page overview of each phase of the transaction.

    Screenshots of the 'M and A Buy One-Pagers' deliverable.

    M&A Buy Case Studies

    Read a one-page case study for each phase of the transaction.

    Screenshots of the 'M and A Buy Case Studies' deliverable.

    M&A Integration Project Management Tool (SharePoint)

    Manage the integration process of the acquisition using this SharePoint template.

    Screenshots of the 'M and A Integration Project Management Tool (SharePoint)' deliverable.

    M&A Integration Project Management Tool (Excel)

    Manage the integration process of the acquisition using this Excel tool if you can’t or don’t want to use SharePoint.

    Screenshots of the 'M and A Integration Project Management Tool (Excel)' deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

      Proactive Phase

    • Call #1: Scope requirements, objectives, and your specific challenges.
    • Discovery & Strategy Phase

    • Call #2: Determine stakeholders and their perspectives of IT.
    • Call #3: Identify how M&A could support business strategy and how to communicate.
    • Due Diligence & Preparation Phase

    • Call #4: Establish a transaction team and acquisition strategic direction.
    • Call #5: Create program metrics and identify a standard integration strategy.
    • Call #6: Assess the potential organization(s).
    • Call #7: Identify the integration program plan.
    • Execution & Value Realization Phase

    • Call #8: Establish employee transitions to retain key staff.
    • Call #9: Assess IT’s ability to deliver on the acquisition transaction.

    The Buy Blueprint

    Phase 1

    Proactive

    Phase 1

    Phase 2 Phase 3 Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Conduct the CEO-CIO Alignment diagnostic
    • Conduct the CIO Business Vision diagnostic
    • Visualize relationships among stakeholders to identify key influencers
    • Group stakeholders into categories
    • Prioritize your stakeholders
    • Plan to communicate
    • Valuate IT
    • Assess the IT/digital strategy
    • Determine pain points and opportunities
    • Align goals to opportunities
    • Recommend growth opportunities

    This phase involves the following participants:

    • IT and business leadership

    What is the Proactive phase?

    Embracing the digital drivers

    As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

    In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

    Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

    In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

    Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

    Proactive Prerequisite Checklist

    Before coming into the Proactive phase, you should have addressed the following:

    • Understand what mergers, acquisitions, and divestitures are.
    • Understand what mergers, acquisitions, and divestitures mean for the business.
    • Understand what mergers, acquisitions, and divestitures mean for IT.

    Review the Executive Brief for more information on mergers, acquisitions, and divestitures for purchasing organizations.

    Proactive

    Step 1.1

    Identify M&A Stakeholders and Their Perspective of IT

    Activities

    • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
    • 1.1.2 Conduct the CIO Business Vision diagnostic
    • 1.1.3 Visualize relationships among stakeholders to identify key influencers
    • 1.1.4 Group stakeholders into categories
    • 1.1.5 Prioritize your stakeholders
    • 1.16 Plan to communicate

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

    Business executives' perspectives of IT

    Leverage diagnostics and gain alignment on IT’s role in the organization

    • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
    • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
    • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
    • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
    A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

    Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

    Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

    Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine indicators of the relationship between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

    Business Satisfaction and Importance for Core Services

    The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

    Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

    1.1.1 Conduct the CEO-CIO Alignment diagnostic

    2 weeks

    Input: IT organization expertise and the CEO-CIO Alignment diagnostic

    Output: An understanding of an executive business stakeholder’s perception of IT

    Materials: CEO-CIO Alignment diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
    3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
    4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support growth transactions or support your rationale in recommending growth transactions.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    1.1.2 Conduct the CIO Business Vision diagnostic

    2 weeks

    Input: IT organization expertise, CIO BV diagnostic

    Output: An understanding of business stakeholder perception of certain IT capabilities and services

    Materials: CIO Business Vision diagnostic, Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Senior business leaders

    1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
    2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
    3. Examine the results of the survey and take note of any IT services that have low scores.
    4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

    Download the sample report.

    Record the results in the M&A Buy Playbook.

    Create a stakeholder network map for M&A transactions

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Example:

    Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

      Legend
    • Black arrows indicate the direction of professional influence
    • Dashed green arrows indicate bidirectional, informal influence relationships

    Info-Tech Insight

    Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

    1.1.3 Visualize relationships among stakeholders to identify key influencers

    1-3 hours

    Input: List of M&A stakeholders

    Output: Relationships among M&A stakeholders and influencers

    Materials: M&A Buy Playbook

    Participants: IT executive leadership

    1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
    2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
    3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
    4. Construct a diagram linking stakeholders and their influencers together.
      • Use black arrows to indicate the direction of professional influence.
      • Use dashed green arrows to indicate bidirectional, informal influence relationships.

    Record the results in the M&A Buy Playbook.

    Categorize your stakeholders with a prioritization map

    A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

    A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

    There are four areas in the map, and the stakeholders within each area should be treated differently.

    Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

    Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

    Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

    Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

    1.1.4 Group stakeholders into categories

    30 minutes

    Input: Stakeholder map, Stakeholder list

    Output: Categorization of stakeholders and influencers

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, Stakeholders

    1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
    2. Map your results to the model to the right to determine each stakeholder’s category.

    Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

    Level of Influence
    • Power: Ability of a stakeholder to effect change.
    • Urgency: Degree of immediacy demanded.
    • Legitimacy: Perceived validity of stakeholder’s claim.
    • Volume: How loud their “voice” is or could become.
    • Contribution: What they have that is of value to you.
    Level of Interest

    How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

    Record the results in the M&A Buy Playbook.

    Prioritize your stakeholders

    There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

    Level of Support

    Supporter

    Evangelist

    Neutral

    Blocker

    Stakeholder Category Player Critical High High Critical
    Mediator Medium Low Low Medium
    Noisemaker High Medium Medium High
    Spectator Low Irrelevant Irrelevant Low

    Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

    These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

    1.1.5 Prioritize your stakeholders

    30 minutes

    Input: Stakeholder matrix

    Output: Stakeholder and influencer prioritization

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
    2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

    Stakeholder

    Category

    Level of Support

    Prioritization

    CMO Spectator Neutral Irrelevant
    CIO Player Supporter Critical

    Record the results in the M&A Buy Playbook.

    Define strategies for engaging stakeholders by type

    A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

    Type

    Quadrant

    Actions

    Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
    Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
    Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
    Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

    Info-Tech Insight

    Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

    1.1.6 Plan to communicate

    30 minutes

    Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

    Output: Stakeholder communication plan

    Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

    Participants: IT executive leadership, M&A/divestiture stakeholders

    The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

    1. In the M&A Buy Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
    2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.2

    Assess IT’s Current Value and Method to Achieve a Future State

    Activities

    • 1.2.1 Valuate IT
    • 1.2.2 Assess the IT/digital strategy

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical stakeholders to M&A

    Outcomes of Step

    Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

    How to valuate your IT environment

    And why it matters so much

    • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
    • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
    • (Source: “Valuation Methods,” Corporate Finance Institute)

    Four ways to create value through digital

    1. Reduced costs
    2. Improved customer experience
    3. New revenue sources
    4. Better decision making
    5. (Source: McKinsey & Company)

    1.2.1 Valuate IT

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of IT

    Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership

    The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

    1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
    2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Data valuation

    Data valuation identifies how you monetize the information that your organization owns.

    Create a data value chain for your organization

    When valuating the information and data that exists in an organization, there are many things to consider.

    Info-Tech has two tools that can support this process:

    1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
    2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

    Data Collection

    Insight Creation

    Value Creation

    Data Valuation

    01 Data Source
    02 Data Collection Method
    03 Data
    04 Data Analysis
    05 Insight
    06 Insight Delivery
    07 Consumer
    08 Value in Data
    09 Value Dimension
    10 Value Metrics Group
    11 Value Metrics
    Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

    Instructions

    1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
    2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
    3. Fill out the columns for data sources, data collection, and data first.
    4. Capture data analysis and related information.
    5. Then capture the value in data.
    6. Add value dimensions such as usage, quality, and economic dimensions.
      • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
    7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
    8. Finally, calculate the value that has a direct correlation with underlying value metrics.

    Application valuation

    Calculate the value of your IT applications

    When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

    • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

    Instructions

    1. Start by calculating user costs. This is the product of the (# of users) × (% of time spent using IT) × (fully burdened salary).
    2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
    3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.
    4. User Costs

      Total User Costs

      Derived Productivity Ratio (DPR)

      Total DPR

      Application Value

      # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

    5. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
    6. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.
    7. IT and Business Costs

      Total IT and Business Costs

      Net Value of Applications

      Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

    (Source: CSO)

    Infrastructure valuation

    Assess the foundational elements of the business’ information technology

    The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

    Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

    Instructions:

    1. Start by listing all of the infrastructure-related items that are relevant to your organization.
    2. Once you have finalized your items column, identify the total costs/value of each item.
      • For example, total software costs would include servers and storage.
    3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

    Item

    Costs/Value

    Hardware Assets Total Value +$3.2 million
    Hardware Leased/Service Agreement -$
    Software Purchased +$
    Software Leased/Service Agreement -$
    Operational Tools
    Network
    Disaster Recovery
    Antivirus
    Data Centers
    Service Desk
    Other Licenses
    Total:

    For additional support, download the M&A Runbook for Infrastructure and Operations.

    Risk and security

    Assess risk responses and calculate residual risk

    The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

    1. Risk Register Tool
    2. Security M&A Due Diligence Tool

    Instructions

    1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
    2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.
    3. Probability of Risk Occurrence

      Occurrence Criteria
      (Classification; Probability of Risk Event Within One Year)

      Negligible Very Unlikely; ‹20%
      Very Low Unlikely; 20 to 40%
      Low Possible; 40 to 60%
      Moderately Low Likely; 60 to 80%
      Moderate Almost Certain; ›80%

    Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

    Financial & Reputational Impact

    Budgetary and Reputational Implications
    (Financial Impact; Reputational Impact)

    Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
    Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
    Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
    Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
    Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

    Risk Category Details

    Probability of Occurrence

    Estimated Financial Impact

    Estimated Severity (Probability X Impact)

    Capacity Planning
    Enterprise Architecture
    Externally Originated Attack
    Hardware Configuration Errors
    Hardware Performance
    Internally Originated Attack
    IT Staffing
    Project Scoping
    Software Implementation Errors
    Technology Evaluation and Selection
    Physical Threats
    Resource Threats
    Personnel Threats
    Technical Threats
    Total:

    1.2.2 Assess the IT/digital strategy

    4 hours

    Input: IT strategy, Digital strategy, Business strategy

    Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

    Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

    1. On the left half of the corresponding slide in the M&A Buy Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
    2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

    For additional support, see Build a Business-Aligned IT Strategy.

    Record the results in the M&A Buy Playbook.

    Proactive

    Step 1.3

    Drive Innovation and Suggest Growth Opportunities

    Activities

    • 1.3.1 Determine pain points and opportunities
    • 1.3.2 Align goals with opportunities
    • 1.3.3 Recommend growth opportunities

    This step involves the following participants:

    • IT executive leader
    • IT leadership
    • Critical M&A stakeholders

    Outcomes of Step

    Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest growth opportunities.

    1.3.1 Determine pain points and opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

    Output: List of pain points or opportunities that IT can address

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

    1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
    2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
    3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

    Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

    Record the results in the M&A Buy Playbook.

    1.3.2 Align goals with opportunities

    1-2 hours

    Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

    Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for growth strategy

    Materials: Computer, Whiteboard and markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business stakeholders

    The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

    1. For the top three to five business goals, consider:
      1. Underlying drivers
      2. Digital opportunities
      3. Whether a growth or reduction strategy is the solution
    2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

    Record the results in the M&A Buy Playbook.

    1.3.3 Recommend growth opportunities

    1-2 hours

    Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

    Output: M&A transaction opportunities suggested

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, Business executive/CEO

    The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

    1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
    2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

    Info-Tech Insight

    With technology and digital driving many transactions, leverage this opening and begin the discussions with your business on how and why an acquisition would be a great opportunity.

    Record the results in the M&A Buy Playbook.

    By the end of this Proactive phase, you should:

    Be prepared to suggest M&A opportunities to support your company’s goals through growth or acquisition transactions

    Key outcome from the Proactive phase

    Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through growth or reduction strategies such as mergers, acquisitions, or divestitures.

    Key deliverables from the Proactive phase
    • Business perspective of IT examined
    • Key stakeholders identified and relationship to the M&A process outlined
    • Ability to valuate the IT environment and communicate IT’s value to the business
    • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
    • Pain points and opportunities that could be alleviated or supported through an M&A transaction
    • Acquisition or buying recommendations

    The Buy Blueprint

    Phase 2

    Discovery & Strategy

    Phase 1

    Phase 2

    Phase 3Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Create the mission and vision
    • Identify the guiding principles
    • Create the future-state operating model
    • Determine the transition team
    • Document the M&A governance
    • Create program metrics
    • Establish the integration strategy
    • Conduct a RACI
    • Create the communication plan
    • Assess the potential organization(s)

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for AcquiringFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
    • 0.2 Identify key stakeholders and outline their relationship to the M&A process
    • 0.3 Identify the rationale for the company's decisions to pursue an acquisition
    • 1.1 Review the business rationale for the acquisition
    • 1.2 Assess the IT/digital strategy
    • 1.3 Identify pain points and opportunities tied to the acquisition
    • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
    • 2.1 Create the future-state operating model
    • 2.2 Determine the transition team
    • 2.3 Document the M&A governance
    • 2.4 Establish program metrics
    • 3.1 Valuate your data
    • 3.2 Valuate your applications
    • 3.3 Valuate your infrastructure
    • 3.4 Valuate your risk and security
    • 3.5 Combine individual valuations to make a single framework
    • 4.1 Establish the integration strategy
    • 4.2 Conduct a RACI
    • 4.3 Review best practices for assessing target organizations
    • 4.4 Create the communication plan
    • 5.1 Complete in-progress deliverables from previous four days
    • 5.2 Set up review time for workshop deliverables and to discuss next steps

    Deliverables

    1. Business perspectives of IT
    2. Stakeholder network map for M&A transactions
    1. Business context implications for IT
    2. IT’s acquisition strategic direction
    1. Operating model for future state
    2. Transition team
    3. Governance structure
    4. M&A program metrics
    1. IT valuation framework
    1. Integration strategy
    2. RACI
    3. Communication plan
    1. Completed M&A program plan and strategy
    2. Prepared to assess target organization(s)

    What is the Discovery & Strategy phase?

    Pre-transaction state

    The Discovery & Strategy phase during an acquisition is a unique opportunity for many IT organizations. IT organizations that can participate in the acquisition transaction at this stage are likely considered a strategic partner of the business.

    For one-off acquisitions, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many acquisitions over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

    During this phase of the pre-transaction state, IT will also be asked to participate in ensuring that the potential organization being sought will be able to meet any IT-specific search criteria that was set when the transaction was put into motion.

    Goal: To identify a repeatable program plan that IT can leverage when acquiring all or parts of another organization’s IT environment, ensuring customer satisfaction and business continuity

    Discovery & Strategy Prerequisite Checklist

    Before coming into the Discovery & Strategy phase, you should have addressed the following:

    • Understand the business perspective of IT.
    • Know the key stakeholders and have outlined their relationships to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Understand the rationale for the company's decisions to pursue an acquisition and the opportunities or pain points the acquisition should address.

    Discovery & Strategy

    Step 2.1

    Establish the M&A Program Plan

    Activities

    • 2.1.1 Create the mission and vision
    • 2.1.2 Identify the guiding principles
    • 2.1.3 Create the future-state operating model
    • 2.1.4 Determine the transition team
    • 2.1.5 Document the M&A governance
    • 2.1.6 Create program metrics

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Establish an M&A program plan that can be repeated across acquisitions.

    The vision and mission statements clearly articulate IT’s aspirations and purpose

    The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

    Vision Statements

    Mission Statements

    Characteristics

    • Describe a desired future
    • Focus on ends, not means
    • Concise
    • Aspirational
    • Memorable
    • Articulate a reason for existence
    • Focus on how to achieve the vision
    • Concise
    • Easy to grasp
    • Sharply focused
    • Inspirational

    Samples

    To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

    2.1.1 Create the mission and vision statements

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction

    Output: IT’s mission and vision statements for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a growth strategy.

    1. Review the definitions and characteristics of mission and vision statements.
    2. Brainstorm different versions of the mission and vision statements.
    3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the growth process.

    Record the results in the M&A Buy Playbook.

    Guiding principles provide a sense of direction

    IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

    A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

    IT principles must be carefully constructed to make sure they are adhered to and relevant

    Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

    Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

    Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

    Long lasting. Build IT principles that will withstand the test of time.

    Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

    Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

    Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

    Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

    In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

    Consider the example principles below

    IT Principle Name

    IT Principle Statement

    1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
    2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
    3. Integration for Success We will create an integration strategy that enables the organization and clearly communicates the resources required to succeed.
    4. Managed Data We will handle data creation, modification, integration, and use across the enterprise in compliance with our data governance policy.
    5. Establish a single IT Environment We will identify, prioritize, and manage the applications and services that IT provides in order to eliminate redundant technology and maximize the value that users and customers experience.
    6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchased organization.
    7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
    8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
    9. Operating to Succeed We will bring all of IT into a central operating model within two years of the transaction.

    2.1.2 Identify the guiding principles

    2 hours

    Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

    Output: IT’s guiding principles for growth strategies tied to mergers, acquisitions, and divestitures

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the growth strategy process.

    1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
    2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
    3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the growth process.
    4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ growth strategy goals.

    Record the results in the M&A Buy Playbook.

    Create two IT teams to support the transaction

    IT M&A Transaction Team

    • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
    • The roles selected for this team will have very specific skills sets or deliver on critical integration capabilities, making their involvement in the combination of two or more IT environments paramount.
    • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
    • Expect to have to certain duplicate capabilities or roles across the M&A transaction team and operational team.

    IT Operational Team

    • This group is responsible for ensuring the business operations continue.
    • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
    • The roles of this team should ensure that end users or external customers remain satisfied.

    Key capabilities to support M&A

    Consider the following capabilities when looking at who should be a part of the M&A transaction team.

    Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

    Infrastructure

    • Systems Integration
    • Data Management

    Business Focus

    • Service-Level Management
    • Enterprise Architecture
    • Stakeholder Management
    • Project Management

    Risk & Security

    • Privacy Management
    • Security Management
    • Risk & Compliance Management

    Build a lasting and scalable operating model

    An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

    It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

    The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

    As you assess the current operating model, consider the following:

    • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
    • What capabilities should be duplicated?
    • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
    • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
    A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

    Info-Tech Insight

    Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

    2.1.3 Create the future-state operating model

    4 hours

    Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Future-state operating model

    Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a growth transaction.

    1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
    2. Identify what core capabilities would be critical to the buying transaction process and integration. Highlight and make copies of those capabilities in the M&A Buy Playbook.
    3. Arrange the capabilities to clearly show the flow of inputs and outputs. Identify critical stakeholders of the process (such as customers or end users) if that will help the flow.
    4. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses or products to better understand needs and deliver on the capability.

    An example operating model is included in the M&A Buy Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

    Record the results in the M&A Buy Playbook.

    2.1.4 Determine the transition team

    3 hours

    Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

    Output: Transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

    1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
    2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
    3. Review the examples in the M&A Buy Playbook and identify which roles will be a part of the transition team.

    For more information, see Redesign Your Organizational Structure

    What is governance?

    And why does it matter so much to IT and the M&A process?

    • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
    • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
    • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
    • For example, funds to support integration need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
    • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
    A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

    2.1.5 Document M&A governance

    1-2 hours

    Input: List of governing bodies, Governing body committee profiles, Governance structure

    Output: Documented method on how decisions are made as it relates to the M&A transaction

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

    1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
    2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
    3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

    Record the results in the M&A Buy Playbook.

    Current-state structure map – definitions of tiers

    Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

    Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

    Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

    Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

    Measure the IT program’s success in terms of its ability to support the business’ M&A goals

    Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

    Business-Specific Metrics

    • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
    • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
    • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

    IT-Specific Metrics

    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

    Establish your own metrics to gauge the success of IT

    Establish SMART M&A Success Metrics

    S pecific Make sure the objective is clear and detailed.
    M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
    A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
    R ealistic Objectives must be achievable given your current resources or known available resources.
    T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
    • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
    • Provide a definition of synergies.
    • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
    • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
    • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
    • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
    • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc.
    • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
    • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

    Metrics for each phase

    1. Proactive

    2. Discovery & Strategy

    3. Valuation & Due Diligence

    4. Execution & Value Realization

    • % Share of business innovation spend from overall IT budget
    • % Critical processes with approved performance goals and metrics
    • % IT initiatives that meet or exceed value expectation defined in business case
    • % IT initiatives aligned with organizational strategic direction
    • % Satisfaction with IT's strategic decision-making abilities
    • $ Estimated business value added through IT-enabled innovation
    • % Overall stakeholder satisfaction with IT
    • % Percent of business leaders that view IT as an Innovator
    • % IT budget as a percent of revenue
    • % Assets that are not allocated
    • % Unallocated software licenses
    • # Obsolete assets
    • % IT spend that can be attributed to the business (chargeback or showback)
    • % Share of CapEx of overall IT budget
    • % Prospective organizations that meet the search criteria
    • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
    • % Business leaders that view IT as a Business Partner
    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target
    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    2.1.6 Create program metrics

    1-2 hours

    Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

    Output: Program metrics to support IT throughout the M&A process

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

    1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
    2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
    3. Establish a baseline for each metric based on information collected within your organization.
    4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

    Record the results in the M&A Buy Playbook.

    Discovery & Strategy

    Step 2.2

    Prepare IT to Engage in the Acquisition

    Activities

    • 2.2.1 Establish the integration strategy
    • 2.2.2 Conduct a RACI
    • 2.2.3 Create the communication plan
    • 2.2.4 Assess the potential organization(s)

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team

    Outcomes of Step

    Identify IT’s plan of action when it comes to the acquisition and align IT’s integration strategy with the business’ M&A strategy.

    Integration strategies

    There are several IT integration strategies that will help you achieve your target technology environment.

    IT Integration Strategies
    • Absorption. Convert the target organization’s strategy, structure, processes, and/or systems to that of the acquiring organization.
    • Best-of-Breed. Pick and choose the most effective people, processes, and technologies to form an efficient operating model.
    • Transformation Retire systems from both organizations and use collective capabilities, data, and processes to create something entirely new.
    • Preservation Retain individual business units that will operate within their own capability. People, processes, and technologies are unchanged.

    The approach IT takes will depend on the business objectives for the M&A.

    • Generally speaking, the integration strategy is well understood and influenced by the frequency of and rationale for acquiring.
    • Based on the initiatives generated by each business process owner, you need to determine the IT integration strategy that will best support the desired target technology environment.

    Key considerations when choosing an IT integration strategy include:

    • What are the main business objectives of the M&A?
    • What are the key synergies expected from the transaction?
    • What IT integration best helps obtain these benefits?
    • What opportunities exist to position the business for sustainable growth?

    Absorption and best-of-breed

    Review highlights and drawbacks of absorption and best-of-breed integration strategies

    Absorption
      Highlights
    • Recommended for businesses striving to reduce costs and drive efficiency gains.
    • Economies of scale realized through consolidation and elimination of redundant applications.
    • Quickest path to a single company operation and systems as well as lower overall IT cost.
      Drawbacks
    • Potential for disruption of the target company’s business operations.
    • Requires significant business process changes.
    • Disregarding the target offerings altogether may lead to inferior system decisions that do not yield sustainable results.
    Best-of-Breed
      Highlights
    • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
    • Each side has a unique offering but complementing capabilities.
    • Potential for better buy-in from the target because some of their systems are kept, resulting in willingness to
      Drawbacks
    • May take longer to integrate because it tends to present increased complexity that results in higher costs and risks.
    • Requires major integration efforts from both sides of the company. If the target organization is uncooperative, creating the desired technology environment will be difficult.

    Transformation and preservation

    Review highlights and drawbacks of transformation and preservation integration strategies

    Transformation
      Highlights
    • This is the most customized approach, although it is rarely used.
    • It is essential to have an established long-term vision of business capabilities when choosing this path.
    • When executed correctly, this approach presents potential for significant upside and creation of sustainable competitive advantages.
      Drawbacks
    • This approach requires extensive time to implement, and the cost of integration work may be significant.
    • If a new system is created without strategic capabilities, the organizations will not realize long-term benefits.
    • The cost of correcting complexities at later stages in the integration effort may be drastic.
    Preservation
      Highlights
    • This approach is appropriate if the merging organizations will remain fairly independent, if there will be limited or no communication between companies, and if the companies’ market strategies, products, and channels are entirely distinct.
    • Environment can be accomplished quickly and at a low cost.
      Drawbacks
    • Impact to each business is minimal, but there is potential for lost synergies and higher operational costs. This may be uncontrollable if the natures of the two businesses are too different to integrate.
    • Reduced benefits and limited opportunities for IT integration.

    2.2.1 Establish the integration strategy

    1-2 hours

    Input: Business integration strategy, Guiding principles, M&A governance

    Output: IT’s integration strategy

    Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to determine IT’s approach to integration. The approach might differ slightly from transaction to transaction. However, the business’ approach to transactions should give insight into the general integration strategy IT should adopt.

    1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall integration.
    2. Review and discuss the highlights and drawbacks of each type of integration.
    3. Use Info-Tech’s Integration Posture Selection Framework on the next slide to select the integration posture that will appropriately enable the business. Consider these questions during your discussion:
      1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
      2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
      3. What IT integration best helps obtain these benefits?

    Record the results in the M&A Buy Playbook.

    Integration Posture Selection Framework

    Business M&A Strategy

    Resultant Technology Strategy

    M&A Magnitude (% of Acquirer Assets, Income, or Market Value)

    IT Integration Posture

    A. Horizontal Adopt One Model ‹10% Absorption
    10 to 75% Absorption or Best-of-Breed
    ›75% Best-of-Breed
    B. Vertical Create Links Between Critical Systems Any
    • Preservation (Differentiated Functions)
    • Absorption or Best-of-Breed (Non-Differentiated Functions)
    C. Conglomerate Independent Model Any Preservation
    D. Hybrid: Horizontal & Conglomerate Independent Model Any Preservation

    2.2.2 Conduct a RACI

    1-2 hours

    Input: IT capabilities, Transition team, Integration strategy

    Output: Completed RACI for transition team

    Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

    1. First, identify a list of critical tasks that need to be completed to support the purchase or acquisition. For example:
      • Communicate with the company M&A team.
      • Identify critical IT risks that could impact the organization after the transaction.
      • Identify key artifacts to collect and review during due diligence.
    2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

    Record the results in the M&A Buy Playbook.

    Communication and change

    Prepare key stakeholders for the potential changes

    • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
    • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
    • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
    • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
      • Organizations with a low appetite for change will require more direct, assertive communications.
      • Organizations with a high appetite for change are more suited to more open, participatory approaches.

    Three key dimensions determine the appetite for cultural change:

    • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
      In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
    • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
    • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

    2.2.3 Create the communication plan

    1-2 hours

    Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT integration strategy, RACI

    Output: IT’s M&A communication plan

    Materials: Flip charts/whiteboard, Markers, RACI, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

    1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
    2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
    3. Review Info-Tech’s example communication plan in the M&A Buy Playbook and update it with relevant information.
    4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

    Record the results in the M&A Buy Playbook.

    Assessing potential organizations

    As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when they have to assess the IT organization of a potential purchase. As a result, having a standardized template to quickly gauge the value of the business can be critical.

    Ways to Assess

    1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
    2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on their employees.
    3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
    4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them.

    2.2.4 Assess the potential organization(s)

    1-2 hours

    Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

    Output: IT’s valuation of the potential organization(s) for acquisition

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to assess the organization(s) that your organization is considering purchasing.

    1. Complete the Historical Valuation Worksheet in the M&A Buy Playbook to understand the type of IT organization that your company may inherit and need to integrate with.
      • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
    2. Use the information identified to help the business narrow down which organizations should be targeted for the acquisition.

    Record the results in the M&A Buy Playbook.

    By the end of this pre-transaction phase you should:

    Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in growth transactions

    Key outcomes from the Discovery & Strategy phase
    • Be prepared to analyze and recommend potential organizations that the business can acquire or merge with, using a strong program plan that can be repeated across transactions.
    • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
    Key deliverables from the Discovery & Strategy phase
    • Create vision and mission statements
    • Establish guiding principles
    • Create a future-state operating model
    • Identify the key roles for the transaction team
    • Identify and communicate the M&A governance
    • Determine target metrics
    • Identify the M&A operating model
    • Select the integration strategy framework
    • Conduct a RACI for key transaction tasks for the transaction team
    • Document the communication plan

    M&A Buy Blueprint

    Phase 3

    Due Diligence & Preparation

    Phase 1Phase 2

    Phase 3

    Phase 4
    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Drive value with a due diligence charter
    • Identify data room artifacts
    • Assess technical debt
    • Valuate the target IT organization
    • Assess culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create an employee transition plan
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Day 4

    Day 5

    Establish the Transaction FoundationDiscover the Motivation for IntegrationAssess the Target Organization(s)Create the Valuation FrameworkPlan the Integration RoadmapNext Steps and Wrap-Up (offsite)

    Activities

    • 0.1 Identify the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Create the due diligence charter.
    • 2.1 Create a list of IT artifacts to be reviewed in the data room.
    • 2.2 Conduct a technical debt assessment.
    • 2.3 Assess the current culture and identify the goal culture.
    • 2.4 Identify the needed workforce supply.
    • 3.1 Valuate the target organization’s data.
    • 3.2 Valuate the target organization’s applications.
    • 3.3 Valuate the target organization’s infrastructure.
    • 3.4 Valuate the target organization’s risk and security.
    • 3.5 Combine individual valuations to make a single framework.
    • 4.1 Prioritize integration tasks.
    • 4.2 Establish the integration roadmap.
    • 4.3 Establish and align project metrics with identified tasks.
    • 4.4 Estimate integration costs.
    • 5.1 Complete in-progress deliverables from previous four days.
    • 5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    3. Due diligence charter
    1. Data room artifacts
    2. Technical debt assessment
    3. Culture assessment
    4. Workforce supply identified
    1. IT valuation framework to assess target organization(s)
    1. Integration roadmap and associated resourcing
    1. Acquisition integration strategy for IT

    What is the Due Diligence & Preparation phase?

    Mid-transaction state

    The Due Diligence & Preparation phase during an acquisition is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to integration expectations set by the business.

    While not all IT organizations are able to participate in this phase, the evolving nature of M&As to be driven by digital and technological capabilities increases the rationale for IT being at the table. Identifying critical IT risks, which will inevitably be business risks, begins during the due diligence phase.

    This is also the opportunity for IT to plan how it will execute the planned integration strategy. Having access to critical information only available in data rooms will further enable IT to successfully plan and execute the acquisition to deliver the value the business is seeking through a growth transaction.

    Goal: To thoroughly evaluate all potential risks associated with the organization(s) being pursued and create a detailed plan for integrating the IT environments

    Due Diligence Prerequisite Checklist

    Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.

    Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT’s value to the business.

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    • Digital & Technology Strategy
      The identification of objectives and initiatives necessary to achieve business goals.
    • IT Operating Model
      The model for how IT is organized to deliver on business needs and strategies.
    • Information & Technology Governance
      The governance to ensure the organization and its customers get maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

    • Digital and IT Strategy tells you what you need to achieve to be successful.
    • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
    • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

    Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

    Due Diligence & Preparation

    Step 3.1

    Assess the Target Organization

    Activities

    • 3.1.1 Drive value with a due diligence charter
    • 3.1.2 Identify data room artifacts
    • 3.1.3 Assess technical debt
    • 3.1.4 Valuate the target IT organization
    • 3.1.5 Assess culture

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Company M&A team
    • Business leaders
    • Prospective IT organization
    • Transition team

    Outcomes of Step

    This step of the process is when IT should actively evaluate the target organization being pursued for acquisition.

    3.1.1 Drive value with a due diligence charter

    1-2 hours

    Input: Key roles for the transaction team, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: IT Due Diligence Charter

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

    1. In the IT Due Diligence Charter in the M&A Buy Playbook, complete the aspects of the charter that are relevant for you and your organization.
    2. We recommend including these items in the charter:
      • Communication plan
      • Transition team roles
      • Goals and metrics for the transaction
      • Integration strategy
      • Acquisition RACI
    3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

    Record the results in the M&A Buy Playbook.

    3.1.2 Identify data room artifacts

    4 hours

    Input: Future-state operating model, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

    Output: List of items to acquire and review in the data room

    Materials: Critical domain lists on following slides, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a list of the key artifacts that should be asked for and reviewed during the due diligence process.

    1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room. This information should be directed to the target organization.
    2. IT leadership may or may not be asked to enter the data room directly. Therefore, it’s important that you clearly identify these artifacts.
    3. List each question or concern, select the associated workstream in the M&A Buy Playbook, and update the status of the information retrieval.
    4. Use the comments section to document your discoveries or concerns.

    Record the results in the M&A Buy Playbook.

    Critical domains

    Understand the key stakeholders and outputs for each domain

    Each critical domain will likely have different stakeholders who know that domain best. Communicate with these stakeholders throughout the M&A process to make sure you are getting accurate information and interpreting it correctly.

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Business
    • Enterprise Architecture
    • Business Relationship Manager
    • Business Process Owners
    • Business capability map
    • Capability map (the M&A team should be taking care of this, but make sure it exists)
    • Business satisfaction with various IT systems and services
    Leadership/IT Executive
    • CIO
    • CTO
    • CISO
    • IT budgets
    • IT capital and operating budgets (from current year and previous year)
    Data & Analytics
    • Chief Data Officer
    • Data Architect
    • Enterprise Architect
    • Master data domains, system of record for each
    • Unstructured data retention requirements
    • Data architecture
    • Master data domains, sources, and storage
    • Data retention requirements
    Applications
    • Applications Manager
    • Application Portfolio Manager
    • Application Architect
    • Applications map
    • Applications inventory
    • Applications architecture
    • Copy of all software license agreements
    • Copy of all software maintenance agreements
    Infrastructure
    • Head of Infrastructure
    • Enterprise Architect
    • Infrastructure Architect
    • Infrastructure Manager
    • Infrastructure map
    • Infrastructure inventory
    • Network architecture (including which data centers host which infrastructure and applications)
    • Inventory (including integration capabilities of vendors, versions, switches, and routers)
    • Copy of all hardware lease or purchase agreements
    • Copy of all hardware maintenance agreements
    • Copy of all outsourcing/external service provider agreements
    • Copy of all service-level agreements for centrally provided, shared services and systems
    Products and Services
    • Product Manager
    • Head of Customer Interactions
    • Product lifecycle
    • Product inventory
    • Customer market strategy

    Critical domains (continued)

    Understand the key stakeholders and outputs for each domain

    Domain

    Stakeholders

    Key Artifacts

    Key Information to request

    Operations
    • Head of Operations
    • Service catalog
    • Service overview
    • Service owners
    • Access policies and procedures
    • Availability and service levels
    • Support policies and procedures
    • Costs and approvals (internal and customer costs)
    IT Processes
    • CIO
    • IT Management
    • VP of IT Governance
    • VP of IT Strategy
    • IT process flow diagram
    • Processes in place and productivity levels (capacity)
    • Critical processes/processes the organization feels they do particularly well
    IT People
    • CIO
    • VP of Human Resources
    • IT organizational chart
    • Competency & capacity assessment
    • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
    • IT headcount and location
    Security
    • CISO
    • Security Architect
    • Security posture
    • Information security staff
    • Information security service providers
    • Information security tools
    • In-flight information security projects
    Projects
    • Head of Projects
    • Project portfolio
    • List of all future, ongoing, and recently completed projects
    Vendors
    • Head of Vendor Management
    • License inventory
    • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

    Assess the target organization’s technical debt

    The other organization could be costly to purchase if not yet modernizing.

    • Consider the potential costs that your business will have to spend to get the other IT organization modernized or even digital.
    • This will be highly affected by your planned integration strategy.
    • A best-of-breed strategy might simply mean there's little to bring over from the other organization’s environment.
    • It’s often challenging to identify a direct financial cost for technical debt. Consider direct costs but also assess categories of impact that can have a long-term effect on your business: lost customer, staff, or business partner goodwill; limited flexibility and resilience; and health, safety, and compliance impacts.
    • Use more objective measures to track subjective impact. For example, consider the number of customers who could be significantly affected by each tech debt in the next quarter.

    Focus on solving the problems you need to address.

    Analyzing technical debt has value in that the analysis can help your organization make better risk management and resource allocation decisions.

    Review these examples of technical debt

    Do you have any of these challenges?

    Applications
    • Inefficient or incomplete code
    • Fragile or obsolete systems of record that limit the implementation of new functionality
    • Out-of-date IDEs or compilers
    • Unsupported applications
    Data & Analytics
    • Data presented via API that does not conform to chosen standards (EDI, NRF-ARTS, etc.)
    • Poor data governance
    • No transformation between OLTP and the data warehouse
    • Heavy use of OLTP for reporting
    • Lack of AI model and decision governance, maintenance
    End-User Computing
    • Aging and slow equipment
    • No configuration management
    • No MDM/UEM
    Security
    • Unpatched/unpatchable systems
    • Legacy firewalls
    • No data classification system
    • “Perimeter” security architecture
    • No documented security incident response
    • No policies, or unenforced policies
    Operations
    • Incomplete, ineffective, or undocumented business continuity and disaster recovery plans
    • Insufficient backups or archiving
    • Inefficient MACD processes
    • Application sprawl with no record of installed applications or licenses
    • No ticketing or ITSM system
    • No change management process
    • No problem management process
    • No event/alert management
    Infrastructure
    • End-of-life/unsupported equipment
    • Aging power or cooling systems
    • Water- or halon-based data center fire suppression systems
    • Out-of-date firmware
    • No DR site
    • Damaged or messy cabling
    • Lack of system redundancy
    • Integrated computers on business equipment (e.g. shop floor equipment, medical equipment) running out-of-date OS/software
    Project & Portfolio Management
    • No project closure process
    • Ineffective project intake process
    • No resource management practices

    “This isn’t a philosophical exercise. Knowing what you want to get out of this analysis informs the type of technical debt you will calculate and the approach you will take.” (Scott Buchholz, CTO, Deloitte Government & Public Services Practice, The Wall Street Journal, 2015)

    3.1.3 Assess technical debt

    1-2 hours

    Input: Participant views on organizational tech debt, Five to ten key technical debts, Business impact scoring scales, Reasonable next-quarter scenarios for each technical debt, Technical debt business impact analysis

    Output: Initial list of tech debt for the target organization

    Materials: Whiteboard, Sticky notes, Technical Debt Business Impact Analysis Tool, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

    The purpose of this activity is to assess the technical debt of the other IT organization. Taking on unnecessary technical debt is one of the biggest risks to the IT environment

    1. This activity can be completed by leveraging the blueprint Manage Your Technical Debt, specifically the Technical Debt Business Impact Analysis Tool. Complete the following activities in the blueprint:
      • 1.2.1 Identify your technical debt
      • 1.2.2 Select tech debt for your impact analysis
      • 2.2.2 Estimate tech debt impact
      • 2.2.3 Identify the most-critical technical debts
    2. Review examples of technical debt in the previous slide to assist you with this activity.
    3. Document the results from tab 3, Impact Analysis, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.

    Record the results in the M&A Buy Playbook.

    How to valuate an IT environment

    And why it matters so much

    • Valuating the target organization’s IT environment is a critical step to fully understand what it might be worth. Business partners are often not in the position to valuate the IT aspects to the degree that you would be.
    • The business investments in IT can be directly translated to a value amount. Meaning for every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
    • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT can be so critical.
    • There are three ways a business or asset can be valuated:
      • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
      • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
      • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.

    The IT valuation conducted during due diligence can have a significant impact on the final financials of the transaction for the business.

    3.1.4 Valuate the target IT organization

    1 day

    Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

    Output: Valuation of target organization’s IT

    Materials: Relevant templates/tools, Capital budget, Operating budget, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Prospective IT organization

    The purpose of this activity is to valuate the other IT organization.

    1. Review each of slides 42 to 45 to generate a valuation of IT’s data, applications, infrastructure, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount. For more information on this activity, review Activity 1.2.1 from the Proactive phase.
    2. Identify financial amounts for each critical area and add the financial output to the summary slide in the M&A Buy Playbook.
    3. Compare this information against your own IT organization’s valuation.
      1. Does it add value to your IT organization?
      2. Is there too much risk to accept if this transaction goes through?

    Info-Tech Insight

    Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

    Record the results in the M&A Buy Playbook.

    Culture should not be overlooked, especially as it relates to the integration of IT environments

    • There are three types of culture that need to be considered.
    • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
    • Make a decision on which type of culture you’d like IT to have post-transition.

    Target Organization’s Culture

    The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

    Your Organization’s Culture

    The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

    Ideal Culture

    What will the future culture of the IT organization be once integration is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

    Culture categories

    Map the results of the IT Culture Diagnostic to an existing framework

    Competitive
    • Autonomy
    • Confront conflict directly
    • Decisive
    • Competitive
    • Achievement oriented
    • Results oriented
    • High performance expectations
    • Aggressive
    • High pay for good performance
    • Working long hours
    • Having a good reputation
    • Being distinctive/different
    Innovative
    • Adaptable
    • Innovative
    • Quick to take advantage of opportunities
    • Risk taking
    • Opportunities for professional growth
    • Not constrained by rules
    • Tolerant
    • Informal
    • Enthusiastic
    Traditional
    • Stability
    • Reflective
    • Rule oriented
    • Analytical
    • High attention to detail
    • Organized
    • Clear guiding philosophy
    • Security of employment
    • Emphasis on quality
    • Focus on safety
    Cooperative
    • Team oriented
    • Fair
    • Praise for good performance
    • Supportive
    • Calm
    • Developing friends at work
    • Socially responsible

    Culture Considerations

    • What culture category was dominant for each IT organization?
    • Do you share the same dominant category?
    • Is your current dominant culture category the most ideal to have post-integration?

    3.1.5 Assess Culture

    3-4 hours

    Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

    Output: Goal for IT culture

    Materials: IT Culture Diagnostic, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

    The purpose of this activity is to assess the different cultures that might exist within the IT environments of both organizations. More importantly, your IT organization can select its desired IT culture for the long term if it does not already exist.

    1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic. Fill out the diagnostic for the IT department in your organization:
      1. Answer the 16 questions in tab 2, Diagnostic.
      2. Find out your dominant culture and review recommendations in tab 3, Results.
    2. Document the results from tab 3, Results, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.
    3. Repeat the activity for the target organization.
    4. Leverage the information to determine what the goal for the culture of IT will be post-integration if it will differ from the current culture.

    Record the results in the M&A Buy Playbook.

    Due Diligence & Preparation

    Step 3.2

    Prepare to Integrate

    Activities

    • 3.2.1 Prioritize integration tasks
    • 3.2.2 Establish the integration roadmap
    • 3.2.3 Identify the needed workforce supply
    • 3.2.4 Estimate integration costs
    • 3.2.5 Create an employee transition plan
    • 3.2.6 Create functional workplans for employees
    • 3.2.7 Align project metrics with identified tasks

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Have an established plan of action toward integration across all domains and a strategy toward resources.

    Don’t underestimate the importance of integration preparation

    Integration is the process of combining the various components of one or more organizations into a single organization.

    80% of integration should happen within the first two years. (Source: CIO Dive)

    70% of M&A IT integrations fail due to components that could and should be addressed at the beginning. (Source: The Wall Street Journal, 2019)

    Info-Tech Insight

    Integration is not rationalization. Once the organization has integrated, it can prepare to rationalize the IT environment.

    Integration needs

    Identify your domain needs to support the target technology environment

    Set up a meeting with your IT due diligence team to:

    • Address data, applications, infrastructure, and other domain gaps.
    • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

    Use this opportunity to:

    • Identify data and application complexities between your organization and the target organization.
    • Identify the IT people and process gaps, redundancies, and initiatives.
    • Determine your infrastructure needs and identify redundancies.
      • Does IT have the infrastructure to support the applications and business capabilities of the resultant enterprise?
      • Identify any gaps between the current infrastructure in both organizations and the infrastructure required in the resultant enterprise.
      • Identify any redundancies.
      • Determine the appropriate IT integration strategies.
    • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of integration.

    Integration implications

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Data & Analytics

    • Consider data sources that might need to be combined (e.g. financials, email lists, internet).
    • Understand where each organization will warehouse its data and how it will be managed in a cost-effective manner.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Analyze whether or not the data types are compatible between companies.
    • Understand the critical data needs and the complexity of integration activities.
    • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
    • Focus on the master data domains that represent the core of your business.
    • Assess the value, size, location, and cleanliness of the target organization’s data sets.
    • Determine the data sets that will be migrated to capture expected synergies and drive core capabilities while addressing how other data sets will be maintained and managed.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Applications

    • Establish whether or not there are certain critical applications that still need to be linked (e.g. email, financials).
    • Leverage the unique strengths and functionalities provided by the applications used by each organization.
    • Confirm that adequate documentation and licensing exists.
    • Decide which critical applications need to be linked versus which need to be kept separate to drive synergies. For example, financial, email, and CRM may need to be linked, while certain applications may remain distinct.
    • Pay particular attention to the extent to which systems relating to customers, products, orders, and shipments need to be integrated.
    • Determine the key capabilities that require support from the applications identified by business process owners.
    • Assess which major applications need to be adopted by both organizations, based on the M&A goals.
    • Establish interim linkages and common interfaces for applications while major migrations occur.
    • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
    • Establish interim linkages and common interfaces for applications while major migrations occur.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Infrastructure

    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
    • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
    • Evaluate whether certain infrastructure components, such as data centers, can be consolidated to support the new model while also eliminating redundancies. This will help reduce costs.
    • Assess which infrastructure components need to be kept versus which need to be terminated to support the new application portfolio. Keep in mind that increasing the transaction volume on a particular application increases the infrastructure capacity that is required for that application.
    • Extend the network to integrate additional locations.

    IT People & Processes

    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • The IT processes of each organization will most likely remain separate.
    • Consider the impact of the target organization on your IT processes.
    • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
    • Consider whether there are redundancies in staffing that could be eliminated.
    • Consider how critical IT processes of the target organization fit with your current IT processes.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the common systems.
    • If there is overlap with the IT processes in both organizations, you may wish to map out both processes to get a sense for how they might work together.
    • Assess what processes will be prioritized to support IT strategies.
    • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the prioritized IT processes.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Leadership/IT Executive

    • Have insight into the goals and direction of the organization’s leadership. Make sure that a communication path has been established to receive information and provide feedback.
    • The decentralized model will require some form of centralization and strong governance processes to enable informed decisions.
    • Ensure that each area can deliver on its needs while not overstepping the goals and direction of the organization.
    • This will help with integration in the sense that front-line employees can see a single organization beginning to form.
    • In this model, there is the opportunity to select elements of each leadership style and strategy that will work for the larger organization.
    • Leadership can provide a single and unified approach to how the strategic goals will be executed.
    • More often than not, this would be the acquiring organization’s strategic direction.

    Vendors

    • Determine which contracts the target organization currently has in place.
    • Having different vendors in place will not be a bad model if it makes sense.
    • Spend time reviewing the contracts and ensuring that each organization has the right contracts to succeed.
    • Identify what redundancies might exist (ERPs, for example) and determine if the vendor would be willing to terminate one contract or another.
    • Through integration, it might be possible to engage in one set of contract negotiations for a single application or technology.
    • Identify whether there are opportunities to combine contracts or if they must remain completely separated until the end of the term.
    • In an effort to capitalize on the contracts working well, reduce the contracts that might be hindering the organization.
    • Speak to the vendor offering the contract.
    • Going forward, ensure the contracts are negotiated to include clauses to allow for easier and more cost-effective integration.

    Integration implications (continued)

    Understand the implications for integration with respect to each target technology environment

    Domain

    Independent Models

    Create Links Between Critical Systems

    Move Key Capabilities to Common Systems

    Adopt One Model

    Security

    • Both organizations would need to have a process for securing their organization.
    • Sharing and accessing information might be more difficult, as each organization would need to keep the other organization separate to ensure the organization remains secure.
    • Creating standard policies and procedures that each organization must adhere to would be critical here (for example, multifactor authentication).
    • Establish a single path of communication between the two organizations, ensuring reliable and secure data and information sharing.
    • Leverage the same solutions to protect the business as a whole from internal and external threats.
    • Identify opportunities where there might be user points of failure that could be addressed early in the process.
    • Determine what method of threat detection and response will best support the business and select that method to apply to the entire organization, both original and newly acquired.

    Projects

    • Projects remain ongoing as they were prior to the integration.
    • Some projects might be made redundant after the initial integration is over.
    • Re-evaluate the projects after integration to ensure they continue to deliver on the business’ strategic direction.
    • Determine which projects are similar to one another and identify opportunities to leverage business needs and solutions for each organization where possible.
    • Review project histories to determine the rationale for and success of projects that could be reused in either organization going forward.
    • Determine which projects should remain ongoing and which projects could wait to be implemented or could be completely stopped.
    • There might be certain modernization projects ongoing that cannot be stopped.
    • However, for all other projects, embrace a single portfolio.
    • Completely reduce or remove all ongoing projects from the one organization and continue with only the projects of the other organization.
    • Add in new projects when they arise as needed.

    3.2.1 Prioritize integration tasks

    2 hours

    Input: Integration tasks, Transition team, M&A RACI

    Output: Prioritized integration list

    Materials: Integration task checklist, Integration roadmap

    Participants: IT executive/CIO, IT senior leadership, Company M&A team

    The purpose of this activity is to prioritize the different integration tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

    1. Download the SharePoint or Excel version of the M&A Integration Project Management Tool. Identify which integration tasks you want as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
    2. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
    3. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    3.2.2 Establish the integration roadmap

    2 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Integration roadmap

    Materials: M&A Integration Project Plan Tool (SharePoint), M&A Integration Project Plan Tool (Excel)

    Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

    The purpose of this activity is to create a roadmap to support IT throughout the integration process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth integration.

    1. Leverage our M&A Integration Project Management Tool to track critical elements of the integration project. There are a few options available:
      1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template.
      2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
        **Remember that this your tool, so customize to your liking.
    2. Identify who will own or be accountable for each of the integration tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Integration Project Management Tool (SharePoint Template)

    Follow these instructions to upload our template to your SharePoint environment

    1. Create or use an existing SP site.
    2. Download the M&A Integration Project Plan Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Buy Blueprint landing page.
    3. To import a template into your SharePoint environment, do the following:
      1. Open PowerShell.
      2. Connect-SPO Service (need to install PowerShell module).
      3. Enter in your tenant admin URL.
      4. Enter in your admin credentials.
      5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
      OR
      1. Turn on both custom script features to allow users to run custom
    4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
    5. Enable the SharePoint Server Standard Site Collection features.
    6. Upload the .wsp file in Solutions Gallery.
    7. Deploy by creating a subsite and select from custom options.
      • Allow or prevent custom script
      • Security considerations of allowing custom script
      • Save, download, and upload a SharePoint site as a template
    8. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

    For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

    Participate in active workforce planning to transition employees

    The chosen IT operating model, primary M&A goals, and any planned changes to business strategy will dramatically impact IT staffing and workforce planning efforts.

    Visualization of the three aspects of 'IT workforce planning', as listed below.

    IT workforce planning

    • Primary M&A goals
      If the goal of the M&A is cost cutting, then workforce planning will be necessary to identify labor redundancies.
    • Changes to business strategy
      If business strategy will change after the merger, then workforce planning will typically be more involved than if business strategy will not change.
    • Integration strategy
      For independent models, workforce planning will typically be unnecessary.
      For connection of essential systems or absorption, workforce planning will likely be an involved, time-consuming process.
    1. Estimate the headcount you will need through the end of the M&A transition period.
    2. Outline the process you will use to assess staff for roles that have more than one candidate.
    3. Review employees in each department to determine the best fit for each role.
    4. Determine whether terminations will happen all together or in waves.

    Info-Tech Insight

    Don’t be a short-term thinker when it comes to workforce planning! IT teams that only consider the headcount needed on day one of the new entity will end up scrambling to find skilled resources to fill workforce gaps later in the transition period.

    3.2.3 Identify the needed workforce supply

    3-4 hours

    Input: IT strategy, Prioritized integration tasks

    Output: A clear indication of how many resources are required for each role and the number of resources that the organization actually has

    Materials: Resource Management Supply-Demand Calculator

    Participants: IT executive/CIO, IT senior leadership, Target organization employees, Company M&A team, Transition team

    The purpose of this activity is to determine the anticipated amount of work that will be required to support projects (like integration), administrative, and keep-the-lights-on activities.

    1. Download the Resource Management Supply-Demand Calculator.
    2. The calculator requires minimal up-front staff participation: You can obtain meaningful results with participation from as few as one person with insight on the distribution of your resources and their average work week or month.
    3. The calculator will yield a report that shows a breakdown of your annual resource supply and demand, as well as the gap between the supply and demand. Further insight on project and non-project supply and demand are provided.
    4. Repeat the tool several times to identify the needs of your IT environment for day one, day 30/100, and year one. Anticipate that these will change over time. Also, do not forget to obtain this information from the target organization. Given that you will be integrating, it’s important to know how many staff they have in which roles.
    5. **For additional information, please review slides starting from slide 44 in Establish Realistic IT Resource Management Practices to see how to use the tool.

    Record the results in the Resource Management Supply-Demand Calculator.

    Resource Supply-Demand Calculator Output Example

    Example of a 'Resource Management Supply-Demand Analysis Report' with charts and tables measuring Annualized Resource Supply and Demand, Resource Capacity Confidence, Project Capacity, and combinations of those metrics.

    Resource Capacity Confidence. This figure is based on your confidence in supply confidence, demand stability, and the supply-demand ratio.

    Importance of estimating integration costs

    Change is the key driver of integration costs

    Integration costs are dependent on the following:
    • Meeting synergy targets – whether that be cost saving or growth related.
      • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
    • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk-mitigation standards.
    • Governance or third party–related support required to ensure timelines are met and the integration is a success.
    Integration costs vary by industry type.
    • Certain industries may have integration costs made up of mostly one type, differing from other industries, due to the complexity and different demands of the transaction. For example:
      • Healthcare integration costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
      • Energy and Utilities tend to have the lowest integration costs due to most transactions occurring within the same sector rather than as a cross-sector investment. For example, oil and gas acquisitions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

    Integration costs are more related to the degree of change required than the size of the transaction.

    3.2.4 Estimate integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

    Output: List of anticipated costs required to support IT integration

    Materials: Integration task checklist, Integration roadmap, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to estimate the costs that will be associated with the integration. It’s important to ensure a realistic figure is identified and communicated to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

    1. On the associated slide in the M&A Buy Playbook, input:
      • Task
      • Domain
      • Cost type
      • Total cost amount
      • Level of certainty around the cost
    2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

    Record the results in the M&A Buy Playbook.

    Employee transition planning

    Considering employee impact will be a huge component to ensure successful integration

    • Meet With Leadership
    • Plan Individual and Department Redeployment
    • Plan Individual and Department Layoffs
    • Monitor and Manage Departmental Effectiveness
    • For employees, the transition could mean:
      • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
      • Being laid off because the role they are currently occupying has been made redundant.
    • It is important to plan for what the M&A integration needs will be and what the IT operational needs will be.
    • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

    Info-Tech Insight

    Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

    3.2.5 Create an employee transition plan

    3-4 hours

    Input: IT strategy, IT organizational design, Resource Supply-Demand Calculator output

    Output: Employee transition plans

    Materials: M&A Buy Playbook, Whiteboard, Sticky notes, Markers

    Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

    The purpose of this activity is to create a transition plan for employees.

    1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
      • Understand the direction of the employee transitions.
      • Identify employees that will be involved in the transition (moved or laid off).
      • Prepare to meet with employees.
      • Meet with employees.
    2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
    3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

    **Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

    Record the results in the M&A Buy Playbook.

    3.2.6 Create functional workplans for employees

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

    Output: Employee functional workplans

    Materials: M&A Buy Playbook, Learning and development tools

    Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

    The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

    1. First complete the transition plan from the previous activity (3.2.5) and the separation roadmap. Have these documents ready to review throughout this process.
    2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
    3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Buy Playbook.
    4. For each employee, identify someone who will be a point of contact for them throughout the transition.

    It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

    Record the results in the M&A Buy Playbook.

    Metrics for integration

    Valuation & Due Diligence

    • % Defects discovered in production
    • $ Cost per user for enterprise applications
    • % In-house-built applications vs. enterprise applications
    • % Owners identified for all data domains
    • # IT staff asked to participate in due diligence
    • Change to due diligence
    • IT budget variance
    • Synergy target

    Execution & Value Realization

    • % Satisfaction with the effectiveness of IT capabilities
    • % Overall end-customer satisfaction
    • $ Impact of vendor SLA breaches
    • $ Savings through cost-optimization efforts
    • $ Savings through application rationalization and technology standardization
    • # Key positions empty
    • % Frequency of staff turnover
    • % Emergency changes
    • # Hours of unplanned downtime
    • % Releases that cause downtime
    • % Incidents with identified problem record
    • % Problems with identified root cause
    • # Days from problem identification to root cause fix
    • % Projects that consider IT risk
    • % Incidents due to issues not addressed in the security plan
    • # Average vulnerability remediation time
    • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
    • # Time (days) to value realization
    • % Projects that realized planned benefits
    • $ IT operational savings and cost reductions that are related to synergies/divestitures
    • % IT staff–related expenses/redundancies
    • # Days spent on IT integration
    • $ Accurate IT budget estimates
    • % Revenue growth directly tied to IT delivery
    • % Profit margin growth

    3.2.7 Align project metrics with identified tasks

    3-4 hours

    Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners, M&A goals

    Output: Integration-specific metrics to measure success

    Materials: Roadmap template, M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Transition team

    The purpose of this activity is to understand how to measure the success of the integration project by aligning metrics to each identified task.

    1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
    2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
      • What is the main goal or objective that this metric is trying to solve?
      • What does success look like?
      • Does the metric promote the right behavior?
      • Is the metric actionable? What is the story you are trying to tell with this metric?
      • How often will this get measured?
      • Are there any metrics it supports or is supported by?

    Record the results in the M&A Buy Playbook.

    By the end of this mid-transaction phase you should:

    Have successfully evaluated the target organization’s IT environment, escalated the acquisition risks and benefits, and prepared IT for integration.

    Key outcomes from the Due Diligence & Preparation phase
    • Participate in due diligence activities to accurately valuate the target organization(s) and determine if there are critical risks or benefits the current organization should be aware of.
    • Create an integration roadmap that considers the tasks that will need to be completed and the resources required to support integration.
    Key deliverables from the Due Diligence & Preparation phase
    • Establish a due diligence charter
    • Create a list of data room artifacts and engage in due diligence
    • Assess the target organization’s technical debt
    • Valuate the target IT organization
    • Assess and plan for culture
    • Prioritize integration tasks
    • Establish the integration roadmap
    • Identify the needed workforce supply
    • Estimate integration costs
    • Create employee transition plans
    • Create functional workplans for employees
    • Align project metrics with identified tasks

    M&A Buy Blueprint

    Phase 4

    Execution & Value Realization

    Phase 1Phase 2Phase 3

    Phase 4

    • 1.1 Identify Stakeholders and Their Perspective of IT
    • 1.2 Assess IT’s Current Value and Future State
    • 1.3 Drive Innovation and Suggest Growth Opportunities
    • 2.1 Establish the M&A Program Plan
    • 2.2 Prepare IT to Engage in the Acquisition
    • 3.1 Assess the Target Organization
    • 3.2 Prepare to Integrate
    • 4.1 Execute the Transaction
    • 4.2 Reflection and Value Realization

    This phase will walk you through the following activities:

    • Rationalize the IT environment
    • Continually update the project plan
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    This phase involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Pre-Work

    Day 1

    Day 2

    Day 3

    Engage in Integration

    Day 4

    Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Integration RoadmapPrepare Employees for the TransitionEngage in IntegrationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

    Activities

    • 0.1 Understand the rationale for the company's decisions to pursue an acquisition.
    • 0.2 Identify key stakeholders and determine the IT transaction team.
    • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
    • 1.1 Review the business rationale for the acquisition.
    • 1.2 Identify pain points and opportunities tied to the acquisition.
    • 1.3 Establish the integration strategy.
    • 1.4 Prioritize Integration tasks.
    • 2.1 Establish the integration roadmap.
    • 2.2 Establish and align project metrics with identified tasks.
    • 2.3 Estimate integration costs.
    • 3.1 Assess the current culture and identify the goal culture.
    • 3.2 Identify the needed workforce supply.
    • 3.3 Create an employee transition plan.
    • 3.4 Create functional workplans for employees.
    • I.1 Complete the integration by regularly updating the project plan.
    • I.2 Begin to rationalize the IT environment where possible and necessary.
    • 4.1 Confirm integration costs.
    • 4.2 Review IT’s transaction value.
    • 4.3 Conduct a transaction and integration SWOT.
    • 4.4 Review the playbook and prepare for future transactions.

    Deliverables

    1. IT strategy
    2. IT operating model
    3. IT governance structure
    4. M&A transaction team
    1. Business context implications for IT
    2. Integration strategy
    1. Integration roadmap and associated resourcing
    1. Culture assessment
    2. Workforce supply identified
    3. Employee transition plan
    1. Rationalized IT environment
    2. Updated integration project plan
    1. SWOT of transaction
    2. M&A Buy Playbook refined for future transactions

    What is the Execution & Value Realization phase?

    Post-transaction state

    Once the transaction comes to a close, it’s time for IT to deliver on the critical integration tasks. Set the organization up for success by having an integration roadmap. Retaining critical IT staff throughout this process will also be imperative to the overall transaction success.

    Throughout the integration process, roadblocks will arise and need to be addressed. However, by ensuring that employees, technology, and processes are planned for ahead of the transaction, you as IT will be able to weather those unexpected concerns with greater ease.

    Now that you as an IT leader have engaged in an acquisition, demonstrating the value IT was able to provide to the process is critical to establishing a positive and respected relationship with other senior leaders in the business. Be prepared to identify the positives and communicate this value to advance the business’ perception of IT.

    Goal: To carry out the planned integration activities and deliver the intended value to the business

    Execution Prerequisite Checklist

    Before coming into the Execution & Value Realization phase, you must have addressed the following:

    • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
    • Identify the key roles for the transaction team.
    • Identify the M&A governance.
    • Determine target metrics and align to project tasks.
    • Select an integration strategy framework.
    • Conduct a RACI for key transaction tasks for the transaction team.
    • Create a list of data room artifacts and engage in due diligence (directly or indirectly).
    • Prioritize integration tasks.
    • Establish the integration roadmap.
    • Identify the needed workforce supply.
    • Create employee transition plans.

    Before coming into the Execution & Value Realization phase, we recommend addressing the following:

    • Create vision and mission statements.
    • Establish guiding principles.
    • Create a future-state operating model.
    • Identify the M&A operating model.
    • Document the communication plan.
    • Examine the business perspective of IT.
    • Identify key stakeholders and outline their relationship to the M&A process.
    • Be able to valuate the IT environment and communicate IT's value to the business.
    • Establish a due diligence charter.
    • Assess the target organization’s technical debt.
    • Valuate the target IT organization.
    • Assess and plan for culture.
    • Estimate integration costs.
    • Create functional workplans for employees.

    Integration checklists

    Prerequisite Checklist
    • Build the project plan for integration and prioritize activities
      • Plan first day
      • Plan first 30/100 days
      • Plan first year
    • Create an organization-aligned IT strategy
    • Identify critical stakeholders
    • Create a communication strategy
    • Understand the rationale for the acquisition or purchase
    • Develop IT's purchasing strategy
    • Determine goal opportunities
    • Create the mission and vision statements
    • Create the guiding principles
    • Create program metrics
    • Consolidate reports from due diligence/data room
    • Conduct culture assessment
    • Create a transaction team
    • Assess workforce demand and supply
    • Plan and communicate potential layoffs
    • Create an employee transition plan
    • Identify the IT investment
    Business
    • Design an enterprise architecture
    • Document your business architecture
    • Identify and assess all of IT's risks
    Leadership/IT Executive
    • Build an IT budget
    • Structure operating budget
    • Structure capital budget
    • Identify the needed workforce demand vs. capacity
    • Establish and monitor key metrics
    • Communicate value realized/cost savings
    Data
    • Confirm data strategy
    • Confirm data governance
    • Data architecture
    • Data sources
    • Data storage (on-premises vs. cloud)
    • Enterprise content management
    • Compatibility of data types between organizations
    • Cleanliness/usability of target organization data sets
    • Identify data sets that need to be combined to capture synergies/drive core capabilities
    • Reporting and analytics capabilities
    Applications
    • Prioritize and address critical applications
      • ERP
      • CRM
      • Email
      • HRIS
      • Financial
      • Sales
      • Risk
      • Security
    • Leverage application rationalization framework to determine applications to keep, terminate, or create
    • Develop method of integrating applications
    • Model critical applications that have dependencies on one another
    • Identify the infrastructure capacity required to support critical applications
    Operations
    • Communicate helpdesk/service desk information
    • Manage sales access to customer data
    • Determine locations and hours of operation
    • Consolidate phone lists and extensions
    • Synchronize email address books

    Integration checklists (continued)

    Infrastructure
    • Determine single network access
    • Manage organization domains
    • Consolidate data centers
    • Compile inventory of vendors, versions, switches, and routers
    • Review hardware lease or purchase agreements
    • Review outsourcing/service provider agreements
    • Review service-level agreements
    • Assess connectivity linkages between locations
    • Plan to migrate to a single email system if necessary
    Vendors
    • Establish a sustainable vendor management office
    • Review vendor landscape
    • Identify warranty options
    • Rationalize vendor services and solutions
    • Identify opportunities to mature the security architecture
    People
    • Design an IT operating model
    • Redesign your IT organizational structure
    • Conduct a RACI
    • Conduct a culture assessment and identify goal IT culture
    • Build an IT employee engagement program
    • Determine critical roles and systems/process/products they support
    • Create a list of employees to be terminated
    • Create employee transition plans
    • Create functional workplans
    Projects
    • Stop duplicate or unnecessary target organization projects
    • Communicate project intake process
    • Prioritize projects
    Products & Services
    • Ensure customer services requirements are met
    • Ensure customer interaction requirements are met
    • Select a solution for product lifecycle management
    Security
    • Conduct a security assessment of target organization
    • Develop accessibility prioritization and schedule
    • Establish an information security strategy
    • Develop a security awareness and training program
    • Develop and manage security governance, risk, and compliance
    • Identify security budget
    • Build a data privacy and classification program
    IT Processes
    • Evaluate current process models
    • Determine productivity/capacity levels of processes
    • Identify processes to be terminated
    • Identify process expectations from target organization
    • Establish a communication plan
    • Develop a change management process
    • Establish/review IT policies

    Execution & Value Realization

    Step 4.1

    Execute the Transaction

    Activities

    • 4.1.1 Rationalize the IT environment
    • 4.1.2 Continually update the project plan

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Vendor management team
    • IT transaction team
    • Company M&A team

    Outcomes of Step

    Successfully execute on the integration and strategize how to rationalize the two (or more) IT environments and update the project plan, strategizing against any roadblocks as they might come.

    Compile –› Assess –› Rationalize

    Access to critical information often does not happen until day one

    • As the transaction comes to a close and the target organization becomes the acquired organization, it’s important to start working on the rationalization of your organization.
    • One of the most important elements will be to have a complete understanding of the acquired organization’s IT environment. Specifically, assess the technology, people, and processes that might exist.
    • This rationalization will be heavily dependent on your planned integration strategy determined in the Discovery & Strategy phase of the process.
    • If your IT organization was not involved until after that phase, then determine whether your organization plans on remaining in its original state, taking on the acquired organization’s state, or forming a best-of-breed state by combining elements.
    • To execute on this, however, a holistic understanding of the new IT environment is required.

    Some Info-Tech resources to support this initiative:

    • Reduce and Manage Your Organization’s Insider Threat Risk
    • Build an Application Rationalization Framework
    • Rationalize Your Collaboration Tools
    • Consolidate IT Asset Management
    • Build Effective Enterprise Integration on the Back of Business Process
    • Consolidate Your Data Centers

    4.1.1 Rationalize the IT environment

    6-12 months

    Input: RACI chart, List of critical applications, List of vendor contracts, List of infrastructure assets, List of data assets

    Output: Rationalized IT environment

    Materials: Software Terms & Conditions Evaluation Tool

    Participants: IT executive/CIO, IT senior leadership, Vendor management

    The purpose of this activity is to rationalize the IT environment to reduce and eliminate redundant technology.

    1. Compile a list of the various applications and vendor contracts from the acquired organization and the original organization.
    2. Determine where there is repetition. Have a member of the vendor management team review those contracts and identify cost-saving opportunities.

    This will not be a quick and easy activity to complete. It will require strong negotiation on the behalf of the vendor management team.

    For additional information and support for this activity, see the blueprint Master Contract Review and Negotiations for Software Agreements.

    4.1.2 Continually update the project plan

    Reoccurring basis following transition

    Input: Prioritized integration tasks, Integration RACI, Activity owners

    Output: Updated integration project plan

    Materials: M&A Integration Project Management Tool

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

    1. Set a regular cadence for the transaction team to meet, update and review the status of the various integration task items, and strategize how to overcome any roadblocks.
    2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

    Record the updates in the M&A Integration Project Management Tool (SharePoint).

    Record the updates in the M&A Integration Project Management Tool (Excel).

    Execution & Value Realization

    Step 4.2

    Reflection and Value Realization

    Activities

    • 4.2.1 Confirm integration costs
    • 4.2.2 Review IT’s transaction value
    • 4.2.3 Conduct a transaction and integration SWOT
    • 4.2.4 Review the playbook and prepare for future transactions

    This step involves the following participants:

    • IT executive/CIO
    • IT senior leadership
    • Transition team
    • Company M&A team

    Outcomes of Step

    Review the value that IT was able to generate around the transaction and strategize on how to improve future acquisition transactions.

    4.2.1 Confirm integration costs

    3-4 hours

    Input: Integration tasks, Transition team, Previous RACI, Estimated costs

    Output: Actual integration costs

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

    The purpose of this activity is to confirm the associated costs around integration. While the integration costs would have been estimated previously, it’s important to confirm the costs that were associated with the integration in order to provide an accurate and up-to-date report to the company’s M&A team.

    1. Taking all the original items identified previously in activity 3.2.4, identify if there were changes in the estimated costs. This can be an increase or a decrease.
    2. Ensure that each cost has a justification for why the cost changed from the original estimation.

    Record the results in the M&A Buy Playbook.

    Track synergy capture through the IT integration

    The ultimate goal of the M&A is to achieve and deliver deal objectives. Early in the M&A, IT must identify, prioritize, and execute upon synergies that deliver value to the business and its shareholders. Continue to measure IT’s contribution toward achieving the organization’s M&A goals throughout the integration by keeping track of cost savings and synergies that have been achieved. When these achievements happen, communicate them and celebrate success.

    1. Define Synergy Metrics: Select metrics to track synergies through the integration.
      1. You can track value by looking at percentages of improvement in process-level metrics depending on the synergies being pursued.
      2. For example, if the synergy being pursued is increasing asset utilization, metrics could range from capacity to revenue generated through increased capacity.
    2. Prioritize Synergistic Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
        Steps
      • Determine the benefits that each initiative is expected to deliver.
      • Determine the high-level costs of implementation (capacity, time, resources, effort).
    3. Track Synergy Captures: Develop a detailed workplan to resource the roadmap and track synergy captures as the initiatives are undertaken.

    Once 80% of the necessary synergies are realized, executive pressure will diminish. However, IT must continue to work toward the technology end state to avoid delayed progression.

    4.2.2 Review IT’s transaction value

    3-4 hours

    Input: Prioritized integration tasks, Integration RACI, Activity owners, M&A company goals

    Output: Transaction value

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO, IT senior leadership, Company's M&A team

    The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

    1. If your organization did not have the opportunity to identify metrics earlier, determine from the company M&A team what those metrics might be. Review activity 3.2.7 for more information on metrics.
    2. Identify whether the metric (which should be used to support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful engaging in the transaction and that the business can count on them in future transactions.
    3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals that were set out by the business.

    Record the results in the M&A Buy Playbook.

    4.2.3 Conduct a transaction and integration SWOT

    2 hours

    Input: Integration costs, Retention rates, Value IT contributed to the transaction

    Output: Strengths, weaknesses, opportunities, and threats

    Materials: Flip charts, Markers, Sticky notes

    Participants: IT executive/CIO, IT senior leadership, Business transaction team

    The purpose of this activity is to assess the positive and negative elements of the transaction.

    1. Consider the various internal and external elements that could have impacted the outcome of the transaction.
      • Strengths. Internal characteristics that are favorable as they relate to your development environment.
      • Weaknesses Internal characteristics that are unfavorable or need improvement.
      • Opportunities External characteristics that you may use to your advantage.
      • Threats External characteristics that may be potential sources of failure or risk.

    Record the results in the M&A Buy Playbook.

    M&A Buy Playbook review

    With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

    • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement in future transactions.
    • Critically examine the M&A Buy Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
    • If your organization were to engage in another acquisition under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

    4.2.4 Review the playbook and prepare for future transactions

    4 hours

    Input: Transaction and integration SWOT

    Output: Refined M&A playbook

    Materials: M&A Buy Playbook

    Participants: IT executive/CIO

    The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

    1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
    2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
      Remember, this is your M&A Buy Playbook, and it should reflect the most successful outcome for you in your organization.

    Record the results in the M&A Buy Playbook.

    By the end of this post-transaction phase you should:

    Have completed the integration post-transaction and be fluidly delivering the critical value that the business expected of IT.

    Key outcomes from the Execution & Value Realization phase
    • Ensure the integration tasks are being completed and that any blockers related to the transaction are being removed.
    • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
    Key deliverables from the Execution & Value Realization phase
    • Rationalize the IT environment
    • Continually update the project plan for completion
    • Confirm integration costs
    • Review IT’s transaction value
    • Conduct a transaction and integration SWOT
    • Review the playbook and prepare for future transactions

    Summary of Accomplishment

    Problem Solved

    Congratulations, you have completed the M&A Buy Blueprint!

    Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in an acquisition. You now have:

    • Created a standardized approach for how your IT organization should address acquisitions.
    • Evaluated the target organizations successfully and established an integration project plan.
    • Delivered on the integration project plan successfully and communicated IT’s transaction value to the business.

    Now that you have done all of this, reflect on what went well and what can be improved in case if you have to do this all again in a future transaction.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information
    workshops@infotech.com 1-888-670-8899

    Research Contributors and Experts

    Ibrahim Abdel-Kader
    Research Analyst | CIO
    Info-Tech Research Group
    Brittany Lutes
    Senior Research Analyst | CIO
    Info-Tech Research Group
    John Annand
    Principal Research Director | Infrastructure
    Info-Tech Research Group
    Scott Bickley
    Principal Research Director | Vendor Management
    Info-Tech Research Group
    Cole Cioran
    Practice Lead | Applications
    Info-Tech Research Group
    Dana Daher
    Research Analyst | Strategy & Innovation
    Info-Tech Research Group
    Eric Dolinar
    Manager | M&A Consulting
    Deloitte Canada
    Christoph Egel
    Director, Solution Design & Deliver
    Cooper Tire & Rubber Company
    Nora Fisher
    Vice President | Executive Services Advisory
    Info-Tech Research Group
    Larry Fretz
    Vice President | Industry
    Info-Tech Research Group

    Research Contributors and Experts

    David Glazer
    Vice President of Analytics
    Kroll
    Jack Hakimian
    Senior Vice President | Workshops and Delivery
    Info-Tech Research Group
    Gord Harrison
    Senior Vice President | Research & Advisory
    Info-Tech Research Group
    Valence Howden
    Principal Research Director | CIO
    Info-Tech Research Group
    Jennifer Jones
    Research Director | Industry
    Info-Tech Research Group
    Nancy McCuaig
    Senior Vice President | Chief Technology and Data Office
    IGM Financial Inc.
    Carlene McCubbin
    Practice Lead | CIO
    Info-Tech Research Group
    Kenneth McGee
    Research Fellow | Strategy & Innovation
    Info-Tech Research Group
    Nayma Naser
    Associate
    Deloitte
    Andy Neill
    Practice Lead | Data & Analytics, Enterprise Architecture
    Info-Tech Research Group

    Research Contributors and Experts

    Rick Pittman
    Vice President | Research
    Info-Tech Research Group
    Rocco Rao
    Research Director | Industry
    Info-Tech Research Group
    Mark Rosa
    Senior Vice President & Chief Information Officer
    Mohegan Gaming and Entertainment
    Tracy-Lynn Reid
    Research Lead | People & Leadership
    Info-Tech Research Group
    Jim Robson
    Senior Vice President | Shared Enterprise Services (retired)
    Great-West Life
    Steven Schmidt
    Senior Managing Partner Advisory | Executive Services
    Info-Tech Research Group
    Nikki Seventikidis
    Senior Manager | Finance Initiative & Continuous Improvement
    CST Consultants Inc.
    Allison Straker
    Research Director | CIO
    Info-Tech Research Group
    Justin Waelz
    Senior Network & Systems Administrator
    Info-Tech Research Group
    Sallie Wright
    Executive Counselor
    Info-Tech Research Group

    Bibliography

    “5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

    Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

    “America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

    Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

    Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

    Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

    Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

    Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

    Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

    Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

    Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

    “Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

    Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

    Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

    Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

    Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

    “How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

    Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

    Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

    Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

    Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

    Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

    Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

    Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

    Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

    “M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

    Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

    Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

    “Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

    “Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

    “Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

    Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

    Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

    Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

    Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

    Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

    Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

    Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

    Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

    “SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

    Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

    Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

    “The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

    “The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

    Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

    “Valuation Methods.” Corporate Finance Institute, n.d. Web.

    Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

    Recruit and Retain People of Color in IT

    • Buy Link or Shortcode: {j2store}546|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $19,184 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Organizations have been trying to promote equality for many years. Diversity and inclusion strategies and a myriad of programs have been implemented in companies across the world. Despite the attempts, many organizations still struggle to ensure that their workforce is representative of the populations they support or want to support.
    • IT brings another twist. Many IT companies and departments are based on the culture of white males, and underrepresented ethnic communities find it more of a challenge to fit in.
    • This sometimes means that talented minorities are less incentivized to join or stay in technology.

    Our Advice

    Critical Insight

    • Diversity and inclusion cannot be a one-time campaign or a one-off initiative.
    • For real change to happen, every leader needs to internalize the value of creating and retaining diverse teams.

    Impact and Result

    • To stay competitive, IT leaders need to be more involved and commit to a plan to recruit and retain people of color in their departments and organizations. A diverse team is an answer to innovation that can differentiate your company.
    • Treat recruiting and retaining a diverse team as a business challenge that requires full engagement. Info-Tech offers a targeted solution that will help IT leaders build a plan to attract, recruit, engage, and retain people of color.

    Recruit and Retain People of Color in IT Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should recruit and retain people of color in your IT department or organization, review Info-Tech’s methodology, and understand the ways we can support you in this endeavor.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Recruit people of color in IT

    Diverse teams are necessary to foster creativity and guide business strategies. Overcome limitations by recruiting people of color and creating a diverse workforce.

    • Recruit and Retain People of Color in IT – Phase 1: Recruit People of Color in IT
    • Support Plan
    • IT Behavioral Interview Question Library

    2. Retain people of color in IT

    Underrepresented employees benefit from an expansive culture. Create an inclusive environment and retain people of color and promote value within your organization.

    • Recruit and Retain People of Color in IT – Phase 2: Retain People of Color in IT

    Infographic

    Workshop: Recruit and Retain People of Color in IT

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Setting the Stage

    The Purpose

    Introduce challenges and concerns around recruiting and retaining people of color.

    Key Benefits Achieved

    Gain a sense of direction.

    Activities

    1.1 Introduction to diversity conversations.

    1.2 Assess areas to focus on and determine what is right, wrong, missing, and confusing.

    1.3 Obtain feedback from your team about the benefits of working at your organization.

    1.4 Establish your employee value proposition (EVP).

    1.5 Discuss and establish your recruitment goals.

    Outputs

    Current State Analysis

    Right, Wrong, Missing, Confusing Quadrant

    Draft EVP

    Recruitment Goals

    2 Refine Your Recruitment Process

    The Purpose

    Identify areas in your current recruitment process that are preventing you from hiring people of color.

    Establish a plan to make improvements.

    Key Benefits Achieved

    Optimized recruitment process

    Activities

    2.1 Brainstorm and research community partners.

    2.2 Review current job descriptions and equity statement.

    2.3 Update job description template and equity statement.

    2.4 Set team structure for interview and assessment.

    2.5 Identify decision-making structure.

    Outputs

    List of community partners

    Updated job description template

    Updated equity statement

    Interview and assessment structure

    Behavioral Question Library

    3 Culture and Management

    The Purpose

    Create a plan for an inclusive culture where your managers are supported.

    Key Benefits Achieved

    Awareness of how to better support employees of color.

    Activities

    3.1 Discuss engagement and belonging.

    3.2 Augment your onboarding materials.

    3.3 Create an inclusive culture plan.

    3.4 Determine how to support your management team.

    Outputs

    List of onboarding content

    Inclusive culture plan

    Management support plan

    4 Close the Loop

    The Purpose

    Establish mechanisms to gain feedback from your employees and act on them.

    Key Benefits Achieved

    Finalize the plan to create your diverse and inclusive workforce.

    Activities

    4.1 Ask and listen: determine what to ask your employees.

    4.2 Create your roadmap.

    4.3 Wrap-up and next steps.

    Outputs

    List of survey questions

    Roadmap

    Completed support plan

    Go the Extra Mile With Blockchain

    • Buy Link or Shortcode: {j2store}130|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • The transportation and logistics industry is facing a set of inherent flaws, such as high processing fees, fraudulent information, and lack of transparency, that blockchain is set to transform and alleviate.
    • Many companies have FOMO (fear of missing out), causing them to rush toward blockchain adoption without first identifying the optimal use case.

    Our Advice

    Critical Insight

    • Understand how blockchain can alleviate your pain points before rushing to adopt the technology. You have been hearing about blockchain for some time now and are feeling pressured to adopt it. Moreover, the series of issues hindering the transportation and logistics industry, such as the lack of transparency, poor cash flow management, and high processing fees, are frustrating business leaders and thereby adding additional pressure on CIOs to adopt the technology. While blockchain is complex, you should focus on its key features of transparency, integrity, efficiency, and security to identify how it can help your organization.
    • Ensure your use case is actually useful and can be valuable to your organization by selecting a business idea that is viable, feasible, and desirable. Applying design thinking tactics to your evaluation process provides a practical approach that will help you avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While it is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

    Impact and Result

    • Understand blockchain’s transformative potential for the transportation and logistics industry by breaking down how its key benefits can alleviate inherent industry flaws.
    • Identify business processes and stakeholders that could benefit from blockchain.
    • Build and evaluate an inventory of use cases to determine where blockchain could have the greatest impact on your organization.
    • Articulate the value and organizational fit of your proposed use case to the business to gain their buy-in and support.

    Go the Extra Mile With Blockchain Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should care about blockchain’s transformative potential for the transportation and logistics industry and how Info-Tech will support you as you identify and build your blockchain use case.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Evaluate why blockchain can disrupt the transportation and logistics industry

    Analyze the four key benefits of blockchain as they relate to the transportation and logistics industry to understand how the technology can resolve issues being experienced by industry incumbents.

    • Go the Extra Mile With Blockchain – Phase 1: Evaluate Why Blockchain Can Disrupt the Transportation and Logistics Industry
    • Blockchain Glossary

    2. Build and evaluate an inventory of use cases

    Brainstorm a set of blockchain use cases for your organization and apply design thinking tactics to evaluate and select the optimal one to pitch to your executives for prototyping.

    • Go the Extra Mile With Blockchain – Phase 2: Build and Evaluate an Inventory of Use Cases
    • Blockchain Use Case Evaluation Tool
    • Prototype One Pager
    [infographic]

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    • Buy Link or Shortcode: {j2store}563|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Organizations are unaware of the capabilities of web analytics tools and unsure how to leverage these new technologies to enhance their web experience.
    • Traditional solutions offer only information and data about the activity on the website. It is difficult for organizations to understand the customer motivations and behavioral patterns using the data.
    • In addition, there is an overwhelming number of vendors offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.

    Our Advice

    Critical Insight

    • Understanding organizational goals and business objectives is essential in effectively leveraging web analytics.
    • It is easy to get lost in a sea of expensive web analytical tools. Choosing tools that align with the business objectives will keep the costs of customer acquisition and retention to a minimum.
    • Beyond selection and implementation, leveraging web analytic tools requires commitment from the organization to continuously monitor key KPIs to ensure good customer web experience.

    Impact and Result

    • Understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help understand user behavior.
    • Discover top vendors in the market space and some of the top-level features they offer.
    • Understand how to use the metrics to gather critical insights about the website’s use and key initiatives for successful implementation.

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Research & Tools

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard – A deck outlining the importance of web analytic tools and how they can be leveraged to meet your business needs.

    This research offers insight into web analytic tools, key trends in the market space, and an introduction to advanced web analytics techniques. Follow our five-step initiative to successfully select and implement web analytics tools and identify which baseline metrics to measure and continuously monitor for best results.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Leverage Web Analytics to Reinforce Your Web Experience Management Strategy Storyboard
    [infographic]

    Further reading

    Leverage Web Analytics to Reinforce Your Web Experience Management Strategy

    Web analytics tools are the gateway to understanding customer behavior.

    EXECUTIVE BRIEF

    Analyst Perspective

    In today’s world, users want to consume concise content and information quickly. Websites have a limited time to prove their usefulness to a new user. Content needs to be as few clicks away from the user as possible. Analyzing user behavior using advanced analytics techniques can help website designers better understand their audience.

    Organizations need to implement sophisticated analytics tools to track user data from their website. However, simply extracting data is not enough to understand the user motivation. A successful implementation of a web analytics tool will comprise both understanding what a customer does on the website and why the customer does what they do.

    This research will introduce some fundamental and advanced analytics tools and provide insight into some of the vendors in the market space.

    Photo of Sai Krishna Rajaramagopalan, Research Specialist, Applications − Enterprise Applications, Info-Tech Research Group. Sai Krishna Rajaramagopalan
    Research Specialist, Applications − Enterprise Applications
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Web analytics solutions have emerged as applications that provide extensive information and data about users visiting your webpage. However, many organizations are unaware of the capabilities of these tools and unsure how to leverage these new technologies to enhance user experience.
    Common Obstacles
    • Traditional solutions offer information and data about customers’ activity on the website but no insight into their motivations and behavioral patterns.
    • In addition, an overwhelming number of vendors are offering various solutions. Understanding which solution best fits your business needs is crucial to avoid overspending.
    Info-Tech’s Approach
    • This research is aimed to help you understand what web analytic tools are and some key trends in the market space. Learn about top advanced analytic tools that help you understand user behavior. Discover top vendors in the market space and some of the high-level features offered.
    • This research also explains techniques and metrics to gather critical insights about your website’s use and will aid in understanding users’ motivations and patterns and better predict their behavior on the website.

    Info-Tech Insight

    It is easy to get lost in a sea of expensive web analytics tools. Choose tools that align with your business objectives to keep the costs of customer acquisition and retention to a minimum.

    Ensure the success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    Web Analytics Introduction

    Understand traditional and advanced tools and their capabilities.

    Understanding web analytics

    • Web analytics is the branch of analytics that deals with the collection, reporting, and analysis of data generated by users visiting and interacting with a website.
    • The purpose of web analytics is to measure user behavior, optimize the website’s user experience and flow, and gain insights that help meet business objectives like increasing conversions and sales.
    • Web analytics allows you to see how your website is performing and how people are acting while on your website. What’s important is what you can do with this knowledge.
    • Data collected through web analytics may include traffic sources, referring sites, page views, paths taken, and conversion rates. The compiled data often forms a part of customer relationship management analytics to facilitate and streamline better business decisions.
    • Having strong web analytics is important in understanding customer behavior and fine-tuning marketing and product development approaches accordingly.
    Example of a web analytics dashboard.

    Why you should leverage web analytics

    Leveraging web analytics allows organizations to better understand their customers and achieve their business goals.

    The global web analytics market size is projected to reach US$5,156.3 million by 2026, from US$2,564 million in 2019, at a CAGR of 10.4% during 2021-2026. (Source: 360 Research Reports, 2021) Of the top 1 million websites with the highest traffic, there are over 3 million analytics technologies used. Google Analytics has the highest market share, with 50.3%. (Source: “Top 1 Million Sites,” BuiltWith, 2022)
    Of the 200 million active websites, 57.3% employ some form of web analytics tool. This trend is expected to grow as more sophisticated tools are readily available at a cheaper cost. (Source: “On the Entire Internet,” BuiltWith, 2022; Siteefy, 2022) A three-month study by Contentsquare showed a 6.9% increase in traffic, 11.8% increase in page views, 12.4% increase in transactions, and 3.6% increase in conversion rates through leveraging web analytics. (Source: Mordor Intelligence, 2022)

    Case Study

    Logo for Ryanair.
    INDUSTRY
    Aviation
    SOURCE
    AT Internet
    Web analytics

    Ryanair is a low-fare airline in Europe that receives nearly all of its bookings via its website. Unhappy with its current web analytics platform, which was difficult to understand and use, Ryanair was looking for a solution that could adapt to its requirements and provide continuous support and long-term collaboration.

    Ryanair chose AT Internet for its intuitive user interface that could effectively and easily manage all the online activity. AT was the ideal partner to work closely with the airline to strengthen strategic decision making over the long term, increase conversions in an increasingly competitive market, and increase transactions on the website.

    Results

    By using AT Internet Web Analytics to improve email campaigns and understand the behavior of website visitors, Ryanair was able to triple click-through rates, increase visitor traffic by 16%, and decrease bounce rate by 18%.

    Arrows denoting increases or decreases in certain metrics: '3x increase in click-through rates', '16% increase in visitor traffic', '18% decrease in bounce rate'.

    Use traditional web analytics tools to understand your consumer

    What does the customer do?
    • Traditional web analytics allows organizations to understand what is happening on their website and what customers are doing. These tools deliver hard data to measure the performance of a website. Some of the data measured through traditional web analytics are:
    • Visit count: The number of visits received by a webpage.
    • Bounce rate: The percentage of visitors that leave the website after only viewing the first page compared to total visitors.
    • Referrer: The previous website that sent the user traffic to a specific website.
    • CTA clicks: The number of times a user clicks on a call to action (CTA) button.
    • Conversion rate: Proportion of users that reach the final outcome of the website.
    Example of a traditional web analytics dashboard.

    Use advanced web analytics techniques to understand your consumer

    Why does the customer do what they do?
    • Traditional web analytic tools fail to explain the motivation of users. Advanced analytic techniques help organizations understand user behavior and measure user satisfaction. The techniques help answer questions like: Why did a user come to a webpage? Why did they leave? Did they find what they were looking for? Some of the advanced tools include:
    • Heatmapping: A visual representation of where the users click, scroll, and move on a webpage.
    • Recordings: A recording of the mouse movement and clicks for the entire duration of a user’s visit.
    • Feedback forms and surveys: Voice of the customer tools allowing users to give direct feedback about websites.
    • Funnel exploration: The ability to visualize the steps users take to complete tasks on your site or app.
    Example of an advanced web analytics dashboard.

    Apply industry-leading techniques to leverage web analytics

    Heatmapping
    • Heatmaps are used to visualize where users move their mouse, click, and scroll in a webpage.
    • Website heatmaps use a warm-to-cold color scheme to indicate user activity, with the warmest color indicating the highest visitor engagement and the coolest indicating the lowest visitor engagement.
    • Organizations can use this tool to evaluate the elements of the website that attract users and identify which sections require improvement to increase user engagement.
    • Website designers can make changes and compare the difference in user interaction to measure the effectiveness of the changes.
    • Scrollmaps help designers understand what the most popular scroll-depth of your webpage is – and that’s usually a prime spot for an important call to action.
    Example of a website with heatmapping overlaid.
    (Source: An example of a heatmap layered with a scrollmap from Crazy Egg, 2020)

    Apply industry-leading techniques to leverage web analytics

    Funneling

    • Funnels are graphical representations of a customer’s journey while navigating through the website.
    • Funnels help organizations identify which webpage users land on and where users drop off.
    • Organizations can capture every user step to find the unique challenges between entry and completion. Identifying what friction stands between browsing product grids and completing a transaction allows web designers to then eliminate it.
    • Designers can use A/B testing to experiment with different design philosophies to compare conversion statistics.
    • Funneling can be expanded to cross-channel analytics by incorporating referral data, cookies, and social media analytics.
    Example of a bar chart created through funneling.

    Apply industry-leading techniques to leverage web analytics

    Session recordings

    • Session recordings are playbacks of users’ interaction with the website on a single session. User interaction can vary between mouse clicks, keyboard input, and mouse scroll.
    • Recordings help organizations understand user motivation and help identify why users undertake certain tasks or actions on the webpage.
    • Playbacks can also be used to see if users are confused anywhere between the landing page and final transaction phase. This way, playbacks further help ensure visitors complete the funneling seamlessly.
    Example of a session recording featuring a line created by the mouse's journey.

    Apply industry-leading techniques to leverage web analytics

    Feedback and microsurveys

    • Feedback can be received directly from end users to help organizations improve the website.
    • Receiving feedback from users can be difficult, since not every user is willing to spend time to submit constructive and detailed feedback. Microsurveys are an excellent alternative.
    • Users can submit short feedback forms consisting of a single line or emojis or thumbs up or down.
    • Users can directly highlight sections of the page about which to submit feedback. This allows designers to quickly pinpoint areas for improvement. Additionally, web designers can play back recordings when feedback is submitted to get a clear idea about the challenges users face.
    Example of a website with a microsurvey in the corner.

    Market Overview

    Choose vendors and tools that best match your business needs.

    Top-level traditional features

    Feature Name

    Description

    Visitor Count Tracking Counts the number of visits received by a website or webpage.
    Geographic Analytics Uses location information to enable the organization to provide location-based services for various demographics.
    Conversion Tracking Measures the proportion of users that complete a certain task compared to total number of users.
    Device and Browser Analytics Captures and summarizes device and browser information.
    Bounce and Exit Tracking Calculates exit rate and bounce rate on a webpage.
    CTA Tracking Measures the number of times users click on a call to action (CTA) button.
    Audience Demographics Captures, analyzes, and displays customer demographic/firmographic data from different channels.
    Aggregate Traffic Reporting Works backward from a conversion or other key event to analyze the differences, trends, or patterns in the paths users took to get there.
    Social Media Analytics Captures information on social signals from popular services (Twitter, Facebook, LinkedIn, etc.).

    Top-level advanced features

    Feature Name

    Description

    HeatmappingShows where users have clicked on a page and how far they have scrolled down a page or displays the results of eye-tracking tests through the graphical representation of heatmaps.
    Funnel ExplorationVisualizes the steps users take to complete tasks on your site or app.
    A/B TestingEnables you to test the success of various website features.
    Customer Journey ModellingEffectively models and displays customer behaviors or journeys through multiple channels and touchpoints.
    Audience SegmentationCreates and analyzes discrete customer audience segments based on user-defined criteria or variables.
    Feedback and SurveysEnables users to give feedback and share their satisfaction and experience with website designers.
    Paid Search IntegrationIntegrates with popular search advertising services (i.e. AdWords) and can make predictive recommendations around areas like keywords.
    Search Engine OptimizationProvides targeted recommendations for improving and optimizing a page for organic search rankings (i.e. via A/B testing or multivariate testing).
    Session RecordingRecords playbacks of users scrolling, moving, u-turning, and rage clicking on your site.

    Evaluate software category leaders using SoftwareReviews’ vendor rankings and awards

    Logo for SoftwareReviews.
    Sample of SoftwareReviews' The Data Quadrant. The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Sample of SoftwareReviews' The Emotional Footprint. The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Speak with category experts to dive deeper into the vendor landscape

    Logo for SoftwareReviews.
    Fact-based reviews of business software from IT professionals. Top-tier data quality backed by a rigorous quality assurance process. CLICK HERE to ACCESS

    Comprehensive software reviews
    to make better IT decisions

    We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

    Product and category reports with state-of-the-art data visualization. User-experience insight that reveals the intangibles of working with a vendor.

    SoftwareReviews is powered by Info-Tech

    Technology coverage is a priority for Info-Tech and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.

    Top vendors in the web analytics space

    Logo for Google Analytics. Google Analytics provides comprehensive traditional analytics tools, free of charge, to understand the customer journey and improve marketing ROI. Twenty-four percent of all web analytical tools used on the internet are provided by Google analytics.
    Logo for Hotjar. Hotjar is a behavior analytics and product experience insights service that helps you empathize with and understand your users through their feedback via tools like heatmaps, session recordings, and surveys. Hotjar complements the data and insights you get from traditional web analytics tools like Google Analytics.
    Logo for Crazy Egg. Crazy Egg is a website analytics tool that helps you optimize your site to make it more user-friendly, more engaging, and more conversion-oriented. It does this through heatmaps and A/B testing, which allow you to see how people are interacting with your site.
    Logo for Amplitude Analytics. Amplitude Analytics provides intelligent insight into customer behavior. It offers basic functionalities like measuring conversion rate and engagement metrics and also provides more advanced tools like customer journey maps and predictive analytics capabilities through AI.

    Case Study

    Logo for Miller & Smith.
    INDUSTRY
    Real Estate
    SOURCE
    Crazy Egg

    Heatmaps and playback recordings

    Challenge

    Miller & Smith had just redesigned their website, but the organization wanted to make sure it was user-friendly as well as visually appealing. They needed an analytics platform that could provide information about where visitors were coming from and measure the effectiveness of the marketing campaigns.

    Solution

    Miller & Smith turned to Crazy Egg to obtain visual insights and track user behavior. They used heatmaps and playback recordings to see user activity within webpages and pinpoint any issues with user interface. In just a few weeks, Miller & Smith gained valuable data to work with: the session recordings helped them understand how users were navigating the site, and the heatmaps allowed them to see where users were clicking – and what they were skipping.

    Results

    Detailed reports generated by the solution allowed Miller & Smith team to convince key stakeholders and implement the changes easily. They were able to pinpoint what changes needed to be made and why these changes would improve their experience.

    Within few weeks, the bounce rate improved by 7.5% and goal conversion increased by 8.5% over a similar period the previous year.

    Operationalizing Web Analytics Tools

    Execute initiatives for successful implementation.

    Ensure success of your web analytics programs by following five simple steps

    1. ORGANIZATIONAL GOALS

    The first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales.

    3. KPI METRICS

    Define key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates.

    5. REVIEW

    Continuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive.

    Centerpiece representing the five surrounding steps.

    2. BUSINESS OBJECTIVES

    The next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic.

    4. APPLICATION SELECTION

    Understand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals.

    1.1 Understand your organization’s goals

    30 minutes

    Output: Organization’s goal list

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key organizational goals for both the short term and the long term.
    2. Arrange the goals in descending order of priority.

    Example table of goals ranked by priority and labeled short or long term.

    1.2 Align business objectives with organizational goals

    30 minutes

    Output: Business objectives

    Materials: Whiteboard, Markers

    Participants: Core project team

    1. Identify the key business objectives that help attain organization goals.
    2. Match each business objective with the corresponding organizational goals it helps achieve.
    3. Arrange the objectives in descending order of priority.

    Example table of business objectives ranked by priority and which organization goal they're linked to.

    Establish baseline metrics

    Baseline metrics will be improved through:

    1. Efficiently using website elements and CTA button placement
    2. Reducing friction between the landing page and end point
    3. Leveraging direct feedback from users to continuously improve customer experience

    1.3 Establish baseline metrics that you intend to improve via your web analytics tools

    30 minutes

    Example table with metrics, each with a current state and goal state.

    Accelerate your software selection project

    Vendor selection projects often demand extensive and unnecessary documentation.

    Software Selection Insight

    Balance the effort-to-information ratio required for a business impact assessment to keep stakeholders engaged. Use documentation that captures the key data points and critical requirements without taking days to complete. Stakeholders are more receptive to formal selection processes that are friction free.

    The Software Selection Workbook

    Work through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering.

    Sample of the Software Selection Workbook deliverable.

    The Vendor Evaluation Workbook

    Consolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists.

    Sample of the Vendor Evaluation Workbook deliverable.

    The Guide to Software Selection: A Business Stakeholder Manual

    Quickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders.

    Sample of the Guide to Software Selection: A Business Stakeholder Manual deliverable.

    Revisit the metrics you identified and revise your goals

    Track the post-deployment results, compare the metrics, and set new targets for the next fiscal year.

    Example table of 'Baseline Website Performance Metrics' with the column 'Revised Target' highlighted.

    Related Info-Tech Research

    Stock image of two people going over a contract. Modernize Your Corporate Website to Drive Business Value

    Drive higher user satisfaction and value through UX-driven websites.

    Stock image of a person using the cloud on their smartphone. Select and Implement a Web Experience Management Solution

    Your website is your company’s face to the world: select a best-of-breed platform to ensure you make a rock-star impression with your prospects and customers!

    Stock image of people studying analytics. Create an Effective Web Redesign Strategy

    Ninety percent of web redesign projects, executed without an effective strategy, fail to accomplish their goals.

    Bibliography

    "11 Essential Website Data Factors and What They Mean." CivicPlus, n.d. Accessed 26 July 2022.

    “Analytics Usage Distribution in the Top 1 Million Sites.” BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    "Analytics Usage Distribution on the Entire Internet." BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.

    Bell, Erica. “How Miller and Smith Used Crazy Egg to Create an Actionable Plan to Improve Website Usability.” Crazy Egg, n.d. Accessed 26 July 2022.

    Brannon, Jordan. "User Behavior Analytics | Enhance The Customer Journey." Coalition Technologies, 8 Nov 2021. Accessed 26 July 2022.

    Cardona, Mercedes. "7 Consumer Trends That Will Define The Digital Economy In 2021." Adobe Blog, 7 Dec 2020. Accessed 26 July 2022.

    “The Finer Points.“ Analytics Features. Google Marketing Platform, 2022. Accessed 26 July 2022.

    Fitzgerald, Anna. "A Beginner’s Guide to Web Analytics." HubSpot, 21 Sept 2022. Accessed 26 July 2022.

    "Form Abandonment: How to Avoid It and Increase Your Conversion Rates." Fullstory Blog, 7 April 2022. Accessed 26 July 2022.

    Fries, Dan. "Plug Sales Funnel Gaps by Identifying and Tracking Micro-Conversions." Clicky Blog, 9 Dec 2019. Accessed 7 July 2022.

    "Funnel Metrics in Saas: What to Track and How to Improve Them?" Userpilot Blog, 23 May 2022. Accessed 26 July 2022.

    Garg, Neha. "Digital Experimentation: 3 Key Steps to Building a Culture of Testing." Contentsquare, 21 June 2021. Accessed 26 July 2022.

    “Global Web Analytics Market Size, Status and Forecast 2021-2027.” 360 Research Reports, 25 Jan. 2021. Web.

    Hamilton, Stephanie. "5 Components of Successful Web Analytics." The Daily Egg, 2011. Accessed 26 July 2022.

    "Hammond, Patrick. "Step-by-Step Guide to Cohort Analysis & Reducing Churn Rate." Amplitude, 15 July 2022. Accessed 26 July 2022.

    Hawes, Carry. "What Is Session Replay? Discover User Pain Points With Session Recordings." Dynatrace, 20 Dec 2021. Accessed 26 July 2022.

    Huss, Nick. “How Many Websites Are There in the World?” Siteefy, 8 Oct. 2022. Web.

    Nelson, Hunter. "Establish Web Analytics and Conversion Tracking Foundations Using the Google Marketing Platform.” Tortoise & Hare Software, 29 Oct 2022. Accessed 26 July 2022.

    "Product Analytics Vs Product Experience Insights: What’s the Difference?" Hotjar, 14 Sept 2021. Accessed 26 July 2022.

    “Record and watch everything your visitors do." Inspectlet, n.d. Accessed 26 July 2022.

    “Ryanair: Using Web Analytics to Manage the Site’s Performance More Effectively and Improve Profitability." AT Internet, 1 April 2020. Accessed 26 July 2022.

    Sibor, Vojtech. "Introducing Cross-Platform Analytics.” Smartlook Blog, 5 Nov 2022. Accessed 26 July 2022.

    "Visualize Visitor Journeys Through Funnels.” VWO, n.d. Accessed 26 July 2022.

    "Web Analytics Market Share – Growth, Trends, COVID-19 Impact, and Forecasts (2022-2027)." Mordor Intelligence, 2022. Accessed 26 July 2022.

    “What is the Best Heatmap Tool for Real Results?” Crazy Egg, 27 April 2020. Web.

    "What Is Visitor Behavior Analysis?" VWO, 2022. Accessed 26 July 2022.

    Zheng, Jack G., and Svetlana Peltsverger. “Web Analytics Overview.” IGI Global, 2015. Accessed 26 July 2022.

    Increase Grant Application Success

    • Buy Link or Shortcode: {j2store}314|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $7,799 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Writing grants has not been prioritized by the organization.
    • Your organization is unable to start, finish, and/or continue priority projects or initiatives as it does not have sufficient funds.
    • Grants are applied to in an ad hoc manner by employees who do not have sufficient time and resources to dedicate to the process.

    Our Advice

    Critical Insight

    There are three critical components to the grant application process:

    • Being strategic about the grant opportunities your organization chooses to pursue.
    • Dedicating sufficient time and resources to writing a competitive grant application.
    • Ensuring your organization will be able to adhere to the grant parameters if awarded the funding.

    Impact and Result

    • By leveraging Info-Tech’s methodology, your organization will strategically select, write, and submit competitive grant applications, securing additional funding sources to support the organization and the communities you serve.
    • This research can enhance the grant writing capabilities of the organization and ensure that every grant chosen aligns with your organizational priorities.
    • This blueprint will drive consensus on which grant applications should be prioritized by the organization, ensuring resourcing, feasibility, and significance are considered.

    Increase Grant Application Success Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should enhance your organization's grant application lifecycle and how you can increase the number of grants your organization is awarded. Review Info-Tech’s methodology and understand the four ways Info-Tech can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify Opportunities

    Identify grant funding opportunities that align with your organization's priorities. Ensure the programs, services, projects, and initiatives that align with these priorities can be financially supported by grant funding.

    • Increase Grant Application Success – Phase 1: Identify Opportunities
    • Grant Identification and Prioritization Tool for Organizations

    2. Grant Prioritization

    Prioritize applying for the grant opportunities that your organization identified. Be sure to consider the feasibility of implementing the project or initiative if your organization is awarded the grant.

    • Increase Grant Application Success – Phase 2: Grant Prioritization

    3. Write the Grant Application

    Write a competitive grant application that has been strategically developed and actively critiqued by various internal and external reviewers.

    • Increase Grant Application Success – Phase 3: Write the Grant Application
    • Grant Writing Checklist

    4. Submit the Grant Application

    Submit an exemplary grant application that meets the guidelines and expectations of the granting agency prior to the due date.

    • Increase Grant Application Success – Phase 4: Submit the Grant Application
    • Grant Follow-up Email Template

    Infographic

    Workshop: Increase Grant Application Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Your Organization's Priorities

    The Purpose

    Determine the key priorities of your organization and identify grant funding opportunities that align with those priorities.

    Key Benefits Achieved

    Prevents duplicate grant applications from being submitted

    Ensures the grant and the organization's priorities are aligned

    Increases the success rate of grant applications

    Activities

    1.1 Discuss grant funding opportunities and their importance to the organization.

    1.2 Identify organizational priorities.

    Outputs

    An understanding of why grants are important to your organization

    A list of priorities being pursued by your organization

    2 Prioritize Grant Funding Opportunities

    The Purpose

    Identify potential grant funding opportunities that align with the projects/initiatives the organization would like to pursue. Prioritize these funding opportunities and identify which should take precedent based on resourcing, importance, likelihood of success, and feasibility.

    Key Benefits Achieved

    Generate a list of potential funding opportunities that can be revisited when resources allow

    Obtain consensus from your working group on which grants should be pursued based on how they have been prioritized

    Activities

    2.1 Develop a list of potential grant funding opportunities.

    2.2 Define the resource capacity your organization has to support the granting writing process.

    2.3 Discuss and prioritize grant opportunities

    Outputs

    A list of potential grant funding opportunities

    Realistic expectations of your organization's capacity to undertake the grant writing lifecycle

    Notes and priorities from your discussion on grant opportunities

    3 Sketch a Grant Application

    The Purpose

    Take the grant that was given top priority in the last section and sketch out a draft of what that application will look like. Think critically about the sketch and determine if there are opportunities to further clarify and demonstrate the goals of the grant application.

    Key Benefits Achieved

    A sketch ready to be developed into a grant application

    A critique of the sketch to ensure that the application will be well understood by the reviewers of your submission

    Activities

    3.1 Sketch the grant application.

    3.2 Perform a SWOT analysis of the grant sketch.

    Outputs

    A sketched version of the grant application ready to be drafted

    A SWOT analysis that critically examines the sketch and offers opportunities to enhance the application

    4 Prepare to Submit the Grant Application

    The Purpose

    Have the grant application actively critiqued by various internal and external individuals. This will increase the grant application's quality and generate understanding of the application submission and post-submission process.

    Key Benefits Achieved

    A list of individuals (internal and external) that can potentially review the application prior to submission

    Preparation for the submission process

    An understanding of why the opportunity to learn how to improve future grant applications is so important

    Activities

    4.1 Identify potential individuals who will review the draft of your grant application.

    4.2 Discuss next steps around the grant submission.

    4.3 Review grant writing best practices.

    Outputs

    A list of potential individuals who can be asked to review and critique the grant application

    An understanding of what the next steps in the process will be

    Knowledge of grant writing best practices

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}366|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.
    • Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Impact and Result

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Regulatory and Compliance Risk Impacts to Your Organization Storyboard – Use the research to better understand the negative impacts of vendor actions to your brand reputation.

    Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Regulatory and Compliance Risk Impacts on Your Organization Storyboard

    2. Regulatory Risk Impact Tool – Use this tool to help identify and quantify the operational impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Regulatory Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Risk Impacts on Your Organization

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.

    Analyst perspective

    Organizations must understand the regulatory damage vendors may cause from lack of compliance.

    Frank Sewell.

    The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance.

    As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance.

    Frank Sewell,

    Research Director, Vendor Management

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.

    It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.

    Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations.

    Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals.

    Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts.

    Info-Tech Insight

    Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of Scope:

    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Regulatory and Compliance risk impacts

    Potential losses to the organization due regulatory and compliance incidents.

    • In this blueprint we’ll:
      • Explore regulatory and compliance risks and their impacts.
      • Identify potentially disruptive events to assess the overall impact on organizations and implement adaptive measures to identify, manage, and monitor vendor performance.

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational. Regulatory & Compliance is highlighted on the cube.

    The world is constantly changing

    The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.

    When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.

    Below are some things no one expected to happen in the last few years:

    45%

    Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers.

    2022 McKinsey

    61%

    Of compliance officers expect to increase investment in their compliance function over the next two years.

    2022 Accenture

    $770k+

    Breaches involving third-party vendors cost more on average.

    2022 HIT Consultant.net

    Regulatory Compliance

    Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.

    Your organizational risks may be monitored but are your n-party vendors?

    The image contains a cube that is divided into 6 asymmetrical to highlight the six components of vendor risk. Strategic, Security, Regulatory & Compliance, Financial, Reputational, Operational.

    Review your expectations with your vendors and hold them accountable.

    Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.

    • Are you assessing your vendors regularly?
    • Are you validating those assessments?
    • Do your vendors have a map of their downstream support vendors?
    • Do they have the mechanisms to hold those downstream vendors accountable to your standards?

    Regulatory Guidance and Industry Standards

    Are you confident your vendors meet your standards?

    Identify and manage regulatory and compliance risks

    Environmental, Social, Governance (ESG)
    Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.

    Data Protection
    Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.

    Mergers and Acquisitions
    More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.

    What to look for

    Identify regulatory and compliance risk impacts.

    • Is there a record of complaints against the vendor from their employees or customers?
    • Has the vendor been cited for regulatory compliance issues in the past?
    • Does the vendor have a comprehensive list of their n-party vendor partners?
      • Are they willing to accept appropriate contractual protections regarding them?
    • Does the vendor self-audit, or do they use a vetted third-party audit firm to issue a SOC report annually?
    • Does the vendor operate in regions known for regulatory violations?
    • Is the vendor willing to make concessions on contractual protections, or are they only offering “one-sided” agreements with “as-is” warranties?

    Prepare your vendor risk management for success

    Due diligence will enable successful outcomes.

    1. Obtain top-level buy-in; it is critical to success.
    2. Build enterprise risk management (ERM) through incremental improvement.
    3. Focus initial efforts on the “big wins” to prove the process works.
    4. Use existing resources.
    5. Build on any risk management activities that already exist in the organization.
    6. Socialize ERM throughout the organization to gain additional buy‑in.
    7. Normalize the process long term, with ongoing updates and continuing education for the organization.

    (Adapted from COSO)

    How to assess third-party risk

    1. Review Organizational Regulations
    2. Understand the organization’s regulatory risks to prepare for the “What If” game exercise.

    3. Identify & Understand Potential Regulatory-Compliance Risks
    4. Play the “What If” game with the right people at the table.

    5. Create a Risk Profile Packet for Leadership
    6. Pull all the information together in a presentation document.

    7. Validate the Risks
    8. Work with leadership to ensure that the proposed risks are in line with their thoughts.

    9. Plan to Manage the Risks
    10. Lower the overall risk potential by putting mitigations in place.

    11. Communicate the Plan
    12. It is important not only to have a plan but also to socialize it in the organization for awareness.

    13. Enact the Plan
    14. Once the plan is finalized and socialized, put it in place with continued monitoring for success.

    Adapted from Harvard Law School Forum on Corporate Governance

    Insight summary

    Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.

    Insight 1

    Organizations fail to plan for vendor acquisitions appropriately.

    Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner?

    Insight 2

    Organizations often fail to understand how n-party vendors could place them in non-compliance.

    Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors.

    Insight 3

    Organizations need to know where their data lives and ensure it is protected.

    Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity.

    Identifying regulatory and compliance risks

    Who should be included in the discussion.

    • While it is true that executive-level leadership defines the strategy for an organization, it is vital for those making decisions to make informed decisions.
    • Getting input from regulatory risk experts within your organization will enhance your long-term potential for successful compliance.
    • Involving those who not only directly manage vendors but also understand your regulatory requirements will aid in determining the path forward for relationships with your current vendors, and identifying new emerging potential partners.

    See the blueprint Build an IT Risk Management Program

    Review your risk management plans for new risks on a regular basis.

    Keep in mind Risk = Likelihood x Impact (R=L*I).

    Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent

    Managing vendor regulatory and compliance risk impacts

    How could your vendors fall out of compliance?

    • Review vendors’ downstream connections to understand thoroughly with whom you are in business.
      • Monitor their regulatory stance as it could reflect on your organization.
    • Institute proper vendor lifecycle management.
      • Make sure to follow corporate due diligence and risk assessment policies and procedures.
      • Failure to consistently do so is a recipe for disaster.
    • Develop IT risk governance and change control.
    • Introduce continual risk assessment to monitor the relevant vendor markets.
      • Regularly review your regulatory requirements for new and changing risks.
    • Be adaptable and allow for innovations that arise from the current needs.
      • Capture lessons learned from prior incidents to improve over time, and adjust your plans accordingly.

    Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.

    Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.

    Ongoing Improvement

    Incorporating lessons learned.

    • Over time, despite everyone’s best observations and plans, incidents will catch us off guard.
    • When it happens, follow your incident response plans and act accordingly.
    • An essential step is to document what worked and what did not – collectively known as the “lessons learned.”
    • Use the lessons learned document to devise, incorporate, and enact a better risk management process.

    Sometimes disasters occur despite our best plans to manage them.

    When this happens, it is important to document the lessons learned and update our plans.

    The “what if” game

    1-3 hours

    Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Regulatory Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potentials but manage the overall process to keep the discussion pertinent and on track.
    3. Collect the outputs and ask the subject matter experts (SMEs) for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.
    Input Output
    • List of identified potential risk scenarios scored by regulatory-compliance impact
    • List of potential mitigations of the scenarios to reduce the risk
    • Comprehensive regulatory risk profile on the specific vendor solution
    Materials Participants
    • Whiteboard/flip charts
    • Regulatory Risk Impact Tool to help drive discussion
    • Vendor Management – Coordinator
    • Organizational Leadership
    • Operations Experts (SMEs)
    • Legal/Compliance/Risk Manager

    High risk example from tool

    The image contains a screenshot demonstrating high risk example from the tool.

    How to mitigate:

    Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.

    Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.

    Low risk example from tool

    The image contains a screenshot demonstrating low risk example from the tool.

    Summary

    Seek to understand all regulatory requirements to obtain compliance.

    • Organizations need to understand and map out their entire vendor landscape.
    • Understand where all your data lives and how you can control it throughout the vendor lifecycle.
    • Those organizations that consistently follow their established risk assessment and due diligence processes are better positioned to avoid penalties.
    • Bring the right people to the table to outline potential risks in the market and your organization.
    • Incorporate “lessons learned” from prior incidents into your risk management process to build better plans for future issues.

    Keeping up with the ever-changing regulations can make compliance a difficult task.

    Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.

    Related Info-Tech Research

    Identify and Manage Financial Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Reputational Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your reputation and brand with our Reputational Risk Impact Tool.

    Identify and Manage Strategic Risk Impacts on Your Organization

    • Vendor management practices educate organizations on potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
    • Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Risk Impact Tool.

    Info-Tech Insight

    It is easier for prospective clients to find out what you did wrong than that you fixed the issue.


    Bibliography

    Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
    Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
    Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
    Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
    Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.

    Establish Data Governance – APAC Edition

    • Buy Link or Shortcode: {j2store}348|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $172,999 Average $ Saved
    • member rating average days saved: 63 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscapes and demands for data.
    • Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value by supporting key strategic initiatives, value streams, and their underlying business capabilities.

    Our Advice

    Critical Insight

    • Your organisation’s value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
    • Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture.
    • Data governance must continuously align with the organisation’s enterprise governance function. It should not be perceived as an IT pet project, but rather as a business-driven initiative.

    Impact and Result

    Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives.

    • Align with enterprise governance, business strategy and organizational value streams to ensure the program delivers measurable business value.
    • Understand your current data governance capabilities and build out a future state that is right sized and relevant.
    • Define data governance leadership, accountability, and responsibility, supported by an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Establish Data Governance – APAC Edition Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Data Governance Research – A step-by-step document to ensure that the people handling the data are involved in the decisions surrounding data usage, data quality, business processes, and change implementation.

    Data governance is a strategic program that will help your organisation control data by managing the people, processes, and information technology needed to ensure that accurate and consistent data policies exist across varying lines of the business, enabling data-driven insight. This research will provide an overview of data governance and its importance to your organization, assist in making the case and securing buy-in for data governance, identify data governance best practices and the challenges associated with them, and provide guidance on how to implement data governance best practices for a successful launch.

    • Establish Data Governance – Phases 1-3 – APAC

    2. Data Governance Planning and Roadmapping Workbook – A structured tool to assist with establishing effective data governance practices.

    This workbook will help your organisation understand the business and user context by leveraging your business capability map and value streams, developing data use cases using Info-Tech's framework for building data use cases, and gauging the current state of your organisation's data culture.

    • Data Governance Planning and Roadmapping Workbook – APAC

    3. Data Use Case Framework Template – An exemplar template to highlight and create relevant use cases around the organisation’s data-related problems and opportunities.

    This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation. This template provides a framework for data requirements and a mapping methodology for creating use cases.

    • Data Use Case Framework Template – APAC

    4. Data Governance Initiative Planning and Roadmap Tool – A visual roadmapping tool to assist with establishing effective data governance practices.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    • Data Governance Initiative Planning and Roadmap Tool – APAC

    5. Business Data Catalogue – A comprehensive template to help you to document the key data assets that are to be governed based on in-depth business unit interviews, data risk/value assessments, and a data flow diagram for the organisation.

    Use this template to document information about key data assets such as data definition, source system, possible values, data sensitivity, data steward, and usage of the data.

    • Business Data Catalogue – APAC

    6. Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    • Data Governance Program Charter Template – APAC

    7. Data Policies – A set of policy templates to support the data governance framework for the organisation.

    This set of policies supports the organisation's use and management of data to ensure that it efficiently and effectively serves the needs of the organisation.

    • Data Governance Policy – APAC
    • Data Classification Policy, Standard, and Procedure – APAC
    • Data Quality Policy, Standard, and Procedure – APAC
    • Data Management Definitions – APAC
    • Metadata Management Policy, Standard, and Procedure – APAC
    • Data Retention Policy and Procedure – APAC
    [infographic]

    Workshop: Establish Data Governance – APAC Edition

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Context and Value

    The Purpose

    Identify key business data assets that need to be governed.

    Create a unifying vision for the data governance program.

    Key Benefits Achieved

    Understand the value of data governance and how it can help the organisation better leverage its data.

    Gain knowledge of how data governance can benefit both IT and the business.

    Activities

    1.1 Establish business context, value, and scope of data governance at the organisation.

    1.2 Introduction to Info-Tech’s data governance framework.

    1.3 Discuss vision and mission for data governance.

    1.4 Understand your business architecture, including your business capability map and value streams.

    1.5 Build use cases aligned to core business capabilities.

    Outputs

    Sample use cases (tied to the business capability map) and a repeatable use case framework

    Vision and mission for data governance

    2 Understand Current Data Governance Capabilities and Plot Target-State Levels

    The Purpose

    Assess which data contains value and/or risk and determine metrics that will determine how valuable the data is to the organisation.

    Assess where the organisation currently stands in data governance initiatives.

    Determine gaps between the current and future states of the data governance program.

    Key Benefits Achieved

    Gain a holistic understanding of organisational data and how it flows through business units and systems.

    Identify which data should fall under the governance umbrella.

    Determine a practical starting point for the program.

    Activities

    2.1 Understand your current data governance capabilities and maturity.

    2.2 Set target-state data governance capabilities.

    Outputs

    Current state of data governance maturity

    Definition of target state

    3 Build Data Domain to Data Governance Role Mapping

    The Purpose

    Determine strategic initiatives and create a roadmap outlining key steps required to get the organisation to start enabling data-driven insights.

    Determine timing of the initiatives.

    Key Benefits Achieved

    Establish clear direction for the data governance program.

    Step-by-step outline of how to create effective data governance, with true business-IT collaboration.

    Activities

    3.1 Evaluate and prioritise performance gaps.

    3.2 Develop and consolidate data governance target-state initiatives.

    3.3 Define the role of data governance: data domain to data governance role mapping.

    Outputs

    Target-state data governance initiatives

    Data domain to data governance role mapping

    4 Formulate a Plan to Get to Your Target State

    The Purpose

    Consolidate the roadmap and other strategies to determine the plan of action from day one.

    Create the required policies, procedures, and positions for data governance to be sustainable and effective.

    Key Benefits Achieved

    Prioritised initiatives with dependencies mapped out.

    A clearly communicated plan for data governance that will have full business backing.

    Activities

    4.1 Identify and prioritise next steps.

    4.2 Define roles and responsibilities and complete a high-level RACI.

    4.3 Wrap-up and discuss next steps and post-workshop support.

    Outputs

    Initialised roadmap

    Initialised RACI

    Further reading

    Establish Data Governance

    Deliver measurable business value.

    Analyst Perspective

    Establish a data governance program that brings value to your organisation.

    Picture of analyst

    Data governance does not sit as an island on its own in the organisation – it must align with and be driven by your enterprise governance. As you build out data governance in your organisation, it's important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company's data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organisation's operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organisation. Promote and drive the responsible and ethical use of data while helping to build and foster an organisational culture of data excellence.

    Crystal Singh

    Director, Research & Advisory, Data & Analytics Practice

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The amount of data within organisations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organisations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.

    Common Obstacles

    Organisations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organisations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.

    Info-Tech's Approach

    Info-Tech's approach to establishing and sustaining effective data governance is anchored in the strong alignment of organisational value streams and their business capabilities with key data governance dimensions and initiatives. Organisations should:

    • Align their data governance with enterprise governance, business strategy and value streams to ensure the program delivers measurable business value.
    • Understand their current data governance capabilities so as to build out a future state that is right-sized and relevant.
    • Define data leadership, accountability, and responsibility. Support these with an operating model that effectively manages change and communication and fosters a culture of data excellence.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.

    Your challenge

    This research is designed to help organisations build and sustain an effective data governance program.

    • Your organisation has recognised the need to treat data as a corporate asset for generating business value and/or managing and mitigating risk.
    • This has brought data governance to the forefront and highlighted the need to build a performance-driven enterprise program for delivering quality, trusted, and readily consumable data to users.
    • An effective data governance program is one that defines leadership, accountability. and responsibility related to data use and handling. It's supported by a well-oiled operating model and relevant policies and procedures, all of which help build and foster a culture of data excellence where the right users get access to the right data at the right time via the right mechanisms.

    As you embark on establishing data governance in your organisation, it's vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.

    'Data processing and cleanup can consume more than half of an analytics team's time, including that of highly paid data scientists, which limits scalability and frustrates employees.' – Petzold, et al., 2020

    Image is a circle graph and 30% of it is coloured with the number 30% in the middle of the graph

    'The productivity of employees across the organisation can suffer.' – Petzold, et al., 2020

    Respondents to McKinsey's 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020

    Common obstacles

    Some of the barriers that make data governance difficult to address for many organisations include:

    • Gaps in communicating the strategic value of data and data governance to the organisation. This is vital for securing senior leadership buy-in and support, which, in turn, is crucial for sustained success of the data governance program.
    • Misinterpretation or a lack of understanding about data governance, including what it means for the organisation and the individual data user.
    • A perception that data governance is inhibiting or an added layer of bureaucracy or complication rather than an enabling and empowering framework for stakeholders in their use and handling of data.
    • Embarking on data governance without firmly substantiating and understanding the organisational drivers for doing so. How is data governance going to support the organisation's value streams and their various business capabilities?
    • Neglecting to define and measure success and performance. Just as in any other enterprise initiative, you have to be able to demonstrate an ROI for time, resources and funding. These metrics must demonstrate the measurable business value that data governance brings to the organisation.
    • Failure to align data governance with enterprise governance.
    Image is a circle graph and 78% of it is coloured with the number 78% in the middle of the graph

    78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020.

    Image is a circle graph and 58% of it is coloured with the number 58% in the middle of the graph

    But despite these ambitions, there appears to be a 'data culture disconnect' – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020.

    The strategic value of data

    Power intelligent and transformative organisational performance through leveraging data.

    Respond to industry disruptors

    Optimise the way you serve your stakeholders and customers

    Develop products and services to meet ever-evolving needs

    Manage operations and mitigate risk

    Harness the value of your data

    The journey to being data-driven

    The journey to declaring that you are a data-driven organisation requires a pit stop at data enablement.

    The Data Economy

    Data Disengaged

    You have a low appetite for data and rarely use data for decision making.

    Data Enabled

    Technology, data architecture, and people and processes are optimised and supported by data governance.

    Data Driven

    You are differentiating and competing on data and analytics; described as a 'data first' organisation. You're collaborating through data. Data is an asset.

    Data governance is essential for any organisation that makes decisions about how it uses its data.

    Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.

    Data governance is:

    • Executed according to agreed-upon models that describe who can take what actions with what information, when, and using what methods (Olavsrud, 2021).
    • True business-IT collaboration that will lead to increased consistency and confidence in data to support decision making. This, in turn, helps fuel innovation and growth.

    If done correctly, data governance is not:

    • An annoying, finger-waving roadblock in the way of getting things done.
    • Meant to solve all data-related business or IT problems in an organisation.
    • An inhibitor or impediment to using and sharing data.

    Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Create impactful data governance by embedding it within enterprise governance

    A model is depicted to show the relationship between enterprise governance and data governance.

    Organisational drivers for data governance

    Data governance personas:

    Conformance: Establishing data governance to meet regulations and compliance requirements.

    Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.

    Two images are depicted that show the difference between conformance and performance.

    Data Governance is not a one-person show

    • Data governance needs a leader and a home. Define who is going to be leading, driving, and steering data governance in your organisation.
    • Senior executive leaders play a crucial role in championing and bringing visibility to the value of data and data governance. This is vital for building and fostering a culture of data excellence.
    • Effective data governance comes with business and IT alignment, collaboration, and formally defined roles around data leadership, ownership, and stewardship.
    Four circles are depicted. There is one person in the circle on the left and is labelled: Data Governance Leadership. The circle beside it has two people in it and labelled: Organisational Champions. The circle beside it has three people in it and labelled: Data Owners, Stewards & Custodians. The last circle has four people in it and labelled: The Organisation & Data Storytellers.

    Traditional data governance organisational structure

    A traditional structure includes committees and roles that span across strategic, tactical, and operational duties. There is no one-size-fits-all data governance structure. However, most organisations follow a similar pattern when establishing committees, councils, and cross-functional groups. Most organisations strive to identify roles and responsibilities at a strategic and operational level. Several factors will influence the structure of the program, such as the focus of the data governance project and the maturity and size of the organisation.

    A triangular model is depicted and is split into three tiers to show the traditional data governance organisational structure.

    A healthy data culture is key to amplifying the power of your data.

    'Albert Einstein is said to have remarked, "The world cannot be changed without changing our thinking." What is clear is that the greatest barrier to data success today is business culture, not lagging technology.' – Randy Bean, 2020

    What does it look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    'It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centres of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organisation has successfully forged a data culture.'– Randy Bean, 2020

    Data literacy is an essential part of a data-driven culture

    • In a data-driven culture, decisions are made based on data evidence, not on gut instinct.
    • Data often has untapped potential. A data-driven culture builds tools and skills, builds users' trust in the condition and sources of data, and raises the data skills and understanding among their people on the front lines.
    • Building a data culture takes an ongoing investment of time, effort, and money. This investment will not achieve the transformation you want without data literacy at the grassroots level.

    Data-driven culture = 'data matters to our company'

    Despite investments in data initiative, organisations are carrying high levels of data debt

    Data debt is 'the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.'

    Data debt is a problem for 78% of organisations.

    40% of organisations say individuals within the business do not trust data insights.

    66% of organisations say a backlog of data debt is impacting new data management initiatives.

    33% of organisations are not able to get value from a new system or technology investment.

    30% of organisations are unable to become data-driven.

    Source: Experian, 2020

    Absent or sub-optimal data governance leads to data debt

    Only 3% of companies' data meets basic quality standards. (Source: Nagle, et al., 2017)

    Organisations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)

    Only 51% of organisations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)

    35% of organisations say they're not able to see a ROI for data management initiatives. (Source: Experian, 2020)

    Embrace the technology

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.

    Logos of data governance tools and technology.

    Measure success to demonstrate tangible business value

    Put data governance into the context of the business:

    • Tie the value of data governance and its initiatives back to the business capabilities that are enabled.
    • Leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with senior leadership.

    Don't let measurement be an afterthought:

    Start substantiating early on how you are going to measure success as your data governance program evolves.

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right-sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Key takeaways for effective business-driven data governance

    Data governance leadership and sponsorship is key.

    Ensure strategic business alignment.

    Build and foster a culture of data excellence.

    Evolve along the data journey.

    Make data governance an enabler, not a hindrance.

    Insight summary

    Overarching insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Insight 1

    Data governance should not sit as an island in your organisation. It must continuously align with the organisation's enterprise governance function. It shouldn't be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.

    Insight 2

    Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organisation.

    Insight 3

    Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.

    Tactical insight

    Tailor your data literacy program to meet your organisation's needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organisation. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organisation.

    Info-Tech's methodology for establishing data governance

    1. Build Business and User Context 2. Understand Your Current Data Governance Capabilities 3. Build a Target State Roadmap and Plan
    Phase Steps
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Screenshot of Info-Tech's Data Governance Planning and Roadmapping Workbook data-verified=

    Data Governance Planning and Roadmapping Workbook

    Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll out, and scale data governance in your organisation.

    Screenshot of Info-Tech's Data Use Case Framework Template

    Data Use Case Framework Template

    This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organisation's data-related problems and opportunities.

    Screenshot of Info-Tech's Business Data Glossary data-verified=

    Business Data Glossary

    Use this template to document the key data assets that are to be governed and create a data flow diagram for your organisation.

    Screenshot of Info-Tech's Data Culture Diagnostic and Scorecard data-verified=

    Data Culture Diagnostic and Scorecard

    Leverage Info-Tech's Data Culture Diagnostic to understand how your organisation scores across 10 areas relating to data culture.

    Key deliverable:

    Data Governance Planning and Roadmapping Workbook

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Data Governance Initiative Planning and Roadmap Tool

    Leverage this tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help you plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Data Governance Program Charter Template

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Data Governance Policy

    This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation

    Other Deliverables:

    • Data Governance Initiative Planning and Roadmap Tool
    • Data Governance Program Charter Template
    • Data Governance Policy

    Blueprint benefits

    Defined data accountability & responsibility

    Shared knowledge & common understanding of data assets

    Elevated trust & confidence in traceable data

    Improved data ROI & reduced data debt

    Support for ethical use and handling of data in a culture of excellence

    Measure the value of this blueprint

    Leverage this blueprint's approach to ensure your data governance initiatives align and support your key value streams and their business capabilities.

    • Aligning your data governance program and its initiatives to your organisation's business capabilities is vital for tracing and demonstrating measurable business value for the program.
    • This alignment of data governance with value streams and business capabilities enables you to use business-defined KPIs and demonstrate tangible value.
    Screenshot from this blueprint on the Measurable Business Value

    In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.

    In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    'Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.'

    Guided Implementation

    'Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track.'

    Workshop

    'We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.'

    Consulting

    'Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.'

    Diagnostics and consistent frameworks are used throughout all four options.

    Establish Data Governance project overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    1. Build Business and User context2. Understand Your Current Data Governance Capabilities3. Build a Target State Roadmap and Plan
    Best-Practice Toolkit
    1. Substantiate Business Drivers
    2. Build High-Value Use Cases for Data Governance
    1. Understand the Key Components of Data Governance
    2. Gauge Your Organisation's Current Data Culture
    1. Formulate an Actionable Roadmap and Right-Sized Plan
    Guided Implementation
    • Call 1
    • Call 2
    • Call 3
    • Call 4
    • Call 5
    • Call 6
    • Call 7
    • Call 8
    • Call 9
    Phase Outcomes
    • Your organisation's business capabilities and value streams
    • A business capability map for your organisation
    • Categorisation of your organisation's key capabilities
    • A strategy map tied to data governance
    • High-value use cases for data governance
    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data culture
    • A data governance roadmap and target-state plan comprising of prioritised initiatives

    Guided Implementation

    What does a typical GI on this topic look like?

    An outline of what guided implementation looks like.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organisation. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information. workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Establish Business Context and Value Understand Current Data Governance Capabilities and Plot Target-State Levels Build Data Domain to Data Governance Role Mapping Formulate a Plan to Get to Your Target State
    Activities
    • Establish business context, value, and scope of data governance at the organisation
    • Introduction to Info-Tech's data governance framework
    • Discuss vision and mission for data governance
    • Understand your business architecture, including your business capability map and value streams
    • Build use cases aligned to core business capabilities
    • Understand your current data governance capabilities and maturity
    • Set target state data governance capabilities
    • Evaluate and prioritise performance gaps
    • Develop and consolidate data governance target-state initiatives
    • Define the role of data governance: data domain to data governance role mapping
    • Identify and prioritise next steps
    • Define roles and responsibilities and complete a high-level RACI
    • Wrap-up and discuss next steps and post-workshop support
    Deliverables
    1. Sample use cases (tied to the business capability map) and a repeatable use case framework
    2. Vision and mission for data governance
    1. Current state of data governance maturity
    2. Definition of target state
    1. Target-state data governance initiatives
    2. Data domain to data governance role mapping
    1. Initialised roadmap
    2. Initialised RACI
    3. Completed Business Data Glossary (BDG)

    Phase 1

    Build Business and User Context

    Three circles are in the image that list the three phases and the main steps. Phase 1 is highlighted.

    'When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.' – Jason Lim, Alation

    This phase will guide you through the following activities:

    • Identify Your Business Capabilities
    • Define your Organisation's Key Business Capabilities
    • Develop a Strategy Map that Aligns Business Capabilities to Your Strategic Focus

    This phase involves the following participants:

    • Data Governance Leader/Data Leader (CDO)
    • Senior Business Leaders
    • Business SMEs
    • Data Leadership, Data Owners, Data Stewards and Custodians

    Step 1.1

    Substantiate Business Drivers

    Activities

    1.1.1 Identify Your Business Capabilities

    1.1.2 Categorise Your Organisation's Key Business Capabilities

    1.1.3 Develop a Strategy Map Tied to Data Governance

    This step will guide you through the following activities:

    • Leverage your organisation's existing business capability map or initiate the formulation of a business capability map, guided by Info-Tech's approach
    • Determine which business capabilities are considered high priority by your organisation
    • Map your organisation's strategic objectives to value streams and capabilities to communicate how objectives are realised with the support of data

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Info-Tech Insight

    Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.

    1.1.1 Identify Your Business Capabilities

    Confirm your organisation's existing business capability map or initiate the formulation of a business capability map:

    1. If you have an existing business capability map, meet with the relevant business owners/stakeholders to confirm that the content is accurate and up to date. Confirm the value streams (how your organisation creates and captures value) and their business capabilities are reflective of the organisation's current business environment.
    2. If you do not have an existing business capability map, follow this activity to initiate the formulation of a map (value streams and related business capabilities):
      1. Define the organisation's value streams. Meet with senior leadership and other key business stakeholders to define how your organisation creates and captures value.
      2. Define the relevant business capabilities. Meet with senior leadership and other key business stakeholders to define the business capabilities.

    Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.' They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.

    Input

    • List of confirmed value streams and their related business capabilities

    Output

    • Business capability map with value streams for your organisation

    Materials

    • Your existing business capability map or the template provided in the Data Governance Planning and Roadmapping Workbook accompanying this blueprint

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Define or validate the organisation's value streams

    Value streams connect business goals to the organisation's value realisation activities. These value realisation activities, in turn, depend on data.

    If the organisation does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:

    • Meet with key stakeholders regarding this topic, then discuss and document your findings.
    • When trying to identify the right stakeholders, consider: Who are the decision makers and key influencers? Who will impact this piece of business architecture related work? Who has the relevant skills, competencies, experience, and knowledge about the organisation?
    • Engage with these stakeholders to define and validate how the organisation creates value.
    • Consider:
      • Who are your main stakeholders? This will depend on the industry in which you operate. For example, customers, residents, citizens, constituents, students, patients.
      • What are your stakeholders looking to accomplish?
      • How does your organisation's products and/or services help them accomplish that?
      • What are the benefits your organisation delivers to them and how does your organisation deliver those benefits?
      • How do your stakeholders receive those benefits?

    Align data governance to the organisation's value realisation activities.

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.

    Example of value streams – Retail Banking

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail Banking

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for retail banking.

    For this value stream, download Info-Tech's Info-Tech's Industry Reference Architecture for Retail Banking.

    Example of value streams – Higher Education

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Higher Education

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for higher education

    For this value stream, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example of value streams – Local Government

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Local Government

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for local government

    For this value stream, download Info-Tech's Industry Reference Architecture for Local Government.

    Example of value streams – Manufacturing

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Manufacturing

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    Model example of value streams for manufacturing

    For this value stream, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example of value streams – Retail

    Value streams connect business goals to the organisation's value realisation activities.

    Example value stream descriptions for: Retail

    Model example of value streams for retail

    Value streams enable the organisation to create or capture value in the market in which it operates by engaging in a set of interconnected activities.

    For this value stream, download Info-Tech's Industry Reference Architecture for Retail.

    Define the organisation's business capabilities in a business capability map

    A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.

    Business capabilities can be thought of as business terms defined using descriptive nouns such as 'Marketing' or 'Research and Development.'

    If your organisation doesn't already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.

    Working with the stakeholders as described above:

    • Analyse the value streams to identify and describe the organisation's capabilities that support them.
    • Consider: What is the objective of your value stream? (This can highlight which capabilities support which value stream.)
    • As you initiate your engagement with your stakeholders, don't start a blank page. Leverage the examples on the next slides as a starting point for your business capability map.
    • When using these examples, consider: What are the activities that make up your particular business? Keep the ones that apply to your organisation, remove the ones that don't, and add any needed.

    Align data governance to the organisation's value realisation activities.

    Info-Tech Insight

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example business capability map – Retail Banking

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail Banking

    Model example business capability map for retail banking

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail Banking.

    Example business capability map – Higher Education

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Higher Education

    Model example business capability map for higher education

    For this business capability map, download Info-Tech's Industry Reference Architecture for Higher Education.

    Example business capability map – Local Government

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Local Government

    Model example business capability map for local government

    For this business capability map, download Info-Tech's Industry Reference Architecture for Local Government.

    Example business capability map – Manufacturing

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Manufacturing

    Model example business capability map for manufacturing

    For this business capability map, download Info-Tech's Industry Reference Architecture for Manufacturing.

    Example business capability map - Retail

    A business capability map can be thought of as a visual representation of your organisation's business capabilities and hence represents a view of what your data governance program must support.

    Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.

    Info-Tech Tip:

    Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realisation capabilities under discussion. This will help to build awareness and visibility of the data governance program.

    Example business capability map for: Retail

    Model example business capability map for retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.2 Categorise Your Organisation's Key Capabilities

    Determine which capabilities are considered high priority in your organisation.

    1. Categorise or heatmap the organisation's key capabilities. Consult with senior and other key business stakeholders to categorise and prioritise the business' capabilities. This will aid in ensuring your data governance future state planning is aligned with the mandate of the business. One approach to prioritising capabilities with business stakeholders is to examine them through the lens of cost advantage creators, competitive advantage differentiators, and/or by high value/high risk.
    2. Identify cost advantage creators. Focus on capabilities that drive a cost advantage for your organisation. Highlight these capabilities and prioritise programs that support them.
    3. Identify competitive advantage differentiators. Focus on capabilities that give your organisation an edge over rivals or other players in your industry.

    This categorisation/prioritisation exercise helps highlight prime areas of opportunity for building use cases, determining prioritisation, and the overall optimisation of data and data governance.

    Input

    • Strategic insight from senior business stakeholders on the business capabilities that drive value for the organisation

    Output

    • Business capabilities categorised and prioritised (e.g. cost advantage creators, competitive advantage differentiators, high value/high risk)

    Materials

    • Your existing business capability map or the business capability map derived in the previous activity

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    For more information, refer to Info-Tech's Document Your Business Architecture.

    Example of business capabilities categorisation or heatmapping – Retail

    This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.

    • Depending on the mandate from the business, priority may be on developing cost advantage. Hence the capabilities that deliver efficiency gains are the ones considered to be cost advantage creators.
    • The business' priority may be on maintaining or gaining a competitive advantage over its industry counterparts. Differentiation might be achieved in delivering unique or enhanced products, services, and/or experiences, and the focus will tend to be on the capabilities that are more end-stakeholder-facing (e.g. customer-, student-, patient,- and/or constituent-facing). These are the organisation's competitive advantage creators.

    Example: Retail

    Example of business capabilities categorisation or heatmapping – Retail

    For this business capability map, download Info-Tech's Industry Reference Architecture for Retail.

    1.1.3 Develop a Strategy Map Tied to Data Governance

    Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It's important to make sure the right strategic objectives of the organisation have been identified and are well understood.

    1. Meet with senior business leaders and other relevant stakeholders to help identify and document the key strategic objectives for the business.
    2. Leverage their knowledge of the organisation's business strategy and strategic priorities to visually represent how these map to value streams, business capabilities, and, ultimately, to data and data governance needs and initiatives. Tip: Your map is one way to visually communicate and link the business strategy to other levels of the organisation.
    3. Confirm the strategy mapping with other relevant stakeholders.

    Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritise the data initiatives that deliver the most value to the organisation.

    Input

    • Strategic objectives as outlined by the organisation's business strategy and confirmed by senior leaders

    Output

    • A strategy map that maps your organisational strategic objectives to value streams, business capabilities, and, ultimately, to data program

    Materials

    Participants

    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    Example of a strategy map tied to data governance

    • Strategic objectives are the outcomes that the organisation is looking to achieve.
    • Value streams enable an organisation to create and capture value in the market through interconnected activities that support strategic objectives.
    • Business capabilities define what a business does to enable value creation in value streams.
    • Data capabilities and initiatives are descriptions of action items on the data and data governance roadmap and which will enable one or multiple business capabilities in its desired target state.

    Info-Tech Tip:

    Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritise the data initiatives that deliver the most value to the organisation.

    Example: Retail

    Example of a strategy map tied to data governance for retail

    For this strategy map, download Info-Tech's Industry Reference Architecture for Retail.

    Step 1.2

    Build High-Value Use Cases for Data Governance

    Activities

    1.2.1 Build High-Value Use Cases

    This step will guide you through the following activities:

    • Leveraging your categorised business capability map to conduct deep-dive sessions with key business stakeholders for creating high-value uses cases
    • Discussing current challenges, risks, and opportunities associated with the use of data across the lines of business
    • Exploring which other business capabilities, stakeholder groups, and business units will be impacted

    Outcomes of this step

    • Relevant use cases that articulate the data-related challenges, needs, or opportunities that are clear and contained and, if addressed ,will deliver value to the organisation

    Info-Tech Tip

    One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organisational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.

    1.2.1 Build High-Value Use Cases

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well as the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template.
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    1. Bring together key business stakeholders (data owner, stewards, SMEs) from a particular line of business as well the relevant data custodian(s) to build cases for their units. Leverage the business capability map you created for facilitating this act.
    2. Leverage Info-Tech's framework for data requirements and methodology for creating use cases, as outlined in the Data Use Case Framework Template and seen on the next slide.
    3. Have the stakeholders move through each breakout session outlined in the Use Case Worksheet. Use flip charts or a whiteboard to brainstorm and document their thoughts.
    4. Debrief and document results in the Data Use Case Framework Template
    5. Repeat this exercise with as many lines of the business as possible, leveraging your business capability map to guide your progress and align with business value.

    Tip: Don't conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.

    Input

    • Value streams and business capabilities as defined by business leaders
    • Business stakeholders' subject area expertise
    • Data custodian systems, integration, and data knowledge

    Output

    • Use cases that articulate data-related challenges, needs or opportunities that are tied to defined business capabilities and hence if addressed will deliver measurable value to the organisation.

    Materials

    • Your business capability map from activity 1.1.1
    • Info-Tech's Data Use Case Framework Template
    • Whiteboard or flip charts (or shared screen if working remotely)
    • Markers/pens

    Participants

    • Key business stakeholders
    • Data stewards and business SMEs
    • Data custodians
    • Data Governance Working Group

    Download Info-Tech's Data Use Case Framework Template

    Info-Tech's Framework for Building Use Cases

    Objective: This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organisation.

    Leveraging your business capability map, build use cases that align with the organisation's key business capabilities.

    Consider:

    • Is the business capability a cost advantage creator or an industry differentiator?
    • Is the business capability currently underserved by data?
    • Does this need to be addressed? If so, is this risk- or value-driven?

    Info-Tech's Data Requirements and Mapping Methodology for Creating Use Cases

    1. What business capability (or capabilities) is this use case tied to for your business area(s)?
    2. What are your data-related challenges in performing this today?
    3. What are the steps in this process/activity today?
    4. What are the applications/systems used at each step today?
    5. What data domains are involved, created, used, and/or transformed at each step today?
    6. What does an ideal or improved state look like?
    7. What other business units, business capabilities, activities, and/or processes will be impacted or improved if this issue was solved?
    8. Who are the stakeholders impacted by these changes? Who needs to be consulted?
    9. What are the risks to the organisation (business capability, revenue, reputation, customer loyalty, etc.) if this is not addressed?
    10. What compliance, regulatory, and/or policy concerns do we need to consider in any solution?
    11. What measures of success or change should we use to prove the value of the effort (such as KPIs, ROI)? What is the measurable business value of doing this?

    The resulting use cases are to be prioritised and leveraged for informing the business case and the data governance capabilities optimisation plan.

    Taken from Info-Tech's Data Use Case Framework Template

    Phase 2

    Understand Your Current Data Governance Capabilities

    Three circles are in the image that list the three phases and the main steps. Phase 2 is highlighted.

    This phase will guide you through the following activities:

    • Understand the Key Components of Data Governance
    • Gauge Your Organisation's Current Data Culture

    This phase involves the following participants:

    • Data Leadership
    • Data Ownership & Stewardship
    • Policies & Procedures
    • Data Literacy & Culture
    • Operating Model
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Step 2.1

    Understand the Key Components of Data Governance

    This step will guide you through the following activities:

    • Understanding the core components of an effective data governance program and determining your organisation's current capabilities in these areas:
      • Data Leadership
      • Data Ownership & Stewardship
      • Policies & Procedures
      • Data Literacy & Culture
      • Operating Model
      • Data Management
      • Data Privacy & Security
      • Enterprise Projects & Services

    Outcomes of this step

    • An understanding of the core components of an effective data governance program
    • An understanding your organisation's current data governance capabilities

    Leverage Info-Tech's: Data Governance Initiative Planning and Roadmap Tool to assess your current data governance capabilities and plot your target state accordingly.

    This tool will help your organisation plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organisation.

    Review: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Key components of data governance

    A well-defined data governance program will deliver:

    • Defined accountability and responsibility for data.
    • Improved knowledge and common understanding of the organisation's data assets.
    • Elevated trust and confidence in traceable data.
    • Improved data ROI and reduced data debt.
    • An enabling framework for supporting the ethical use and handling of data.
    • A foundation for building and fostering a data-driven and data-literate organisational culture.

    The key components of establishing sustainable enterprise data governance, taken from Info-Tech's Data Governance Framework:

    • Data Leadership
    • Data Ownership & Stewardship
    • Operating Model
    • Policies & Procedures
    • Data Literacy & Culture
    • Data Management
    • Data Privacy & Security
    • Enterprise Projects & Services

    Data Leadership

    • Data governance needs a dedicated head or leader to steer the organisation's data governance program.
    • For organisations that do have a chief data officer (CDO), their office is the ideal and effective home for data governance.
    • Heads of data governance also have titles such as director of data governance, director of data quality, and director of analytics.
    • The head of your data governance program works with all stakeholders and partners to ensure there is continuous enterprise governance alignment and oversight and to drive the program's direction.
    • While key stakeholders from the business and IT will play vital data governance roles, the head of data governance steers the various components, stakeholders, and initiatives, and provides oversight of the overall program.
    • Vital data governance roles include: data owners, data stewards, data custodians, data governance steering committee (or your organisation's equivalent), and any data governance working group(s).

    The role of the CDO: the voice of data

    The office of the chief data officer (CDO):

    • Has a cross-organisational vision and strategy for data.
    • Owns and drives the data strategy; ensures it supports the overall organisational strategic direction and business goals.
    • Leads the organisational data initiatives, including data governance
    • Is accountable for the policy, strategy, data standards, and data literacy necessary for the organisation to operate effectively.
    • Educates users and leaders about what it means to be 'data-driven.'
    • Builds and fosters a culture of data excellence.

    'Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organisation: "data." '
    – Carruthers and Jackson, 2020

    Who does the CDO report to?

    Example reporting structure.
    • The CDO should be a true C- level executive.
    • Where the organisation places the CDO role in the structure sends an important signal to the business about how much it values data.

    'The title matters. In my opinion, you can't have a CDO without executive authority. Otherwise no one will listen.'

    – Anonymous European CDO

    'The reporting structure depends on who's the 'glue' that ties together all these uniquely skilled individuals.'

    – John Kemp, Senior Director, Executive Services, Info-Tech Research Group

    Data Ownership & Stewardship

    Who are best suited to be data owners?

    • Wherever they may sit in your organisation, data owners will typically have the highest stake in that data.
    • Data owners needs to be suitably senior and have the necessary decision-making power.
    • They have the highest interest in the related business data domain, whether they are the head of a business unit or the head of a line of business that produces data or consumes data (or both).
    • If they are neither of these, it's unlikely they will have the interest in the data (in terms of its quality, protection, ethical use, and handling, for instance) necessary to undertake and adopt the role effectively.

    Data owners are typically senior business leaders with the following characteristics:

    • Positioned to accept accountability for their data domain.
    • Hold authority and influence to affect change, including across business processes and systems, needed to improve data quality, use, handling, integration, etc.
    • Have access to a budget and resources for data initiatives such as resolving data quality issues, data cleansing initiatives, business data catalogue build, related tools and technology, policy management, etc.
    • Hold the influence needed to drive change in behaviour and culture.
    • Act as ambassadors of data and its value as an organisational strategic asset.

    Right-size your data governance organisational structure

    • Most organisations strive to identify roles and responsibilities at a strategic, and operational level. Several factors will influence the structure of the program such as the focus of the data governance project as well as the maturity and size of the organisation.
    • Your data governance structure has to work for your organisation, and it has to evolve as the organisation evolves.
    • Formulate your blend of data governance roles, committees, councils, and cross-functional groups, that make sense for your organisation.
    • Your data governance organisational structure should not add complexity or bureaucracy to your organisation's data landscape; it should support and enable your principle of treating data as an asset.

    There is no one-size-fits-all data governance organisational structure.

    Example of a Data Governance Organisational Structure

    Critical roles and responsibilities for data governance

    Data Governance Working Groups

    Data governance working groups:

    • Are cross-functional teams
    • Deliver on data governance projects, initiatives, and ad hoc review committees.

    Data Stewards

    Traditionally, data stewards:

    • Serve on an operational level addressing issues related to adherence to standards/procedures, monitoring data quality, raising issues identified, etc.
    • Are responsible for managing access, quality, escalating issues, etc.

    Data Custodians

    • Traditionally, data custodians:
    • Serve on an operational level addressing issues related to data and database administration.
    • Support the management of access, data quality, escalating issues, etc.
    • Are SMEs from IT and database administration.

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enabling business capabilities with data governance role definitions

    Example: Business capabilities to data owner and data stewards mapping for a selected data domain

    Operating Model

    Your operating model is the key to designing and operationalizing a form of data governance that delivers measurable business value to your organisation.

    'Generate excitement for data: When people are excited and committed to the vision of data enablement, they're more likely to help ensure that data is high quality and safe.' – Petzold, et al., 2020

    Operating Model

    Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organisation and manages risks while building and fostering a culture of data excellence along the way. Some organisations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organised, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.

    Examples of focus areas for your operating model:

    • Delivery: While there are core tenets to every data governance program, there is a level of variability in the implementation of data governance programs across organisations, sectors, and industries. Every organisation has its own particular drivers and mandates, so the level and rigour applied will also vary.
    • The key is to determine what style will work best in your organisation, taking into consideration your organisational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernisation initiatives, and/or regulatory and compliances drivers.

    • Communication: Communication is vital across all levels and stakeholder groups. For instance, there needs to be communication from the data governance office up to senior leadership, as well as communication within the data governance organisation, which is typically made up of the data governance steering committee, data governance council, executive sponsor/champion, data stewards, and data custodians and working groups.
    • Furthermore, communication with the wider organisation of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.

    Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.

    Operating Model

    Tie the value of data governance and its initiatives back to the business capabilities that are enabled.

    'Leading organisations invest in change management to build data supporters and convert the sceptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]' – Petzold, et al., 2020

    Operating Model

    Examples of focus areas for your operating model (continued):

    • Change management and issue resolution: Data governance initiatives will very likely bring about a level of organisational disruption, with governance recommendations and future state requiring potentially significant business change. This may include a redesign of a substantial number of data processes affecting various business units, which will require tweaking the organisation's culture, thought processes, and procedures surrounding its data.
    • Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

      Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    • Performance measuring, monitoring and reporting: Measuring and reporting on performance, successes, and realisation of tangible business value are a must for sustaining, growing, and scaling your data governance program.
    • Aligning your data governance to the organisation's value realisation activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.

    Info-Tech Tip:

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Policies, Procedures & Standards

    'Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardise the format as well as the meaning.' – U.S. Geological Survey

    Policies, Procedures & Standards

    • When defining, updating, or refreshing your data policies, procedures, and standards, ensure they are relevant, serve a purpose, and/or support the use of data in the organisation.
    • Avoid the common pitfall of building out a host of policies, procedures, and standards that are never used or followed by users and therefore don't bring value or serve to mitigate risk for the organisation.
    • Data policies can be thought of as formal statements and are typically created, approved, and updated by the organisation's data decision-making body (such as a data governance steering committee).
    • Data standards and procedures function as actions, or rules, that support the policies and their statements.
    • Standards and procedures are designed to standardise the processes during the overall data lifecycle. Procedures are instructions to achieve the objectives of the policies. The procedures are iterative and will be updated with approval from your data governance committee as needed.
    • Your organisation's data policies, standards, and procedures should not bog down or inhibit users; rather, they should enable confident data use and handling across the overall data lifecycle. They should support more effective and seamless data capture, integration, aggregation, sharing, and retention of data in the organisation.

    Examples of data policies:

    • Data Classification Policy
    • Data Retention Policy
    • Data Entry Policy
    • Data Backup Policy
    • Data Provenance Policy
    • Data Management Policy

    See Info-Tech's Data Governance Policy Template: This policy establishes uniformed data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organisation.

    Data Domain Documentation

    Select the correct granularity for your business need

    Diagram of data domain documentation
    Sources: Dataversity; Atlan; Analytics8

    Data Domain Documentation Examples

    Data Domain Documentation Examples

    Data Culture

    'Organisational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.' – Petzold, et al., 2020

    A healthy data culture is key to amplifying the power of your data and to building and sustaining an effective data governance program.

    What does a healthy data culture look like?

    • Everybody knows the data.
    • Everybody trusts the data.
    • Everybody talks about the data.

    Building a culture of data excellence.

    Leverage Info-Tech's Data Culture Diagnostic to understand your organisation's culture around data.

    Screenshot of Data Culture Scorecard

    Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic

    Cultivating a data-driven culture is not easy

    'People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.' – Lim, Alation

    It cannot be purchased or manufactured,

    It must be nurtured and developed,

    And it must evolve as the business, user, and data landscapes evolve.

    'Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.' – Randy Bean, 2020

    Hallmarks of a data-driven culture

    There is a trusted, single source of data the whole company can draw from.

    There's a business glossary and data catalogue and users know what the data fields mean.

    Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.

    Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.

    Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.

    A data-driven culture requires a number of elements:

    • High-quality data
    • Broad access and data literacy
    • Data-driven decision-making processes
    • Effective communication

    Data Literacy

    Data literacy is an essential part of a data-driven culture.

    • Building a data-driven culture takes an ongoing investment of time, effort, and money.
    • This investment will not realise its full return without building up the organisation's data literacy.
    • Data literacy is about filling data knowledge gaps across all levels of the organisation.
    • It's about ensuring all users – senior leadership right through to core users – are equipped with appropriate levels of training, skills, understanding, and awareness around the organisation's data and the use of associated tools and technologies. Data literacy ensures users have the data they need and they know how to interpret and leverage it.
    • Data literacy drives the appetite, demand, and consumption for data.
    • A data-literate culture is one where the users feel confident and skilled in their use of data, leveraging it for making informed or evidence-based decisions and generating insights for the organisation.

    Data Management

    • Data governance serves as an enabler to all of the core components that make up data management:
      • Data quality management
      • Data architecture management
      • Data platform
      • Data integration
      • Data operations management
      • Data risk management
      • Reference and master data management (MDM)
      • Document and content management
      • Metadata management
      • Business intelligence (BI), reporting, analytics and advanced analytics, artificial intelligence (AI), machine learning (ML)
    • Key tools such as the business data glossary and data catalogue are vital for operationalizing data governance and in supporting data management disciplines such as data quality management, metadata management, and MDM as well as BI, reporting, and analytics.

    Enterprise Projects & Services

    • Data governance serves as an enabler to enterprise projects and services that require, use, share, sell, and/or rely on data for their viability and, ultimately, their success.
    • Folding or embedding data governance into the organisation's project management function or project management office (PMO) serves to ensure that, for any initiative, suitable consideration is given to how data is treated.
    • This may include defining parameters, following standards and procedures around bringing in new sources of data, integrating that data into the organisation's data ecosystem, using and sharing that data, and retaining that data post-project completion.
    • The data governance function helps to identify and manage any ethical issues, whether at the start of the project and/or throughout.
    • It provides a foundation for asking relevant questions as it relates to the use or incorporation of data in delivering the specific project or service. Do we know where the data obtained from? Do we have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used? What are the positive effects, negative impacts, and/or risks associated with our intended use of that data? Are we positioned to mitigate those risks?
    • Mature data governance creates organisations where the above considerations around data management and the ethical use and handling of data is routinely implemented across the business and in the rollout and delivery of projects and services.

    Data Privacy & Security

    • Data governance supports the organisation's data privacy and security functions.
    • Key tools include the data classification policy and standards and defined roles around data ownership and data stewardship. These are vital for operationalizing data governance and supporting data privacy, security, and the ethical use and handling of data.
    • While some organisations may have a dedicated data security and privacy group, data governance provides an added level of oversight in this regard.
    • Some of the typical checks and balances include ensuring:
      • There are policies and procedures in place to restrict and monitor staff's access to data (one common way this is done is according to job descriptions and responsibilities) and that these comply with relevant laws and regulations.
      • There's a data classification scheme in place where data has been classified on a hierarchy of sensitivity (e.g. top secret, confidential, internal, limited, public).
      • The organisation has a comprehensive data security framework, including administrative, physical, and technical procedures for addressing data security issues (e.g. password management and regular training).
      • Risk assessments are conducted, including an evaluation of risks and vulnerabilities related to intentional and unintentional misuse of data.
      • Policies and procedures are in place to mitigate the risks associated with incidents such as data breaches.
      • The organisation regularly audits and monitors its data security.

    Ethical Use & Handling of Data

    Data governance will support your organisation's ethical use and handling of data by facilitating definition around important factors, such as:

    • What are the various data assets in the organisation and what purpose(s) can they be used for? Are there any limitations?
    • Who is the related data owner? Who holds accountability for that data? Who will be answerable?
    • Where was the data obtained from? What is the intended use of that data? Do you have rights to use that data? Are there legislations, policies, or regulations that guide or dictate how that data can be used?
    • What are the positive effects, negative impacts, and/or risks associated with the use of that data?

    Ethical Use & Handling of Data

    • Data governance serves as an enabler to the ethical use and handling of an organisation's data.
    • The Open Data Institute (ODI) defines data ethics as: 'A branch of ethics that evaluates data practices with the potential to adversely impact on people and society – in data collection, sharing and use.'
    • Data ethics relates to good practice around how data is collected, used and shared. It's especially relevant when data activities have the potential to impact people and society, whether directly or indirectly (Open Data Institute, 2019).
    • A failure to handle and use data ethically can negatively impact an organisation's direct stakeholders and/or the public at large, lead to a loss of trust and confidence in the organisation's products and services, lead to financial loss, and impact the organisation's brand, reputation, and legal standing.
    • Data governance plays a vital role is building and managing your data assets, knowing what data you have, and knowing the limitations of that data. Data ownership, data stewardship, and your data governance decision-making body are key tenets and foundational components of your data governance. They enable an organisation to define, categorise, and confidently make decisions about its data.

    Step 2.2

    Gauge Your Organisation's Current Data Culture

    Activities

    2.2.1 Gauge Your Organisation's Current Data Culture

    This step will guide you through the following activities:

    • Conduct a data culture survey or leverage Info-Tech's Data Culture Diagnostic to increase your understanding of your organisation's data culture

    Outcomes of this step

    • An understanding of your organisational data culture

    2.2.1 Gauge Your Organisation's Current Data Culture

    Conduct a Data Culture Survey or Diagnostic

    The objectives of conducting a data culture survey are to increase the understanding of the organisation's data culture, your users' appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech's Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organisation's current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organisation who should receive the survey

    Output

    • Your organisation's Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organisation

    Materials

    Screenshot of Data Culture Scorecard

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organisation
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    Phase 3

    Build a Target State Roadmap and Plan

    Three circles are in the image that list the three phases and the main steps. Phase 3 is highlighted.

    'Achieving data success is a journey, not a sprint. Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.' – Randy Bean, 2020

    This phase will guide you through the following activities:

    • Build your Data Governance Roadmap
    • Develop a target state plan comprising of prioritised initiatives

    This phase involves the following participants:

    • Data Governance Leadership
    • Data Owners/Data Stewards
    • Data Custodians
    • Data Governance Working Group(s)

    Step 3.1

    Formulate an Actionable Roadmap and Right-Sized Plan

    This step will guide you through the following activities:

    • Build your data governance roadmap
    • Develop a target state plan comprising of prioritised initiatives

    Download Info-Tech's Data Governance Planning and Roadmapping Workbook

    See Info-Tech's Data Governance Program Charter Template: A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    Outcomes of this step

    • A foundation for data governance initiative planning that's aligned with the organisation's business architecture: value streams, business capability map, and strategy map

    Build a right-sized roadmap

    Formulate an actionable roadmap that is right sized to deliver value in your organisation.

    Key considerations:

    • When building your data governance roadmap, ensure you do so through an enterprise lens. Be cognizant of other initiatives that might be coming down the pipeline that may require you to align your data governance milestones accordingly.
    • Apart from doing your planning with consideration for other big projects or launches that might be in-flight and require the time and attention of your data governance partners, also be mindful of the more routine yet still demanding initiatives.
    • When doing your roadmapping, consider factors like the organisation's fiscal cycle, typical or potential year-end demands, and monthly/quarterly reporting periods and audits. Initiatives such as these are likely to monopolise the time and focus of personnel key to delivering on your data governance milestones.

    Sample milestones:

    Data Governance Leadership & Org Structure Definition

    Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.

    Data Governance Charter and Policies

    Create a charter for your program and build/refresh associated policies.

    Data Culture Diagnostic

    Understand the organisation's current data culture, perception of data, value of data, and knowledge gaps.

    Use Case Build and Prioritisation

    Build a use case that is tied to business capabilities. Prioritise accordingly.

    Business Data Glossary/catalogue

    Build and/or refresh the business' glossary for addressing data definitions and standardisation issues.

    Tools & Technology

    Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).

    Recall: Info-Tech's Data Governance Framework

    An image of Info-Tech's Data Governance Framework

    Build an actionable roadmap

    Data Governance Leadership & Org Structure Division

    Define key roles for getting started.

    Use Case Build & Prioritisation

    Start small and then scale – deliver early wins.

    Literacy Program

    Start understanding data knowledge gaps, building the program, and delivering.

    Tools & Technology

    Make the available data governance tools and technology work for you.

    Key components of your data governance roadmap

    Data Governance Program Charter Template – A program charter template to sell the importance of data governance to senior executives.

    This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.

    By now, you have assessed current data governance environment and capabilities. Use this assessment, coupled with the driving needs of your business, to plot your data Governance roadmap accordingly.

    Sample data governance roadmap milestones:

    • Define data governance leadership.
    • Define and formalise data ownership and stewardship (as well as the role IT/data management will play as data custodians).
    • Build/confirm your business capability map and data domains.
    • Build business data use cases specific to business capabilities.
    • Define business measures/KPIs for the data governance program (i.e. metrics by use case that are relevant to business capabilities).
    • Data management:
      • Build your data glossary or catalogue starting with identified and prioritised terms.
      • Define data domains.
    • Design and define the data governance operating model (oversight model definition, communication plan, internal marketing such as townhalls, formulate change management plan, RFP of data governance tool and technology options for supporting data governance and its administration).
    • Data policies and procedures:
      • Formulate, update, refresh, consolidate, rationalise, and/or retire data policies and procedures.
      • Define policy management and administration framework (i.e. roll-out, maintenance, updates, adherence, system to be used).
    • Conduct Info-Tech's Data Culture Diagnostic or survey (across all levels of the organisation).
    • Define and formalise the data literacy program (build modules, incorporate into LMS, plan lunch and learn sessions).
    • Data privacy and security: build data classification policy, define classification standards.
    • Enterprise projects and services: embed data governance in the organisation's PMO, conduct 'Data Governance 101' for the PMO.

    Defining data governance roles and organisational structure at Organisation

    The approach employed for defining the data governance roles and supporting organisational structure for .

    Key Considerations:

    • The data owner and data steward roles are formally defined and documented within the organisation. Their involvement is clear, well-defined, and repeatable.
    • There are data owners and data stewards for each data domain within the organisation. The data steward role is given to someone with a high degree of subject matter expertise.
    • Data owners and data stewards are effective in their roles by ensuring that their data domain is clean and free of errors and that they protect the organisation against data loss.
    • Data owners and data stewards have the authority to make final decisions on data definitions, formats, and standard processes that apply to their respective data sets. Data owners and data stewards have authority regarding who has access to certain data.
    • Data owners and data stewards are not from the IT side of the organisation. They understand the lifecycle of the data (how it is created, curated, retrieved, used, archived, and destroyed) and they are well-versed in any compliance requirements as it relates to their data.
    • The data custodian role is formally defined and is given to the relevant IT expert. This is an individual with technical administrative and/or operational responsibility over data (e.g. a DBA).
    • A data governance steering committee exists and is comprised of well-defined roles, responsibilities, executive sponsors, business representatives, and IT experts.
    • The data governance steering committee works to provide oversight and enforce policies, procedures, and standards for governing data.
    • The data governance working group has cross-functional representation. This comprises business and IT representation, as well as project management and change management where applicable: data stewards, data custodians, business subject matter experts, PM, etc.).
    • Data governance meetings are coordinated and communicated about. The meeting agenda is always clear and concise, and meetings review pressing data-related issues. Meeting minutes are consistently documented and communicated.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Info-Tech Insight

    Your organisation's value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.

    Enable business capabilities with data governance role definitions.

    Sample: Business capabilities to data owner and data stewards mapping for a selected data domain

    Consider your technology options:

    Make the available data governance tools and technology work for you:

    • Data catalogue
    • Business data glossary
    • Data lineage
    • Metadata management

    Logos of data governance tools and technology.

    These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.

    Make the data steward the catalyst for organisational change and driving data culture

    The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.

    Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.

    Because the data steward must enforce data processes and liaise with so many different people and departments within the organisation, the data steward role should be their primary full-time job function – where possible.

    However, in circumstances where budget doesn't allow a full-time data steward role, develop these skills within the organisation by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.

    Info-Tech Tip

    A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organisation believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.

    Changes to organisational data processes are inevitable; have a communication plan in place to manage change

    Create awareness of your data governance program. Use knowledge transfer to get as many people on board as possible.

    Data governance initiatives must contain a strong organisational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Info-Tech Insight

    Launching a data governance initiative is guaranteed to disrupt the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Create a common data governance vision that is consistently communicated to the organisation

    A data governance program should be an enterprise-wide initiative.

    To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organisation wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.

    Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.

    The data governance program should be periodically refined. This will ensure the organisation continues to incorporate best methods and practices as the organisation grows and data needs evolve.

    Info-Tech Tips

    • Use information from the stakeholder interviews to derive business goals and objectives.
    • Work to integrate different opinions and perspectives into the overall vision for data governance.
    • Brainstorm guiding principles for data and understand the overall value to the organisation.

    Develop a compelling data governance communications plan to get all departmental lines of business on board

    A data governance program will impact all data-driven business units within the organisation.

    A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.

    By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.

    A clear and concise communications strategy will raise the profile of data governance within the organisation, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.

    A proactive communications plan will:

    • Assist in overcoming issues with data control, stalemates between stakeholder units, and staff resistance.
    • Provide a formalised process for implementing new policies, rules, guidelines, and technologies, and managing organisational data.
    • Detail data ownership and accountability for decision making, and identify and resolve data issues throughout the organisation.
    • Encourage acceptance and support of the initiative.

    Info-Tech Tip

    Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardised data policies will help validate how data governance will benefit them and the organisation.

    Leverage the data governance program to communicate and promote the value of data within the organisation

    The data governance program is responsible for continuously promoting the value of data to the organisation. The data governance program should seek a variety of ways to educate the organisation and data stakeholders on the benefit of data management.

    Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.

    There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.

    To learn how to manage organisational change, refer to Info-Tech's Master Organisational Change Management Practices.

    Understand what makes for an effective policy for data governance

    It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.

    Diagram of an effective policy for data governance

    The following are key elements of a good policy:

    Heading Descriptions
    Purpose Describes the factors or circumstances that mandate the existence of the policy. Also states the policy's basic objectives and what the policy is meant to achieve.
    Scope Defines to whom and to what systems this policy applies. Lists the employees required to comply or simply indicates 'all' if all must comply. Also indicates any exclusions or exceptions, i.e. those people, elements, or situations that are not covered by this policy or where special consideration may be made.
    Definitions Define any key terms, acronyms, or concepts that will be used in the policy. A standard glossary approach is sufficient.
    Policy Statements Describe the rules that comprise the policy. This typically takes the form of a series of short prescriptive and proscriptive statements. Sub-dividing this section into sub-sections may be required depending on the length or complexity of the policy.
    Non-Compliance Clearly describe consequences (legal and/or disciplinary) for employee non-compliance with the policy. It may be pertinent to describe the escalation process for repeated non-compliance.
    Agreement Confirms understanding of the policy and provides a designated space to attest to the document.

    Leverage myPolicies, Info-Tech's web-based application for managing your policies and procedures

    Most organisations have problems with policy management. These include:

    1. Policies are absent or out of date
    2. Employees largely unaware of policies in effect
    3. Policies are unmonitored and unenforced
    4. Policies are in multiple locations
    5. Multiple versions of the same policy exist
    6. Policies managed inconsistently across different silos
    7. Policies are written poorly by untrained authors
    8. Inadequate policy training program
    9. Draft policies stall and lose momentum
    10. Weak policy support from senior management

    Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.

    Product Overview

    myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.

    Some key success factors for policy management include:

    • Store policies in a central location that is well known and easy to find and access. A key way that technology can help communicate policies is by having them published on a centralised website.
    • Link this repository to other policies' taxonomies of your organisation. E.g. HR policies to provide a single interface for employees to access guidance across the organisation.
    • Reassess policies annually at a minimum. myPolicies can remind you to update the organisation's policies at the appropriate time.
    • Make the repository searchable and easily navigable.
    • myPolicies helps you do all this and more.
    myPolicies logo myPolicies

    Enforce data policies to promote consistency of business processes

    Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organisations, depending on your specific data needs.

    • Policies describe what to do, while standards and procedures describe how to do something.
    • There should be few data policies, and they should be brief and direct. Policies are living documents and should be continuously updated to respond to the organisation's data needs.
    • The data policies should highlight who is responsible for the data under various scenarios and rules around how to manage it effectively.

    Examples of Data Policies

    Trust

    • Data Cleansing and Quality Policy
    • Data Entry Policy

    Availability

    • Acceptable Use Policy
    • Data Backup Policy

    Security

    • Data Security Policy
    • Password Policy Template
    • User Authorisation, Identification, and Authentication Policy Template
    • Data Protection Policy

    Compliance

    • Archiving Policy
    • Data Classification Policy
    • Data Retention Policy

    Leverage data management-related policies to standardise your data management practices

    Info-Tech's Data Management Policy:

    This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organisation. This policy applies to all critical data and to all staff who may be creators and/or users of such data.

    Info-Tech's Data Entry Policy:

    The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organisation. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.

    Info-Tech's Data Provenance Policy:

    Create policies to keep your data's value, such as:

    • Only allow entry of data from reliable sources.
    • Employees entering and accessing data must observe requirements for capturing/maintaining provenance metadata.
    • Provenance metadata will be used to track the lifecycle of data from creation through to disposal.

    Info-Tech's Data Integration and Virtualisation Policy:

    This policy aims to assure the organisation, staff, and other interested parties that data integration, replication, and virtualisation risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualise data sets.

    Select the right mix of metrics to successfully supervise data policies and processes

    Policies are only as good as your level of compliance. Ensure supervision controls exist to oversee adherence to policies and procedures.

    Although they can be highly subjective, metrics are extremely important to data governance success.

    • Establishing metrics that measure the performance of a specific process or data set will:
      • Create a greater degree of ownership from data stewards and data owners.
      • Help identify underperforming individuals.
      • Allow the steering committee to easily communicate tailored objectives to individual data stewards and owners.
    • Be cautious when establishing metrics. The wrong metrics can have negative repercussions.
      • They will likely draw attention to an aspect of the process that doesn't align with the initial strategy.
      • Employees will work hard and grow frustrated as their successes aren't accurately captured.

    Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organisation.

    • One of the most useful metrics for policies is currency. This tracks how up to date the policy is and how often employees are informed about the policy. Often, a policy will be introduced and then ignored. Policies must be continuously reviewed by management and employees.
    • Some other metrics include adherence (including performance in tests for adherence) and impacts from non-adherence.

    Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.

    Establish data standards and procedures for use across all organisational lines of business

    A data governance program will impact all data-driven business units within the organisation.

    • Data management procedures are the methods, techniques, and steps to accomplish a specific data objective. Creating standard data definitions should be one of the first tasks for a data governance steering committee.
    • Data moves across all departmental boundaries and lines of business within the organisation. These definitions must be developed as a common set of standards that can be accepted and used enterprise wide.
    • Consistent data standards and definitions will improve data flow across departmental boundaries and between lines of business.
    • Ensure these standards and definitions are used uniformly throughout the organisation to maintain reliable and useful data.

    Data standards and procedural guidelines will vary from company to company.

    Examples include:

    • Data modelling and architecture standards.
    • Metadata integration and usage procedures.
    • Data security standards and procedures.
    • Business intelligence standards and procedures.

    Info-Tech Tip

    Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.

    Changes to organisational data processes are inevitable; have a communications plan in place to manage change

    Create awareness of your data governance program, using knowledge transfer to get as many people on board as possible.

    By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.

    Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organisation's culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.

    Because a data governance initiative will involve data-driven business units across the organisation, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.

    Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.

    Data governance initiatives will very likely bring about a level of organisational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.

    Info-Tech Tip

    Launching a data governance program will bring with it a level of disruption to the culture of the organisation. That disruption doesn't have to be detrimental if you are prepared to manage the change proactively and effectively.

    Other Deliverables:

    The list of supporting deliverables will help to kick start on some of the Data Governance initiatives

    • Data Classification Policy, Standard, and Procedure
    • Data Quality Policy, Standard, and Procedure
    • Metadata Management Policy, Standard, and Procedure
    • Data Retention Policy and Procurement

    Screenshot from Data Classification Policy, Standard, and Procedure

    Data Classification Policy, Standard, and Procedure

    Screenshot from Data Retention Policy and Procedure

    Data Retention Policy and Procedure

    Screenshot from Metadata Management Policy, Standard, and Procedure

    Metadata Management Policy, Standard, and Procedure

    Screenshot from Data Quality Policy, Standard, and Procedure

    Data Quality Policy, Standard, and Procedure

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

    Picture of analyst

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Screenshot of example data governance strategy map.

    Build Your Business and User Context

    Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.

    Screenshot of Data governance roadmap

    Formulate a Plan to Get to Your Target State

    Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.

    Related Info-Tech Research

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    The First 100 Days as CDO

    Be the voice of data in a time of transformation.

    Research Contributors

    Name Position Company
    David N. Weber Executive Director - Planning, Research and Effectiveness Palm Beach State College
    Izabela Edmunds Information Architect Mott MacDonald
    Andy Neill Practice Lead, Data & Analytics Info-Tech Research Group
    Dirk Coetsee Research Director, Data & Analytics Info-Tech Research Group
    Graham Price Executive Advisor, Advisory Executive Services Info-Tech Research Group
    Igor Ikonnikov Research Director, Data & Analytics Info-Tech Research Group
    Jean Bujold Senior Workshop Delivery Director Info-Tech Research Group
    Rajesh Parab Research Director, Data & Analytics Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director Info-Tech Research Group
    Valence Howden Principal Research Director, CIO Info-Tech Research Group

    Bibliography

    Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.

    Allott, Joseph, et al. “Data: The Next Wave in Forestry Productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.

    Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.

    Brence, Thomas. “Overcoming the Operationalization Challenge With Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.

    Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – A Checklist for Leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.

    Canadian Institute for Health Information. “Developing and Implementing Accurate National Standards for Canadian Health Care Information.” Canadian Institute for Health Information. Accessed 25 June 2021.

    Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.

    Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.

    Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.

    Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.

    Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.

    Diaz, Alejandro, et al. “Why Data Culture Matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.

    Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.

    Experian. “10 Signs You Are Sitting On A Pile Of Data Debt.” Experian. Accessed 25 June 2021.

    Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020

    Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.

    Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.

    Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.

    McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.

    NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.

    Olavsrud, Thor. “What Is Data Governance? A Best Practices Framework For Managing Data Assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.

    Open Data Institute. “Introduction to Data Ethics and the Data Ethics Canvas.” Open Data Institute, 2020. Accessed 25 June 2021.

    Open Data Institute. “The UK National Data Strategy 2020: Doing Data Ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.

    Open Data Institute. “What Is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.

    Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.

    Petzold, Bryan, et al. “Designing Data Governance That Delivers Value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.

    Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.

    Smaje, Kate. “How Six Companies Are Using Technology and Data To Transform Themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.

    Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.

    “The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.

    U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.

    Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.

    “What Is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.

    Wikipedia. “RFM (Market Research).” Wikipedia. Accessed 25 June 2021.

    Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.

    Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap

    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes
    Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    Call #9: Review next steps

    Call #10: Build roadmap for updates

    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center
    Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP

    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START

    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE

    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan
    To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS

    Icon of a bullseye.

    PRIORITIZATION

    Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.

    Icon of a bullseye.

    OUTAGES & UPDATES

    From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.

    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    From: Director

    Send announcements no more than monthly about new services and processes.

    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    Cookie Notice

    Gert Taeymans BV wants to inform you about our cookie notice on the Gert Taeymans BV websites via this document. Please also see the privacy policy which you can find here.

    This website is owned by Gert Taeymans BV

    Contact details:
    Gert Taeymans BV
    Koning Albertstraat 136
    2070 Burcht
    Belgium
    Company number: 0685974694
    Phone: +32 3 289 41 09
    email: gtbvba@gerttaeymans.com

    Site Scope

    The websites in scope of this notice are:

    • tymansgroup.com
    • gerttaeymans.consulting
    • gerttaeymans.site
    • gerttaeymans.audio

    Cookie Types

    We differentiate 4 types of cookies

    • Necessary cookies
      Necessary cookies help make our website usable by enabling basic functions like page navigation and access to secure areas of the website. While you can decline them, The website cannot function properly without these cookies.
    • Preferences cookies
      Preference cookies enable our website to remember information that changes the way the website behaves or looks, like your preferred language or the region that you are in. They may include cookies from 3rd party providers whose content we show or reference on our site. Those cookies are outside of our control and these providers may change their terms and policies at any time.
    • Statistics cookies
      Statistic cookies help our company to understand how visitors interact with our website by collecting and reporting statistical information pseudonymously. That means that eg. your IP address is scrambled in such a way that it will always be the same upon each subsequent visit to our site, so that Google can process the visit as a return visit. This helps with basic statistics, but also is a factor in how well we rank in future searches. Many returning visitors means that you like our site and that is a ranking element.
      Due to the ECJ striking down the  EU-US Privacy Shield agreement, this leaves us with a open gap. The resulting implications and actions to take are not yet clear. However, when agreeing to statistics cookies, you agree that your data may be processed in the United States under less strict privacy laws and that your data will be exposed to all associated risks. Such risks include the US government being able to investigate you, simply for being a non-US citizen due to provision 702 of the FISA act, which they are able to do anyway, with or without the cookie. Also, the laws in the United States are less strict with regards to selling information to third parties.
    • Marketing cookies
      Marketing cookies are used to track you across websites. The intention is to display ads that are relevant and engaging for you and thereby more valuable for publishers and third party advertisers. At this point we do not allow ads to display on our site, so no third-party trackers are defined on our site. We may add a 1st party (us) tracker to our site at any time.

    Actual cookies used

    Necessary cookies (all sites in site scope)

    Name     Contents Expiration Reason for the cookie
    Session cookie (displayed as a long series of numbers and letters) The active session ID When you close your broser, clear your cookie's cache in your browser or after 60 minutes of inactivity on the site. The cookie may remain in your machine but is no longer valid after the mentioned tile of inactivity    

    The browser cookie is simply a random string of characters to identify the visitor. There are no personally identifable details in the cookie and no real data of use at all. The cookie is marked as a 'session' type of cookie, which means it will expire (be deleted automatically) when the browser is closed or cleaned by the browser after a set period of non-use; for instance, you haven't visited a page on the site that has used the cookie for 1 week. This latter case is useful for people that leave their computer running and never close their browser.

    The use of a cookie is what gives your website a short-term memory. By providing it with each request, Joomla can look up the history of the current viewing session in the database record below.

    cookieconsent_status allow 1 year This cookie stores that you have consented to the use of cookies on our site. It is there to avoid that you have to give your consent again at every page load.

    Preferences cookies

    Site Name     Contents Expiration Reason for the cookie
    gerttaeymans.consulting None at this stage N/A N/A   N/A
    tymansgroup.com None at this stage N/A N/A N/A
             
             

    Statistical cookies

    Site Name     Contents Expiration Reason for the cookie
    All Scope _ga Google Analytics type and account identifier 2 years This cookie identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gat_gtag_UA_140807308_3 Google Analytics type and account identifier 2 years This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
    All Scope _gid Google Analytics type and account identifier 1 day This cookie also identifies our domain (gerttaeymans.consulting) and sends visit information to Google. information may include, but not limited to: browser identifiable information, page visited, visit duration, etc. This information does not contain user identifiable information
             
             

    Marketing cookies

    Name     Contents Expiration Reason for the cookie
    None at this stage N/A N/A N/A
           
           

     

    Managing cookies

    You are not required to accept any cookies . Our cookies toolbar allows you to fine tune which cookies you accespt or want to revoke consent for. The resulting experience may however be affected by your decision not to accept cookies.

    Eg. not accepting or revoking consent for the “Necessary” category cookies will result in your inability to log into the site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for “Preference” category cookies may impede on your ability to watch instructional videos on our site, even if you have previously accepted the cookies and paid for service.

    Not accepting or revoking consent for ‘Statistical” category cookies will result in us not seeing where visitors stay longer or shorter on our site. While the immediate experience will not degrade for you, it may impede us in better understanding where we need to improve our service, thereby denying you a potentially improved experience in the future.

    Not accepting or revoking consent for “Marketing” category cookies may result in you seeing irrelevant ads, if we make the decision to allow carefully selected partners to offer their services through our site.

    Removing cookies from your device

    You can delete all cookies that are already on your device by clearing the browsing history of your browser. This will remove all cookies from all websites you have visited.

    Be aware though that you may also lose some saved information (e.g. saved login details, site preferences).

    Managing site-specific cookies

    For more detailed control over site-specific cookies, check the privacy and cookie settings in your preferred browser

    Blocking cookies

    You can set most modern browsers to prevent any cookies being placed on your device, but you may then have to manually adjust some preferences every time you visit a site/page. And some services and functionalities may not work properly at all (e.g. profile logging-in).

    AI and the Future of Enterprise Productivity

    • Buy Link or Shortcode: {j2store}329|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • We’re witnessing a fundamental transformation in how businesses operate and productivity is achieved.
    • Advances in narrow but powerful forms of artificial intelligence (AI) are being driven by a cluster of factors.
    • Applications for enterprise AI aren’t waiting for the emergence of a general AI. They’re being rapidly deployed in task-specific domains. From robotic process automation (RPA) to demand forecasting, from real-world robotics to AI-driven drug development, AI is boosting enterprise productivity in significant ways.

    Our Advice

    Critical Insight

    Algorithms are becoming more advanced, data is now richer and easier to collect, and hardware is cheaper and more powerful. All of this is true and contributes to the excitement around enterprise AI applications, but the biggest difference today is that enterprises are redesigning their processes around AI, rather than simply adding AI to their existing processes.

    Impact and Result

    This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

    AI and the Future of Enterprise Productivity Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Read the trend report

    This report outlines six emerging ways AI is being used in the enterprise, with four future scenarios outlining their possible trajectories. These are designed to guide strategic decision making and facilitate future-focused ideation.

    • AI and the Future of Enterprise Productivity Trend Report
    • AI and the Future of Enterprise Productivity Trend Report (PDF)
    [infographic]

    Prevent Data Loss Across Cloud and Hybrid Environments

    • Buy Link or Shortcode: {j2store}377|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Organizations are often beholden to compliance obligations that require protection of sensitive data.
    • All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss.
    • Organizations must find ways to mitigate insider threats without impacting legitimate business access.

    Our Advice

    Critical Insight

    • Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.
    • The journey to data loss prevention is complex and should be taken in small and manageable steps.

    Impact and Result

    • Organizations will achieve data comprehension.
    • Organizations will align DLP with their current security program and architecture.
    • A DLP strategy will be implemented with a distinct goal in mind.

    Prevent Data Loss Across Cloud and Hybrid Environments Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prevent Data Loss Across Cloud and Hybrid Environments Storyboard – A guide to handling data loss prevention in cloud services.

    This research describes an approach to strategize and implement DLP solutions for cloud services.

    • Prevent Data Loss Across Cloud and Hybrid Environments Storyboard

    2. Data Loss Prevention Strategy Planner – A workbook designed to guide you through identifying and prioritizing your data and planning what DLP actions should be applied to protect that data.

    Use this tool to identify and prioritize your data, then use that information to make decisions on DLP strategies based on classification and data environment.

    • Data Loss Prevention Strategy Planner
    [infographic]

    Further reading

    Prevent Data Loss Across Cloud and Hybrid Environments

    Leverage existing tools and focus on the data that matters most to your organization.

    Analyst Perspective

    Data loss prevention is an additional layer of protection

    Driven by reduced operational costs and improved agility, the migration to cloud services continues to grow at a steady rate. A recent report by Palo Alto Networks indicates workload in the cloud increased by 13% last year, and companies are expecting to move an additional 11% of their workload to the cloud in the next 24 months1.

    However, moving to the cloud poses unique challenges for cyber security practitioners. Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls.

    It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture. To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program.

    Photo of Bob Wilson
    Bob Wilson
    CISSP
    Research Director, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored.

    Organizations often have compliance obligations requiring protection of sensitive data.

    All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss.

    Organizations must find ways to mitigate insider threats without impacting legitimate business access.

    Common Obstacles

    Many organizations must handle a plethora of data in multiple varied environments.

    Organizations don’t know enough about the data they use or where it is located.

    Different systems offer differing visibility.

    Necessary privileges and access can be abused.

    Info-Tech’s Approach

    The path to data loss prevention is complex and should be taken in small and manageable steps.

    First, organizations must achieve data comprehension.

    Organizations must align DLP with their current security program and architecture.

    Organizations need to implement DLP with a distinct goal in mind.

    Once the components are in place it’s important to measure and improve.

    Info-Tech Insight

    Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.

    Your challenge

    Protecting data is a critical responsibility for organizations, no matter where it is located.

    45% of breaches occurred in the cloud (“Cost of a Data Breach 2022,” IBM Security, 2022).

    A diagram that shows the mean time to detect and contain.

    It can take upwards of 12 weeks to identify and contain a breach (“Cost of a Data Breach 2022,” IBM Security, 2022).

    • Compliance obligations will require organizations to protect certain data.
    • All data states can exist in the cloud, and each state provides a unique opportunity for data loss.
    • Insider threats, whether intentional or not, are especially challenging for organizations. It’s necessary to prevent illicit data use while still allowing work to happen.

    Info-Tech Insight

    Data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services and these controls should be considered.

    Common obstacles

    As organizations increasingly move data into the cloud, their environments become more complex and vulnerable to insider threats

    • It’s not uncommon for an organization not to know what data they use, where that data exists, or how they are supposed to protect it.
    • Cloud systems, especially software as a service (SaaS) applications, may not provide much visibility into how that data is stored or protected.
    • Insider threats are a primary concern, but employees must be able to access data to perform their duties. It isn’t always easy to strike a balance between adequate access and being too restrictive with controls.

    Insider threats are a significant concern

    53%

    53% of a study’s respondents think it is more difficult to detect insider threats in the cloud.

    Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023

    45%

    Only about 45% of organizations think native cloud app functionality is useful in detecting insider threats.

    Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023

    Info-Tech Insight

    An insider threat management (ITM) program focuses on the user. DLP programs focus on the data.

    Insight summary

    DLP is not just a single tool. It’s an additional layer of security that depends on different components of your security program, and it requires time and effort to mature.

    Organizations should leverage existing security architecture with the DLP controls available in the cloud services they use.

    Data loss prevention is not a point solution

    Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

    Prioritize data

    Start with the data that matters most to your organization.

    Define an objective

    Having a clearly defined objective will make implementing a DLP program much easier.

    DLP is a layer

    Data loss prevention is not foundational, and it depends on many other parts of a mature information security program.

    The low hanging fruit is sweet

    Start your DLP implementation with a quick win in mind and build on small successes.

    DLP is a work multiplier

    Your organization must be prepared to investigate alerts and respond to incidents.

    Prevent data loss across cloud or hybrid environments

    A diagram that shows preventing data loss across cloud or hybrid environments

    Data loss prevention is not a point solution.
    It’s the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.

    Info-Tech Insight

    Leverage existing security tools where possible.

    Data loss prevention (DLP) overview

    DLP is an additional layer of security.

    DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted.

    DLP depends on many components of a mature security program, including but not limited to:

    • Acceptable use policy
    • Data classification policy and data handling guidelines
    • Identity and access management

    DLP is achieved through some or all of the following tactics:

    • Identify: Data is detected using policies, rules, and patterns.
    • Monitor: Data is flagged and data activity is logged.
    • Prevent: Action is taken on data once it has been detected.

    Info-Tech Insight

    DLP is not foundational. Your information security program needs to be moderately mature to support a DLP strategy.

    DLP approaches and methods

    DLP uses a handful of techniques to achieve its tactics:

    • Policy and access rights: Limits access to data based on user permissions or other contextual attributes.
    • Isolation or virtualization: Data is isolated in an environment with channels for data leakage made unavailable.
    • Cryptographic approach: Data is encrypted.
    • Quantifying and limiting: Use or transfer of data is restricted by quantity.
    • Social and behavioral analysis: The DLP system detects anomalous activity, such as users accessing data outside of business hours.
    • Pattern matching: Data content is analyzed for specific patterns.
    • Data mining and text clustering: Large sets are analyzed, typically with machine learning (ML), to identify patterns.
    • Data fingerprinting: Data files are matched against a pre-calculated hash or based on file contents.
    • Statistical Analysis: Data content is analyzed for sensitive data. Usually involves machine learning.


    DLP has two primary approaches for applying techniques:

    • Content-based: Data is identified through inspecting its content. Fingerprinting and pattern matching are examples of content-based methods.
    • Context-based: Data is identified based on its situational or contextual attributes. Some factors that may be used are source, destination, and format.

    Some DLP tools use both approaches.

    Info-Tech Insight

    Different DLP products will support different methods. It is important to keep these in mind when choosing a DLP solution.

    Start by defining your data

    Define data by answering the 5 “W”s

    Who? Who owns the data? Who needs access? Who would be impacted if it was lost?
    What? What data do you have? What type of data is it? In what format does it exist?
    When? When is the data generated? When is it used? When is it destroyed?
    Where? Where is the data stored? Where is it generated? Where is it used?
    Why? Why is the data needed?

    Use what you discover about your data to create a data inventory!

    Compliance requirements

    Compliance requirements often dictate what must be done to manage and protect data and vary from industry to industry.

    Some examples of compliance requirements to consider:

    • Healthcare - Health Insurance Portability and Accountability Act (HIPAA)
    • Financial Services - Gramm-Leach-Bliley Act (GLBA)
    • Payment Card Industry Data Security Standards (PCI DSS)

    Info-Tech Insight

    Why is especially important. If you don’t need a specific piece of data, dispose of it to reduce risk and administrative overhead related to maintaining or protecting data.

    Classify your data

    Data classification facilitates making decisions about how data is treated.

    Data classification is a process by which data is categorized.

    • The classifications are often based on the sensitivity of the data or the impact a loss or breach of that data would have on the organization.
    • Data classification facilitates decisions about data handling and how information security controls are implemented. Instead of considering many different types of data individually, decisions are based on a handful of classification levels.
    • A mature data classification should include a formalized policy, handling standards, and a steering committee.

    Refer to our Discover and Classify Your Data blueprint for guidance on data classification.

    Sample data classification schema

    Label

    Category

    Top Secret Data that is mission critical and highly likely to negatively impact the organization if breached. The “crown jewels.”
    Examples: Trade secrets, military secrets
    Confidential Data that must not be disclosed, either because of a contractual or regulatory requirement or because of its value to the organization.
    Examples: Payment card data, private health information, personally identifiable information, passwords
    Internal Data that is intended for organizational use, which should be kept private.
    Examples: Internal memos, sales reports
    Limited Data that isn’t generally intended for public consumption but may be made public.
    Examples: Employee handbooks, internal policies
    Public Data that is meant for public consumption and anonymous access.
    Examples: Press releases, job listings, marketing material

    Info-Tech Insight

    Data classification should be implemented as a continuous program, not a one-time project.

    Understand data risk

    Knowing where and how your data is at risk will inform your DLP strategy.

    Data exists in three states, and each state presents different opportunities for risk. Different DLP methodologies will be appropriate for different states.

    Data states

    In use

    • End-user devices
    • Mobile devices
    • Servers

    In motion

    • Cloud services
    • Email
    • Web/web apps
    • Instant messaging
    • File transfers

    At rest

    • Cloud services
    • Databases
    • End-user devices
    • Email archives
    • Backups
    • Servers
    • Physical storage devices

    Causes of Risk

    The most common causes of data loss can be categorized by people, processes, and technology.

    A diagram that shows the categorization of causes of risk.

    Check out our Combine Security Risk Management Components Into One Program blueprint for guidance on risk management, including how to do a full risk assessment.

    Prioritize your data

    Know what data matters most to your organization.

    Prioritizing the data that most needs protection will help define your DLP goals.

    The prioritization of your data should be a business decision based on your comprehension of the data. Drivers for prioritizing data can include:

    • Compliance-driven: Noncompliance is a risk in itself and your organization may choose to prioritize data based on meeting compliance requirements.
    • Audit-driven: Data can be prioritized to prepare for a specific audit objective or in response to an audit finding.
    • Business-driven: Data could be prioritized based on how important it is to the organization’s business processes.

    Info-Tech Insight

    It’s not feasible for most organizations to apply DLP to all their data. Start with the most important data.

    Activity: Prioritize your data

    Input: Lists of data, data types, and data environments
    Output: A list of data types with an estimated priority
    Materials: Data Loss Prevention Strategy Planner worksheet
    Participants: Security leader, Data owners

    1-2 hours

    For this activity, you will use the Data Loss Prevention Strategy Planner workbook to prioritize your data.

    1. Start with tab “2. Setup” and fill in the columns. Each column features a short explanation of itself, and the following slides will provide more detail about the columns.
    2. On tab “3. Data Prioritization,” work through the rows by selecting a data type and moving left to right. This sheet features a set of instructions at the top explaining each column, and the following slides also provide some guidance. On this tab, you may use data types and data environments multiple times.

    Click to download the Data Loss Prevention Strategy Planner

    Activity: Prioritize your data

    In the Data Loss Prevention Strategy Planner tool, start with tab “2. Setup.”

    A diagram that shows tab 2 setup

    Next, move to tab “3. Data Prioritization.”

    A diagram that shows tab 3 Data Prioritization.

    Click to download the Data Loss Prevention Strategy Planner

    Determine DLP objectives

    Your DLP strategy should be able to function as a business case.

    DLP objectives should achieve one or more of the following:

    • Prevent disclosure or unauthorized use of data, regardless of its state.
    • Preserve usability while providing adequate security.
    • Improve security, privacy, and compliance capabilities.
    • Reduce overall risk for the enterprise.

    Example objectives:

    • Prevent users from emailing ePHI to addresses outside of the organization.
    • Detect when a user is uploading an unusually large amount of data to a cloud drive.

    Most common DLP use cases:

    • Protection of data, primarily from internal threats.
    • Meet compliance requirements to protect data.
    • Automate the discovery and classification of data.
    • Provide better data management and visibility across the enterprise.
    • Manage and protect data on mobile devices.

    Info-Tech Insight

    Having a clear idea of your objectives will make implementing a DLP program easier.

    Align DLP with your existing security program/architecture

    DLP depends on many different aspects of your security program.
    To the right are some components of your existing security program that will support DLP.


    1. Data handling standards or guidelines: These specify how your organization will handle data, usually based on its classification. Your data handling standards will inform the development of DLP rules, and your employees will have a clear idea of data handling expectations.

    2. Identity and access management (IAM): IAM will control the access users have to various resources and data and is integral to DLP processes.

    3. Incident response policy or plan: Be sure to consider your existing incident handling processes when implementing DLP. Modifying your incident response processes to accommodate alerts from DLP tools will help you efficiently process and respond to incidents.

    4. Existing security tools: Firewalls, email gateways, security information and event management (SIEM), and other controls should be considered or leveraged when implementing a DLP solution.

    5. Acceptable use policy: An organization must set expectations for acceptable/unacceptable use of data and IT resources.

    6. User education and awareness: Aside from baseline security awareness training, organizations should educate users about policies and communicate the risks of data leakage to reduce risk caused by user error.

    Info-Tech Insight

    Consider DLP as a secondary layer of protection; a safety net. Your existing security program should do most of the work to prevent data misuse.

    Cloud service models

    A fundamental challenge with implementing DLP with cloud services is the reduced flexibility that comes with managing less of the technology stack. Each cloud model offers varying levels of abstraction and control to the user.

    Infrastructure as a service (IaaS): This service model provides customers with virtualized technology resources, such as servers and networking infrastructure. IaaS allows users to have complete control over their virtualized infrastructure without needing to purchase and maintain hardware resources or server space. Popular examples include Amazon Web Servers, Google Cloud Engine, and Microsoft Azure.

    Platform as a service (PaaS): This service model provides users with an environment to develop and manage their own applications without needing to manage an underlying infrastructure. Popular examples include Google Cloud Engine, OpenShift, and SAP Cloud.

    Software as a service (SaaS): This service model provides customers with access to software that is hosted and maintained by the cloud provider. SaaS offers the least flexibility and control over the environment. Popular examples include Salesforce, Microsoft Office, and Google Workspace.

    A diagram that shows cloud models, including IaaS, PaaS, and SaaS.

    Info-Tech Insight

    Cloud service providers may include DLP controls and functionality for their environments with the subscription. These tools are usually well suited for DLP functions on that platform.

    Different DLP tools

    DLP products often fall into general categories defined by where those tools provide protection. Some tools fit into more than one category.

    Cloud DLP refers to DLP products that are designed to protect data in cloud environments.

    • Cloud access security broker (CASB): This system, either in-cloud or on-premises, sits between cloud service users and cloud service providers and acts as a point of control to enforce policies on cloud-based resources. CASBs act on data in motion, for the most part, but can detect and act on data at rest through APIs.
    • Existing tools integrated within a service: Many cloud services provide DLP tools to manage data loss in their service.

    Endpoint DLP: This DLP solution runs on an endpoint computing device and is suited to detecting and controlling data at rest on a computer as well as data being uploaded or downloaded. Endpoint DLP would be feasible for IaaS.

    Network DLP: Network DLP, deployed on-premises or as a cloud service, enforces policies on network flows between local infrastructure and the internet.

    • “Email DLP”: Detects and enforces security policies specifically on data in motion as emails.

    A diagram of CASB

    Choosing a DLP solution

    You will also find that some DLP solutions are better suited for some cloud service models than others.


    DLP solution types that are better suited for SaaS: CASB and Integrated Tools

    DLP solution types that are better suited for PaaS: CASB, Integrated Tools, Network DLP

    DLP solution types that are better suited for IaaS: CASB, Integrated Tools, Network DLP, and Endpoint DLP

    Your approach for DLP will vary depending on the data state you’ll be acting on and whether you are trying to detect or prevent.

    A diagram that shows DLP tactics by approach and data state

    Click to download the Data Loss Prevention Strategy Planner
    Check the tab labeled “6. DLP Features Reference” for a list of common DLP features.

    Activity: Plan DLP methods

    Input: Knowledge of data states for data types
    Output: A set of technical DLP policy rules for each data type by environment
    Materials: The same Data Loss Prevention Strategy Planner worksheet from the earlier activity
    Participants: Security leader, Data owners

    1-2 hours

    Continue with the same workbook used in the previous activity.

    1. On tab “4. DLP Methods,” indicate the expected data state the DLP control will act on. Then, select the type of DLP control your organization intends to use for that data type in that data environment.
    2. DLP actions are suggested based on the classification of the data type, but these may be overridden by manually selecting your preferred action.
    3. You will find more detail on this activity on the following slide, and you will find some additional guidance in the instructional text at the top of the worksheet.
    4. Once you have populated the columns on this worksheet, a summary of suggested DLP rules can be found on tab “5. Results.”

    Click to download the Data Loss Prevention Strategy Planner

    Activity: Plan DLP methods

    Use tab “4. DLP Methods” to plan DLP rules and technical policies.

    A diagram that shows tab 4 DLP Methods

    See tab “5. Results” for a summary of your DLP policies.

    A diagram that shows tab 5 Results.

    Click to download the Data Loss Prevention Strategy Planner

    Implement your DLP program

    Take the steps to properly implement your DLP program

    1. It’s important to shift the culture. You will need leadership’s support to implement controls and you’ll need stakeholders’ participation to ensure DLP controls don’t negatively affect business processes.
    2. Integrate DLP tools with your security program. Most cloud service providers, like Amazon, Microsoft, and Google provide DLP controls in their native environment. Many of your other security controls, such as firewalls and mail gateways, can be used to achieve DLP objectives.
    3. DLP is best implemented with a crawl, walk, then run approach. Following change management processes can reduce friction.
    4. Communicating controls to users will also reduce friction.

    A diagram of implementing DLP program

    Info-Tech Insight

    After a DLP program is implemented, alerts will need to be investigated and incidents will need a response. Be prepared for DLP to be a work multiplier!

    Measure and improve

    Metrics of effectiveness

    DLP attempts to tackle the challenge of promptly detecting and responding to an incident.
    To measure the effectiveness of your DLP program, compare the number of events, number of incidents, and mean time to respond to incidents from before and after DLP implementation.

    Metrics that indicate friction

    A high number of false positives and rule exceptions may indicate that the rules are not working well and may be interfering with legitimate use.
    It’s important to address these issues as the frustration felt by employees can undermine the DLP program.

    Tune DLP rules

    Establish a process for routinely using metrics to tune rules.
    This will improve performance and reduce friction.

    Info-Tech Insight

    Aside from performance-based tuning, it’s important to evaluate your DLP program periodically and after major system or business changes to maintain an awareness of your data environment.

    Related Info-Tech Research

    Photo of Discover and Classify Your Data

    Discover and Classify Your Data

    Understand where your data lives and who has access to it. This blueprint will help you develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly.

    Photo of Identify the Components of Your Cloud Security Architecture

    Identify the Components of Your Cloud Security Architecture

    This blueprint and associated tools are scalable for all types of organizations within various industry sectors. It allows them to know what types of risk they are facing and what security services are strongly recommended to mitigate those risks.

    Photo of Data Loss Prevention on SoftwareReviews

    Data Loss Prevention on SoftwareReviews

    Quickly evaluate top vendors in the category using our comprehensive market report. Compare product features, vendor strengths, user-satisfaction, and more.

    Don’t settle for just any vendor – find the one you can trust. Use the Emotional Footprint report to see which vendors treat their customers right.

    Research Contributors

    Andrew Amaro
    CSO and Founder
    Klavan Physical and Cyber Security Services

    Arshad Momin
    Cyber Security Architect
    Unicom Engineering, Inc.

    James Bishop
    Information Security Officer
    StructureFlow

    Michael Mitchell
    Information Security and Privacy Compliance Manager
    Unicom Engineering, Inc.

    One Anonymous Contributor

    Bibliography

    Alhindi, Hanan, Issa Traore, and Isaac Woungang. "Preventing Data Loss by Harnessing Semantic Similarity and Relevance." jisis.org Journal of Internet Services and Information Security, 31 May 2021. Accessed 2 March 2023. https://jisis.org/wp-content/uploads/2022/11/jisis-2021-vol11-no2-05.pdf

    Cash, Lauryn. "Why Modern DLP is More Important Than Ever." Armorblox, 10 June 2022. Accessed 10 February 2023. https://www.armorblox.com/blog/modern-dlp-use-cases/

    Chavali, Sai. "The Top 4 Use Cases for a Modern Approach to DLP." Proofpoint, 17 June 2021. Accessed 7 February 2023. https://www.proofpoint.com/us/blog/information-protection/top-4-use-cases-modern-approach-dlp

    Crowdstrike. "What is Data Loss Prevention?" Crowdstrike, 27 Sept. 2022. Accessed 6 Feb. 2023. https://www.crowdstrike.com/cybersecurity-101/data-loss-prevention-dlp/

    De Groot, Juliana. "What is Data Loss Prevention (DLP)? Definition, Types, and Tips." Digital Guardian, 8 February 2023. Accessed 9 Feb. 2023. https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention

    Denise. "Learn More About DLP Key Use Cases." CISO Platform, 28 Nov. 2019. Accessed 10 February 2023. https://www.cisoplatform.com/profiles/blogs/learn-more-about-dlp-key-use-cases

    Google. "Cloud Data Loss Prevention." Google Cloud Google, n.d. Accessed 7 Feb. 2023. https://cloud.google.com/dlp#section-6

    Gurucul. "2023 Insider Threat Report." Cybersecurity Insiders, 13 Jan. 2023. Accessed 23 Feb. 2023. https://gurucul.com/2023-insider-threat-report

    IBM Security. "Cost of a Data Breach 2022." IBM Security, 1 Aug. 2022. Accessed 13 Feb. 2023. https://www.ibm.com/downloads/cas/3R8N1DZJ

    Mell, Peter & Grance, Tim. "The NIST Definition of Cloud Computing." NIST CSRC NIST, Sept. 2011. Accessed 7 Feb. 2023. https://csrc.nist.gov/publications/detail/sp/800-145/final

    Microsoft. "Plan for Data Loss Prevention (DLP)." Microsoft 365 Solutions and Architecture Microsoft, 6 Feb. 2023. Accessed 14 Feb. 2023. https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-overview-plan-for-dlp

    Nanchengwa, Christopher. "The Four Questions for Successful DLP Implementation." ISACA Journal ISACA, 1 Jan. 2019. Accessed 6 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/the-four-questions-for-successful-dlp-implementation

    Palo Alto Networks. "The State of Cloud Native Security 2023." Palo Alto Networks, 2 March 2023. Accessed 23 March 2023. https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/state-of-cloud-native-security-2023.pdf

    Pritha. "Top Six Metrics for your Data Loss Prevention Program." CISO Platform, 27 Nov. 2019. Accessed 10 Feb. 2023. https://www.cisoplatform.com/profiles/blogs/top-6-metrics-for-your-data-loss-prevention-program

    Raghavarapu, Mounika. "Understand DLP Key Use Cases." Cymune, 12 June 2021. Accessed 7 Feb. 2023. https://www.cymune.com/blog-details/DLP-key-use-cases

    Sheela, G. P., & Kumar, N. "Data Leakage Prevention System: A Systematic Report." International Journal of Recent Technology and Engineering BEIESP, 30 Nov. 2019. Accessed 2 March 2023. https://www.ijrte.org/wp-content/uploads/papers/v8i4/D6904118419.pdf

    Sujir, Shiv. "What is Data Loss Prevention? Complete Guide [2022]." Pathlock, 15 Sep. 2022. Accessed 7 February 2023. https://pathlock.com/learn/what-is-data-loss-prevention-complete-guide-2022/

    Wlosinski, Larry G. "Data Loss Prevention - Next Steps." ISACA Journal, 16 Feb. 2018. Accessed 21 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/data-loss-preventionnext-steps

    IT Operations Consulting

    Operations... make sure that the services and products you offer your clients are delivered in the most efficient way possible. IT Operations makes sure that the applications and infrastructure that your delivery depends on is solid.

    Gert Taeymans has over 20 years experience in directing the implementation and management of mission-critical services for businesses in high-volume international markets. Strong track record in risk management, crisis management including disaster recovery, service delivery and change & config management.

    Register to read more …

    Satisfy Digital End Users With Low- and No-Code

    • Buy Link or Shortcode: {j2store}185|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $2,460 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Your organization decided to invest in digital solutions to support their transition to a digital and automated workplace. They are ready to begin the planning and delivery of these solutions.
    • However, IT capacity is constrained due to the high and aggressive demand to meet business priorities and maintain mission critical applications. Technical experience and skills are difficult to find, and stakeholders are increasing their expectations to deliver technologies faster with high quality using less resources.
    • Stakeholders are interested in low and no code solutions as ways to their software delivery challenges and explore new digital capabilities.

    Our Advice

    Critical Insight

    • Current software delivery inefficiencies and lack of proper governance and standards impedes the ability to successfully scale and mature low and no code investments and see their full value.
    • Many operating models and culture do not enable or encourage the collaboration needed to evaluate business opportunities and underlying operational systems.This can exacerbate existing shadow IT challenges and promote a negative perception of IT.
    • Low and no code tools bring significant organizational, process, and technical changes that IT and the business may not be prepared or willing to accept and adopt, especially when these tools support business and worker managed applications and services.

    Impact and Result

    • Establish the right expectations. Profile your digital end users and their needs and challenges. Discuss current IT and business software delivery and digital product priorities to determine what to expect from low- and no-code.
    • Build your low- and no-code governance and support. Clarify the roles, processes, and tools needed for low- and no-code delivery and management through IT and business collaboration.
    • Evaluate the fit of low- and no-code and shortlist possible tools. Obtain a thorough view of the business and technical complexities of your use cases. Indicate where and how low- and no-code is expected to generate the most return.

    Satisfy Digital End Users With Low- and No-Code Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Satisfy Digital End Users With Low- and No-Code Deck – A step-by-step guide on selecting the appropriate low- and no-code tools and building the right people, processes, and technologies to support them.

    This blueprint helps you develop an approach to understand your low- and no-code challenges and priorities and to shortlist, govern, and manage the right low- and no-code tools.

    • Satisfy Digital End Users With Low- and No-Code – Phases 1-3

    2. Low- and No-Code Communication Template – Clearly communicate the goal and approach of your low- and no-code implementation in a language your audience understands.

    This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.

    • Low- and No-Code Communication Template

    Infographic

    Workshop: Satisfy Digital End Users With Low- and No-Code

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Select Your Tools

    The Purpose

    Understand the personas of your low- and no-code users and their needs.

    List the challenges low- and no-code is designed to solve or the opportunities you hope to exploit.

    Identify the low- and no-code tools to address your needs.

    Key Benefits Achieved

    Level set expectations on what low- and no-code can deliver.

    Identify areas where low- and no-code can be the most beneficial.

    Select the tools to best address your problem and opportunities.

    Activities

    1.1 Profile your digital end users

    1.2 Set reasonable expectations

    1.3 List your use cases

    1.4 Shortlist your tools

    Outputs

    Digital end-user skills assessment

    Low- and no-code objectives and metrics

    Low- and no-code use case opportunities

    Low- and no-code tooling shortlist

    2 Deliver Your Solution

    The Purpose

    Optimize your product delivery process to accommodate low- and no-code.

    Review and improve your product delivery and management governance model.

    Discuss how to improve your low- and no-code capacities.

    Key Benefits Achieved

    Encourage business-IT collaborative practices and improve IT’s reputation.

    Shift the right accountability and ownership to the business.

    Equip digital end users with the right skills and competencies.

    Activities

    2.1 Adapt your delivery process

    2.2 Transform your governance

    2.3 Identify your low- and no-code capacities

    Outputs

    Low- and no-code delivery process and guiding principles

    Low- and no-code governance, including roles and responsibilities, product ownership and guardrails

    List of low- and no-code capacity improvements

    3 Plan Your Adoption

    The Purpose

    Design a CoE and/or CoP to support low- and no-code capabilities.

    Build a roadmap to illustrate key low- and no-code initiatives.

    Key Benefits Achieved

    Ensure coordinated, architected, and planned implementation and adoption of low- and no-code consistently across the organization.

    Reaffirm support for digital end users new to low- and no-code.

    Clearly communicate your approach to low- and no-code.

    Activities

    3.1 Support digital end users and facilitate cross-functional sharing

    3.2 Yield results with a roadmap

    Outputs

    Low- and no-code supportive body design (e.g. center of excellence, community of practice)

    Low- and no-code roadmap

    Select a Marketing Management Suite

    • Buy Link or Shortcode: {j2store}533|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $6,560 Average $ Saved
    • member rating average days saved: 50 Average Days Saved
    • Parent Category Name: Customer Relationship Management
    • Parent Category Link: /customer-relationship-management
    • Time, money, and effort are wasted on channels and campaigns that are not resonating with your customer base.
    • Email marketing, social marketing, and/or lead management alone are often not enough to meet more sophisticated marketing needs.
    • Many organizations struggle with taking a systematic approach to selection that pairs functional requirements with specific marketing workflows, and as a result they choose a marketing management suite (MMS) that is not well aligned to their needs, wasting resources and causing end-user frustration.
    • For IT managers or marketing professionals, the task to incorporate MMS technology into the organization requires not only receiving the buy-in for the MMS investment but also determining the vendor and solution that best fit the organization’s particular marketing management needs.

    Our Advice

    Critical Insight

    • An MMS enables complex campaigns across many channels, product lines, customer segments, and marketing groups throughout the enterprise.
    • Selecting an MMS has become increasingly difficult because the number of players in the marketplace has ballooned. Moreover, picking the wrong marketing solution has a direct impact on revenue.
    • Determine whether the investment in an MMS is worthwhile or the funds are better allocated elsewhere. For organizations with a large audience or varied product offerings, an MMS enables complex campaigns across many channels, product lines, customer segments, and marketing groups throughout the enterprise.

    Impact and Result

    • Maximize your success and credibility with a proposal that emphasizes the areas relevant to your situation.
    • Perform more effective customer targeting and campaign management. Having an MMS equips marketers with the tools they need to make informed decisions around campaign execution, resulting in better targeting, acquisition, and customer retention. This means more revenue.
    • Maximize marketing impact with analytics-based decision making. Understanding users’/customers’ behaviors and preferences will allow you to run effective marketing initiatives.

    Select a Marketing Management Suite Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to approach selecting an MMS, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the MMS project and collect requirements

    Assess the organization’s fit for MMS technology and structure the MMS selection project.

    • Select a Marketing Management Suite – Phase 1: Launch the MMS Project and Collect Requirements
    • MMS Readiness Assessment Checklist

    2. Shortlist marketing management suites

    Produce a vendor shortlist for your MMS.

    • Select a Marketing Management Suite – Phase 2: Shortlist Marketing Management Suites

    3. Select vendor and communicate decision to stakeholders

    Evaluate RFPs, conduct vendor demonstrations, and select an MMS.

    • Select a Marketing Management Suite – Phase 3: Select Vendor and Communicate Decision to Stakeholders
    • MMS Requirements Picklist Tool
    • MMS Request for Proposal Template
    • MMS Vendor Demo Script
    • MMS Selection Executive Presentation Template
    [infographic]

    Workshop: Select a Marketing Management Suite

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the MMS Project and Collect Requirements

    The Purpose

    Determine a “right-size” approach to marketing enablement applications.

    Key Benefits Achieved

    Confirmation of the goals, objectives, and direction of the organization is marketing application strategy.

    Activities

    1.1 Assess the value and identify the organization’s fit for MMS technology.

    1.2 Understand the art of the possible.

    1.3 Understand CXM strategy and identify your fit for MMS technology.

    1.4 Build procurement team and project customer experience management (CXM) strategy.

    1.5 Identify your MMS requirements.

    Outputs

    Project team list.

    Preliminary requirements list.

    2 Shortlist Marketing Management Suites

    The Purpose

    Enumerate relevant marketing management suites and point solutions.

    Key Benefits Achieved

    List of marketing enablement applications based on requirements articulated in the preliminary requirements list strategy.

    Activities

    2.1 Identify relevant use cases.

    2.2 Discuss the vendor landscape.

    Outputs

    Vendor shortlist.

    3 Select Vendor and Communicate Decision to Stakeholders

    The Purpose

    Develop a rationale for selecting a specific MMS vendor.

    Key Benefits Achieved

    MMS Vendor decision.

    A template to communicate the decision to executives.

    Activities

    3.1 Create a procurement strategy.

    3.2 Discuss the executive presentation.

    3.3 Plan the procurement process.

    Outputs

    Executive/stakeholder PowerPoint presentation.

    Selection of an MMS.

    Further reading

    Select a Marketing Management Suite

    A best-fit solution balances needs, cost, and capability.

    Table of contents

    1. Project Rationale
    2. Execute the Project/DIY Guide
    3. Appendices

    ANALYST PERSPECTIVE

    Navigate the complexity of a vast ecosystem by taking a structured approach to marketing management suite (MMS) selection.

    Marketing applications are in high demand, but it is difficult to select a suite that is right for your organization. Market offerings have grown from 50 vendors to over 800 in the past five years. Much of the process of identifying an appropriate vendor is not about the vendor at all, but rather about having a comprehensive understanding of internal needs. There are instances where a smaller-point solution is necessary to satisfy requirements and a full marketing management suite is an overinvestment.

    Likewise, a partner with differentiating features such as AI-driven workflows and a mobile software development kit can act as a powerful extension of an overall customer experience management strategy. It is crucial to make the right decision; missing the mark on an MMS selection will have a direct impact on the business’ bottom line.

    Ben Dickie
    Research Director, Enterprise Applications
    Info-Tech Research Group

    Phase milestones

    Launch the MMS Project and Collect Requirements — Phase 1

    • Understand the MMS market space.
    • Assess organizational and project readiness for MMS selection.
    • Structure your MMS selection and implementation project by refining your MMS roadmap.
    • Align organizational use-case fit with market use cases.
    • Collect, prioritize, and document MMS requirements.

    Shortlist MMS Tool — Phase 2

    • Review MMS market leaders and players within your aligned use case.
    • Review MMS vendor profiles and capabilities.
    • Shortlist MMS vendors based on organizational fit.

    Select an MMS — Phase 3

    • Submit request for proposal (RFP) to shortlisted vendors.
    • Evaluate vendor responses and develop vendor demonstration scripts.
    • Score vendor demonstrations and select the final product.

    Stop! Are you ready for this project?

    This Research Is Designed For:
    • IT applications directors and business analysts supporting their marketing teams in selecting and implementing a robust marketing solution.
    • Any organization looking to procure an MMS tool that will allow it to automate its marketing processes or learn more about the MMS vendor landscape.
    This Research Will Help You:
    • Understand today’s MMS market, specific to marketing automation, marketing intelligence, and social marketing use-case scenarios.
    • Understand MMS functionality as well as marketing terminology.
    • Follow best practices to prepare for and execute on selection, including requirements gathering and vendor evaluation.
    This Research Will Also Assist:
    • Marketing managers, brand managers, and any marketing professional looking to build a cohesive marketing platform.
    • MMS project teams or working groups tasked with managing an RFP process for vendor selection.
    This Research Will Help Them
    • Assess organizational and project readiness for embarking on MMS selection.
    • Draft an RFP, manage the vendor and product review process, and select a vendor.

    Executive summary

    Situation

    The MMS market is a landscape of vendors offering campaign management, multichannel support, analytics, and publishing tools. Many vendors specialize in some of these areas but not all. Sometimes multiple products are necessary – but determining which feature sets the organization truly needs can be a challenging task. The right technology stack is critical in order to bring automation to marketing initiatives.

    Complication

    • The first challenge is deciding whether to implement a full marketing suite or a point solution.
    • The number of marketing suites and point solutions has increased from 50 to more than 800 just in the past five years.
    • IT is receiving a growing number of marketing analytics requests and must be prepared to speak intelligently about marketing management vendor selection.

    Resolution

    • Leverage Info-Tech’s comprehensive three-phase approach to MMS selection projects: assess your organization’s preparedness to go into the selection stage, move through technology selection, and present decisions to stakeholders.
    • Conduct an MMS project preparedness assessment to ensure you maximize the value of your time, effort, and spend.
    • Determine whether your organization’s needs will best be met by a marketing management suite or a point solution.
    • Determine which use case your organization fits into and review the relevant vendor landscape, common capability, and areas of product differentiation. Consult Info-Tech’s market analysis to shortlist vendors for your RFP process.
    • Take advantage of traceable and auditable selection tools to run an effective evaluation and selection process. Be prepared to answer the retroactive question “Why this MMS?” with documentation of your selection process and outputs.

    Info-Tech Insight

    1. The new MMS market. Selecting a marketing management solution has become increasingly difficult, with the number of players in the marketplace ballooning to meet buyer demand.
    2. Direct translation to revenue. Picking the wrong marketing solution has a direct impact on the bottom line. However, the right MMS can lead to a 7.3x greater year-over-year increase in annual revenue.
    3. Don’t buy best-of-breed; buy best-for-you. Base your vendor selection on your requirements and use case, not on the vendor’s overall performance.

    MMS is a key piece of the CRM puzzle

    In order to optimize cross-sell opportunities and marketing effectiveness, there needs to be a master customer database, which belongs in the customer relationship management (CRM) suite.

    When it comes to marketing automation capabilities, using CRM is like building a car from a kit. All the parts are there, but you need the time and skill to put it all together. Using marketing automation is like buying the car you want or need, with all the features you want already installed and some gas in the tank, ready to drive. In either case, you still need to know how to drive and where you want to go.” (Mac McIntosh, Marketo Inc.) 'CRM' surrounded by its components with 'MMS' highlighted. A master database – the central place where all up-to-the-minute data on a customer profile is stored – is essential for MMS success. This is particularly true for real-time capability effectiveness and to minimize customer fatigue.

    Understand what an MMS can do for you

    Take time to learn the capabilities of modern marketing applications. Understanding the “art of the possible” will help you to get the most out of your MMS.

    MMS helps marketers in two primary ways:
    1. It allows them to efficiently execute and manage campaigns across dozens of channels and products.
    2. It allows them to analyze the outcomes of campaigns.
    Marketing suites accomplish these tasks by:
    • Leveraging workflow automation to reduce the amount of time spent creating marketing campaigns
    • Using internal or third-party data to increase conversion effectiveness from customer databases across the organization
    A strong MMS provides marketers with the data they need for actionable insights about their customers.
    A marketing automation solution delivers essentially all the benefits of an email marketing solution along with integrated capabilities that would otherwise need to be cobbled together using various standalone technologies.” (Marketo Inc.)

    Review Info-Tech’s vendor profiles of the MMS market to identify vendors that meet your requirements

    Logos of multiple vendors including 'Hubspot', 'IBM', 'Salesforce marketing cloud', etc.

    Use Info-Tech’s MMS implementation methodology as a starting point for your organization’s MMS selection

    Info-Tech’s implementation methodology is not a step-by-step approach to vendor selection, but rather it highlights the pertinent considerations for MMS selection at each of the five steps outlined below.

    1

    2

    3

    4

    5

    Establish Resources Gather Requirements Write and Assemble RFP Exercise Due Diligence Evaluate Candidate Solutions
    • Determine work initiative dependencies and project milestones.
    • Establish the project timeline.
    • Designate project resources.
    • Prioritize rollout of functionality.
    • Link business goals with the MMS selection project.
    • Determine user roles and profiles.
    • Conduct stakeholder interviews.
    • Build communication and change management plan.
    • Draft an RFP.
    • Make a plan for soliciting feedback and publishing the RFP.
    • Customize a vendor demo script and scorecard.
    • Conduct vendor demos.
    • Speak with vendor references.
    • Evaluate nonfunctional requirements.
    • Understand upgrade schedules.
    • Define a vendor evaluation framework.
    • Prepare the final evaluation.
    • Prepare a presentation for management.

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Professional services provider engages Info-Tech to guide it through its MMS selection journey

    CASE STUDY

    Industry: Professional Services | Source: Info-Tech Consulting

    Challenge

    A large professional services firm specializing in knowledge development was looking to modernize an outdated marketing services stack.

    Previous investments in marketing tools ranging from email automation to marketing analytics led to system fragmentation. As a result, there was no 360-degree overview of marketing operations and no way to run campaigns at scale.

    To satisfy the organization’s aspirations, a comprehensive marketing management suite had to be selected that met needs for the foreseeable future.

    Solution

    The Info-Tech consulting team was brought in to assist in the MMS selection process.

    After meeting with several stakeholders, MMS requirements were developed and weighted. An RFP was then created from these requirements.

    Following a market scan, four vendors were selected to complete the organization’s RFP. Demonstration scripts were then developed as the RFPs were completed by vendors.

    Shortlisted vendors progressed to the demonstration phase.

    Results

    Vendor scorecards were utilized during the two-day demonstrations with the core project team to score each vendor.

    During the scoring process the team also identified the need to replace the organization’s core customer repository (a legacy CRM).

    The decision was made to select a CRM before finalizing the MMS selection. Doing so ensured uniform system architecture and strong interoperability between the firm’s MMS and its CRM.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Select a Marketing Management Suite – project overview

    1. Launch the MMS Project and Collect Requirements 2. Shortlist Marketing Management Suites 3. Select Vendor and Communicate Decision to Stakeholders
    Supporting Tool icon

    Best-Practice Toolkit

    1.1 Assess the value and identify your organization’s fit for MMS technology.

    1.2 Build your procurement team and project customer experience management (CXM) strategy.

    1.3 Identify your MMS requirements.

    2.1 Produce your shortlist

    3.1 Select your MMS

    3.2 Present selection

    Guided Implementations

    • Understand CXM strategy and identify your fit for MMS technology.
    • Identify staffing needs.
    • Plan requirements gathering steps.
    • Discuss use-case fit assessment results.
    • Discuss vendor landscape.
    • Create a procurement strategy.
    • Discuss executive presentation.
    • Conduct a proposal review.
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Launch Your MMS Selection Project
    Module 2:
    Analyze MMS Requirements and Shortlist Vendors
    Module 3:
    Plan Your Procurement Process
    Phase 1 Outcome:
    • Launch of MMS selection project
    Phase 2 Outcome:
    • Shortlist of vendors
    Phase 3 Outcome:
    • Selection of MMS

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members who will come onsite to facilitate a workshop for your organization.

    A small monochrome icon depicting a descending bar graph.

    This icon denotes a slide that pertains directly to the Info-Tech vendor profiles on marketing management technology. Use these slides to support and guide your evaluation of the MMS vendors included in the research.

    Select a Marketing Management Suite

    PHASE 1

    Launch the MMS Project and Collect Requirements

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Launch Your MMS Project and Collect Requirements

    Proposed Time to Completion: 3 weeks
    Step 1.2: Structure the Project Step 1.3: Gather Requirements
    Start with an analyst kick-off call:
    • Review readiness requirements for an MMS project.
    • Understand the work initiatives involved in MMS selection.
    Review findings with analyst:
    • Determine use case based on your organizational alignment.
    • Discuss core MMS requirements.
    Then complete these activities…
    • Conduct an organizational MMS readiness assessment.
    Then complete these activities…
    • Identify best-fit use case.
    • Elicit, capture, and prioritize requirements.
    With these tools & templates:
    • MMS Readiness Assessment Checklist
    With these tools & templates:
    • MMS Requirements Picklist Tool
    Phase 1 Results:
    • Completed readiness assessment.
    • Refined project plan to incorporate selection and implementation.

    Phase 1 milestones

    Launch the MMS Project and Collect Requirements — Phase 1

    • Understand the MMS market space.
    • Assess organizational and project readiness for MMS selection.
    • Structure your MMS selection and implementation project by refining your MMS roadmap.
    • Align organizational use-case fit with market use cases.
    • Collect, prioritize, and document MMS requirements.

    Shortlist MMS Tool — Phase 2

    • Review MMS market leaders and players within your aligned use case.
    • Review MMS vendor profiles and capabilities.
    • Shortlist MMS vendors based on organizational fit.

    Select an MMS — Phase 3

    • Submit request for proposal (RFP) to shortlisted vendors.
    • Evaluate vendor responses and develop vendor demonstration scripts.
    • Score vendor demonstrations and select the final product.

    Step 1.1: Understand the MMS market

    1.1

    1.2

    1.3

    Understand the MMS Market Structure the Project Gather MMS Requirements

    This step will walk you through the following activities:

    • MMS market overview

    This step involves the following participants:

    • Project team
    • Project manager
    • Project sponsor

    Outcomes of this step

    • An understanding of the evolution of the MMS market space and how it helps today’s organizations.
    • An evaluation of new and upcoming trends sought by MMS clients.
    • Verification of whether an MMS is a fit with your organization.

    Speak the same language as the marketing department to deliver the most business value

    Marketing Management Suite Glossary

    Analytics The practice of measuring marketing performance to improve return on investment (ROI). It is often carried out through the visualization of meaningful patterns in data as a result of marketing initiatives.
    Channels The different places where marketers can reach customers (e.g. social media, print mail, television).
    Click-through rate The percentage of individuals who proceed (click-through) from one part of a marketing campaign to the next.
    Content management Curating, creating, editing, and keeping track of content and client-facing assets.
    Customer relationship management (CRM) A core enterprise application that provides a broad feature set for supporting customer interaction processes. The CRM frequently serves as a core customer data repository.
    Customer experience management (CXM) The holistic management of customer interaction processes across marketing, sales, and customer service to create valuable, mutually beneficial customer experiences.
    Engagement rate A social media metric used to describe the amount of likes, comments, shares, etc., that a piece of content receives.
    Lead An individual or organization who has shown interest in the product or service being marketed.
    Omnichannel The portfolio of interaction channels you use.

    MMS is a key piece of the customer experience ecosystem

    Within the broader CXM ecosystem, an MMS typically lives within the CRM platform. Interfacing with the CRM’s master customer database allows an MMS to optimize cross-sell opportunities and marketing effectiveness.

    A master database – the central place where all up-to-the-minute data on a customer profile is stored – is essential for MMS success. This is particularly true for real-time capability effectiveness and to minimize customer fatigue.

    If you have customer records in multiple places, you risk missing customer opportunities and potentially upsetting clients. For example, if a client has communicated preferences or disinterest through one channel, and this is not effectively recorded throughout the organization, another representative is likely to contact them in the same method again – possibly alienating the customer for good.

    A master database requires automatic synchronization with all point solutions, POS, billing systems, agencies, etc. If you don’t have up-to-the-minute information, you can’t score prospects effectively and you lose out on the benefits of the MMS.

    'CRM' surrounded by its components with 'MMS' highlighted.
    Focus on the fundamentals before proceeding. Secure organizational readiness to reduce project risk using Info-Tech’s Build a Strong Technology Foundation for CXM and Select and Implement a CRM Platform blueprints.

    Understanding the “art of the possible”

    The world of marketing technology changes rapidly! Understand how modern marketing management suites are used in most organizations.

    An MMS helps marketers in two primary ways:

    1. It allows them to efficiently execute and manage campaigns across dozens of channels and products.
    2. It allows them to analyze the outcomes of campaigns.

    Marketing suites accomplish these tasks by:

    • Leveraging workflow automation to reduce the amount of time spent creating marketing campaigns.
    • Using internal or third-party data to increase conversion effectiveness from customer databases across the organization.

    A strong MMS provides marketers with the data they need for actionable insights about their customers.

    A marketing automation solution delivers essentially all the benefits of an email marketing solution along with integrated capabilities that would otherwise need to be cobbled together using various standalone technologies.” (Marketo Inc.)

    Inform your way of thinking by understanding the capabilities of modern marketing applications.

    A tree with icons related to knowledge.

    Expect the marketing department to drive suite adoption, but don’t count out the benefits MMS will also provide to IT

    MMS adoption is driven by the need for better campaign execution and marketing intelligence. MMS technologies are adopted to create faster, easier, more intelligent, and more measurable campaigns and make managing complex channels easy and repeatable.

    Top Drivers for Adopting Marketing Management Technologies

    Bar chart of top drivers for adopting marketing management technology. The first four bars are highlighted and the largest, they are labelled 'Campaign Measurement & Effectiveness', 'Execute Multi-channel Campaigns', 'Shorten Marketing Campaign Cycle', and 'Reduce Manual Campaign Creation'.
    (Source: Info-Tech Research Group; N=23)

    The key drivers for MMS are business-related, not IT-related. However, this does not mean that there are no benefits to IT. In fact, the IT department will see numerous benefits, including time and resource savings. Further, not having an MMS creates more work for your IT department. IT must serve as a valued partner for selection and implementation.

    Additional benefits to IT driven by MMS

    Marketing management suites are ideal for large organizations with multiple product lines in complex marketing environments. IT is often more centralized than its counterparts in the business, making it uniquely positioned to encourage greater coordination by helping the business units understand the shared goals and the benefits of working together to roll out suites for marketing workflow management, intelligence, and channel management.

    Cross-Segmentation Additional Revenue Generation Real-Time Capabilities Lead Growth/ Conversion Rate
    Business Value
    • Share resources between brands and product lines.
    • Increase database size with populated client data.
    • Track customer lifetime value.
    • Increase average deal size.
    • Decrease time to execute campaigns.
    • Decrease lead acquisition costs while collecting higher quality leads.
    • Improve retention rates.
    • Reduce cost to serve.
    • Increase customer retention due to effective service.
    • Higher campaign and response rates.
    • Track, measure, and prove the value of marketing activities.
    • Broaden reach through social channels.
    IT Value
    • Reduce reliance on IT for routine tasks such as list creation and data cleansing.
    • Free up IT resources for the sectors of the business where the ROI is greatest.
    • Reduce need for IT to cleanse, modify, or merge data lists because most suites include CRM connectors.
    • Reduce need for constant customization on status reports on lead value and campaign success.

    Info-Tech Insight

    Don’t forget that MMS technologies deliver on the overarching suite value proposition: a robust solution within one integrated offering. Without an MMS in play, organizations in need of this functionality are forced to piece together point solutions (or ad hoc management). This not only increases costs but also is an integration nightmare for IT.

    Step 1.2: Structure the project

    1.1

    1.2

    1.3

    Understand the MMS MarketStructure the ProjectGather MMS Requirements

    This step will walk you through the following activities:

    • Determine if you are ready to kick off the MMS selection project.
    • Align project goals with CXM strategy and business goals.

    This step involves the following participants:

    • Core project team
    • Project manager
    • Project sponsor

    Outcomes of this step

    • Assurance that you have completed adequate preparation, obtained stakeholder and sponsor buy-in, secured sufficient resources, and completed strategy and planning activities to move forward with selection.
    • An approach to remedy organizational readiness to prepare for MMS selection.
    • An understanding of stakeholder goals.

    Identify the scope and purpose of your MMS selection process

    Vendor Profiles icon

    Sample Project Overview

    [Organization] plans to select and implement a marketing management suite in order to introduce better campaign management to the business’ processes. This procurement and implementation of an MMS tool will enable the business to improve the efficiency and effectiveness of marketing campaign execution.

    This project will oversee the assessment and shortlisting of MMS vendors, selection of an MMS tool, the configuration of the solution, and the implementation of the technology into the business environment.

    Rationale Behind the Project

    Consider the business drivers behind the interest in MMS technology.

    Be specific to business units impacted and identify key considerations (both opportunities and risks).

    Business Drivers

    • Organizational productivity
    • Customer satisfaction
    • Marketing management costs
    • Risk management

    Info-Tech Insights

    Creating repeatable and streamlined marketing processes is a common overarching business objective that is driven by multiple factors. To ensure this objective is achieved, confirm that the primary drivers are following the implementation of the first automated marketing channels.

    Activity: Understand your business’ goals for MMS by parsing your formal CXM strategy

    Associated Activity icon 1.2.1 1 hour

    INPUT: Stakeholder user stories

    OUTPUT: Understanding of ideal outcomes from MMS implementation

    MATERIALS: Whiteboard and marker or sticky notes

    PARTICIPANTS: Project sponsor, Project stakeholders, Business analysts, Business unit reps

    Instructions

    1. Outline the purpose of the future MMS tool and the drivers behind this business decision with the project’s key stakeholders.
    2. Document plans to ensure that these drivers are taken into consideration and realized following implementation. Example:
      Improve Reduce/Eliminate KPIs
      Multichannel marketing Duplication of effort Number of customer interaction channels supported
      Social integration Process inefficiencies Number of social signals received (likes, shares, etc.)

    If you do not have a well-defined CXM strategy, leverage Info-Tech’s research to Build a Strong Technology Foundation for Customer Experience Management.

    Understanding marketing suites

    Vendor Profiles icon

    This blueprint focuses on complete, integrated marketing management suites

    An integrated suite is a single product that is designed to assist with multiple marketing processes. Information from these suites is deeply connected to the core CRM. Changing a piece of information for one process will update all affected.

    'MMS' surrounded by its integrated processes, including 'Marketing Operations Management', 'Breadth of Channel Support', 'Marketing Asset Management', etc.

    Understanding marketing point solutions

    Vendor Profiles icon

    A point solution typically interfaces with a single customer interaction channel with minimal CRM integration.

    Why use a marketing point solution?

    1. A marketing point solution is a standalone application used to manage a unique process.
    2. Point solutions can be implemented and updated relatively quickly.
    3. They cost less than full-feature, integrated marketing suites.
    4. Some point solutions integrate with CRM platforms or MMS platforms.

    Refer to Phase 2 for a bird’s-eye view of the point solution marketplace.

    Marketing Point Solutions

    • Twitter Analytics
    • Search Engine Optimization
    • Customer Portals
    • Livechat
    • Marketing Attribution
    • Demand Side Platform

    Determine if MMS is right for your organization

    Vendor Profiles icon

    Adopt an MMS if:

    1. Your organization is actively pursuing a multichannel marketing strategy, particularly if its marketing campaigns are complex and multifaceted, involving consumer-specific conditional messaging.
    2. Your enterprise serves a high volume of customers and marketing needs extend to formally managing budgets and resources, lead generation and segmentation, and measuring channel effectiveness.
    3. Your organizations has multiple product lines and is interested in increasing cross-sale opportunities.

    Bypass an MMS if:

    • Your organization does not participate in multichannel campaigns and is primarily using email or web channels to generate leads. You may find the advanced features and capabilities of an MMS to be overkill and should consider lead marketing automation (LMA) or email marketing services first.
    • You are a small to midsize business (SMB) with a limited budget or fewer than five marketing professionals. Don’t buy what you don’t need; organizations with fewer than five people in the marketing department are unlikely to need an MMS.
    • Sales generation is not a priority for the business or a primary goal for the marketing department.

    Info-Tech Insight

    Using an MMS is ideal for organizations with multiple brands and product portfolios (e.g. consumer packaged goods). Ad hoc management and email marketing services are best for small organizations with a client base that requires only bare bones engagement.

    Determine if you are ready to kick off your MMS selection and implementation project

    Supporting Tool icon 1.2.2 MMS Readiness Assessment Checklist
    Use Info-Tech’s MMS Readiness Assessment Checklist to determine if your organization has sufficient process and campaign maturity to warrant the investment in a consolidated marketing management suite.

    Sections of the Tool:

    1. Goals & Objectives
    2. Project Team
    3. Current State Understanding
    4. Future State Vision
    5. Business Process Improvement
    6. Project Metrics
    7. Executive Sponsorship
    8. Stakeholder Buy-In & Change Management
    9. Risk Management
    10. Cost & Budget

    INFO-TECH DELIVERABLE

    Sample of Info-Tech's MMS Readiness Assessment Checklist.

    Complete the MMS Readiness Assessment Checklist by following the instructions in Activity 1.2.3.

    Activity: Determine if you are ready to kick off your MMS selection project

    Associated Activity icon 1.2.3 30 minutes

    INPUT: MMS foundation, MMS strategy

    OUTPUT: Readiness remediation approach, Validation of MMS project readiness

    MATERIALS: Info-Tech’s MMS Readiness Assessment Checklist

    PARTICIPANTS: Project sponsor, Core project team

    Instructions

    1. Download the MMS Readiness Assessment Checklist.
    2. Review Section 1 of the checklist with the core project team and/or project sponsor, item by item. For completed items, tick the relative checkbox.
    3. Once the whole checklist has been reviewed, document all incomplete items in the table under Section 1 in the first table column (“Incomplete Readiness Item”).
    4. For each incomplete item, use your discretion to determine whether its completion is critical in preparation for MMS selection and implementation. This may vary given the complexity of your MMS project. If the item is critical to the project, indicate this with “Y” in the second column (“Criticality (Y/N)”).
    5. For each critical item, reflect on the barriers that have prevented or are preventing its completion. Possible barriers include incomplete task dependencies, low value-to-effort determination, lack of organizational knowledge or resources, pressure of deadlines, etc. Document these barriers in the third column (“Barriers to Completion”).
    6. Based on the barriers determined in Step 5, determine a remediation approach for each item. Document the approach in the fourth column (“Remediation Approach”).
    7. For each remediation activity, designate a due date and remediation owner. Document this in the fifth column (“Due Date & Owner”).
    8. Carry out the remediation of critical tasks and return to this blueprint to kickstart your selection and implementation project.

    Step 1.3: Gather MMS requirements

    1.1

    1.2

    1.3

    Understand the MMS MarketStructure the ProjectGather MMS Requirements

    This step will walk you through the following activities:

    • Understand your MMS use case.
    • Elicit and capture your MMS requirements.
    • Prioritize your solution requirements.

    This step involves the following participants:

    • Core project team
    • Project manager
    • Business analysts
    • Procurement subject-matter experts (SMEs)

    Outcomes of this step

    • Project alignment with MMS market use case.
    • Inventory of categorized and prioritized MMS business requirements.

    Understand the dominant use-case scenarios for MMS across organizations

    Vendor Profiles icon

    USE CASES

    While an organization may be product- or service-centric, most fall into one of the three use cases described on this slide.

    1) Marketing Automation

    Workflow Management

    Managing complex marketing campaigns and building and tracking marketing workflows are the mainstay responsibilities of brand managers and other senior marketing professionals. In this category, we evaluated vendors that provide marketers with comprehensive tools for marketing campaign automation, workflow building and tracking, lead management, and marketing resource planning for campaigns that need to reach a large segment of customers.

    Omnichannel Management

    The proliferation of marketing channels has created significant challenges for many organizations. In this use case, we executed a special evaluation of vendors that are well suited for the intricacies of juggling multiple channels, particularly mobile, social, and email marketing.

    2) Marketing Intelligence

    Sifting through data from a myriad of sources and coming up with actionable intelligence and insights remains a critical activity for marketing departments, particularly for market researchers. In this category, we evaluated solutions that aggregate, analyze, and visualize complex marketing data from multiple sources to allow decision makers to execute informed decisions.

    3) Social Marketing

    The proliferation of social networks, customer data, and use cases has made ad hoc social media management challenging. In this category we evaluated vendors that bring uniformity to an organization’s social media capabilities and contribute to a 360-degree customer view.

    Activity: Understand which type of MMS you need

    Associated Activity icon 1.3.1 30 minutes

    INPUT: Use-case breakdown

    OUTPUT: Project use-case alignments

    Materials: Whiteboard, markers

    Participants: Project manager, Core project team (optional)

    Instructions

    1. Familiarize your team with Info-Tech’s MMS use-case breakdown from the previous slide.
    2. Determine which use case is best aligned with your organization’s MMS project objectives. If you need assistance with this, consider the relevance of the cases studies and statements on the following slides.
    3. If your team agrees with most or all statements under a given use case, this indicates strong alignment towards that use case. It is possible for an organization to align with more than one use case. Your use-case alignment will guide you in creating a vendor shortlist later in this project.

    Use Info-Tech’s vendor research and use-case scenarios to support your organization’s vendor analysis

    The use-case view of vendor and product performance provides multiple opportunities for vendors to fit into your application architecture depending on their product and market performance. The use cases selected are based on market research and client demand.

    Determining your use case is crucial for:

    1. Selecting an application that is the right fit
    2. Establishing a business case for MMS

    The following slides illustrate how the three most common use cases (marketing automation, marketing intelligence, and social marketing) align with business needs. As shown by the case studies, the right MMS can result in great benefits to your organization.

    Use-case alignment and business need

    Vendor Profiles icon

    Marketing Automation

    Marketing Need Manage customer experience across multiple channels Manage multiple campaigns simultaneously Integrate web-enabled devices (IoT) into marketing campaigns Run and track email marketing campaigns
    A line of arrows pointing down.
    Corresponding Feature End-to-end management of email marketing Visual workflow editor Customer journey mapping Business rules engine A/B tracking

    The Portland Trail Blazers utilize an MMS to amplify their message with marketing automation technology

    CASE STUDY

    Industry: Entertainment | Source: Marketo

    Challenge

    The Portland Trail Blazers, an NBA franchise, were looking to expand their appeal beyond the city of Portland and into the greater Pacific Northwest Region.

    The team’s management group also wanted to showcase the full range of events that were hosted in the team’s multipurpose stadium.

    The Trail Blazers were looking to engage fans in a more targeted fashion than their CRM allowed for. Ultimately, they hoped to move from “batch and blast” email campaigns to an automated and targeted approach.

    Solution

    The Trail Blazers implemented an MMS that allowed it to rapidly build different types of campaigns. These campaigns could be executed across a variety of channels and target multiple demographics at various points in the fan journey.

    Contextual ads were implemented using the marketing suite’s automated customer journey mapping feature. Targeted ads were served based on a fan’s location in the journey and interactions with the Trail Blazers’ online collateral.

    Results

    The automated campaigns led to a 75% email open rate, which contributed to a 96% renewal rate for season ticket holders – a franchise record.

    Other benefits resulting from the improved conversion rate included an increased cohesion between the Trail Blazers’ marketing, analytics, and ticket sales operations.

    Use-case alignment and business need

    Vendor Profiles icon

    Marketing Intelligence

    Marketing Need Capture marketing- and customer-related data from multiple sources Analyze large quantities of marketing data Visualize marketing-related data in a manner that is easy for decision makers to consume Perform trend and predictive analysis
    A line of arrows pointing down.
    Corresponding Feature Integrate data across customer segments Analysis through machine learning Assign attributers to unstructured data Displays featuring data from external sources Create complex customer data visualizations

    Chico’s FAS uses marketing intelligence to drive customer loyalty

    CASE STUDY

    Industry: Retail | Source: SAS

    Challenge

    Women’s apparel retailer Chico’s FAS was looking to capitalize on customer data from in-store and online experiences.

    Chico’s hoped to consolidate customer data from multiple online and brick-and-mortar retail channels to get a complete view of the customer.

    Doing so would satisfy Chico’s need to create more highly segmented, cost-effective marketing campaigns

    Solution

    Chico’s selected an MMS with strong marketing intelligence, analysis, and data visualization capability.

    The MMS could consolidate and analyze customer and transactional information. The suite’s functionality enabled Chico’s marketing team to work directly with the data, without help from statisticians or IT staff.

    Results

    The approach to marketing indigence led to customers getting deals on products that were actually relevant to them, increasing sales and brand loyalty.

    Moreover, the time it took to perform data consolidation decreased dramatically, from 17 hours to two hours, allowing the process to be performed daily instead of weekly.

    Use-case alignment and business need

    Vendor Profiles icon

    Social Marketing

    Marketing Need Understand customers' likes and dislikes Manage and analyze social media channels like Facebook and Twitter Foster a conversation around specific products Engage international audiences through regional messaging apps
    A line of arrows pointing down.
    Corresponding Feature Social listening capabilities Tools for curating customer community content Ability to aggregate social data Integration with popular social networks Ability to conduct trend reporting

    Bayer leverages MMS technology to cultivate a social presence

    CASE STUDY

    Industry: Life Sciences | Source: Adobe

    Challenge

    Bayer, a Fortune 500 health and life sciences company, was looking for a new way to communicate its complex medical breakthroughs to the general public.

    The decision was made to share the science behind its products via social channels in order to generate excitement.

    Bayer needed tools to publish content across a variety of social media platforms while fostering conversations that were more focused on the science behind products.

    Solution

    Based on the requirements, Bayer decided that an MMS would be the best fit.

    After conducting a market scan, the company selected an MMS with a comprehensive social media suite.

    The suite included tools for social listening and moderation and tools to guide conversations initiated by both marketers and customers.

    Results

    The MMS provided Bayer with the toolkit to engage its audience.

    Bayer took control of the conversation about its products by serving potential customers with relevant video content on social media.

    Its social strategy coupled with advanced engagement tools resulted in new business opportunities and more than 65,000 views on YouTube and more than 87,000 Facebook views in a single month.

    Leverage Info-Tech’s requirements gathering framework to serve as the basis for capturing your MMS requirements

    An important step in selecting an MMS that will have widespread user adoption is creating archetypal customer personas. This will enable you to talk concretely about them as consumers of the application you select and allow you to build buyer scenarios around them.
    REQUIREMENTS GATHERING
    Info-Tech’s requirements gathering framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework ensures that the application created will capture the needs of all stakeholders and deliver business value. Develop and right-size a proven standard operating procedure for requirements gathering with Info-Tech’s blueprint Build a Strong Approach to Business Requirements Gathering.
    Stock photo of a Jenga tower with title: Build a Strong Approach to Business Requirements Gathering
    KEY INPUTS TO MMS REQUIREMENTS GATHERING
    Requirements Gathering Methodology

    Sample of Requirements Gathering Blueprint.

    Requirements Gathering Blueprint Slide 25: Understand the best-practice framework for requirements gathering for enterprise applications projects.

    Requirements Gathering SOP

    Sample of Requirements Gathering Blueprint.

    Requirements Gathering Blueprint Activities 1.2.2-1.2.5, 2.1.1, 2.1.2, 3.1.1, 3.2.1, 4.1.1-4.1.3, 4.2.2: Consolidate outputs to right-size a best-practice SOP for your organization.

    Project Level Selection Tool

    Sample of Requirements Gathering Blueprint.

    Requirements Gathering Blueprint Activity 1.2.4: Determine project-level selection guidelines to inform the due diligence required in your MMS requirements gathering.

    Activity: Elicit and capture your MMS requirements

    Associated Activity icon 1.3.2 Varies

    INPUT: MMS tool user expertise, MMS Requirements Picklist Tool

    OUTPUT: A list of needs from the MMS tool user perspective

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: MMS users in the organization, MMS selection committee

    Instructions

    1. Identify stakeholders for the requirements gathering exercise. Consider holding one-on-one sessions or large focus groups with key stakeholders or the project sponsor to gather business requirements for an MMS.
    2. Use the MMS Requirements Picklist Tool as a starting point for conducting the requirements elicitation session(s).
    3. Begin by reading the instructions in the template and then move to the “Requirements” worksheet. Read each defined requirement in the worksheet and indicate in the “Requirement Status” column whether the requirement is a “Must,” “High,” or “Low.” Confirming the status is an important part of the exercise. The status will help filter vendors for final selection later on in the process.
    4. Decide whether additional requirements are necessary by asking the MMS tool users. If so, add the requirements to the bottom of the “Requirements” worksheet and indicate their “Requirement Status.”

    Download the MMS Requirements Picklist Tool to help with completing this activity.

    Show the measurable benefits of MMS with metrics

    The return on investment (ROI) and perceived value of the organization’s marketing solution will be a critical indication of the likelihood of success of the suite’s selection and implementation.

    EXAMPLE
    METRICS

    MMS and Technology Adoption

    Marketing Performance Metrics
    Average revenue gain per campaign Quantity and quality of marketing insights
    Average time to execute a campaign Customer acquisition rates
    Savings from automated processes Marketing cycle times
    User Adoption and Business Feedback Metrics
    User satisfaction feedback User satisfaction survey with the technology
    Business adoption rates Application overhead cost reduction

    Info-Tech Insight

    Even if marketing metrics are difficult to track right now, the implementation of an MMS brings access to valuable customer intelligence from data that was once kept in silos.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of an Info-Tech analyst.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.2.1

    Sample of activity 1.2.1 'Understand your business' goals for MMS by parsing your formal CXM strategy'. Align the CXM strategy value proposition to MMS capabilities

    Our facilitator will help your team identify the IT CXM strategy and marketing goals. The analyst will then work with the team to map the strategy to technological drivers available in the MMS market.

    1.3.2

    Sample of activity 1.3.2 'Elicit and capture your MMS requirements'. Define the needs of MMS users

    Our facilitator will work with your team to identify user requirements for the MMS Requirements Picklist Tool. The analyst will facilitate a discussion with your team to prioritize identified requirements.

    Select a Marketing Management Suite

    PHASE 2

    Shortlist Marketing Management Suites

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Shortlist Marketing Management Suites

    Proposed Time to Completion: 1-3 months
    Step 2.1: Analyze and Shortlist MMS Vendors
    Start with an analyst kick-off call:
    • Review requirements gathering findings.
    • Review the MMS market space.
    Then complete these activities…
    • Review vendor profiles and analysis.
    • Weigh the evaluation criteria’s importance in product capabilities and vendor characteristics.
    • Shortlist MMS vendors.
    With these tools & templates:
    Phase 2 Results:
    • Shortlist of MMS tools

    Phase 2 milestones

    Launch the MMS Project and Collect Requirements — Phase 1

    • Understand the MMS market space.
    • Assess organizational and project readiness for MMS selection.
    • Structure your MMS selection and implementation project by refining your MMS roadmap.
    • Align organizational use-case fit with market use cases.
    • Collect, prioritize, and document MMS requirements.

    Shortlist MMS Tool — Phase 2

    • Review MMS market leaders and players within your aligned use case.
    • Review MMS vendor profiles and capabilities.
    • Shortlist MMS vendors based on organizational fit.

    Select an MMS — Phase 3

    • Submit request for proposal (RFP) to shortlisted vendors.
    • Evaluate vendor responses and develop vendor demonstration scripts.
    • Score vendor demonstrations and select the final product.

    Step 2.1: Analyze and shortlist MMS vendors

    2.1

    Analyze and Shortlist MMS Vendors

    This step will walk you through the following activities:

    • Review MMS vendor landscape.
    • Take note of relevant point solutions.
    • Shortlist vendors for the RFP process.

    This step involves the following participants:

    • Core project team

    Outcomes of this step

    • Understanding of Info-Tech’s use-case scenarios for MMS: marketing automation, marketing intelligence, and social marketing.
    • Familiarity with the MMS vendor landscape.
    • Shortlist of MMS vendors for RFP process.

    Familiarize yourself with the MMS market: How it got here

    Vendor Profiles icon

    Loosely Tied Together

    Originally the sales and marketing enterprise application space was highly fragmented, with disparate best-of-breed point solutions patched together. Soon after, vendors in the late 1990s started bundling automation technologies into a single suite offering. Marketing capabilities of CRM suites were minimal at best and often restricted to web and email only.

    Limited to Large Enterprises

    Many vendors started to combine all marketing tools into a single, comprehensive marketing suite, but cost and complexity limited them to large enterprises and marketing agencies.

    Best-of-breed solutions targeting new channels and new goals, like closed-loop sales and marketing, continued driving new marketing software genres, like dedicated lead management suites.

    In today’s volatile business environment, judgment built from past experience is increasingly unreliable. With consumer behaviors in flux, once-valid assumptions (e.g. ‘older consumers don’t use Facebook or send text messages’) can quickly become outdated.” (SAS Magazine)

    Info-Tech Insight

    As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating. Some features, like basic CRM integration, have become table stakes capabilities. Focus on advanced analytics features and omnichannel integration capabilities to get the best fit for your requirements.

    Familiarize yourself with the MMS market: Where it’s going

    Vendor Profiles icon

    AI and Machine Learning

    Vendors are beginning to offer AI capabilities across MMS for data-driven customer engagement scoring and social listening insights. Machine learning capability is being leveraged to determine optimal customer journey and suggest next steps to users.

    Marketplace Fragmentation

    The number of players in the marketing application space has grown exponentially. The majority of these new vendors offer point solutions rather than full-blown marketing suites. Fragmentation is leading to tougher choices when looking to augment an existing platform with specific functionality.

    Improving Application Integration

    MMS vendors are fostering deeper integrations between their marketing products and core CRM products, leading to improved data hygiene. At the same time, vendors are improving flexibility in the marketing suite so that new channels can be added easily.

    Greater Self-Service

    Vendors have an increased emphasis on application usability. Their goal is to enable marketers to execute campaigns without relying on specialists.

    There’s a firehose of customer data coming at marketers today, and with more interconnected devices emerging (wearables, smart watches, etc.), cultivating a seamless customer experience is likely to grow even more challenging.

    Building out a data-driven marketing strategy and technology stack that enables you to capture behaviors across channels is key.” (IBM, Ideas for Exceeding Customer Expectations)

    Review Info-Tech’s vendor profiles of the MMS market to identify vendors that meet your requirements

    Vendors & Products Evaluated

    Vendor logos including 'Adobe', 'ORACLE', and 'IBM'.

    VENDOR PROFILES

    Review the MMS Vendor Evaluation

    Large icon of a descending bar graph for vendor profiles title page.

    Table stakes are the minimum standard; without these, a product doesn’t even get reviewed

    Vendor Profiles icon

    TABLE STAKES

    Feature Table Stake Functionality
    Basic Workflow Automation Simple automation of common marketing tasks (e.g. handling inbound leads).
    Basic Channel Integration Integration with minimum two or more marketing channels (e.g. email and direct mail).
    Customizable User Interface A user interface that can be changed and optimized to users’ preferences. This includes customizable dashboards for displaying relevant marketing metrics.
    Basic Mobile UX Accessible from a mobile device in some fashion.
    Cloud Compatibility Able to offer integration within pre-existing or proprietary cloud server. Many vendors only have SaaS products.

    What does this mean?

    The products assessed in these vendor profiles meet, at the very least, the requirements outlined as table stakes.

    Many of the vendors go above and beyond the outlined table stakes; some even do so in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here.

    Info-Tech Insight

    If table stakes are all you need from your MMS, determine whether your existing CRM platform already satisfies your requirements. Otherwise, dig deeper to find the best price-to-value ratio for your needs.

    Take a holistic approach to vendor and product evaluation

    Almost – or equally – as important as evaluating vendor feature capabilities is the need to evaluate vendor viability and non-functional aspects of the MMS. Include an evaluation of the following criteria in your vendor scoring methodology:

    Vendor Attribute Description
    Vendor Stability and Variability The vendor’s proven ability to execute on constant product improvement, deliberate strategic direction, and overall commitment to research and development efforts in responding to emerging trends.
    Security Model The potential to integrate the application to existing security models and the vendor's approach to handling customer data.
    Deployment Style The choice to deploy a single or multi-tenant SaaS environment via a perpetual license.
    Ease of Customization The relative ease with which a system can be customized to accommodate niche or industry-specific business or functional needs.
    Vendor Support Options The availability of vendor support options, including selection consulting, application development resources, implementation assistance, and ongoing support resources.
    Size of Partner Ecosystem The quantity of enterprise applications and third-party add-ons that can be linked to the MMS, as well as the number of system integrators available.
    Ease of Data Integration The relative ease with which the system can be integrated with an organization’s existing application environment, including legacy systems, point solutions, and other large enterprise applications.

    Info-Tech Insight

    Evaluate vendor capabilities, not just product capabilities. An MMS is typically a long-term commitment; ensure that your organization is teaming up with a vendor or provider that you feel you can work well with and depend on.

    Advanced features are the capabilities that allow for granular differentiation of market players and use-case performance

    Vendor Profiles icon

    Evaluation Methodology

    These product features were assessed as part of the classification of vendors into use cases. In determining use-case leaders and players, select features were considered based on best alignment with the use case.

    Feature Advanced Functionality
    Advanced Campaign Management End-to-end marketing campaign management: customer journey mapping, campaign initiation, monitoring, and dynamic reporting and adjustment.
    Marketing Asset Management Content repository functionality (or tight ECM integration) for marketing assets and campaign collateral (static, multimedia, e-commerce–related, etc.).
    Marketing Analytics
    • Predictive analytics; machine learning; capabilities for data ingestion and visualization across various marketing research/marketing intelligence categories (demographic, psychographic, etc.).
    • Data segmentation; drill-down ability to assign attributes to unstructured data; ability to construct complex customer/competitive data visualizations from segmented data.
    Breadth of Channel Support Ability to support and manage a wide range of marketing channels (e-commerce, SEO/SEM, paid advertising, email, traditional [print, multimedia], etc.).
    Marketing Workflow Management Visual workflow editors and business rules engine creation.

    Advanced features are the capabilities that allow for granular differentiation of market players and use-case performance

    Vendor Profiles icon

    Evaluation Methodology

    These product features were assessed as part of the classification of vendors into use cases. In determining use-case leaders and players, select features were considered based on best alignment with the use case.

    Feature Advanced Functionality
    Community Marketing Management Branded customer communities (e.g. community support forums) and DMB/DSP.
    Email Marketing Automation End-to-end management of email marketing: email templates, email previews, spam testing, A/B tracking, multivariate testing, and email metrics tracking.
    Social Marketing Ability to integrate with popular social media networks and manage social properties and to aggregate and analyze social data for trend reporting.
    Mobile Marketing Ability to manage SMS, push, and mobile application marketing.
    Marketing Operations Management Project management tools for marketers (timelines, performance indicators, budgeting/resourcing tools, etc.).

    Use the information in the MMS vendor profiles to streamline your vendor analysis process

    Vendor Profiles icon This section includes profiles of the vendors evaluated against the previously outlined framework.
    Review the use-case scenarios relevant to your organization’s use case to identify a vendor’s fit to your organization’s MMS needs.
    • L = Use-case leader
    • P = Use-case player
    Three column headers: 'Marketing Automation', 'Marketing Intelligence', and 'Social Media Marketing'.
    Understand your organization’s size and whether it falls within the product’s market focus.
    • Large enterprise: 2,000+ employees and revenue of $250M+
    • Small-medium enterprise: 30-2,000 employees and revenue of $25M-$250M
    Column header 'MARKET FOCUS' with row headers 'Small-Medium' and 'Large Enterprise'.
    Review the differentiating features to identify where the application performs best. A list of features.
    Colors signify a feature’s performance. A key for color-coding: Blue - 'Best of Breed', Green - 'Present: Competitive Strength', Yellow-Green - 'Present: Competitive Parity', Yellow - 'Semi-Present', Grey - 'Absent'.

    Adobe Marketing Cloud

    Vendor Profiles icon
    Logo for Adobe. FUNCTIONAL SPOTLIGHT

    Creative Cloud Integration: To make for a more seamless cross-product experience, projects can be sent between Marketing Cloud and Creative Cloud apps such as Photoshop and After Effects.

    Sensei: Adobe has revamped its machine learning and AI platform in an effort to integrate AI into all of its marketing applications. Sensei includes data from Microsoft in a new partnership program.

    Anomaly Detection: Adobe’s Anomaly Detection contextualizes data and provides a statistical method to determine how a given metric has changed in relation to previous metrics.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    L

    L

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Adobe’s goal with Marketing Cloud is to help businesses provide customers with cohesive, seamless experiences by surfacing customer profiles in relevant situations quickly. Adobe Marketing Cloud has traditionally been used in the B2C space but has seen an increase in B2C use cases driven by the finance and technology sectors. FEATURES
    Color-coded ranking of each feature for Adobe.
    Employees (2018): 17,000 Presence: Global Founded: 1982 NASDAQ: ADBE

    HubSpot

    Vendor Profiles icon

    Logo for Hubspot.FUNCTIONAL SPOTLIGHT

    Content Optimization System (COS): The fully integrated system stores assets and serves them to their designated channels at relevant times. The COS is integrated into HubSpot's marketing platform.

    Email Automation: HubSpot provides basic email that can be linked to a specific part of an organization’s marketing funnel. These emails can also be added to pre-existing automated workflows.

    Email Deliverability Tool: HubSpot identifies HTML or content that will be flagged by spam filters. It also validates links and minimizes email load times.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    P

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Hubspot’s primary focus has been on email marketing campaigns. It has put effort into developing solid “click not code” email marketing capabilities. Also, Hubspot has an official integration with Salesforce for expanded operations management and analytics capabilities. FEATURES
    Color-coded ranking of each feature for Hubspot.
    Employees (2018): 1,400 Presence: Global Founded: 2006 NYSE: HUBS

    IBM Marketing Cloud

    Vendor Profiles icon

    Logo for IBM.FUNCTIONAL SPOTLIGHT

    Watson: IBM is leveraging its popular Watson AI brand to generate marketing insights for automated campaigns.

    Weather Effects: Set campaign rules based on connections between weather conditions and customer behavior relative to zip code made by Watson.

    Real-Time Personalization: IBM has made efforts to remove campaign interaction latency and optimize live customer engagement by acting on information about what customers are doing in the current moment.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    L

    L

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    IBM has remained ahead of the curve by incorporating its well-known AI technology throughout Marketing Cloud. The application’s integration with the wide array of IBM products makes it a powerful tool for users already in the IBM ecosystem. FEATURES
    Color-coded ranking of each feature for IBM.
    Employees (2018): 380,000 Presence: Global Founded: 1911 NYSE: IBM

    Marketo

    Vendor Profiles icon

    Logo for Marketo.FUNCTIONAL SPOTLIGHT

    Content AI: Marketo has leveraged its investments in machine learning to intelligently fetch marketing assets and serve them to customers based on their interactions with a campaign.

    Email A/B Testing: To improve lead generation from email campaigns, Marketo features the ability to execute A/B testing for customized campaigns.

    Partnership with Google: Marketo is now hosted on Google’s cloud platform, enabling it to provide support for larger enterprise clients and improve GDPR compliance.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    P

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Marketo has strong capabilities for lead management but has recently bolstered its analytics capabilities. Marketo is hoping to capture some of the analytics application market share by offering tools with varying complexity and to cater to firms with a wide range of analytics needs. FEATURES
    Color-coded ranking of each feature for Marketo.
    Employees (2018): 1,000 Presence: Global Founded: 2006 Private Corporation

    Oracle Marketing Cloud

    Vendor Profiles icon

    Logo for Oracle.FUNCTIONAL SPOTLIGHT

    Data Visualization: To make for a more seamless cross-product experience, marketing projects can be sent between Marketing Cloud and Creative Cloud apps such as Dreamweaver.

    ID Graph: Use ID Graph to unite disparate data sources to form a singular profile of leads, making the personalization and contextualization of campaigns more efficient.

    Interest-Based Messaging: Pause a campaign to update a segment or content based on aggregated customer activity and interaction data.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    P

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Oracle Marketing Cloud is known for its balance between campaigns and analytics products. Oracle has taken the lead on expanding its marketing channel mix to include international options such as WeChat. Users already using Oracle’s CRM/CEM products will derive the most value from Marketing Cloud. FEATURES
    Color-coded ranking of each feature for Oracle.
    Employees (2018): 138,000 Presence: Global Founded: 1977 NYSE: ORCL

    Salesforce Marketing Cloud

    Vendor Profiles icon

    Logo for Salesforce Marketing Cloud.FUNCTIONAL SPOTLIGHT

    Einstein: Salesforce is putting effort into integrating AI into all of its applications. The Einstein AI platform provides marketers with predictive analytics and insights into customer behavior.

    Mobile Studio: Salesforce has a robust mobile marketing offering that encompasses SMS/MMS, in-app engagement, and group messaging platforms.

    Journey Builder: Salesforce created Journey Builder, which is a workflow automation tool. Its user-friendly drag-and-drop interface makes it easy to automate responses to customer actions.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    L

    P

    L

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Salesforce Marketing Cloud is primarily used by organizations in the B2C space. It has strong Sales Cloud CRM integration. Pardot is positioning itself as a tool for sales teams in addition to marketers. FEATURES
    Color-coded ranking of each feature for Salesforce Marketing Cloud.
    Employees (2018): 1,800 Presence: Global Founded: 2000 NYSE: CRM

    Salesforce Pardot

    Vendor Profiles icon

    Logo for Salesforce Pardot.FUNCTIONAL SPOTLIGHT

    Engagement Studio: Salesforce is putting marketing capabilities in the hands of sales reps by giving them access to a team email engagement platform.

    Einstein: Salesforce’s Einstein AI platform helps marketers and sales reps identify the right accounts to target with predictive lead scoring.

    Program Steps: Salesforce developed a distinct own workflow building tool for Pardot. Workflows are made of “Program Steps” that have the functionality to initiate campaigns based on insights from Einstein.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    P

    -

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    Pardot is Salesforce’s B2B marketing solution. Pardot has focused on developing tools that enable sales teams and marketers to work in lockstep in order to achieve lead-generation goals. Pardot has deep integration with Salesforce’s CRM and customer service management products. FEATURES
    Color-coded ranking of each feature for Salesforce Pardot.
    Employees (2018): 1,800 Presence: Global Founded: 2000 NYSE: CRM

    SAP Hybris Marketing

    Vendor Profiles icon

    Logo for SAP.FUNCTIONAL SPOTLIGHT

    CMO Dashboard: The specialized dashboard is aimed at providing overviews for the executive level. It includes the ability to coordinate marketing activities and project budgets, KPIs, and timelines.

    Loyalty Management: SAP features in-app tools to manage campaigns specifically geared toward customer loyalty with digital coupons and iBeacons.

    Customer Segmentation: SAP’s predictive capabilities dynamically suggest relevant customer profiles for new campaigns.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    L

    P

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    SAP Hybris Marketing Cloud optimizes marketing strategies in real time with accurate attribution and measurements. SAP’s operations management capabilities are robust, including the ability to view consolidated data streams from ongoing marketing plans, performance targets, and budgets. FEATURES
    Color-coded ranking of each feature for SAP.
    Employees (2018): 84,000 Presence: Global Founded: 1972 NYSE: SAP

    SAS Marketing Intelligence

    Vendor Profiles icon

    Logo for SAS.FUNCTIONAL SPOTLIGHT

    Activity Map: A user-friendly workflow builder that can be used to execute campaigns. Multiple activities can be simultaneously A/B tested within the Activity Map UI. The outcome of the test can automatically adjust the workflow.

    Spots: A native digital asset manager that can store property that is part of existing and future campaigns.

    Viya: A framework for fully integrating third-party data sources into SAS Marketing Intelligence. Viya assists with pairing on-premises databases with a cloud platform for use with the SAS suite.

    USE-CASE PERFORMANCE
    Marketing
    Automation
    Marketing
    Intelligence
    Social
    Marketing

    P

    L

    MARKET FOCUS
    Small-Medium
    Large Enterprise
    SAS has been a leading BI and analytics provider for more than 35 years. Rooted in statistical analysis of data, SAS products provide forward-looking strategic insights. Organizations that require extensive customer intelligence capabilities and the ability to “slice and dice” segments should have SAS on their shortlist. FEATURES
    Color-coded ranking of each feature for SAS.
    Employees (2018): 14,000 Presence: Global Founded: 1976 Private Corporation

    Consider alternative MMS vendors not included in Info-Tech’s vendor profiles

    Info-Tech evaluated only a portion of vendors in the MMS market. In order for a vendor to be included in this landscape, the company needed to meet three baseline criteria:
    1. Our clients must be talking about the solution.
    2. Our analysts must believe the solution will play well within the evaluation.
    3. The vendor must meet table stakes criteria.
    Below is a list of notable vendors in the space that did not meet all of Info-Tech’s inclusion requirements.

    Additional vendors in the MMS market:

    Logo for act-on. Logo for SharpSpring.

    See the next slides for suggested point solutions.

    Leverage Info-Tech’s WXM and SMMP vendor landscapes to select platforms that fit with your CXM strategy

    Web experience management (WXM) and social media management platforms (SMMP) act in concert with your MMS to execute complex campaigns.

    Social Media Management

    Info-Tech’s SMMP selection guide enables you to find a solution that satisfies your objectives across marketing, sales, public relations, HR, and customer service. Create a unified framework for driving successful implementation and adoption of your SMMP that fully addresses CRM and marketing automation integration, end-user adoption, and social analytics with Info-Tech’s blueprint Select and Implement a Social Media Management Platform.

    Stock image with the title Select and Implement a Social Media Management Platform.
    Web Experience Management

    Info-Tech’s approach to WXM ensures you have the right suite of tools for web content management, experience design, and web analytics. Put your best foot forward by conducting due diligence as the selection project advances. Ensure that your organization will see quick results with Info-Tech’s blueprint Select and Implement a Web Experience Management Solution.

    Stock image with the title Select and Implement a Web Experience Management Solution.

    POINT SOLUTION PROFILES

    Review this cursory list of point solutions by use case

    Consider point solutions if a full suite is not required

    Large icon of a target for point solution profiles title page.

    Consider point solutions if a full suite is not required

    Email Marketing

    Logos of companies for Email Marketing including MailChimp and emma.

    Consider point solutions if a full suite is not required

    Search Engine Optimization (SEO)

    Logos of companies for Search Engine Optimization including SpyFu and SerpStat.

    Consider point solutions if a full suite is not required

    Demand-Side Platform (DSP)

    Logos of companies for Demand-Side Platform including MediaMath and rocketfuel.

    Consider point solutions if a full suite is not required

    Customer Portal Software

    Logos of companies for Customer Portal Software including LifeRay and lithium.

    Select a Marketing Management Suite

    PHASE 3

    Select Vendor and Communicate Decision to Stakeholders

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Plan Your MMS Implementation

    Proposed Time to Completion: 2 weeks
    Step 3.1: Select Your MMS Step 3.2: Communicate the Decision to Stakeholders
    Start with an analyst kick-off call:
    • Review the MMS shortlist.
    • Discuss how to link RFP questions and demo script scenarios to gathered requirements.
    Review findings with analyst:
    • Review the alignment between MMS capability and the business’ CXM strategy.
    • Discuss how to present the decision to stakeholders.
    Then complete these activities…
    • Build a vendor response template.
    • Evaluate RFP responses from vendors.
    • Build demo scripts and set up product demonstrations.
    • Establish evaluation criteria.
    • Select MMS product and vendor.
    Then complete these activities…
    • Present decision rationale to stakeholders.
    With these tools & templates:
    • MMS Request for Proposal Template
    • MMS Vendor Demo Script
    With these tools & templates:
    • MMS Selection Executive Presentation Template
    Phase 3 Results
    • Select an MMS that meets requirements and is approved by stakeholders.

    Phase 3 milestones

    Launch the MMS Project and Collect Requirements — Phase 1

    • Understand the MMS market space.
    • Assess organizational and project readiness for MMS selection.
    • Structure your MMS selection and implementation project by refining your MMS roadmap.
    • Align organizational use-case fit with market use cases.
    • Collect, prioritize, and document MMS requirements.

    Shortlist MMS Tool — Phase 2

    • Review MMS market leaders and players within your aligned use case.
    • Review MMS vendor profiles and capabilities.
    • Shortlist MMS vendors based on organizational fit.

    Select an MMS — Phase 3

    • Submit request for proposal (RFP) to shortlisted vendors.
    • Evaluate vendor responses and develop vendor demonstration scripts.
    • Score vendor demonstrations and select the final product.

    Step 2.1: Analyze and shortlist MMS vendors

    3.1

    3.2

    Select Your MMS Communicate Decision to Stakeholders

    This step will walk you through the following activities:

    • Build a response template to standardize potential vendor responses and streamline your evaluation process.
    • Evaluate the RFPs you receive with a clear scoring process and evaluation framework.
    • Build a demo script to evaluate product demonstrations by vendors.
    • Select your solution.

    This step involves the following participants:

    • Core project team
    • Procurement SMEs
    • Project sponsor

    Outcomes of this step

    • Completed MMS RFP vendor response template
    • Completed MMS demo script(s)
    • Established product and vendor evaluation criteria
    • Final MMS selection

    Activity: Shortlist vendors for the RFP process

    Associated Activity icon 3.1.1 30 minutes

    INPUT: Organizational use-case fit

    OUTPUT: MMS vendor shortlist

    Materials: Info-Tech’s MMS use cases, Info-Tech’s vendor profiles, Whiteboard, markers

    Participants: Core project team

    Instructions

    1. Collectively with the core project team, determine any knock-out criteria for shortlisting MMS vendors. For example, if your team is executing on a strategy that favors mobile deployment, vendors who do not have a mobile offering may be off the table.
    2. Based on the results in Activity 1.3.2, write a longlist of vendors. In most cases, this list will consist of all the vendors that fall into your organization’s use-case scenario. If your organization fits into more than one use case (e.g. your organization has both product-centric and service-centric MMS needs), look for the overlap of vendors between the use cases.
    3. Review the profiles of the vendors that fall into your use-case scenario. Based on your knock-out criteria established in Step 1, eliminate any vendors as applicable.
    4. Finalize and record your shortlist of MMS vendors.

    Use Info-Tech’s MMS Request for Proposal Template to document and communicate your requirements to vendors

    Supporting Tool icon 3.1.2 MMS Request for Proposal Template

    Use the MMS Request for Proposal Template as a step-by-step guide on how to request interested vendors to submit written proposals that meet your set of requirements.

    If interested in bidding for your project, vendors will respond with a description of the techniques they would employ to address your organizational challenges and meet your requirements, along with a plan of work and detailed budget for the project.

    The RFP is an important piece of setting and aligning your expectations with the vendors’ product offerings. Make sure to address the following elements in the RFP:

    Sections of the Tool:

    1. Statement of work
    2. General information
    3. Proposal preparation instructions
    4. Scope of work, specifications, and requirements
    5. Vendor qualifications and references
    6. Budget and estimated pricing
    7. Additional terms and conditions
    8. Vendor certification

    INFO-TECH DELIVERABLE

    Sample of Info-Tech's MMS Request Proposal Template.

    Complete the MMS Request for Proposal Template by following the instructions in Activity 3.1.3.

    Activity: Create an RFP to submit to MMS vendors

    Associated Activity icon 3.1.3 1-2 hours

    INPUT: Business requirements document, Procurement procedures

    OUTPUT: MMS RFP

    Materials: Internal RFP tools or templates (if available), Info-Tech’s MMS Request for Proposal Template (optional)

    Participants: Procurement SMEs, Project manager, Core project team (optional)

    Instructions

    1. Download Info-Tech’s MMS Request for Proposal Template or prepare internal best-practice RFP tools.
    2. Build your RFP:
      1. Complete the statement of work and general information sections to provide organizational context to your longlisted vendors.
      2. Outline the organization’s procurement instructions for vendors, including due diligence, assessment criteria, and dates.
      3. Input the business requirements document as created in Activity 1.3.2.
      4. Create a scenario overview to provide vendors with an opportunity to give an estimate price.
    3. Obtain approval for your RFP. Each organization has a unique procurement process; follow your own organization’s process as you submit your RFPs to vendors. Ensure compliance with your organization’s standards and gain approval for submitting your RFP.

    Establish vendor evaluation criteria

    Vendor demonstrations are an integral part of the selection process. Having clearly defined selection criteria will help with setting up relevant demos as well as inform the vendor scorecards.

    EXAMPLE EVALUATION CRITERIAPie chart indicating the weight of each 'Vendor Evaluation Criteria': 'Functionality, 30%', 'Ease of Use, 25%', 'Cost, 15%', 'Vendor, 15%', and 'Technology, 15%'.
    Functionality (30%)
    • Breadth of capability
    • Tactical capability
    • Operational capability
    Ease of Use (25%)
    • End-user usability
    • Administrative usability
    • UI attractiveness
    • Self-service options
    Cost (15%)
    • Maintenance
    • Support
    • Licensing
    • Implementation (internal and external costs)
    Vendor (15%)
    • Support model
    • Customer base
    • Sustainability
    • Product roadmap
    • Proof of concept
    • Implementation model
    Technology (15%)
    • Configurability options
    • Customization requirements
    • Deployment options
    • Security and authentication
    • Integration environment
    • Ubiquity of access (mobile)

    Info-Tech Insight

    Base your vendor evaluations not on the capabilities of the solutions but instead on how the solutions align with your organization’s process automation requirements and considerations.

    Vendor demonstrations

    Examine how the vendor’s solution performs against your evaluation framework.

    What is the value of a vendor demonstration?

    Vendor demonstrations create a valuable opportunity for your organization to confirm that the vendor’s claims in the RFP are actually true.

    A display of the vendor’s functional capabilities and its execution of the scenarios given in your demo script will help to support your assessment of whether a vendor aligns with your MMS requirements.

    What should be included in a vendor demonstration?

    1. Vendor’s display of its solution for the scenarios provided in the demo script.
    2. Display of functional capabilities of the tool.
    3. Briefing on integration capabilities.

    Activity: Invite top performing vendors for product demonstrations

    Associated Activity icon 3.1.4 1-2 hours

    INPUT: Business requirements document, Logistical considerations, Usage scenarios by functional area

    OUTPUT: MMS demo script

    Materials: Info-Tech’s MMS Vendor Demo Script

    Participants: Procurement SMEs, Core project team

    Instructions

    1. Have your evaluation team (selected at the onset of the project) present to evaluate each vendor’s presentation. In some cases you may choose to bring in a subject matter expert (SME) to evaluate a specific area of the tool.
    2. Outline the logistics of the demonstration in the Introduction section of the template. Be sure to outline the total length of the demo and the amount of time that should be dedicated to the following:
      • Product demonstration in response to the demo script
      • Showcase of unique product elements, not reflective of the demo script
      • Question and answer session
      • Breaks and other potential interruptions
    3. Provide prompts for the vendor to display the capabilities by listing and describing usage scenarios by functional area. For example, when asking a vendor to demo financial and accounting management capabilities, you may break scenarios out by task (e.g. general ledger, accounts payable) or user role (e.g. finance manager, administrator).

    Info-Tech Insight

    Challenge vendor project teams during product demonstrations. Asking the vendor to make adjustments or customizations on the fly will allow you to get an authentic feel of product capability and flexibility, as well as of the degree of adaptability of the vendor project team. Ask the vendor to demonstrate how to do things not listed in your user scenarios, such as change system visualizations or design, change underlying data, add additional datasets, demonstrate analytics capabilities, or channel specific automation.

    Use Info-Tech’s MMS Vendor Demo Script template to set expectations for vendor product demonstration

    Vendor Profiles icon MMS Vendor Demo Script

    Customize and use Info-Tech’s MMS Vendor Demo Script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.

    This tool assists with outlining logistical considerations for the demo itself and the scenarios with which the vendors should script their demonstration.

    Sections of the Tool:

    1. Introduction
    2. Demo scenarios by functional area

    Info-Tech Best Practice

    Avoid providing vendors with a rigid script for product demonstration; instead, provide user scenarios. Part of the value of a vendor demonstration is the opportunity to assess whether or not the vendor project team has a solid understanding of your organization’s MMS challenges and requirements and can work with your team to determine the best solution possible. A rigid script may result in your inability to assess whether the vendor will adjust for and scale with your project and organization as a technology partner.

    INFO-TECH DELIVERABLE

    Sample of Info-Tech's MMS Vendor Demo Script.

    Use the MMS Vendor Demo Script by following the instructions in Activity 3.1.4.

    Leverage Info-Tech’s vendor selection and negotiation models as the basis for a streamlined MMS selection process

    Design a procurement process that is robust, ruthless, and reasonable. Rooting out bias during negotiation is vital to making unbiased vendor selections.

    Vendor Selection

    Info-Tech’s approach to vendor selection gets you to design a procurement process that is robust, ruthless, and reasonable. This approach enables you to take control of vendor communications. Implement formal processes with an engaged team to achieve the right price, the right functionality, and the right fit for the organization with Info-Tech's blueprint Implement a Proactive and Consistent Vendor Selection Process.

    Stock image with the title Implement a Proactive and Consistent Vendor Selection Process.
    Vendor Negotiation

    Info-Tech’s SaaS negotiation strategy focuses on taking control of implementation from the beginning. The strategy allows you to work with your internal stakeholders to make sure they do not team up with the vendor instead of you. Reach an agreement with your vendor that takes into account both parties’ best interests with Info-Tech’s blueprint Negotiate SaaS Agreements That Are Built to Last.

    Stock image with the title Negotiate SaaS Agreements That Are Built to Last.

    Step 3.2: Communicate decision to stakeholders

    3.1

    3.2

    Select Your MMS Communicate Decision to Stakeholders

    This step will walk you through the following activities:

    • Collect project rationale documentation.
    • Create a presentation to communicate your selection decision to stakeholders.

    This step involves the following participants:

    • Core project team
    • Procurement SMEs
    • Project sponsor
    • Business stakeholders
    • Relevant management

    Outcomes of this step

    • Completed MMS Selection Executive Presentation Template
    • Affirmation of MMS selection by stakeholders

    Inform internal stakeholders of the final decision

    Ensure traceability from the selected tool to the needs identified in the first phase. Internal stakeholders must understand the reasoning behind the final selection and see the alignment to their defined requirements and needs.

    Document the selection process to show how the selected tool aligns to stakeholder needs:

    A large arrow labelled 'Application Benefits', underlaid beneath two smaller arrows labelled 'MMS stakeholder needs' and 'MMS technology needs', all pointing to the right.

    Documentation will assist with:

    1. Adopting the selected MMS.
    2. Demonstrating that proper due diligence was performed during the selection process.
    3. Providing direct traceability between the selected applications and internal stakeholder needs.

    Activity: Prepare a presentation deck to communicate the selection process and decision to internal stakeholders

    Associated Activity icon 3.2.1 1 week

    INPUT: MMS tool selection committee expertise

    OUTPUT: Decision to invest or not invest in an MMS tool

    Materials: Note-taking materials, Whiteboard or flip chart, markers

    Participants: MMS tool selection committee

    Instructions

    1. Download Info-Tech’s MMS Selection Executive Presentation Template.
    2. Read the instructions on slide 2 of the template. Then, on slide 3, decide if any portion of the selection process should be removed from the communication. Discuss with the team and make adjustments to slide 3 as necessary.
    3. Work with the MMS selection committee to populate the slides that remain after the adjustments. Follow the instructions on each slide to help complete the content.
    4. Refer to the square brackets on each slide (e.g. [X.X]) to identify the activity numbers in this storyboard that correspond to the slide in the MMS Selection Executive Presentation Template. Use the outputs produced from the corresponding activities in this deck and populate each slide in the MMS Selection Executive Presentation Template.
    5. Use the completed template to present to internal stakeholders.

    Info-Tech Insight

    Documenting the process of how the selection decision was made will avoid major headaches down the road. Without a documented process, internal stakeholders and even vendors can challenge and discredit the selection process.

    Vendor participation

    Vendors Who Briefed with Info-Tech Research Group

    Logos of vendors who participated in this blueprint: Salesforce Pardot, SAS, Adobe, Marketo, and Salesforce Marketing Cloud.

    Professionals Who Contributed to Our Evaluation and Research

    • Sara Camden, Digital Change Agent, Equifax
    • Caren Carrasco, Lifecycle Marketing and Automation, Benjamin David Group
    • 10 anonymous contributors participated in the vendor briefings

    Works cited

    Adobe Systems Incorporated. “Bayer builds understanding, socially.” Adobe.com, 2017. Web.

    IBM Corporation, “10 Key Marketing Trends for 2017.” IBM.com, 2017. Web.

    Marketo, Inc. “The Definitive Guide to Marketing Automation.” Marketo.com, 2013. Web.

    Marketo, Inc. “NBA franchise amplifies its message with help from Marketo’s marketing automation technology.” Marketo.com, 2017. Web.

    Salesforce Pardot. “Marketing Automation & Your CRM: The Dynamic Duo.” Pardot.com, 2017. Web.

    SAS Institute Inc. “Marketing Analytics: How, why and what’s next.” SAS Magazine, 2013. Web.

    SAS Institute Inc. “Give shoppers offers they’ll love.” SAS.com, 2017. Web.

    Tech Trend Update: If Biosecurity Then Autonomous Edge

    • Buy Link or Shortcode: {j2store}99|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    COVID-19 has created new risks to physical encounters among workers and customers. New biosecurity processes and ways to effectively enforce them – in the least intrusive way possible – are required to resume these activities.

    Our Advice

    Critical Insight

    New biosecurity standards will be imposed on many industries, and the autonomous edge will be part of the solution to manage that new reality.

    Impact and Result

    There are some key considerations for businesses considering new biosecurity measures:

    1. If prevention, then ID-based access control
    2. If intervention, then alerts based on data
    3. If investigation, then contact tracing

    Tech Trend Update: If Biosecurity Then Autonomous Edge Research & Tools

    Tech Trend Update: If Biosecurity Then Autonomous Edge

    Understand how new biosecurity requirements could affect your business and why AI at the edge could be part of the solution.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Tech Trend Update: If Biosecurity Then Autonomous Edge Storyboard
    [infographic]

    Select and Implement an IT PPM Solution

    • Buy Link or Shortcode: {j2store}440|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $125,999 Average $ Saved
    • member rating average days saved: 29 Average Days Saved
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • The number of IT project resources and the quantity of IT projects and tasks can no longer be recorded, prioritized, and tracked using non-commercial project portfolio management (PPM) solutions.
    • Your organization has attained a moderate level of PPM maturity.
    • You have sufficient financial and technical resources to purchase a commercial PPM solution.
    • There is a wide variety of commercial PPM solutions; different kinds of PPM solutions are more appropriate for organizations of a certain size and a certain PPM maturity level than others.

    Our Advice

    Critical Insight

    • Implementations of PPM solutions are often unsuccessful resulting in wasted time and resources; failing to achieve sustainable adoption of the tool is a widespread pain point.
    • The costs of PPM solutions do not end after the implementation and subscription invoices are paid. Have realistic expectations about the time required to use and maintain PPM solutions to ensure success.
    • PPM solutions help PMOs serve the organization’s core decision makers. Success depends on improved service to these stakeholders.

    Impact and Result

    • Using Info-Tech’s Vendor Landscape and PPM solution use cases, you will be able to make sense of the diversity of PPM solutions available in today’s market and choose the most appropriate solution for your organization’s size and level of PPM maturity.
    • Info-Tech’s blueprint for a PPM solution selection and implementation project will provide you with a variety of tools and templates.
    • A carefully planned out and executed selection and implementation process will help ensure your organization can maximize the value of your project portfolio and will allow the PMO to improve portfolio stakeholder satisfaction.

    Select and Implement an IT PPM Solution Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement a commercial PPM solution, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch the PPM solution project and collect requirements

    Create a PPM solution selection and implementation project charter and gather your organizations business and technical requirements.

    • Select and Implement a PPM Solution – Phase 1: Launch the PPM Solution Project and Collect Requirements
    • PPM Solution Project Charter Template
    • PPM Implementation Work Breakdown Structure
    • PPM Solution Requirements Gathering Tool
    • PPM Solution Cost-of-Use Estimation Tool
    • PPM Solution RFP Template
    • PPM Solution Success Metrics Workbook
    • PPM Solution Use-Case Fit Assessment Tool

    2. Select a PPM solution

    Select the most appropriate PPM solution for your organization by using Info-Tech’s PPM solution Vendor Landscape and use cases to help you create a vendor shortlist, produce an RFP, and establish evaluation criteria for ranking your shortlisted solutions.

    • Select and Implement a PPM Solution – Phase 2: Select a PPM Solution
    • PPM Vendor Shortlist & Detailed Feature Analysis Tool
    • PPM Solution Vendor Response Template
    • PPM Solution Evaluation & RFP Scoring Tool
    • PPM Solution Vendor Demo Script

    3. Plan the PPM solution implementation

    Plan a PPM solution implementation that will result in long-term sustainable adoption of the tool and that will allow the PMO to meet the needs of core project portfolio stakeholders.

    • Select and Implement a PPM Solution – Phase 3: Plan the PPM Solution Implementation
    [infographic]

    Workshop: Select and Implement an IT PPM Solution

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch the PPM Solution Project and Gather Requirements

    The Purpose

    Create a PPM solution selection and implementation project charter.

    Gather the business and technical requirements for the PPM solution.

    Establish clear and measurable success criteria for your PPM solution project.

    Key Benefits Achieved

    Comprehensive project plan

    Comprehensive and organized record of the various PPM solution requirements

    A record of PPM solution project goals and criteria that can be used in the future to establish the success of the project

    Activities

    1.1 Brainstorm, refine, and prioritize your PPM solution needs

    1.2 Stakeholder identification exercise

    1.3 Project charter work session

    1.4 Requirements gathering work session

    1.5 PPM solution success metrics workbook session

    Outputs

    High-level outline of PPM solution requirements

    Stakeholder consultation plan

    A draft project charter and action plan to fill in project charter gaps

    A draft requirements workbook and action plan to fill in requirement gathering gaps

    A PPM project success metrics workbook that can be used during and after the project

    2 Select a PPM Solution

    The Purpose

    Identify the PPM solutions that are most appropriate for your organization’s size and level of PPM maturity.

    Create a PPM solution and vendor shortlist.

    Create a request for proposal (RFP).

    Create a PPM solution scoring and evaluation tool.

    Key Benefits Achieved

    Knowledge of the PPM solution market and the various features available

    An informed shortlist of PPM vendors

    An organized and focused method for evaluating the often long and complex responses to the RFP that vendors provide

    The groundwork for an informed and defensible selection of a PPM solution for your organization

    Activities

    2.1 Assess the size of your organization and the level of PPM maturity to select the most appropriate use case

    2.2 PPM solution requirements and criteria ranking activity

    2.3 An RFP working session

    2.4 Build an RFP evaluation tool

    Outputs

    Identification of the most appropriate use case in Info-Tech’s Vendor Landscape

    A refined and organized list of the core features that will be included in the RFP

    A draft RFP with an action plan to fill in any RFP gaps

    An Excel tool that can be used to compare and evaluate vendors’ responses to the RFP

    3 Prepare for the PPM Solution Implementation

    The Purpose

    To think ahead to the eventual implementation of the solution that will occur once the selection phase is completed

    Key Benefits Achieved

    An understanding of key insights and steps that will help avoid mistakes resulting in poor adoption or PPM solutions that end up producing little tangible value

    Activities

    3.1 Outline high-level implementation stages

    3.2 Organizational change management strategy session

    3.3 A PPM project success metrics planning session

    Outputs

    High-level implementation tasks and milestones

    A RACI chart for core implementation tasks

    A high-level PPM solution implementation organizational change management strategy

    A RACI chart for core organizational change management tasks related to the PPM solution implementation

    A PPM project success metrics schedule and plan

    Develop Meaningful Service Metrics

    • Buy Link or Shortcode: {j2store}399|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $20,308 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: Service Management
    • Parent Category Link: /service-management
    • IT organizations measure services from a technology perspective but rarely from a business goal or outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Our Advice

    Critical Insight

    • Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    • Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    • Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Impact and Result

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps.
    • Drive service improvement to maximize service value.
    • Validate performance improvements while quantifying and demonstrating business value.
    • Ensure service reporting aligns with end-user experience.
    • Achieve and confirm process and regulatory compliance.

    Which will translate into the following relationship gains:

    • Embed IT into business value achievement.
    • Improve the relationship between the business and IT.
    • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing).
    • Reinforce desirable actions and behaviors from both IT and the business.

    Develop Meaningful Service Metrics Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop meaningful service metrics, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop Meaningful Service Metrics – Executive Brief
    • Develop Meaningful Service Metrics – Phases 1-3

    1. Design the metrics

    Identify the appropriate service metrics based on stakeholder needs.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 1: Design the Metrics
    • Metrics Development Workbook

    2. Design reports and dashboards

    Present the right metrics in the most interesting and stakeholder-centric way possible.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 2: Design Reports and Dashboards
    • Metrics Presentation Format Selection Guide

    3. Implement, track, and maintain

    Run a pilot with a smaller sample of defined service metrics, then continuously validate your approach and make refinements to the processes.

    • Develop Meaningful Service Metrics to Ensure Business and User Satisfaction – Phase 3: Implement, Track, and Maintain
    • Metrics Tracking Tool
    [infographic]

    Workshop: Develop Meaningful Service Metrics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Metrics

    The Purpose

    Define stakeholder needs for IT based on their success criteria and identify IT services that are tied to the delivery of business outcomes.

    Derive meaningful service metrics based on identified IT services and validate that metrics can be collected and measured.

    Key Benefits Achieved

    Design meaningful service metrics from stakeholder needs.

    Validate that metrics can be collected and measured.

    Activities

    1.1 Determine stakeholder needs, goals, and pain points.

    1.2 Determine the success criteria and related IT services.

    1.3 Derive the service metrics.

    1.4 Validate the data collection process.

    1.5 Validate metrics with stakeholders.

    Outputs

    Understand stakeholder priorities

    Adopt a business-centric perspective to align IT and business views

    Derive meaningful business metrics that are relevant to the stakeholders

    Determine if and how the identified metrics can be collected and measured

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics

    2 Design Reports and Dashboards

    The Purpose

    Determine the most appropriate presentation format based on stakeholder needs.

    Key Benefits Achieved

    Ensure the metrics are presented in the most interesting and stakeholder-centric way possible to guarantee that they are read and used.

    Activities

    2.1 Understand the different presentation options.

    2.2 Assess stakeholder needs for information.

    2.3 Select and design the metric report.

    Outputs

    Learn about infographic, scorecard, formal report, and dashboard presentation options

    Determine how stakeholders would like to view information and how the metrics can be presented to aid decision making

    Select the most appropriate presentation format and create a rough draft of how the report should look

    3 Implement, Track, and Maintain Your Metrics

    The Purpose

    Run a pilot with a smaller sample of defined service metrics to validate your approach.

    Make refinements to the implementation and maintenance processes prior to activating all service metrics.

    Key Benefits Achieved

    High user acceptance and usability of the metrics.

    Processes of identifying and presenting metrics are continuously validated and improved.

    Activities

    3.1 Select the pilot metrics.

    3.2 Gather data and set initial targets.

    3.3 Generate the reports and validate with stakeholders.

    3.4 Implement the service metrics program.

    3.5 Track and maintain the metrics program.

    Outputs

    Select the metrics that should be first implemented based on urgency and impact

    Complete the service intake form for a specific initiative

    Create a process to gather data, measure baselines, and set initial targets

    Establish a process to receive feedback from the business stakeholders once the report is generated

    Identify the approach to implement the metrics program across the organization

    Set up mechanism to ensure the success of the metrics program by assessing process adherence and process validity

    Further reading

    Develop Meaningful Service Metrics

    Select IT service metrics that drive business value.

    ANALYST PERSPECTIVE

    Are you measuring and reporting what the business needs to know?

    “Service metrics are one of the key tools at IT’s disposal in articulating and ensuring its value to the business, yet metrics are rarely designed and used for that purpose.

    Creating IT service metrics directly from business and stakeholder outcomes and goals, written from the business perspective and using business language, is critical to ensuring that the services that IT provides are meeting business needs.

    The ability to measure, manage, and improve IT service performance in relation to critical business success factors, with properly designed metrics, embeds IT in the value chain of the business and ensures IT’s focus on where and how it enables business outcomes.”

    Valence Howden,
    Senior Manager, CIO Advisory
    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:
    • CIO
    • IT VPs
    This Research Will Help You:
    • Align business/IT objectives (design top-down or outside-in)
    • Significantly improve the relationship between the business and IT aspects of the organization
    • Reinforce desirable actions and behaviors
    This Research Will Also Assist:
    • Service Level Managers
    • Service Owners
    • Program Owners
    This Research Will Help Them
    • Identify unusual deviations from the normal operating state
    • Drive service improvement to maximize service value
    • Validate the value of performance improvements while quantifying and demonstrating benefits realization

    Executive summary

    Situation

    • IT organizations measure services from a technology perspective yet rarely measure services from a business goal/outcome perspective.
    • Most organizations do a poor job of identifying and measuring service outcomes over the duration of a service’s lifecycle – never ensuring the services remain valuable and meet expected long-term ROI.

    Complication

    • IT organizations have difficulty identifying the right metrics to demonstrate the value of IT services to the business in tangible terms.
    • IT metrics, as currently designed, reinforce division between the IT and business perspectives of service performance. They drive siloed thinking and finger-pointing within the IT structure, and prevent IT resources from understanding how their work impacts business value.

    Resolution

    • Our program enables IT to develop the right service metrics to tie IT service performance to business value and user experience.
    • Ensure the metrics you implement have immediate stakeholder value, reinforcing alignment between IT and the business while influencing behavior in the desired direction.
    • Make sure that your metrics are defined in relation to the business goals and drivers, ensuring they will provide actionable outcomes.

    Info-Tech Insight

    1. Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.
    2. Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.
    3. Poorly designed metrics drive unintended and unproductive behaviors, which have negative impacts on IT and produce negative service outcomes.

    Service metrics 101

    What are service metrics?

    Service metrics measure IT services in a way that relates to a business outcome. IT needs to measure performance from the business perspective using business language.

    Why do we need service metrics?

    To ensure the business cares about the metrics that IT produces, start with business needs to make sure you’re measuring the right things. This will give IT the opportunity talk to the right stakeholders and develop metrics that will meet their business needs.

    Service metrics are designed with the business perspective in mind, so they are fully aligned with business objectives.

    Perspectives Matter

    Different stakeholders will require different types of metrics. A CEO may require metrics that provide a snapshot of the critical success of the company while a business manager is more concerned about the performance metrics of their department.

    What are the benefits of implementing service metrics?

    Service metrics help IT communicate with the business in business terms and enables IT to articulate how and where they provide business value. Business stakeholders can also easily understand how IT services contribute to their success.

    The majority of CIOs feel metrics relating to business value and stakeholder satisfaction require significant improvement

    A significantly higher proportion of CIOs than CEOs feel that there is significant improvement necessary for business value metrics and stakeholder satisfaction reporting. Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Business Value Metrics'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    Stacked horizontal bar chart presenting survey results from CIOs and CXOs of 'Stakeholder Satisfaction Reporting'. Answer options are 'Effective', 'Some Improvement Necessary', 'Significant Improvement Necessary', and 'Not Required'.N=364

    (Source: Info-Tech CIO-CXO Alignment Diagnostic Survey)

    Meaningless metrics are a headache for the business

    A major pitfall of many IT organizations is that they often provide pages of technical metrics that are meaningless to their business stakeholders.

    1. Too Many MetricsToo many metrics are provided and business leaders don’t know what to do with these metrics.
    2. Metrics Are Too TechnicalIT provides technical metrics that are hard to relate to business needs, and methods of calculating metrics are not clearly understood, articulated, and agreed on.
    3. Metrics Have No Business ValueService metrics are not mapped to business goals/objectives and they drive incorrect actions or spend.
    When considering only CEOs who said that stakeholder satisfaction reporting needed significant improvement, the average satisfaction score goes down to 61.6%, which is a drop in satisfaction of 12%.

    A bar that says 73% dropping to a bar that says 61%. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)

    Poorly designed metrics hurt IT’s image within the organization

    By providing metrics that do not articulate the value of IT services, IT reinforces its role as a utility provider and an outsider to strategic decisions.

    When the CIOs believe business value metrics weren’t required, 50% of their CEOs said that significant improvements were necessary.

    Pie Chart presenting the survey results from CEOs regarding 'Business Value Metrics'. Description above.

    (Source: Info-Tech Research Group CIO-CXO Alignment Diagnostic Survey)
    1. Reinforce the wrong behaviorThe wrong metrics drive us-against-them, siloed thinking within IT, and meeting metric targets is prioritized over providing meaningful outcomes.
    2. Do not reflect user experienceMetrics don’t align with actual business/user experience, reinforcing a poor view of IT services.
    3. Effort ≠ ValueInvesting dedicated resources and effort to the achievement of the wrong metrics will only leave IT more constrained for other important initiatives.

    Articulate meaningful service performance that supports the achievement of business outcomes

    Service metrics measure the performance of IT services and how they enable or drive the activity outcomes.

    A business process consists of multiple business activities. In many cases, these business activities require one or more supporting IT services.

    A 'Business Process' broken down to its parts, multiple 'Business Activities' and their 'IT Services'. For each business process, business stakeholders and their goals and objectives should be identified.

    For each business activity that supports the completion of a business process, define the success criteria that must be met in order to produce the desirable outcome.

    Identify the IT services that are used by business stakeholders for each business activity. Measure the performance of these services from a business perspective to arrive at the appropriate service metrics.

    Differentiate between different types of metrics

    Stakeholders have different goals and objectives; therefore, it is critical to identify what type of metrics should be presented to each stakeholder.

    Business Metrics

    Determine Business Success

    Business metrics are derived from a pure business perspective. These are the metrics that the business stakeholders will measure themselves on, and business success is determined using these metrics.

    Arrow pointing right.

    Service Metrics

    Manage Service Value to the Business

    Service metrics are used to measure IT service performance against business outcomes. These metrics, while relating to IT services, are presented in business terms and are tied to business goals.

    Arrow pointing right.

    IT Metrics

    Enable Operational Excellence

    IT metrics are internal to the IT organization and used to manage IT service delivery. These metrics are technical, IT-specific, and drive action for IT. They are not presented to the business, and are not written in business language.

    Implementing service metrics is a key step in becoming a service provider and business partner

    As a prerequisite, IT organizations must have already established a solid relationship with the business and have a clear understanding of its critical business-facing services.

    At the very least, IT needs to have a service-oriented view and understand the specific needs and objectives associated with each stakeholder.

    Visualization of 'Business Relationship Management' with an early point on the line representing 'Service Provider: Establish service-oriented culture and business-centric service delivery', and the end of the line being 'Strategic Partner'.

    Once IT can present service metrics that the business cares about, it can continue on the service provider journey by managing the performance of services based on business needs, determine and influence service demand, and assess service value to maximize benefits to the business.

    Which processes drive service metrics?

    Both business relationship management (BRM) and service level management (SLM) provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Business Relationship Management

    BRM works to understand the goals and objectives of the business and inputs them into the design of the service metrics.

    Service Metrics

    BRM leverages service metrics to help IT organizations manage the relationship with the business.

    BRM articulates and manages expectations and ensures IT services are meeting business requirements.

    Which processes drive service metrics?

    Both BRM and SLM provide inputs into and receive outputs from service metrics.

    Venn Diagram of 'Business Relationship Management', 'Service Metrics', and 'Service Level Management'.

    Service Level Management

    SLM works with the business to understand service requirements, which are key inputs in designing the service metrics.

    Service Metrics

    SLM leverages service metrics in overseeing the day-to-day delivery of IT services. It ensures they are provided to meet expected service level targets and objectives.

    Effective service metrics will deliver both service gains and relationship gains

    Effective service metrics will provide the following service gains:

    • Confirm service performance and identify gaps
    • Drive service improvement to maximize service value
    • Validate performance improvements while quantifying and demonstrating business value
    • Ensure service reporting aligns with end-user experience
    • Achieve and confirm process and regulatory compliance
        Which will translate into the following relationship gains:
        • Embed IT into business value achievement
        • Improve relationship between the business and IT
        • Achieve higher customer satisfaction (happier end users receiving expected service, the business is able to identify how things are really performing)
        • Reinforce desirable actions and behaviors from both IT and the business

    Don’t let conventional wisdom become your roadblock

    Conventional Wisdom

    Info-Tech Perspective

    Metrics are measured from an application or technology perspective Metrics need to be derived from a service and business outcome perspective.
    The business doesn’t care about metrics Metrics are not usually designed to speak in business terms about business outcomes. Linking metrics to business objectives creates metrics that the business cares about.
    It is difficult to have a metrics discussion with the business It is not a metrics/number discussion, it is a discussion on goals and outcomes.
    Metrics are only presented for the implementation of the service, not the ongoing outcome of the service IT needs to focus on service outcome and not project outcome.
    Quality can’t be measured Quality must be measured in order to properly manage services.

    Our three-phase approach to service metrics development

    Let Info-Tech guide you through your service metrics journey

    1

    2

    3

    Design Your Metrics Develop and Validate Reporting Implement, Track, and Maintain
    Sample of Phase 1 of Info-Tech's service metric development package, 'Design Your Metrics'. Sample of Phase 2 of Info-Tech's service metric development package, 'Develop and Validate Reporting'. Sample of Phase 3 of Info-Tech's service metric development package, 'Implement, Track, and Maintain'.
    Start the development and creation of your service metrics by keeping business perspectives in mind, so they are fully aligned with business objectives. Identify the most appropriate presentation format based on stakeholder preference and need for metrics. Track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    CIOs must actively lead the design of the service metrics program

    The CIO must actively demonstrate support for the service metrics program and lead the initial discussions to determine what matters to business leaders.

    1. Lead the initiative by defining the need
      Show visible support and demonstrate importance
    2. Articulate the value to both IT and the business
      Establish the urgency and benefits
    3. Select and assemble an implementation group
      Find the best people to get the job done
    4. Drive initial metrics discussions: goals, objectives, actions
      Lead brainstorming with senior business leaders
    5. Work with the team to determine presentation formats and communication methods
      Identify the best presentation approach for senior stakeholders
    6. Establish a feedback loop for senior management
      Solicit feedback on improvements
    7. Validate the success of the metrics
      Confirm service metrics support business outcomes

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Design

    Target Outcome

    Related Metrics

    The business is enabled to identify and improve service performance to their end customer # of improvement initiatives created based on service metrics
    $ cost savings/revenue generated due to actions derived from service metrics

    Procedure to validate the usefulness of IT metrics

    # / % of service metrics added/removed per year

    Alignment between IT and business objectives and processes Business’ satisfaction with IT

    Measure the success of your service metrics

    It is critical to determine if the designed service metrics are fulfilling their intended purpose. The process of maintaining the service metrics program and the outcomes of implementing service metrics need to be monitored and tracked.

    Validating Service Metrics Process

    Target Outcome

    Related Metrics

    Properly defined service metrics aligned with business goals/outcomes
    Easy understood measurement methodologies
    % of services with (or without) defined service metrics

    % of service metrics tied to business goals

    Consistent approach to review and adjust metrics# of service metrics adjusted based on service reviews

    % of service metrics reviewed on schedule

    Demonstrate monetary value and impact through the service metrics program

    In a study done by the Aberdeen Group, organizations engaged in the use of metrics benchmarking and measurement have:
    • 88% customer satisfaction rate
    • 60% service profitability
    • 15% increase in workforce productivity over the last 12 months

    Stock image of a silhouette of three people's head and shoulders.
    (Source: Aberdeen Group. “Service Benchmarking and Measurement.”)

    A service metric is defined for: “Response time for Business Application A

    The expected response time has not been achieved and this is visible in the service metrics. The reduced performance has been identified as having an impact of $250,000 per month in lost revenue potential.

    The service metric drove an action to perform a root-cause analysis, which identified a network switch issue and drove a resolution action to fix the technology and architect redundancy to ensure continuity.

    The fix eliminated the performance impact, allowing for recovery of the $250K per month in revenue, improved end-user confidence in the organization, and increased use of the application, creating additional revenue.

    Implementing and measuring a video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO interview and case material
    Situation

    The manufacturing business operates within numerous countries and requires a lot of coordination of functions and governance oversight. The company has monthly meetings, both regional and national, and key management and executives travel to attend and participate in the meetings.

    Complication

    While the meetings provide a lot of organizational value, the business has grown significantly and the cost of business travel has started to become prohibitive.

    Action

    It was decided that only a few core meetings would require onsite face-to-face meetings, and for all other meetings, the company would look at alternative means. The face-to-face aspect of the meetings was still considered critical so they focused on options to retain that aspect.

    The IT organization identified that they could provide a video conferencing service to meet the business need. The initiative was approved and rolled out in the organization.

    Result:

    IT service metrics needed to be designed to confirm that the expected value outcome of the implementation of video conferencing was achieved.

    Under the direction of the CIO, the business goals and needs driving use of the service (i.e. reduction in travel costs, efficiency, no loss of positive outcome) were used to identify success criteria and key questions to confirm success.

    With this information, the service manager was able to implement relevant service metrics in business language and confirmed an 80% adoption rate and a 95% success rate in term meetings running as expected and achieving core outcomes.

    Use these icons to help direct you as you navigate this research

    Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

    A small monochrome icon of a wrench and screwdriver creating an X.

    This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

    A small monochrome icon depicting a person in front of a blank slide.

    This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Develop meaningful service metrics to ensure business and user satisfaction

    1. Design the Metrics 2. Design Reports and Dashboards 3. Implement, Track, and Maintain
    Supporting Tool icon

    Best-Practice Toolkit

    1. Defining stakeholder needs for IT based on their success criteria
    2. Derive meaningful service metrics based on identified IT services and validate with business stakeholders
    3. Validate metrics can be collected and measured
    4. Determine calculation methodology
    1. Presentation format selected based on stakeholder needs and preference for information
    2. Presentation format validated with stakeholders
    1. Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    2. Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    3. Roll out the metrics implementation for a broader audience
    4. Establish roles and timelines for metrics maintenance

    Guided Implementations

    • Design metrics based on business needs
    • Validate the metrics
    • Select presentation format
    • Review metrics presentation design
    • Select and implement pilot metrics
    • Determine rollout process and establish maintenance/tracking mechanism
    Associated Activity icon

    Onsite Workshop

    Module 1:
    Derive Service Metrics From Business Goals
    Module 2:
    Select and Design Reports and Dashboards
    Module 3:
    Implement, Track, and Maintain Your Metrics to Ensure Success
    Phase 1 Outcome:
    • Meaningful service metrics designed from stakeholder needs
    Phase 2 Outcome:
    • Appropriate presentation format selected for each stakeholder
    Phase 3 Outcome:
    • Metrics implemented and process established to maintain and track program success

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.
    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Design the Metrics
    Determine Presentation Format and Implement Metrics
    Gather Service Level Requirements
    Monitor and Improve Service Levels

    Activities

    • 1.1 Determine stakeholder needs
    • 1.2 Determine success criteria and key performance indicators
    • 1.3 Derive metrics
    • 1.4 Validate the metric collection
    • 2.1 Discuss stakeholder needs/preference for data and select presentation format
    • 2.2 Select and design the metric report
    • Requirements
    • 3.1 Determine the business requirements
    • 3.2 Negotiate service levels
    • 3.3 Align operational level agreements (OLAs) and supplier contracts
    • 4.1 Conduct service report and perform service review
    • 4.2 Communicate service review
    • 4.3 Remediate issues using action plan
    • 4.4 Proactive prevention

    Deliverables

    1. Metrics Development Workbook
    1. Metrics Presentation Format Selection Guide
    2. Metrics Tracking Tool
    1. Service Level Management SOP
    2. Service Level Agreement
    1. Service Level Report
    2. Service Level Review
    3. Business Satisfaction Report

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 1

    Design the Metrics

    Step (1): Design the Metrics

    PHASE 1 PHASE 2 PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • CIO
    • Business Relationship Manager (BRM)
    • Service Level Manager (SLM)

    Outcomes of this step

    • Defined stakeholder needs for IT based on their success criteria
    • Identified IT services that are tied to the delivery of business outcomes
    • Derived meaningful service metrics based on identified IT services and validated with business stakeholders
    • Validated that metrics can be collected and measured
    • Determined calculation methodology

    Phase 1 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Design the Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 1.1: Design Metrics Step 1.2: Validate the Metrics
    Start with an analyst kick-off call:
    • Determine the stakeholder and their needs
    • Identify IT services that are tied to the delivery of business outcomes
    • Derive the service metrics
    Review findings with analyst:
    • For the selected metrics, identify the data source for collection
    • Validate whether or not the data can be created
    • Create a calculation method for the metrics
    Then complete these activities…
    • Using the methodology provided, identify additional stakeholders and map out their success criteria, including KPIs to determine the appropriate service metrics
    Then complete these activities…
    • Determine whether the designed metrics are measurable, and if so, how
    With these tools & templates:
    • Metrics Development Workbook
    With these tools & templates:
    • Metrics Development Workbook

    Design your service metrics – overview

    Figure representing 'CIO'. Step 1
    Derive your service metrics

    Metrics Worksheet

    Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate your metrics

    Metrics Worksheet

    Figures representing 'CIO', 'SLM', and/or 'BRM'. Step 3
    Confirm with stakeholders

    Metrics Tracking Sheet

    A star.

    Defined IT Service Metrics

    Deriving the right metrics is critical to ensuring that you will generate valuable and actionable service metrics.

    Derive your service metrics from business objectives and needs

    Service metrics must be designed with the business perspective in mind so they are fully aligned with business objectives.

    Thus, IT must start by identifying specific stakeholder needs. The more IT understands about the business, the more relevant the metrics will be to the business stakeholders.

    1. Who are your stakeholders?
    2. What are their goals and pain points?
    3. What do the stakeholders need to know?
    4. What do I need to measure?
    5. Derive your service metrics

    Derive your service metrics

    Supporting Tool icon 1.1 Metrics Development Workbook

    This workbook guides the development and creation of service metrics that are directly tied to stakeholder needs.

    This process will ensure that your service metrics are designed with the business perspective in mind so they are fully aligned with business objectives.

    1. Who are the relevant stakeholders?
    2. What are the goals and pain points of your stakeholders?
    3. What do the stakeholders need to know?
    4. What does IT need to measure?
    5. What are the appropriate IT metrics?

    Download the Metrics Development Workbook.

    Sample of Info-Tech's Metrics Development Workbook.

    Determine your stakeholders

    Supporting Tool icon 1.1 0.5 Hour

    Who are your stakeholders?

    1. Identify the primary stakeholders of your service metrics. Stakeholders are the people who have a very specific need to know about how IT services affect their business outcomes. Different stakeholders can have different perspective on the same IT service metric.Most often, the primary target of service metrics are the business stakeholders, e.g. VP of a business unit.
    2. Identify any additional stakeholders. The CIO is also a stakeholder since they are effectively the business relationship manager for the senior leaders.

    Video Conferencing Case Study
    Manufacturing company

    For this phase, we will demonstrate how to derive the service metrics by going through the steps in the methodology.

    At a manufacturing company, the CIO’s main stakeholder is the CEO, whose chief concern is to improve the financial position of the company.

    Identify goals and pain points of your stakeholders

    Supporting Tool icon 1.2 0.5 Hour

    What are their goals and pain points?

    1. Clearly identify each stakeholder’s business goals and outcomes. These would be particular business goals related to a specific business unit.
    2. Identify particular pain points for each business unit to understand what is preventing them from achieving the desirable business outcome.

    VC Case Study

    One of the top initiatives identified by the company to improve financial performance was to reduce expense.

    Because the company has several key locations in different states, company executives used to travel extensively to carry out meetings at each location.

    Therefore, travel expenses represent a significant proportion of operational expenses and reducing travel costs is a key goal for the company’s executives.

    What do the stakeholders need to know?

    Supporting Tool icon 1.3 0.5 Hour

    What do the stakeholders need to know?

    1. Identify the key things that the stakeholders would need to know based on the goals and pain points derived from the previous step.These are your success criteria and must be met to successfully achieve the desired goals.

    VC Case Study

    The CEO needs to have assurance that without executives traveling to each location, remote meetings can be as effective as in-person meetings.

    These meetings must provide the same outcome and allow executives to collaborate and make similar strategic decisions without the onsite, physical presence.

    Therefore, the success criteria are:

    • Reduced travel costs
    • Effective collaboration
    • High-quality meetings

    What do I need to measure?

    Supporting Tool icon 1.4 1 Hour

    What does IT need to measure?

    1. Identify the IT services that are leveraged to achieve the business goals and success criteria.
    2. Identify the users of those services and determine the nature of usage for each group of users.
    3. Identify the key indicators that must be measured for those services from an IT perspective.

    VC Case Study

    The IT department decides to implement the video conferencing service to reduce the number of onsite meetings. This technology would allow executives to meet remotely with both audio and video and is the best option to replicate a physical meeting.

    The service is initially available to senior executives and will be rolled out to all internal users once the initial implementation is deemed successful.

    To determine the success of the service, the following needs to be measured:

    1. Outcomes of VC meetings
    2. Quality of the VC meetings
    3. Reduction in travel expenses

    Derive service metrics

    Supporting Tool icon 1.5 0.5 Hour

    Derive your service metrics

    1. Derive the service metrics that are meaningful to business stakeholders based on the IT services and the key indicators identified in the previous steps.
    2. Distinguish between service metrics and business metrics. You may identify some business metrics in addition to the IT metrics, and although these are important, IT doesn’t own the process of tracking and reporting business metrics.

    VC Case Study

    In the previous step, IT identified that it must measure the outcomes of VC meetings, quality of the VC meetings, and the reduction in travel expenses. From these, the appropriate service metrics can be derived to answer the needs of the CEO.

    IT needs to measure:

    1. Percent of VC meetings successfully delivered
    2. Growth of number of executive meetings conducted via VC
    Outcomes

    IT also identified the following business metrics:

    1. Reduction in percent of travel expense/spend
    2. Reduction in lost time due to travel

    Validate your metrics

    Once appropriate service metrics are derived from business objectives, the next step is to determine whether or not it is viable to actually measure the metrics.

    Can you measure it? The first question IT must answer is whether the metric is measurable. IT must identify the data source, validate its ability to collect the data, and specify the data requirement. Not all metrics can be measured!
    How will you measure it? If the metric is measurable, the next step is to create a way to measure the actual data. In most cases, simple formulas that can be easily understood are the best approach.
    Define your actions Metrics must be used to drive or reinforce desirable outcomes and behaviors. Thus, IT must predetermine the necessary actions associated with the different metric levels, thresholds, or trends.

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Determine what data sources are available. Make sure that you know where the information you need is captured, or will need to be captured. This would include:
      • A ticket/request system
      • An auto discovery tool
      • A configuration management database ( CMDB)
    2. Confirm that IT has the ability to collect the information.
      • If the necessary data is already contained in an identified data source, then you can proceed.
      • If not, consider whether it’s possible to gather the information using current sources and systems.
      • Understand the constraints and cost/ROI to implement new technology or revise processes and data gathering to produce the data.

    VC Case Study

    Using the metric derived from the video conferencing service example, IT wants to measure the % of VC meetings successfully delivered.

    What are the data sources?

    • Number of VC meetings that took place
    • Number of service incidents
    • User survey

    Determine if you can measure the identified metric

    Supporting Tool icon 1.6 0.5 Hour

    INSTRUCTIONS

    1. Understand your data requirements
      • To produce relevant metrics from your data, you need to ensure the level of quality and currency that provides you with useful information. You need to define:
        • The level of detail that has to be captured to make the data useful.
        • The consistency of the data, and how it needs to be entered or gathered.
        • The accuracy of the data. This includes how current the data needs to be, how quickly changes have to be made, and how data quality will be verified.

    VC Case Study

    Data requirement for percent of successful VC meetings:

    • Level of detail – user category, location, date/time,
    • Consistency – how efficiently are VC-related incidents opened and closed? Is the data collected and stored consistently?
    • Accuracy – is the information entered accurately?

    Create the calculation to measure it

    Supporting Tool icon 1.7 0.5 Hour

    Determine how to calculate the metrics.

    INSTRUCTIONS
    1. Develop the calculations that will be used for each accepted metric. The measurement needs to be clear and straightforward.
    2. Define the scope and assumptions for each calculation, including:
      • The defined measurement period (e.g. monthly, weekly)
      • Exclusions (e.g. nonbusiness hours, during maintenance windows)

    VC Case Study

    Metric: Percent of VC meetings delivered successfully

    IT is able to determine the total number of VC meetings that took place and the number of VC service requests to the help desk.

    That makes it possible to use the following formula to determine the success percentage of the VC service:

    ((total # VC) – (# of VC with identified incidents)) / (total # VC) * 100

    Define the actions to be taken for each metric

    Supporting Tool icon 1.7 1.5 Hour

    INSTRUCTIONS

    Centered on the defined metrics and their calculations, IT can decide on the actions that should be driven out of each metric based on one of the following scenarios:
    • Scenario 1: Ad hoc remedial action and root-cause investigation. If the reason for the result is unknown, determining root cause or identifying trends is required to determine required actions.
    • Scenario 2: Predefined remedial action. A set of predetermined actions associated with different results. This is useful when the meaning of the results is clear and points to specific issues within the environment.
    • Scenario 3: Nonremedial action. The metrics may produce a result that reinforces or supports company direction and strategy, or identifies an opportunity that may drive a new initiative or idea.

    VC Case Study

    If the success rate of the VC meetings is below 90%, IT needs to focus on determining if there is a common cause and identify if this is a consistent downward trend.

    A root-cause analysis is performed that identifies that network issues are causing difficulties, impacting the connection quality and usability of the VC service.

    Validate the confirmed metrics with the business

    Supporting Tool icon 1.8 1 Hour

    INPUT: Selected service metrics, Discussion with the business

    OUTPUT: Validated metrics with the business

    Materials: Metrics with calculation methodology

    Participants: IT and business stakeholders, Service owners

    INSTRUCTIONS

    1. Once you have derived the appropriate metrics and established that the metrics are measurable, you must go back to the targeted stakeholders and validate that the selected metrics will provide the right information to meet their identified goals and success criteria.
    2. Add confirmed metrics to the Metrics Tracking Tool, in the Metrics Tracking Plan tab.
    Service Metric Corresponding
    Business Goal
    Measurement
    Method
    Defined Actions

    Example: Measuring the online banking service at a financial institution

    Who are IT’s stakeholders? The financial institution provides various banking solutions to its customers. Retail banking is a core service offered by the bank and the VP of retail banking is a major stakeholder of IT.
    What are their goals and pain points? The VP of retail banking’s highest priorities are to increase revenue, increase market share, and maintain the bank’s brand and reputation amongst its customers.
    What do they need to know? In order to measure success, the VP of retail banking needs to determine performance in attracting new clients, retaining clients, expanding into new territory, and whether they have increased the number of services provided to existing clients.
    What does IT need to measure? The recent implementation of an online banking service is a key initiative that will keep the bank competitive and help retail banking meet its goals. The key indicators of this service are: the total number of clients, the number of products per client, percent of clients using online banking, number of clients by segment, service, territory.
    Derive the service metrics Based on the key indicators, IT can derive the following service metrics:
    1. Number of product applications originated from online banking
    2. Customer satisfaction/complaints
    As part of the process, IT also identified some business metrics, such as the number of online banking users per month or the number of times a client accesses online banking per month.

    Design service metrics to track service performance and value

    CASE STUDY
    Industry: Manufacturing | Source: CIO
    Challenge Solution Results
    The IT organization needed to generate metrics to show the business whether the video conferencing service was being adopted and if it was providing the expected outcome and value.

    Standard IT metrics were technical and did not provide a business context that allowed for easy understanding of performance and decision making.

    The IT organization, working through the CIO and service managers, sat down with the key business stakeholders of the video conferencing service.

    They discussed the goals for the meeting and defined the success criteria for those goals in the context of video conference meeting outcomes.

    The success criteria that were discussed were then translated into a set of questions (key performance indicators) that if answered, would show that the success criteria were achieved.

    The service manager identified what could be measured to answer the defined questions and eliminated any metrics that were either business metrics or non-IT related.

    The remaining metrics were identified as the possible service metrics, and the ability to gather the information and produce the metric was confirmed.

    Service metrics were defined for:

    1. Percent of video conference meetings delivered successfully
    2. Growth in the number of executive meetings conducted via video conference

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1

    Sample of activity 1.1 'Determine your stakeholders'. Determine stakeholder needs, goals, and pain points

    The onsite analyst will help you select key stakeholders and analyze their business objectives and current pain points.

    1.2

    Sample of activity 1.2 'Identify goals and pain points of your stakeholders'. Determine the success criteria and related IT services

    The analyst will facilitate a discussion to uncover the information that these stakeholders care about. The group will also identify the IT services that are supporting these objectives.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    1.5

    Sample of activity 1.5 'Derive service metrics'. Derive the service metrics

    Based on the key performance indicators obtained in the previous page, derive meaningful business metrics that are relevant to the stakeholders.

    1.6

    Sample of activity 1.6 'Determine if you can measure the identified metric'. Validate the data collection process

    The analyst will help the workshop group determine whether the identified metrics can be collected and measured. If so, a calculation methodology is created.

    1.7

    Sample of activity 1.7 'Create the caluclation to measure it'. Validate metrics with stakeholders

    Establish a feedback mechanism to have business stakeholders validate the meaningfulness of the metrics.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 2

    Design Reports and Dashboards

    Step (2): Design Reports and Dashboards

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Business Relationship Manager
    • Service Level Manager
    • Business Stakeholders

    Outcomes of this step

    • Presentation format selected based on stakeholder needs and preference for information
    • Presentation format validated with stakeholders

    Phase 2 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Design Reports and Dashboards

    Proposed Time to Completion (in weeks): 3 weeks
    Step 2.1: Select Presentation Format Step 2.2: Review Design
    Start with an analyst kick-off call:
    • Review the different format of metrics presentation and discuss the pros/cons of each format
    • Discuss stakeholder needs/preference for data
    • Select the presentation format
    Review findings with analyst:
    • Discuss stakeholder feedback based on selected presentation format
    • Modify and adjust the presentation format as needed
    Then complete these activities…
    • Design the metrics using the selected format
    Then complete these activities…
    • Finalize the design for metrics presentation
    With these tools & templates:
    • Metrics Presentation Format Selection Guide
    With these tools & templates:
    • Metrics Presentation Format Selection Guide

    Design the reports – overview

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Understand the pros and cons of different reporting styles
    Figure representing 'SLM' and/or 'BRM'. Step 2
    Determine your reporting and presentation style

    Presentation Format Selection

    Figure representing 'SLM' and/or 'BRM'. Step 3
    Design your metrics reports
    A star.

    Validated Service Reports

    The design of service metrics reporting is critically important. The reporting style must present the right information in the most interesting and stakeholder-centric way possible to ensure that it is read and used.

    The reports must also display information in a way that generates actions. If your stakeholders cannot make decisions, kick off activities, or ask questions based on your reports, then they have no value.

    Determine the right presentation format for your metrics

    Most often, metrics are presented in the following ways:

    Dashboard
    (PwC. “Mega-Trends and Implications.”)
    Sample of the 'Dashboard' metric presentation format.
    Infographic
    (PwC. “Healthcare’s new entrants.”)
    Sample of the 'Infographic' metric presentation format.
    Report
    (PwC Blogs. “Northern Lights.”)
    Sample of the 'Report' metric presentation format.
    Scorecard
    (PwC. “Annual Report 2015.”)
    Sample of the 'Scorecard' metric presentation format.

    Understand the advantages and disadvantages of each reporting style – Dashboard

    A dashboard is a reporting method that provides a dynamic at-a-glance view of key metrics from the perspective of key stakeholders. It provides a quick graphical way to process important performance information in real time.

    Features

    Typically web-based

    Dynamic data that is updated in real time

    Advantage

    Aggregates a lot of information into a single view

    Presents metrics in a simplistic style that is well understood

    Provides a quick point-in-time view of performance

    Easy to consume visual presentation style

    Disadvantage

    Complicated to set up well.
    Requires additional technology support: programming, API, etc.

    Promotes a short-term outlook – focus on now, no historical performance and no future trends. Doesn’t provide the whole picture and story.

    Existing dashboard tools are often not customized enough to provide real value to each stakeholder.

    Dashboards present real-time metrics that can be accessed and viewed at any time

    Sample of the 'Dashboard' metric presentation format.
    (Source: PwC. “Mega-Trends and Implications.”)
    Metrics presented through online dashboards are calculated in real time, which allows for a dynamic, current view into the performance of IT services at any time.

    Understand the advantages and disadvantages of each reporting style – Infographic

    An infographic is a graphical representation of metrics or data, which is used to show information quickly and clearly. It’s based on the understanding that people retain and process visual information more readily than written details.

    Features

    Turns dry into attractive –transforms data into eye-catching visual memory that is easier to retain

    Can be used as the intro to a formal report

    There are endless types of infographics

    Advantage

    Easily consumable

    Easy to retain

    Eye catching

    Easily shared

    Spurs conversation

    Customizable

    Disadvantage

    Require design expertise and resources

    Can be time consuming to generate

    Could be easily misinterpreted

    Message can be lost with poor design

    Infographics allow for completely unique designs

    Sample of the 'Infographic' metric presentation format.
    (Source: PwC. “Healthcare’s new entrants…”)
    There is no limit when it comes to designing an infographic. The image used here visually articulates the effects of new entrants pulling away the market.

    Understand the advantages and disadvantages of each reporting style – Formal Report

    A formal report is a more structured and official reporting style that contains detailed research, data, and information required to enable specific business decisions, and to help evaluate performance over a defined period of time.

    Definition

    Metrics can be presented as a component of a periodic, formal report

    A physical document that presents detailed information to a particular audience

    Advantage

    More detailed, more structured and broader reporting period

    Formal, shows IT has put in the effort

    Effectively presents a broader and more complete story

    Targets different stakeholders at the same time

    Disadvantage

    Requires significant effort and resources

    Higher risk if the report does not meet the expectation of the business stakeholder

    Done at a specific time and only valuable for that specific time period

    Harder to change format

    Formal reports provide a detailed view and analysis of performance

    Sample of the 'Formal Report' metric presentation format.
    (Source: PwC Blogs. “Northern Lights: Where are we now?”)
    An effective report incorporates visuals to demonstrate key improvements.

    Formal reports can still contain visuals, but they are accompanied with detailed explanations.

    Understand the advantages and disadvantages of each reporting style – Scorecard

    A scorecard is a graphic view of the progress and performance over time of key performance metrics. These are in relation to specified goals based on identified critical stakeholder objectives.

    Features

    Incorporates multiple metrics effectively.

    Scores services against the most important organizational goals and objectives. Scorecards may tie back into strategy and different perspectives of success.

    Advantage

    Quick view of performance against objectives

    Measure against a set of consistent objectives

    Easily consumable

    Easy to retain

    Disadvantage

    Requires a lot of forethought

    Scorecards provide a time-bound summary of performance against defined goals

    Sample of the 'Scorecard' metric presentation format.
    (PwC. “Annual Report 2015.”)
    Scorecards provide a summary of performance that is directly linked to the organizational KPIs.

    Determine your report style

    Supporting Tool icon 2.1 Metrics Presentation Format Selection Guide

    In this section, you will determine the optimal reporting style for the service metrics.

    This guide contains four questions, which will help IT organizations identify the most appropriate presentation format based on stakeholder preference and needs for metrics.

    1. Who is the relevant stakeholder?
    2. What are the defined actions for the metric?
    3. How frequently does the stakeholder need to see the metric?
    4. How does the stakeholder like to receive information?
    Sample of Info-Tech's Metrics Presentation Format Selection Guide.
    Download the Metrics Presentation Format Selection Guide.

    Determine your best presentation option

    Supporting Tool icon 2.1 2 Hours

    INPUT: Identified stakeholder and his/her role

    OUTPUT: Proper presentation format based on need for information

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, Program Manager

    After deciding on the report type to be used to present the metric, the organization needs to consider how stakeholders will consume the metric.

    There are three options based on stakeholder needs and available presentation options within IT.

    1. Paper-based presentation is the most traditional form of reporting and works well with stakeholders who prefer physical copies. The report is produced at a specific time and requires no additional IT capability.
    2. Online documents stored on webpages, SharePoint, or another knowledge management system could be used to present the metrics. This allows the report to be linked to other information and easily shared.
    3. Online dashboards and graphics can be used to have dynamic, real-time reporting and anytime access. These webpages can be incorporated into an intranet and allow the user to view the metrics at any time. This will require IT to continuously update the data in order to maintain the accuracy of the metrics.

    Design your metric reports with these guidelines in mind

    Supporting Tool icon 2.2 30 Minutes
    1. Stakeholder-specificThe report must be driven by the identified stakeholder needs and preferences and articulate the metrics that are important to them.
    2. ClarityTo enable decision making and drive desired actions, the metrics must be clear and straightforward. They must be presented in a way that clearly links the performance measurement to the defined outcome without leading to different interpretations of the results.
    3. SimplicityThe report must be simple to read, understand, and analyze. The language of the report must be business-centric and remove as much complexity as possible in wording, imaging, and context.

    Be sure to consider access rights for more senior reports. Site and user access permissions may need to be defined based on the level of reporting.

    Metrics reporting on the video conferencing service

    CASE STUDY
    Industry: Manufacturing | Source: CIO Interview
    The Situation

    The business had a clear need to understand if the implementation of video conferencing would allow previously onsite meetings to achieve the same level of effectiveness.

    Reporting Context

    Provided reports had always been generated from an IT perspective and the business rarely used the information to make decisions.

    The metrics needed to help the business understand if the meetings were remaining effective and be tied into the financial reporting against travel expenses, but there would be limited visibility during the executive meetings.

    Approach

    The service manager reviewed the information that he had gathered to confirm how often they needed information related to the service. He also met with the CIO to get some insight into the reports that were already being provided to the business, including the ones that were most effective.

    Considerations

    The conversations identified that there was no need for a dynamic real-time view of the performance of the service, since tracking of cost savings and utility would be viewed monthly and quarterly. They also identified that the item would be discussed within a very small window of time during the management meetings.

    The Solution

    It was determined that the best style of reporting for the metric was an existing scorecard that was produced monthly, using some infographics to ensure that the information is clear at a glance to enable quick decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1

    Sample of presentation format option slide 'Determine the right presentation format for your metrics'. Understand the different presentation options

    The onsite analyst will introduce the group to the communication vehicles of infographic, scorecard, formal report, and dashboard.

    2.1

    Sample of activity 2.1 'Determine your best presentation option'. Assess stakeholder needs for information

    For selected stakeholders, the analyst will facilitate a discussion on how stakeholders would like to view information and how the metrics can be presented to aid decision making.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    2.2

    Sample of activity 2.2 'Design your metric reports with these guidelines in mind'. Select and design the metric report

    Based on the discussion, the working group will select the most appropriate presentation format and create a rough draft of how the report should look.

    Develop Meaningful Service Metrics to Ensure Business and User Satisfaction

    PHASE 3

    Implement, Track, and Maintain Your Metrics

    Step (3): Implement, Track, and Maintain Your Metrics

    PHASE 1PHASE 2PHASE 3

    1.1

    Derive the Service Metrics

    1.2

    Validate the Metrics

    2.1

    Determine Reporting Format

    3.1

    Select Pilot Metrics

    3.2

    Activate and Maintain Metrics

    This step involves the following participants:

    • Service Level Manager
    • Business Relationship Manager
    • Service Metrics Program Manager

    Activities in this step

    • Determine the first batch of metrics to be implemented as part of the pilot program
    • Create a process to collect and validate data, determine initial targets, and integrate with SLM and BRM functions
    • Present the metric reports to the relevant stakeholders and incorporate the feedback into the metric design
    • Establish a standard process and roll out the implementation of metrics in batches
    • Establish a process to monitor and track the effectiveness of the service metrics program and make adjustments when necessary

    Phase 3 outline

    Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Implement, Track, and Maintain Your Metrics

    Proposed Time to Completion (in weeks): 4 weeks
    Step 3.1: Select and Launch Pilot Metrics Step 3.2: Track and Maintain the Metrics
    Start with an analyst kick-off call:
    • Identify metrics that will be presented first to the stakeholders based on urgency or impact of the IT service
    • Determine the process to collect data, select initial targets, and integrate with SLM and BRM functions
    Review findings with analyst:
    • Review the success of metrics and discuss feedback from stakeholders
    • Roll out the metrics implementation to a broader audience
    • Establish roles and timelines for metrics maintenance
    Then complete these activities…
    • Document the first batch of metrics
    • Document the baseline, initial targets
    • Create a plan to integrate with SLM and BRM functions
    Then complete these activities…
    • Create a document that defines how the organization will track and maintain the success of the metrics program
    • Review the metrics program periodically
    With these tools & templates:
    • Metrics Tracking Tool
    With these tools & templates:
    • Metrics Tracking Tool

    Implement, Track, and Maintain the Metrics

    Figure representing 'SLM' and/or 'BRM'. Step 1
    Run your pilot

    Metrics Tracking Tool

    Figure representing 'SLM' and/or 'BRM'. Step 2
    Validate success

    Metrics Tracking Tool

    Figure representing 'SLM' and/or 'BRM'. Step 3
    Implement your metrics program in batches

    Metrics Tracking Tool

    A star.

    Active Service Metrics Program

    Once you have defined the way that you will present the metrics, you are ready to run a pilot with a smaller sample of defined service metrics.

    This allows you to validate your approach and make refinements to the implementation and maintenance processes where necessary, prior to activating all service metrics.

    Track the performance of your service metrics

    Supporting Tool icon 3.1

    The Metrics Tracking Tool will enable you to track goals and success metrics for your service metrics programs. It allows you to set long-term goals and track your results over time.

    There are three sections in this tool:
    1. Metrics Tracking Plan. Identify the metrics to be tracked and their purpose.
    2. Metrics Tracking Actuals. Monitor and track the actual performance of the metrics.
    3. Remediation Tracking. Determine and document the steps that need to be taken to correct a sub-performing metric.
    Sample of Info-Tech's Metrics Tracking Tool.

    Select pilot metrics

    Supporting Tool icon 3.1 30 Minutes

    INPUT: Identified services, Business feedback

    OUTPUT: Services with most urgent need or impact

    Materials: Service catalog or list of identified services

    Participants: BRM, SLM, Business representatives

    To start the implementation of your service metrics program and drive wider adoption, you need to run a pilot using a smaller subset of metrics.

    INSTRUCTIONS

    To determine the sample for the pilot, consider metrics that:

    • Are related to critical business services and functions
    • or
    • Address known/visible pain points for the business
    • or
    • Were designed for supportive or influential stakeholders

    Metrics that meet two or more criteria are ideal for the pilot

    Collect and validate data

    Supporting Tool icon 3.2 1 Hour

    INPUT: Identified metrics

    OUTPUT: A data collection mythology, Metrics tracking

    Materials: Metrics

    Participants: SLM, BRM, Service owner

    You will need to start collection and validation of your identified data in order to calculate the results for your pilot metrics.

    INSTRUCTIONS

    1. Initiate data collection
      • Use the data sources identified during the design phase and initiate the data collection process.
    2. Determine start date
      • If historical data can be retrieved and gathered, determine how far back you want your measurements to start.
    3. Compile data and validate
      • Ensure that the information is accurate and up to date. This will require some level of data validation and audit.
    4. Run the metric
      • Use the defined calculation and source data to generate the metrics result.
    5. Record metrics results
      • Use the metrics tracking sheet to track the actual results.

    Determine initial targets

    Supporting Tool icon 3.3 1 Hour

    INPUT: Historical data/baseline data

    OUTPUT: Realistic initial target for improvement

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Service owner

    INSTRUCTIONS

    Identify an initial service objective based on one or more of the following options:

    1. Establish an initial target using historical data and trends of performance.
    2. Establish an initial target based on stakeholder-identified requirements and expectations.
    3. Run the metrics report over a defined period of time and use the baseline level of achievement to establish an initial target.

    The target may not always be a number - it could be a trend. The initial target will be changed after review with stakeholders

    Integrate with SLM and BRM processes

    Supporting Tool icon 3.4 1 Hour

    INPUT: SLM and BRM SOPs or responsibility documentations

    OUTPUT: Integrate service metrics into the SLM/BRM role

    Materials: SLM / BRM reports

    Participants: SLM, BRM, CIO, Program manager, Service manager

    The service metrics program is usually initiated, used, and maintained by the SLM and BRM functions.

    INSTRUCTIONS

    Ensure that the metrics pilot is integrated with those functions by:

    1. Engaging with SLM and BRM functions/resources
      • Identify SLM and BRM resources associated with or working on the services where the metrics are being piloted
      • Obtain their feedback on the metrics/reporting
    2. Integrating with the existing reporting and meeting cycles
      • Ensure the metrics will be calculated and available for discussion at standing meetings and with existing reports
    3. Establishing the metrics review and validation cycle for these metrics
      • Confirm the review and validation period for the metrics in order to ensure they remain valuable and actionable

    Generate reports and present to stakeholders

    Supporting Tool icon 3.5 1 Hour

    INPUT: Identified metrics, Selected presentation format

    OUTPUT: Metrics reports that are ready for distribution

    Materials: Metrics Presentation Format Selection Guide

    Participants: BRM, SLM, CIO, Business representatives

    INSTRUCTIONS

    Once you have completed the calculation for the pilot metrics:

    1. Confirm the report style for the selected metrics (as defined in Phase 2)
    2. Generate the reporting for the pilot metrics
    3. Present the pilot metric reports to the identified BRM and SLM resources who will present the reporting to the stakeholders
    4. Gather feedback from Stakeholders on metrics - results and process
    5. Create and execute remediation plans for any actions identified from the metrics
    6. Initiate the review cycle for metrics (to ensure they retain value)

    Plan the rollout and implementation of the metrics reporting program

    Supporting Tool icon 3.6 1 Hour

    INPUT: Feedback from pilot, Services in batch

    OUTPUT: Systematic implementation of metrics

    Materials: Metrics Tracking Tool

    Participants: BRM, SLM, Program manager

    Upon completion of the pilot, move to start the broader implementation of metrics across the organization:

    INSTRUCTIONS

    1. Identify the service metrics that you will implement. They can be selected based on multiple criteria, including:
      • Organizational area/business unit
      • Service criticality
      • Pain points
      • Stakeholder engagement (detractors, supporters)
    2. Create a rollout plan for implementation in batches, identifying expected launch timelines, owners, targeted stakeholders, and communications plans
    3. Use the implementation plan from the pilot to roll out each batch of service metrics:
      • Collect and validate data
      • Determine target(s)
      • Integrate with BRM and SLM
      • Generate and communicate reports to stakeholders

    Maintain the service metrics

    Supporting Tool icon 3.7 1.5 Hour

    INPUT: Feedback from business stakeholders

    OUTPUT: Modification to individual metrics or to the process

    Materials: Metrics Tracking Tool, Metrics Development Workbook

    Participants: CIO, BRM, SLM, Program manager, Service owner

    Once service metrics and reporting become active, it is necessary to determine the review time frame for your metrics to ensure they remain useful.

    INSTRUCTIONS

    1. Confirm and establish a review time frame with stakeholders (e.g. annually, bi-annually, after organizational or strategic changes).
    2. Meet with stakeholders by the review date to discuss the value of existing metrics and validate:
      • Whether the goals associated with the metrics are still valid
      • If the metric is still necessary
      • If there is a more effective way to present the metrics
    3. Track actions based on review outcomes and update the remediation tracking sheet.
    4. Update tracking sheet with last complete review date.

    Maintain the metrics

    Supporting Tool icon 3.7

    Based on the outcome of the review meeting, decide what needs to be done for each metric, using the following options:

    Add

    A new metric is required or an existing metric needs large-scale changes (example: calculation method or scope).
    Triggers metrics design as shown in phases 1 and 2.

    Change

    A minor change is required to the presentation format or data. Note: a major change in a metric would be performed through the Add option.

    Remove

    The metric is no longer required, and it needs to be removed from reporting and data gathering. A final report date for that metric should be determined.

    Maintain

    The metric is still useful and no changes are required to the metric, its measurement, or how it’s reported.

    Ensuring metrics remain valuable

    VC CASE STUDY
    Industry: Manufacturing | Source: CIO Interview

    Reviewing the value of active metrics

    When the video conferencing service was initially implemented, it was performed as a pilot with a group of executives, and then expanded for use throughout the company. It was understood that prior to seeing the full benefit in cost reduction and increased efficiency and effectiveness, the rate of use and adoption had to be understood.

    The primary service metrics created for the service were based on tracking the number of requests for video conference meetings that were received by the IT organization. This identified the growth in use and could be used in conjunction with financial metrics related to travel to help identify the impact of the service through its growth phase.

    Once the service was adopted, this metric continued to be tracked but no longer showed growth or expanded adoption.

    The service manager was no longer sure this needed to be tracked.

    Key Activity

    The metrics around requests for video conference meetings were reviewed at the annual metrics review meeting with the business. The service manager asked if the need for the metric, the goal of tracking adoption, was still important for the business.

    The discussion identified that the adoption rate was over 80%, higher than anticipated, and that there was no value in continuing to track this metric.

    Based on the discussion, the adoption metrics were discontinued and removed from data gathering and reporting, while a success rate metric was added (how many meetings ran successfully and without issue) to ensure the ongoing value of the video conferencing service.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    Photo of Valence Howden, Senior Manager, CIO Advisory, Info-Tech Research Group.
    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    3.1

    Sample of activity 3.1 'Select pilot metrics'. Select the pilot metrics

    The onsite analyst will help the workshop group select the metrics that should be first implemented based on the urgency and impact of these metrics.

    3.2

    Sample of activity 3.2 'Collect and validate data'. Gather data and set initial targets

    The analyst will help the group create a process to gather data, measure baselines, and set initial targets.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

    Book a workshop with our Info-Tech analysts:

    3.5

    Sample of activity 3.5 'Generate reports and present to stakeholders'. Generate the reports and validate with stakeholders

    The Info-Tech analyst will help the group establish a process to receive feedback from the business stakeholders once the report is generated.

    3.6

    Sample of activity 3.6 'Plan the rollout and implementation of the metrics reporting program'. Implement the service metrics program

    The analyst will facilitate a discussion on how to implement the metrics program across the organization.

    3.7

    Sample of activity 3.7 'Maintain the service metrics'. Track and maintain the metrics program

    Set up a mechanism to ensure the success of the metrics program by assessing process adherence and process validity.

    Insight breakdown

    Insight 1

    Service metrics are critical to ensuring alignment of IT service performance and business service value achievement.

    Insight 2

    Service metrics reinforce positive business and end-user relationships by providing user-centric information that drives responsiveness and consistent service improvement.

    Insight 3

    Poorly designed metrics drive unintended and unproductive behaviors that have negative impacts on IT and produce negative service outcomes.

    Summary of accomplishment

    Knowledge Gained

    • Follow a methodology to identify metrics that are derived from business objectives.
    • Understand the proper presentation format based on stakeholder needs for information.
    • Establish a process to ensure the metrics provided will continue to provide value and aid decision making.

    Processes Optimized

    • Metrics presentation to business stakeholders
    • Metrics maintenance and tracking

    Deliverables Completed

    • Metrics Development Workbook
    • Metrics Presentation Format Selection Guide
    • Metrics Tracking Tool

    Research contributors and experts

    Name Organization
    Joe Evers Joe Evers Consulting
    Glen Notman Associate Partner, Citihub
    David Parker Client Program Manager, eHealth Ontario
    Marianne Doran Collins CIO, The CIO-Suite, LLC
    Chris Kalbfleisch Manager, Service Management, eHealth Ontario
    Joshua Klingenberg BHP Billiton Canada Inc.

    Related Info-Tech research

    Stock image of a menu. Design & Build a User-Facing Service Catalog
    The user-facing service catalog is the go-to place for IT service-related information.
    Stock image of a laptop keyboard. Unleash the True Value of IT by Transforming Into a Service Provider
    Earn your seat at the table and influence business strategy by becoming an IT service provider.

    Bibliography

    Pollock, Bill. “Service Benchmarking and Measurement: Using Metrics to Drive Customer Satisfaction and Profits.” Aberdeen Group. June 2009. http://722consulting.com/ServiceBenchmarkingandMeasurement.pdf

    PwC. “Mega-Trends and Implications.” RMI Discussion. LinkedIn SlideShare. September 2015. http://www.slideshare.net/AnandRaoPwC/mega-trends-and-implications-to-retirement

    PwC. “Healthcare’s new entrants: Who will be the industry’s Amazon.com?” Health Research Institute. April 2014. https://www.pwc.com/us/en/health-industries/healthcare-new-entrants/assets/pwc-hri-new-entrant-chart-pack-v3.pdf

    PwC. “Northern Lights: Where are we now?” PwC Blogs. 2012. http://pwc.blogs.com/files/12.09.06---northern-lights-2--summary.pdf

    PwC. “PwC’s key performance indicators

    Spread Best Practices With an Agile Center of Excellence

    • Buy Link or Shortcode: {j2store}152|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $97,499 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Your organization is looking to create consistency across all Agile teams to drive greater business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support structures and facilitated through shared learning and capabilities.

    Our Advice

    Critical Insight

    • Social capital can be an enabler, but also a barrier. People can only manage a finite number of relationships; ensure that the connections the Center of Excellence (CoE) facilitates are purposeful.
    • Don’t over govern. Empowerment is critical to enable improvements; set boundaries and let teams work inside them with autonomy.
    • Legitimize through listening. A CoE will not be leveraged unless it aligns with the needs of its users. Invest the time to align with the functional expectations of your Agile teams.

    Impact and Result

    • Create a set of service offerings aligned with both corporate objectives and the functional expectations of its customers to ensure broad support and utility of the invested resources.
    • Understand some of the cultural and processual challenges you will face when forming a center of excellence, and address them using Info-Tech’s Agile adoption model.

    Spread Best Practices With an Agile Center of Excellence Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an Agile Center of Excellence, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Strategically align the Center of Excellence

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    • Spread Best Practices With an Agile Center of Excellence – Phase 1: Strategically Align the Center of Excellence

    2. Standardize the Center of Excellence’s service offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization.

    • Spread Best Practices With an Agile Center of Excellence – Phase 2: Standardize the Center of Excellence’s Service Offerings

    3. Operate the Center of Excellence

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change.

    • Spread Best Practices With an Agile Center of Excellence – Phase 3: Operationalize Your Agile Center of Excellence
    • ACE Satisfaction Survey
    • CoE Maturity Diagnostic Tool
    • ACE Benefits Tracking Tool
    • ACE Communications Deck
    [infographic]

    Workshop: Spread Best Practices With an Agile Center of Excellence

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Determine Vision of CoE

    The Purpose

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision.

    Understand how your key stakeholders will impact the longevity of your CoE.

    Determine your CoE structure and staff.

    Key Benefits Achieved

    Top-down alignment with strategic aims of the organization.

    A set of high-level use cases to form the CoE’s service offerings around.

    Visualization of key stakeholders, with their current and desired power and involvement documented.

    Activities

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your Agile Center of Excellence (ACE) and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Outputs

    Prioritized business objectives

    Business-aligned use cases to form CoE’s service offerings

    Stakeholder map of key influencers

    2 Define Service Offerings of CoE

    The Purpose

    Document the functional expectations of the Agile teams.

    Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.

    Create a capability map that visualizes and prioritizes your key service offerings.

    Key Benefits Achieved

    Understanding of some of the identified concerns, pain points, and potential opportunities from your stakeholders.

    Refined use cases that define the service offerings the CoE provides to its customers.

    Prioritization for the creation of service offerings with a capability map.

    Activities

    2.1 Classified pains and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Outputs

    Classified pains and opportunities

    Refined use cases based on pains and opportunities identified during ACE requirements gathering

    ACE Capability Map

    3 Define Engagement Plans

    The Purpose

    Align service offerings with an Agile adoption model so that teams have a structured way to build their skills.

    Standardize the way your organization will interact with the Center of Excellence to ensure consistency in best practices.

    Key Benefits Achieved

    Mechanisms put in place for continual improvement and personal development for your Agile teams.

    Interaction with the CoE is standardized via engagement plans to ensure consistency in best practices and predictability for resourcing purposes.

    Activities

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Outputs

    Adoption-aligned service offerings

    Role-based engagement plans

    4 Define Metrics and Plan Communications

    The Purpose

    Develop a set of metrics for the CoE to monitor business-aligned outcomes with.

    Key Benefits Achieved

    The foundations of continuous improvement are established with a robust set of Agile metrics.

    Activities

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Outputs

    Business objective-aligned metrics

    CoE performance metrics

    Agile adoption metrics

    Assessment of organizational design

    CoE communication plan

    Further reading

    Spread Best Practices With an Agile Center of Excellence

    Achieve ongoing alignment between Agile teams and the business with a set of targeted service offerings.

    ANALYST PERSPECTIVE

    "Inconsistent processes and practices used across Agile teams is frequently cited as a challenge to adopting and scaling Agile within organizations. (VersionOne’s 13th Annual State of Agile Report [N=1,319]) Creating an Agile Center of Excellence (ACE) is a popular way to try to impose structure and improve performance. However, simply establishing an ACE does not guarantee you will be successful with Agile. When setting up an ACE you must: Define ACE services based on identified stakeholder needs. Staff the ACE with respected, “hands on” people, who deliver identifiable value to your Agile teams. Continuously evolve ACE service offerings to maximize stakeholder satisfaction and value delivered."

    Alex Ciraco, Research Director, Applications Practice Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • A CIO who is looking for a way to optimize their Agile capabilities and ensure ongoing alignment with business objectives.
    • An applications director who is looking for mechanisms to inject continuous improvement into organization-wide Agile practices.

    This Research Will Help You:

    • Align your Agile support structure with business objectives and the functional expectations of its users.
    • Standardize the ways in which Agile teams develop and learn to create consistency in purpose and execution.
    • Track and communicate successes to ensure the long-term viability of an Agile Center of Excellence (ACE).

    This Research Will Also Assist

    • Project managers who are tasked with managing Agile projects.
    • Application development managers who are struggling with establishing consistency, transparency, and collaboration across their teams.

    This Research Will Help Them:

    • Provide service offerings to their team members that will help them personally and collectively to develop desired skills.
    • Provide oversight and transparency into Agile projects and outcomes through ongoing monitoring.

    Executive summary

    Situation

    • Your organization has had some success with Agile, but needs to drive consistency across Agile teams for better business results and alignment.
    • You are seeking to organically grow Agile capabilities within the organization through a set of support services and facilitated through shared learning and capabilities.

    Complication

    • Organizational constraints, culture clash, and lack of continuous top-down support are hampering your Agile growth and maturity.
    • Attempts to create consistency across Agile teams and processes fail to account for the expectations of users and stakeholders, leaving them detached from projects and creating resistance.

    Resolution

    • Align the service offerings of your ACE with both corporate objectives and the functional expectations of its stakeholders to ensure broad support and utilization of the invested resources.
    • Understand some of the culture and process challenges you will face when forming an ACE, and address them using Info-Tech’s Agile adoption journey model.
    • Track the progress of the ACE and your Agile teams. Use this data to find root causes for issues, and ideate to implement solutions for challenges as they arise over time.
    • Effectively define and propagate improvements to your Agile teams in order to drive business-valued results.
    • Communicate progress to interested stakeholders to ensure long-term viability of the Center of Excellence (CoE).

    Info-Tech Insight

    1. Define ACE services based on stakeholder needs.Don’t assume you know what your stakeholders need without talking to them.
    2. Staff the ACE strategically. Choose those who are thought leaders and proven change agents.
    3. Continuously improve based on metrics and feedback.Constantly monitor how your ACE is performing and adjust to feedback.

    Info-Tech’s Agile Journey related Blueprints

    1. Stabilize

    Implement Agile Practices That Work

    Begin your Agile transformation with a comprehensive readiness assessment and a pilot project to adopt Agile development practices and behaviors that fit.

    2. Sustain

    YOU ARE HERE

    Spread Best Practices with an Agile Center of Excellence

    Form an ACE to support Agile development at all levels of the organization with thought leadership, strategic development support & process innovation.

    3. Scale

    Enable Organization-Wide Collaboration by Scaling Agile

    Extend the benefits of your Agile pilot project into your organization by strategically scaling Agile initiatives that will meet stakeholders’ needs.

    4. Satisfy

    Transition to Product Delivery Introduce product-centric delivery practices to drive greater benefits and better delivery outcomes.

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    2.1 Define an adoption plan for Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives

    Supporting Capabilities and Practices

    Modernize Your SDLC

    Remodel the stages of your lifecycle to standardize your definition of a successful product.

    Build a Strong Foundation for Quality

    Instill quality assurance practices and principles in each stage of your software development lifecycle.

    Implement DevOps Practices That Work

    Fix, deploy, and support applications quicker though development and operations collaboration.

    What is an Agile Center of Excellence?

    NOTE: Organizational change is hard and prone to failure. Determine your organization’s level of readiness for Agile transformation (and recommended actions) by completing Info-Tech’s Agile Transformation Readiness Tool.

    An ACE amplifies good practices that have been successfully employed within your organization, effectively allowing you to extend the benefits obtained from your Agile pilot(s) to a wider audience.

    From the viewpoint of the business, members of the ACE provide expertise and insights to the entire organization in order to facilitate Agile transformation and ensure standard application of Agile good practices.

    From the viewpoint of your Agile teams, it provides a community of individuals that share experiences and lessons learned, propagate new ideas, and raise questions or concerns so that delivering business value is always top of mind.

    An ACE provides the following:

    1. A mechanism to gather thought leadership to maximize the accessibility and reach of your Agile investment.
    2. A mechanism to share innovations and ideas to facilitate knowledge transfer and ensure broadly applicable innovations do not go to waste.
    3. Strategic alignment to ensure that Agile practices are driving value towards business objectives.
    4. Purposeful good practices to ensure that the service offerings provided align with expectations of both your Agile practitioners and stakeholders.

    SIDEBAR: What is a Community of Practice? (And how does it differ from a CoE?)

    Some organizations prefer Communities of Practice (CoP) to Centers of Excellence (CoE). CoPs are different from CoEs:

    A CoP is an affiliation of people who share a common practice and who have a desire to further the practice itself … and of course to share knowledge, refine best practices, and introduce standards. CoPs are defined by their domain of interest, but the membership is a social structure comprised of volunteer practitioners

    – Wenger, E., R. A. McDermott, et al. (2002) Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    CoPs differ from a CoE mainly in that they tend to have no geographical boundaries, they hold no hierarchical power within a firm, and they definitely can never have structure determined by the company. However, one of the most obvious and telling differences lies in the stated motive of members – CoPs exist because they have active practitioner members who are passionate about a specific practice, and the goals of a CoP are to refine and improve their chosen domain of practice – and the members provide discretionary effort that is not paid for by the employer

    – Matthew Loxton (June 1, 2011) CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    What to know about CoPs:

    1. Less formal than a CoE
      • Loosely organized by volunteer practitioners who are interested in advancing the practice.
    2. Not the Authoritative Voice
      • Stakeholders engage the CoP voluntarily, and are not bound by them.
    3. Not funded by Organization
      • CoP members are typically volunteers who provide support in addition to their daily responsibilities.
    4. Not covered in this Blueprint
      • In depth analysis on CoPs is outside the scope of this Blueprint.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • Many organizations encounter challenges to scaling Agile

    Tackle the following barriers to Agile adoption with a business-aligned ACE.

    List based on reported impediments from VersionOne’s 13th Annual State of Agile Report (N=1,319)

    1. Organizational culture at odds with Agile values
    • The ACE identifies and measures the value of Agile to build support from senior business leaders for shifting the organizational culture and achieving tangible business benefits.
  • General organizational resistance to change
    • Resistance comes from a lack of trust. Optimized value delivery from Info-Tech’s Agile adoption model will build the necessary social capital to drive cultural change.
  • Inadequate management support and sponsorship
    • Establishing an ACE will require senior management support and sponsorship. Its formation sends a strong signal to the organizational leadership that Agile is here to stay.
  • Lack of skills/experience with Agile methods
    • The ACE provides a vehicle to absorb external training into an internal development program so that Agile capabilities can be grown organically within the organization.
  • Inconsistent processes and practices across teams
    • The ACE provides support to individual Agile teams and will guide them to adopt consistent processes and practices which have a proven track record in the organization.
  • Insufficient training and education
    • The ACE will assist teams with obtaining the Agile skills training they need to be effective in the organization, and support a culture of continuous learning.
  • Overcome your Agile scaling challenges with a business aligned ACE

    An ACE drives consistency and transparency without sacrificing the ability to innovate. It can build on the success of your Agile pilot(s) by encouraging practices known to work in your organization.

    Support Agile Teams

    Provide services designed to inject evolving good practices into workflows and remove impediments or roadblocks from your Agile team’s ability to deliver value.

    Maintain Business Alignment

    Maintain alignment with corporate objectives without impeding business agility in the long term. The ACE functions as an interface layer so that changing expectations can be adapted without negatively impacting Agile teams.

    Facilitate Learning Events

    Avoid the risk of innovation and subject-matter expertise being lost or siloed by facilitating knowledge transfer and fostering a continuous learning environment.

    Govern Improvements

    Set baselines, monitor metrics, and run retrospectives to help govern process improvements and ensure that Agile teams are delivering expected benefits.

    Shift Culture

    Instill Agile thinking and behavior into the organization. The ACE must encourage innovation and be an effective agent for change.

    Use your ACE to go from “doing” Agile to “being” Agile

    Organizations that do Agile without embracing the changes in behavior will not reap the benefits.

    Doing what was done before

    • Processes and Tools
    • Comprehensive Documentation
    • Contract Negotiation
    • Following a Plan

    Being Prescriptive

    Going through the motions

    • Uses SCRUM and tools such as Jira
    • Plans multiple sprints in detail
    • Talks to stakeholders once in a release
    • Works off a fixed scope BRD

    Doing Agile

    Living the principles

    • Individuals and Interactions
    • Working Software
    • Customer Collaboration
    • Responding to Change

    Being Agile

    “(‘Doing Agile’ is) just some rituals but without significant change to support the real Agile approach as end-to-end, business integration, value focus, and team empowerment.” - Arie van Bennekum

    Establishing a CoE does not guarantee success

    Simply establishing a Center of Excellence for any discipline does not guarantee its success:

    The 2019 State of DevOps Report found that organizations which had established DevOps CoEs underperformed compared to organizations which adopted other approaches for driving DevOps transformation. (Accelerate State of DevOps Report 2019 [N=~1,000])

    Still, Agile Centers of Excellence can and do successfully drive Agile adoption in organizations. So what sets the successful examples apart from the others? Here’s what some have to say:

    The ACE must be staffed with qualified people with delivery experience! … [It is] effectively a consulting practice, that can evolve and continuously improve its services … These services are collectively about ‘enablement’ as an output, more than pure training … and above all, the ability to empirically measure the progress” – Paul Blaney, TD Bank

    “When leaders haven’t themselves understood and adopted Agile approaches, they may try to scale up Agile the way they have attacked other change initiatives: through top-down plans and directives. The track record is better when they behave like an Agile team. That means viewing various parts of the organization as their customers.” – HBR, “Agile at Scale”

    “the Agile CoE… is truly meant to be measured by the success of all the other groups, not their own…[it] is meant to be serving the teams and helping them improve, not by telling them what to do, but rather by listening, understanding and helping them adapt.” - Bart Gerardi, PMI

    The CoE must also avoid becoming static, as it’s crucial the team can adjust as quickly as business and customer needs change, and evolve the technology as necessary to remain competitive.” – Forbes, “RPA CoE (what you need to know)”

    "The best CoEs are formed from thought leaders and change agents within the CoE domain. They are the process and team innovators who will influence your CoE roadmap and success. Select individuals who feel passionate about Agile." – Hans Eckman, InfoTech

    To be successful with your ACE, do the following…

    Info-Tech Insight

    Simply establishing an Agile Center of Excellence does not guarantee its success. When setting up your ACE, optimize its impact on the organization by doing the following 3 things:

    1. Define ACE services based on stakeholder needs. Be sure to broadly survey your stakeholders and identify the ACE functions and services which will best meet their needs. ACE services must clearly deliver business value to the organization and the Agile teams it supports.
    2. Staff the ACE strategically. Select ACE team members who have real world, hands-on delivery experience, and are well respected by the Agile teams they will serve. Where possible, select internal thought leaders in your organization who have the credibility needed to effect positive change.
    3. Continuously improve ACE services based on metrics and feedback. The value your ACE brings to the organization must be clear and measurable, and do not assume that your functions and services will remain static. You must regularly monitor both your metrics and feedback from your Agile teams, and adjust ACE behavior to improve/maximize these over time.

    Spread Best Practices With an Agile Center of Excellence

    This blueprint will walk you through the steps needed to build the foundations for operational excellence within an Agile Center of Excellence.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Info-Tech’s Practice Adoption Journey

    Use Info-Tech’s Practice Adoption Journey model to establish your ACE. Building social capital (stakeholders’ trust in your ability to deliver positive outcomes) incrementally is vital to ensure that everyone is aligned to new mindsets and culture as your Agile practices scale.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Continuously improve the ACE to ensure long-term viability

    Improvement involves the continuous evaluation of the performance of your teams, using well-defined metrics and reasonable benchmarks that are supplemented by analogies and root-cause analysis in retrospectives.

    Monitor

    Monitor your metrics to ensure desired benefits are being realized. The ACE is responsible for ensuring that expected Agile benefits are achievable and on track. Monitor against your defined baselines to create transparency and accountability for desired outcomes.

    Iterate

    Run retrospectives to drive improvements and fixes into Agile projects and processes. Metrics falling short of expectations must be diagnosed and their root causes found, and fixes need to be communicated and injected back into the larger organization.

    Define

    Define metrics and set targets that align with the goals of the ACE. These metrics represent the ACEs expected value to the organization and must be measured against on a regular basis to demonstrate value to your key stakeholders.

    Beware the common risks of implementing your ACE

    Culture clash between Agile teams and larger organization

    Agile leverages empowered teams, meritocracy, and broad collaboration for success, but typical organizations are siloed and hierarchical with top down decision making. There needs to be a plan to enable a smooth transition from the current state towards the Agile target state.

    Persistence of tribal knowledge

    Agile relies on easy and open knowledge sharing, but organizational knowledge can sit in siloes. Employees may also try to protect their expertise for job security. It is important to foster knowledge sharing to ensure that critical know-how is accessible and doesn’t leave the organization with the individual.

    Rigid management structures

    Rigidity in how managers operate (performance reviews, human resource management, etc.) can result in cultural rejection of Agile. People need to be assessed on how they enable their teams rather than as individual contributors. This can help ensure that they are given sufficient opportunities to succeed. More support and less strict governance is key.

    Breakdown due to distributed teams

    When face-to-face interactions are challenging, ensure that you invest in the right communication technologies and remove cultural and process impediments to facilitate organization-wide collaboration. Alternative approaches like using documentation or email will not provide the same experience and value as a face-to-face conversation.

    The State of Maine used an ACE to foster positive cultural change

    CASE STUDY

    Industry - Government

    Source - Cathy Novak, Agile Government Leadership

    The State of Maine’s Agile Center of Excellence

    “The Agile CoE in the State of Maine is completely focused on the discipline of the methodology. Every person who works with Agile, or wants to work with Agile, belongs to the CoE. Every member of the CoE tells the same story, approaches the methodology the same way, and uses the same tools. The CoE also functions as an Agile research lab, experimenting with different standards and tools.

    The usual tools of project management – mission, goals, roles, and a high-level definition of done – can be found in Maine’s Agile CoE. For story mapping, teams use sticky notes on a large wall or whiteboard. Demonstrating progress this way provides for positive team dynamics and a psychological bang. The State of Maine uses a project management framework that serves as its single source of truth. Everyone knows what’s going on at all times and understands the purpose of what they are doing. The Agile team is continually looking for components that can be reused across other agencies and programs.”

    Results:

    • Realized positive culture change, leading to more collaborative and supportive teams.
    • Increased visibility of Agile benefits across functional groups.
    • Standardized methodology across Agile teams and increased innovation and experimentation with new standards and tools.
    • Improved traceability of projects.
    • Increased visibility and ability to determine root causes of problems and right the course when outcomes are not meeting expectations.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Spread Best Practices With an Agile Center of Excellence – project overview

    1. Strategically align the Center of Excellence 2. Standardize the CoEs service offerings 3. Operate the Center of Excellence
    Best-Practice Toolkit

    1.1 Determine the vision of your ACE.

    1.2 Define the service offerings of your ACE.

    2.1 Define an adoption plan for your Agile teams.

    2.2 Create an ACE engagement plan.

    2.3 Define metrics to measure success.

    3.1 Optimize the success of your ACE.

    3.2 Plan change to enhance your Agile initiatives.

    3.3 Conduct ongoing retrospectives of your ACE.

    Guided Implementations
    • Align your ACE with the business.
    • Align your ACE with its users.
    • Dissect the key attributes of Agile adoption.
    • Form engagement plans for your Agile teams.
    • Discuss effective ACE metrics.
    • Conduct a baseline assessment of your Agile environment.
    • Interface ACE with your change management function.
    • Build a communications deck for key stakeholders.
    Onsite Workshop Module 1: Strategically align the ACE Module 2: Standardize the offerings of the ACE Module 3: Prepare for organizational change
    Phase 1 Outcome: Create strategic alignment between the CoE and organizational goals.

    Phase 2 Outcome: Build engagement plans and key performance indicators based on a standardized Agile adoption plan.

    Phase 3 Outcome: Operate the CoEs monitoring function, identify improvements, and manage the change needed to continuously improve.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Module 1 Workshop Module 2 Workshop Module 3 Workshop Module 4
    Activities

    Determine vision of CoE

    1.1 Identify and prioritize organizational business objectives.

    1.2 Form use cases for the points of alignment between your ACE and business objectives.

    1.3 Prioritize your ACE stakeholders.

    Define service offerings of CoE

    2.1 Form a solution matrix to organize your pain points and opportunities.

    2.2 Refine your use cases to identify your ACE functions and services.

    2.3 Visualize your ACE functions and service offerings with a capability map.

    Define engagement plans

    3.1 Further categorize your use cases within the Agile adoption model.

    3.2 Create an engagement plan for each level of adoption.

    Define metrics and plan communications

    4.1 Define metrics that align with your Agile business objectives.

    4.2 Define target ACE performance metrics.

    4.3 Define Agile adoption metrics.

    4.4 Assess the interaction and communication points of your Agile team.

    4.5 Create a communication plan for change.

    Deliverables
    1. Prioritized business objectives
    2. Business-aligned use cases to form CoEs service offerings
    3. Prioritized list of stakeholders
    1. Classified pains and opportunities
    2. Refined use cases based on pains and opportunities identified during ACE requirements gathering
    3. ACE capability map
    1. Adoption-aligned service offerings
    2. Role-specific engagement plans
    1. Business objective-aligned metrics
    2. ACE performance metrics
    3. Agile adoption metrics
    4. Assessment of organization design
    5. ACE Communication Plan

    Phase 1

    Strategically Align the Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Begin by strategically aligning your Center of Excellence

    The first step to creating a high-functioning ACE is to create alignment and consensus amongst your key stakeholders regarding its purpose. Engage in a set of activities to drill down into the organization’s goals and objectives in order to create a set of high-level use cases that will evolve into the service offerings of the ACE.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Strategically align the ACE

    Proposed Time to Completion (in weeks): 1

    Step 1.1: Determine the vision of your ACE

    Start with an analyst kick off call:

    • Align your ACE with the business.

    Then complete these activities…

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Step 1.2: Define the service offerings of your ACE

    Start with an analyst kick off call:

    • Align your ACE with its users.

    Then complete these activities…

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Phase 1 Results & Insights:

    • Aligning your ACE with the functional expectations of its users is just as critical as aligning with the business. Invest the time to understand how the ACE fits at all levels of the organization to ensure its highest effectiveness.

    Phase 1, Step 1: Determine the vision of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.1.1 Optional: Baseline your ACE maturity.

    1.1.2 Identify and prioritize organizational business objectives.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives.

    1.1.4 Prioritize your ACE stakeholders.

    1.1.5 Select a centralized or decentralized model for your ACE.

    1.1.6 Staff your ACE strategically.

    Outcomes:

    • Gather your leadership to position the ACE and align it with business priorities.
    • Form a set of high-level use cases for services that will support the enablement of business priorities.
    • Map the stakeholders of the ACE to visualize expected influence and current support levels for your initiative.

    What does an ACE do? Six main functions derived from Info-Tech’s CLAIM+G Framework

    1. Learning
    • Provide training and development and enable engagement based on identified interaction points to foster organizational growth.
  • Tooling
    • Promote the use of standardized tooling to improve efficiency and consistency throughout the organization.
  • Supporting
    • Enable your Agile teams to access subject-matter expertise by facilitating knowledge transfer and documenting good practices.
  • Governing
    • Create operational boundaries for Agile teams, and monitor their progress and ability to meet business objectives within these boundaries.
  • Monitoring
    • Demonstrate the value the CoE is providing through effective metric setting and ongoing monitoring of Agile’s effectiveness.
  • Guiding
    • Provide guidance, methodology, and knowledge for teams to leverage to effectively meet organizational business objectives.
  • OPTIONAL: If you have an existing ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    1.1.1 Existing CoE Maturity Assessment

    Purpose

    If you already have established an ACE, use Info-Tech’s CoE Maturity Diagnostic Tool to baseline its current maturity level (this will act as a baseline for comparison after you complete this Blueprint). Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    The image is a screen capture of the CoE Maturity Diagnostic Tool

    Download the CoE Maturity Diagnostic Tool.

    Get your Agile leadership together and position the ACE

    Stakeholder Role Why they are essential players
    CIO/ Head of IT Program sponsor: Champion and set the tone for the Agile program. Critical in gaining and maintaining buy-in and momentum for the spread of Agile service offerings. The head of IT has insight and influence to drive buy-in from executive stakeholders and ensure the long-term viability of the ACE.
    Applications Director Program executor: Responsible for the formation of the CoE and will ensure the viability of the initial CoE objectives, use cases, and service offerings. Having a coordinator who is responsible for collating performance data, tracking results, and building data-driven action plans is essential to ensuring continuous success.
    Agile Subject-Matter Experts Program contributor: Provide information on the viability of Agile practices and help build capabilities on existing best practices. Agile’s success relies on adoption. Leverage the insights of people who have implemented and evangelized Agile within your organization to build on top of a working foundation.
    Functional Group Experts Program contributor: Provide information on the functional group’s typical processes and how Agile can achieve expected benefits. Agile’s primary function is to drive value to the business – it needs to align with the expected capabilities of existing functional groups in order to enhance them for the better.

    Align your ACE with your organization’s strategy

    This research set will assist you with aligning your ACEs services to the objectives of the business in order to justify the resources and funding required by your Agile program.

    Business Objectives → Alignment ←ACE Functions

    Business justification to continue to fund a Center of Excellence can be a challenge, especially with traditional thinking and rigid stakeholders. Hit the ground running and show value to your key influencers through business alignment and metrics that will ensure that the ACE is worth continuous investment.

    Alignment leads to competitive advantage

    The pace of change in customer expectations, competitive landscapes, and business strategy is continuously increasing. It is critical to develop a method to facilitate ongoing alignment to shifting business and development expectations seamlessly and ensure that your Agile teams are able to deliver expected business value.

    Activity: Identify and prioritize organizational business objectives

    1.1.2 2 Hours

    Input

    • Organizational business objectives

    Output

    • Prioritized business objectives

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. List the primary high-level business objectives that your organization aims to achieve over the course of the following year (focusing on those that ACE can impact/support).
    2. Prioritize these business objectives while considering the following:
    • Criticality of completion: How critical is the initiative in enabling the business to achieve its goals?
    • Transformational impact: To what degree is the foundational structure of the business affected by the initiative (rationale: Agile can support impact on transformational issues)?
  • Document the hypothesized role of Agile in supporting these business objectives. Take the top three prioritized objectives forward for the establishment of your ACE. While in future years or iterations you can inject more offerings, it is important to target your service offerings to specific critical business objectives to gain buy-in for long-term viability of the CoE.
  • Sample Business Objectives:

    • Increase customer satisfaction.
    • Reduce time-to-market of product releases.
    • Foster a strong organizational culture.
    • Innovate new feature sets to differentiate product. Increase utilization rates of services.
    • Reduce product delivery costs.
    • Effectively integrate teams from a merger.
    • Offer more training programs for personal development.
    • Undergo a digital transformation.

    Understand potential hurdles when attempting to align with business objectives

    While there is tremendous pressure to align IT functions and the business due to the accelerating pace of change and technology innovation, you need to be aware that there are limitations in achieving this goal. Keep these challenges at the top of mind as you bring together your stakeholders to position the service offerings of your ACE. It is beneficial to make your stakeholders self-aware of these biases as well, so they come to the table with an open mind and are willing to find common ground.

    The search for total alignment

    There are a plethora of moving pieces within an organization and total alignment is not a plausible outcome.

    The aim of a group should not be to achieve total alignment, but rather reframe and consider ways to ensure that stakeholders are content with the ways they interact and that misalignment does not occur due to transparency or communication issues.

    “The business” implies unity

    While it may seem like the business is one unified body, the reality is that the business can include individuals or groups (CEO, CFO, IT, etc.) with conflicting priorities. While there are shared business goals, these entities may all have competing visions of how to achieve them. Alignment means compromise and agreement more than it means accommodating all competing views.

    Cost vs. reputation

    There is a political component to alignment, and sometimes individual aspirations can impede collective gain.

    While the business side may be concerned with cost, those on the IT side of things can be concerned with taking on career-defining projects to bolster their own credentials. This conflict can lead to serious breakdowns in alignment.

    Panera Bread used Agile to adapt to changing business needs

    CASE STUDY

    Industry Food Services

    Source Scott Ambler and Associates, Case Study

    Challenge

    Being in an industry with high competition, Panera Bread needed to improve its ability to quickly deliver desired features to end customers and adapt to changing business demands from high internal growth.

    Solution

    Panera Bread engaged in an Agile transformation through a mixture of Agile coaching and workshops, absorbing best practices from these engagements to drive Agile delivery frameworks across the enterprise.

    Results

    Adopting Agile delivery practices resulted in increased frequency of solution delivery, improving the relationship between IT and the business. Business satisfaction increased both with the development process and the outcomes from delivery.

    The transparency that was needed to achieve alignment to rapidly changing business needs resulted in improved communication and broad-scale reduced risk for the organization.

    "Agile delivery changed perception entirely by building a level of transparency and accountability into not just our software development projects, but also in our everyday working relationships with our business stakeholders. The credibility gains this has provided our IT team has been immeasurable and immediate."

    – Mike Nettles, VP IT Process and Architecture, Panera Bread

    Use Info-Tech’s CoE Operating Model to define the service offerings of your ACE

    Understand where your inputs and outputs lie to create an accessible set of service offerings for your Agile teams.

    Functional Input

    • Application Development
    • Project Management
    • CIO
    • Enterprise Architecture
    • Data Management
    • Security
    • Infrastructure & Operations
    • Who else?

    The image shows a graphic of the COE Operating Model, showing the inputs and outputs, including Other CoEs (at top); Stakeholder Needs (at left); Metrics and Feedback (at bottom); and ACE Functions and Services (at right)

    Input arrows represent functional group needs, feedback from Agile teams, and collaboration with other CoEs and CoPs

    Output arrows represent the services the CoE delivers and the benefits realized across the organization.

    ACE Operating Model: Governance & Metrics

    Governance & Metrics involves enabling success through the management of the ACEs resources and services, and ensuring that organizational structures evolve in concert with Agile growth and maturity. Your focus should be on governing, measuring, implementing, and empowering improvements.

    Effective governance will function to ensure the long-term effectiveness and viability of your ACE. Changes and improvements will happen continuously and you need a way to decide which to adopt as best practices.

    "Organizations have lengthy policies and procedures (e.g. code deployment, systems design, how requirements are gathered in a traditional setting) that need to be addressed when starting to implement an Agile Center of Excellence. Legacy ideas that end up having legacy policy are the ones that are going to create bottlenecks, waste resources, and disrupt your progress." – Doug Birgfeld, Senior Partner, Agile Wave

    Governance & Metrics

    • Manage organizational Agile standards, policies, and procedures.
    • Define organizational boundaries based on regulatory, compliance, and cultural requirements.
    • Ensure ongoing alignment of service offerings with business objectives.
    • Adapt organizational change management policies to reflect Agile practices.
    • CoE governance functions include:
      • Policy Management
      • Change Management
      • Risk Management
      • Stakeholder Management
      • Metrics/Feedback Monitoring

    ACE Operating Model: Services

    Services refers to the ability to deliver resourcing, guidance, and assistance across all Agile teams. By creating a set of shared services, you enable broad access to specialized resources, knowledge, and insights that will effectively scale to more teams and departments as Agile matures in your organization.

    A Services model:

    • Supports the organization by standardizing and centralizing service offerings, ensuring consistency of service delivery and accessibility across functional groups.
    • Provides a mechanism for efficient knowledge transfer and on-demand support.
    • Helps to drive productivity and project efficiencies through the organization by disseminating best practices.

    Services

    • Provide reference, support, and re-assurance to implement and adapt organizational best practices.
    • Interface relevant parties and facilitate knowledge transfer through shared learning and communities of practice.
    • Enable agreed-upon service levels through standardized support structures.
    • Shared services functions include:
      • Engagement Planning
      • Knowledge Management
      • Subject-Matter Expertise
      • Agile Team Evaluation

    ACE Operating Model: Technology

    Technology refers to a broad range of supporting tools to enable employees to complete their day-to-day tasks and effectively report on their outcomes. The key to technological support is to strike the right balance between flexibility and control based on your organization's internal and external constraints (policy, equipment, people, regulatory, etc.).

    "We sometimes forget the obvious truth that technology provides no value of its own; it is the application of technology to business opportunities that produces return on investment." – Robert McDowell, Author, In Search of Business Value

    Technology

    • Provide common software tools to enable alignment to organizational best practices.
    • Enable access to locally desired tools while considering organizational, technical, and scaling constraints.
    • Enable communication with a technical subject matter expert (SME).
    • Enable reporting consistency through training and maintenance of reporting mechanisms.
    • Technology functions can include:
      • Vendor Management
      • Application Support
      • Tooling Standards
      • Tooling Use Cases

    ACE Operating Model: Staff

    Staff is all about empowerment. The ACE should support and facilitate the sharing of ideas and knowledge sharing. Create processes and spaces where people are encouraged to come together, learn from, and share with each other. This setting will bring up new ideas to enhance productivity and efficiency in day-to-day activities while maintaining alignment with business objectives.

    "An Agile CoE is legitimized by its ability to create a space where people can come together, share, and learn from one another. By empowering teams to grow by themselves and then re-connect with each other you allow the creativity of your employees to flow back into the CoE." – Anonymous, Founder, Agile consultancy group

    Staff

    • Develop and provide training and day-to-day coaching that are aligned with organizational engagement and growth plans.
    • Include workflow change management to assist traditional roles with accommodating Agile practices.
    • Support the facilitation of knowledge transfer from localized Agile teams into other areas of the organization.
    • Achieve team buy-in and engagement with ACE services and capabilities. Provide a forum for collaboration and innovation.
    • People functions can include:
      • Onboarding
      • Coaching
      • Learning Facilitation

    Form use cases to align your ACE with business objectives

    What is a use case?

    A use case tells a story about how a system will be used to achieve a goal from the perspective of a user of that system. The people or other systems that interact with the use case are called “actors.” Use cases describe what a system must be able to do, not how it will do it.

    How does a use case play a role in building your ACE?

    Use cases are used to guide design by allowing you to highlight the intended function of a service provided by the Center of Excellence while maintaining a business focus. Jumping too quickly to a solution without fully understanding user and business needs leads to the loss of stakeholder buy-in and the Centers of Excellence rejection by teams.

    Hypothesized ACE user needs →Use Case←Business objective

    Activity: Form use cases for the points of alignment between your ACE and business objectives

    1.1.3 2 Hours

    Input

    • Prioritized business objectives
    • ACE functions

    Output

    • ACE use cases

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives and the six functions of a CoE, create high-level use cases for each point of alignment that describe how the Center of Excellence will better facilitate the realization of that business objective.
    2. For each use case, define the following:
      • Name: Generalized title for the use case.
      • Description: A high-level description of the expected CoE action.
    AGILE CENTER OF EXCELLENCE FUNCTIONS:
    Guiding Learning Tooling Supporting Governing Monitoring
    BUSINESS OBJECTIVES Reduce time-to-market of product releases
    Reduce product delivery costs
    Effectively integrate teams from a merger

    Activity: Form use cases for the points of alignment between your ACE and business objectives (continued)

    1.1.3 2 Hours

    The image shows the Reduce time-to-market of product releases row from the table in the previous section, filled in with sample information.

    Your goal should be to keep these as high level and generally applicable as possible as they provide an initial framework to further develop your service offerings. Begin to talk about the ways in which the ACE can support the realization of your business objectives and what those interactions may look like to customers of the ACE.

    Involve all relevant stakeholders to discuss the organizational goals and objectives of your ACE

    Avoid the rifts in stakeholder representation by ensuring you involve the relevant parties. Without representation and buy-in from all interested parties, your ACE may omit and fail to meet long-term organizational goals.

    By ensuring every group receives representation, your service offerings will speak for the broad organization and in turn meet the needs of the organization as a whole.

    • Business Units: Any functional groups that will be expected to engage with the ACE in order to achieve their business objectives.
    • Team Leads: Representation from the internal Agile community who is aware of the backgrounds, capabilities, and environments of their respective Agile teams.
    • Executive Sponsors: Those expected to evangelize and set the tone and direction for the ACE within the executive ranks of the organization. These roles are critical in gaining buy-in and maintaining momentum for ACE initiatives.

    Organization

    • ACE
      • Executive Sponsors
      • Team Leads
      • Business Units

    Activity: Prioritize your ACE stakeholders

    1.1.4 1 Hour

    Input

    • Prioritized business objectives

    Output

    • Prioritized list of stakeholders

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, brainstorm, as a group, the potential list of stakeholders (representatives from business units, team leads, and executive sponsors) that would need to be involved in setting the tone and direction of your ACE.
    2. Evaluate each stakeholder in terms of power, involvement, impact, and support.
    • Power: How much influence does the stakeholder have? Enough to drive the CoE forward or into the ground?
    • Involvement: How interested is the stakeholder? How involved is the stakeholder in the project already?
    • Impact: To what degree will the stakeholder be impacted? Will this significantly change how they do their job?
    • Support: Is the stakeholder a supporter of the project? Neutral? A resister?
  • Map each stakeholder to an area on the power map on the next slide based on his or her level of power and involvement.
  • Vary the size of the circle to distinguish stakeholders that are highly impacted by the ACE from those who are not. Color each circle to show each stakeholder’s estimated or gauged level of support for the project.
  • Prioritize your ACE stakeholders (continued)

    1.1.4 1 Hour

    The image shows a matrix on the left, and a legend on the right. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort.

    Should your ACE be Centralized or Decentralized?

    An ACE can be organized differently depending on your organization’s specific needs and culture.

    The SAFe Model:©

    “For smaller enterprises, a single centralized [ACE] can balance speed with economies of scale. However, in larger enterprises—typically those with more than 500 – 1,000 practitioners—it’s useful to consider employing either a decentralized model or a hub-and-spoke model.”

    The image shows 3 models: centralized, represented by a single large circle; decentralized, represented by 5 smaller circles; and hub-and-spoke, represented by a central circle, connected to 5 surrounding circles.

    © Scaled Agile, Inc.

    The Spotify Model:

    Spotify avoids using an ACE and instead spreads agile practices using Squads, Tribes, Chapters, Guilds, etc.

    It can be a challenging model to adopt because it is constantly changing, and must be fundamentally supported by your organization’s culture. (Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.)

    Detailed analysis of The Spotify Model is out of scope for this Blueprint.

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    Activity: Select a Centralized or Decentralized ACE Model

    1.1.5 30 minutes

    Input

    • Prioritized business objectives
    • Use Cases
    • Organization qualities

    Output

    • Centralized or decentralized ACE model

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Using your prioritized business objectives, your ACE use cases, your organization size, structure, and culture, brainstorm the relative pros and cons of a centralized vs decentralized ACE model.
    2. Consider this: to improve understanding and acceptance, ask participants who prefer a centralized model to brainstorm the pros and cons of a decentralized model, and vice-versa.
    3. Collectively decide whether your ACE should be centralized, decentralized or hub-and-spoke and document it.
    Centralized ACE Decentralized ACE
    Pros Cons Pros Cons
    Centralize Vs De-centralize Considerations Prioritized Business Objectives
    • Neutral (objectives don’t favor either model)
    • Neutral (objectives don’t favor either model)
    ACE Use Cases
    • Neutral (use cases don’t favor either model)
    • Neutral (use cases don’t favor either model)
    Organization Size
    • Org. is small enough for centralized ACE
    • Overkill for a small org. like ours
    Organization Structure
    • All development done in one location
    • Not all locations do development
    Organization Culture
    • All development done in one location
    • Decentralized ACE may have yield more buy-in

    SELECTED MODEL: Centralized ACE

    Activity: Staff your ACE strategically

    1.1.6 1 Hour

    Input

    • List of potential ACE staff

    Output

    • Rated list of ACE staff

    Materials

    • Whiteboard
    • Markers

    Participants

    • Agile leadership group
    1. Identify your list of potential ACE staff (this may be a combination of full time and contract staff).
    2. Add/modify/delete the rating criteria to meet your specific needs.
    3. Discuss and adjust the relative weightings of the rating criteria to best suit your organization’s needs.
    4. Rate each potential staff member and compare results to determine the best suited staff for your ACE.
    Candidate: Jane Doe
    Rating Criteria Criteria Weighting Candidate's Score (1-5)
    Candidate has strong theoretical knowledge of Agile. 8% 4
    Candidate has strong hands on experience with Agile. 18% 5
    Candidate has strong hands on experience with Agile. 10% 4
    Candidate is highly respected by the Agile teams. 18% 5
    Candidate is seen as a thought leader in the organization. 18% 5
    Candidate is seen as a change agent in the organization. 18% 5
    Candidate has strong desire to be member of ACE staff. 10% 3
    Total Weighted Score 4.6

    Phase 1, Step 2: Define the service offerings of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    1.2.1 Form the Center of Excellence.

    1.2.2 Gather and document your existing Agile practices for the CoE.

    1.2.3 Interview stakeholders to align ACE requirements with functional expectations.

    1.2.4 Form a solution matrix to organize your pain points and opportunities.

    1.2.5 Refine your use cases to identify your ACE functions and services.

    1.2.6 Visualize your ACE functions and service offerings with a capability map.

    Outcomes:

    • Collect data regarding the functional expectations of the Agile teams.
    • Refine your business-aligned use cases with your collected data to achieve both business and functional alignment.
    • Create a capability map that visualizes and prioritizes your key service offerings.

    Structure your ACE with representation from all of your key stakeholders

    Now that you have a prioritized list of stakeholders, use their influence to position the ACE to ensure maximum representation with minimal bottlenecks.

    By operating within a group of your key players, you can legitimize your Center of Excellence by propagating the needs and interests of those who interface and evangelize the CoE within the larger organization.

    The group of key stakeholders will extend the business alignment you achieved earlier by refining your service offerings to meet the needs of the ACEs customers. Multiple representations at the table will generate a wide arrangement of valuable insights and perspectives.

    Info-Tech Insight

    While holistic representation is necessary, ensure that the list is not too comprehensive and will not lead to progress roadblocks. The goal is to ensure that all factors relevant to the organization are represented; too many conflicting opinions may create an obstruction moving forward.

    ACE

    • Executive Sponsors
    • Team Leads
    • Business Units

    Determine how you will fund your ACE

    Choose the ACE funding model which is most aligned to your current system based on the scenarios provided below. Both models will offer the necessary support to ensure the success of your Agile program going forward.

    Funding Model Funding Scenario I Funding Scenario II
    Funded by the CIO Funded by the CIO office and a stated item within the general IT budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.
    Funded by the PMO Charged back to supported functional groups with all costs allocated to each functional group’s budget. Charged back to supported functional groups with all costs allocated to each functional group’s budget.

    Info-Tech Insight

    Your funding model may add additional key influencers into the mix. After you choose your funding model, ensure that you review your stakeholder map and add anyone who will have a direct impact in the viability and stability of your ACE.

    Determine how you will govern your ACE

    An Agile Center of Excellence is unique in the way you must govern the actions of its customers. Enable “flexible governance” to ensure that Agile teams have the ability to locally optimize and innovate while still operating within expected boundaries.

    ACE Governing Body

    ↑ Agile Team → ACE ← Agile Team ↑

    Who should take on the governance role?

    The governing body can be the existing executive or standing committees, or a newly formed committee involving your key ACE influencers and stakeholders.

    Flexible governance means that your ACE set boundaries based on your cultural, regulatory, and compliance requirements, and your governance group monitors your Agile teams’ adherence to these boundaries.

    Governing Body Responsibilities

    • Review and approve ACE strategy annually and ensure that it is aligned with current business strategy.
    • Provide detailed quality information for board members.
    • Ensure that the ACE is adequately resourced and that the organization has the capacity to deliver the service offerings.
    • Assure that the ACE is delivering benefits and achieving targets.
    • Assure that the record keeping and reporting systems are capable of providing the information needed to properly assess the quality of service.

    Modify your resourcing strategy based on organizational need

    Your Agile Center of Excellence can be organized either in a dedicated or a virtual configuration, depending on your company’s organizational structure and complexity.

    There is no right answer to how your Center of Excellence should be resourced. Consider your existing organizational structure and culture, the quality of relationships between functional groups, and the typical budgetary factors that would weigh on choosing between a virtual and dedicated CoE structure.

    COE Advantages Disadvantages
    Virtual
    • No change in organization structure required, just additional task delegation to your Agile manager or program manager.
    • Less effort and cost to implement.
    • Investment in quality is proportional to return.
    • Resources are shared between practice areas, and initiatives will take longer to implement.
    • Development and enhancement of best practices can become difficult without a centralized knowledge repository.
    Dedicated
    • Demonstrates a commitment to the ACEs long-term existence.
    • Allows for dedicated maintenance of best practices.
    • Clear lines of accountability for Agile processes.
    • Ability to develop highly skilled employees as their responsibilities are not shared.
    • Requires dedicated resources that can in turn be more costly.
    • Requires strong relationships with the functional groups that interface with the ACE.

    Staffing the ACE: Understand virtual versus dedicated ACE organizational models

    Virtual CoE

    The image shows an organizational chart titled Virtual CoE, with Head of IT at the top, then PMO and CoE Lead/Apps Director at the next level. The chart shows that there is crossover between the CoE Lead's reports, and the PMO's, indicated through dotted lines that connect them.

    • Responsibilities for CoE are split and distributed throughout departments on a part-time basis.
    • CoE members from the PMO report to apps director who also functions as the CoE lead on a part-time basis.

    The image shows a organizational chart titled Dedicated CoE, with all CoE members under the CoE.

    • Requires re-organization and dedicated full-time staff to run the CoE with clear lines of responsibility and accountability.
    • Hiring or developing highly skilled employees who have a sole function to facilitate and monitor quality best practices within the IT department may be necessary.

    Activity: Form the Center of Excellence

    1.2.1 1 Hour

    Input

    • N/A

    Output

    • ACE governance and resourcing plan

    Materials

    • Whiteboard

    Participants

    • Agile leadership group
    1. As a group, discuss if there is an existing body that would be able to govern the Center of Excellence. This body will monitor progress on an ongoing basis and assess any change requests that would impact the CoEs operation or goals.
    • List current governing bodies that are closely aligned with your current Agile environment and determine if the group could take on additional responsibilities.
    • Alternatively, identify individuals who could form a new ACE governing body.
  • Using the results of Exercise 1.1.6 in Step 1, select the individuals who will participate in the Center of Excellence. As a rough rule of thumb for sizing, an ACE staffed with 3-5 people can support 8-12 Agile Teams.
  • Document results in the ACE Communications Deck.

    Leverage your existing Agile practices and SMEs when establishing the ACE

    The synergy between Agile and CoE relies on its ability to build on existing best practices. Agile cannot grow without a solid foundation. ACE gives you the way to disseminate these practices and facilitate knowledge transfer from a centralized sharing environment. As part of defining your service offerings, engage with stakeholders across the organization to evaluate what is already documented so that it can be accommodated in the ACE.

    Documentation

    • Are there any existing templates that can be leveraged (e.g. resource planning, sprint planning)?
    • Are there any existing process documents that can be leveraged (e.g. SIPOC, program frameworks)?
    • Are there any existing standards documents the CoE can incorporate (e.g. policies, procedures, guidelines)?

    SMEs

    • Interview existing subject-matter experts that can give you an idea of your current pains and opportunities.
    • You already have feedback from those in your workshop group, so think about the rest of the organization:
      • Agile practitioners
      • Business stakeholders
      • Operations
      • Any other parties not represented in the workshop group

    Metrics

    • What are the current metrics being used to measure the success of Agile teams?
    • What metrics are currently being used to measure the completion of business objectives?
    • What tools or mediums are currently used for recording and communicating metrics?

    Info-Tech Insight

    When considering existing practices, it is important to evaluate the level of adherence to these practices. If they have been efficiently utilized, injecting them into ACE becomes an obvious decision. If they have been underutilized, however, it is important to understand why this occurred and discuss how you can drive higher adherence.

    Examples of existing documents to leverage

    People

    • Agile onboarding planning documents
    • Agile training documents
    • Organizational Agile manifesto
    • Team performance metrics dashboard
    • Stakeholder engagement and communication plan
    • Development team engagement plan
    • Organizational design and structure
    • Roles and responsibilities chart (i.e. RACI)
    • Compensation plan Resourcing plan

    Process

    • Tailored Scrum process
    • Requirements gathering process
    • Quality stage-gate checklist (including definitions of ready and done)
    • Business requirements document
    • Use case document
    • Business process diagrams
    • Entity relationship diagrams
    • Data flow diagrams
    • Solution or system architecture
    • Application documentation for deployment
    • Organizational and user change management plan
    • Disaster recovery and rollback process
    • Test case templates

    Technology

    • Code review policies and procedures
    • Systems design policies
    • Build, test, deploy, and rollback scripts
    • Coding guidelines
    • Data governance and management policies
    • Data definition and glossary
    • Request for proposals (RFPs)
    • Development tool standards and licensing agreements
    • Permission to development, testing, staging, and production environments
    • Application, system, and data integration policies

    Build upon the lessons learned from your Agile pilots

    The success of your Center of Excellence relies on the ability to build sound best practices within your organization’s context. Use your previous lessons learned and growing pains as shared knowledge of past Agile implementations within the ACE.

    Implement Agile Practices That Work

    Draw on the experiences of your initial pilot where you learned how to adapt the Agile manifesto and practices to your specific context. These lessons will help onboard new teams to Agile since they will likely experience some of the same challenges.

    Download

    Documents for review include:

    • Tailored Scrum Process
    • Agile Pilot Metrics
    • Info-Tech’s Agile Pilot Playbook

    Enable Organization-Wide Collaboration by Scaling Agile

    Draw on previous scaling Agile experiences to help understand how to interface, facilitate, and orchestrate cross-functional teams and stakeholders for large and complex projects. These lessons will help your ACE teams develop collaboration and problem-solving techniques involving roles with different priorities and lines of thinking.

    Download

    Documents for review include:

    • Agile Program Framework
    • Agile Pilot Program Metrics
    • Scaled Agile Development Process
    • Info-Tech’s Scaling Agile Playbook

    Activity: Gather and document your existing Agile practices for the CoE

    1.2.2 Variable time commitment based on current documentation state

    Input

    • Existing practices

    Output

    • Practices categorized within operating model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Compile a list of existing practices that will be shared by the Center of Excellence. Consider any documents, templates, or tools that are used regularly by Agile teams.
    2. Evaluate the level of adherence to use of the practices (whether the practice is complied with regularly or not) with a high, medium, or low. Low compliance will need a root-cause analysis to understand why and how to remedy the situation.
    3. Determine the best fit for each practice under the ACE operational model.
    Name Type Adherence Level CoE Best Fit Source
    1 Tailored Scrum process Process High Shared Services Internal Wiki
    2
    3

    Activity: Interview stakeholders to understand the ACE functional expectations

    1.2.3 30-60 Minutes per interview

    Interview Stakeholders (from both Agile teams and functional areas) on their needs from the ACE. Ensure you capture both pain points and opportunities. Capture these as either Common Agile needs or Functional needs. Document using the tables below:

    Common Agile Needs
    Common Agile Needs
    • Each Agile Team interprets Agile differently
    • Need common approach to Agile with a proven track record within the organization
    • Making sure all Team members have a good understanding of Agile
    • Common set of tool(s) with a proven track record, along with a strong understanding of how to use the tool(s) efficiently and effectively
    • Help troubleshooting process related questions
    • Assistance with addressing the individual short comings of each Agile Team
    • Determining what sort of help each Agile Team needs most
    • Better understanding of the role played by Scrum Master and associated good practices
    • When and how do security/privacy/regulatory requirements get incorporated into Agile projects
    Functional Needs Ent Arch Needs
    • How do we ensure Ent Arch has insight and influence on Agile software design
    • Better understanding of Agile process
    • How to measure compliance with reference architectures

    PMO Needs

    • Better understanding of Agile process
    • Understanding role of PM in Agile
    • Project status reports that determine current level of project risk
    • How does project governance apply on Agile projects
    • What deliverables/artifacts are produced by Agile projects and when are they completed

    Operations Needs

    • Alignment on approaches for doing releases
    • Impact of Agile on change management and support desk processes
    • How and when will installation and operation instructions be available in Agile

    Activity: Form a solution matrix to organize your pain points and opportunities

    1.2.4 Half day

    Input

    • Identified requirements

    Output

    • Classified pains and opportunities

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the listed pain points from the data gathering process. Sort the pain points on sticky notes into technology, governance, people, and shared services.
    2. Consider opportunities under each defining element based on the identified business requirements.
    3. Document your findings.
    4. Discuss the results with the project team and prioritize the opportunities.
      • Where do the most pains occur?
      • What opportunities exist to alleviate pains?
    Governance Shared Services Technology People
    Pain Points
    Opportunities

    Document results in the ACE Communications Deck.

    Activity: Refine your use cases to identify your ACE functions and services

    1.2.5 1 Hour

    Input

    • Use cases from activity 1.1.2

    Output

    • Refined use cases based on data collection

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Refine your initial use cases for the points of alignment between your ACE and business objectives using your classified pain points and opportunities.
    2. Add use cases to address newly realized pain points.
    3. Determine the functions and services the CoE can offer to address the identified requirements.
    4. Evaluate the outputs in the form of realized benefits and extracted inefficiencies.

    Possible ACE use cases:

    • Policy Management
    • Change Management
    • Risk Management
    • Stakeholder Management
    • Engagement Planning
    • Knowledge Management
    • Subject-Matter Expertise
    • Agile Team Evaluation
    • Operations Support
    • Onboarding
    • Coaching
    • Learning Facilitation
    • Communications Training
    • Vendor Management
    • Application Support
    • Tooling Standards

    Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map

    1.2.6 1 Hour

    Input

    • Use cases from activity 1.2.4

    Output

    • ACE capability map

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE team
    1. Review the refined and categorized list of service offerings.
    2. Determine how these new capabilities will add, remove, or enhance your existing service and capabilities.
    3. Categorize the capabilities into the following groups:
    • Governance and Metrics
    • Services
    • Staff
    • Technology
  • Label the estimated impact of the service offering based on your business priorities for the year. This will guide your strategy for implementing your Agile Center of Excellence moving forward.
  • Document results in the ACE Communications Deck.

    Activity: Visualize your ACE functions and service offerings with a capability map (continued)

    Governance

    Policy Management (Medium Potential)

    Change Management (High Potential)

    Risk Management (High Potential)

    Stakeholder Management (High Potential)

    Metrics/Feedback Monitoring (High Potential)

    Shared Services

    Engagement Planning (High Potential)

    Knowledge Management (High Potential)

    Subject-Matter Expertise (High Potential)

    Agile Team Evaluation (High Potential)

    Operations Support (High Potential)

    People

    Onboarding (Medium Potential)

    Coaching (High Potential)

    Learning Facilitation (High Potential)

    Internal Certification Program (Low Potential)

    Communications Training (Medium Potential)

    Technology

    Vendor Management (Medium Potential)

    Application Support (Low Potential)

    Tooling Standards (High Potential)

    Checkpoint: Are you ready to standardize your CoEs service offerings?

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Self-Auditing Guidelines

    • Have you identified and prioritized the key business objectives for the upcoming year that the ACE will align with?
    • Do you have a high-level set of use cases for points of alignment between your ACE and business objectives?
    • Have you mapped your stakeholders and identified the key players that will have an influence over the future success of your ACE?
    • Have you identified how your organization will fund, resource, and govern the ACE?
    • Have you collected data to understand the functional expectations of the users the ACE is intended to serve?
    • Have you refined your use cases to align with both business objectives and functional expectations?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.2 Identify and prioritize organizational business objectives

    Our analyst team will help you organize and prioritize your business objectives for the year in order to ensure that the service offerings the ACE offers are delivering consistent business value.

    1.1.3 Form use cases for the points of alignment between your ACE and business objectives

    Our analyst team will help you turn your prioritized business objectives into a set of high-level use cases that will provide the foundation for defining user-aligned services.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.1.4 Prioritize your ACE stakeholders

    Our analysts will walk you through an exercise of mapping and prioritizing your Centers of Excellence stakeholders based on impact and power within so you can ensure appropriate presentation of interests within the organization.

    1.2.4 Form a solution matrix to organize your pain points and opportunities

    Our analyst team will help you solidify the direction of your Center of Excellence by overlaying your identified needs, pain points, and potential opportunities in a matrix guided by Info-Tech’s CoE operating model.

    1.2.5 Refine your use cases to identify your ACE functions and services

    Our analyst team will help you further refine your business-aligned use cases with the functional expectations from your Agile teams and stakeholders, ensuring the ACEs long-term utility.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    1.2.6 Visualize your ACE functions and service offerings with a capability map

    Our analysts will walk you through creating your Agile Centers of Excellence capability map and help you to prioritize which service offerings are critical to the success of your Agile teams in meeting their objectives.

    Phase 2

    Standardize the Centers of Excellence Service Offerings

    Spread Best Practices With an Agile Center of Excellence

    The ACE needs to ensure consistency in service delivery

    Now that you have aligned the CoE to the business and functional expectations, you need to ensure its service offerings are consistently accessible. To effectively ensure accessibility and delegation of shared services in an efficient way, the CoE needs to have a consistent framework to deliver its services.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Standardize the CoEs Service Offerings

    Proposed Time to Completion (in weeks): 2

    Step 2.1: Define an adoption plan for your Agile teams

    Start with an analyst kick off call:

    • Dissect the key attributes of Agile adoption.

    Then complete these activities…

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Step 2.2: Create an ACE engagement plan

    Start with an analyst kick off call:

    • Form engagement plans for your Agile teams.

    Then complete these activities…

    2.2.1 Create an engagement plan for each level of adoption.

    Step 2.3: Define metrics to measure success

    Finalize phase deliverable:

    • Discuss effective ACE metrics.

    Then complete these activities…

    2.3.1 Collect existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Phase 2 Results & Insights:

    • Standardizing your service offerings allows you to have direct influence on the dissemination of best practices.

    Phase 2, Step 1: Define an adoption plan for your Agile teams

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.1.1 Further categorize your use cases within the Agile adoption model.

    Outcomes:

    • Refine your previously determined use cases within the Agile adoption model to ensure that teams can be assisted at any level of Agile adoption.
    • Understand the key attributes of Agile adoption and how they impact success.

    Understand the implementation challenges that the ACE may face

    Culture clash between ACE and larger organization

    It is important to carefully consider the compatibility between the current organizational culture and Agile moving forward. Agile compels empowered teams, meritocracy, and broad collaboration for success; while typical organizational structures are siloed and hierarchical and decisions are delegated from the top down.

    This is not to say that the culture of the ACE has to match the larger organizational culture; part of the overarching aim of the ACE is to evolve the current organizational culture for the better. The point is to ensure you enable a smooth transition with sufficient management support and a team of Agile champions.

    The changing role of middle management

    Very similar to the culture clash challenge, cultural rigidity in how middle managers operate (performance review, human resource management, etc.) can cause cultural rejection. They need to become enablers for high performance and give their teams the sufficient tools, skills, and opportunities to succeed and excel.

    What impedes Agile adoption?

    Based on a global survey of Agile practitioners (N=1,319)*:

    52% Organizational culture at odds with agile values

    44% Inadequate management support and sponsorship

    48% General organization resistance to change

    *Respondents were able to make multiple selections

    (13th Annual State of Agile Report, VersionOne, 2019)

    Build competency and trust through a structured Agile adoption plan

    The reality of cultural incompatibility between Agile and traditional organization structures necessitates a structured adoption plan. Systematically build competency so teams can consistently achieve project success and solidify trust in your teams’ ability to meet business needs with Agile.

    By incrementally gaining the trust of management as you build up your Agile capabilities, you enable a smooth cultural transition to an environment where teams are empowered, adapt quickly to changing needs, and are trusted to innovate and make successes out of their failures.

    Optimized value delivery occurs when there is a direct relationship between competency and trust. There will be unrealized value when competency or trust outweigh the other. That value loss increases as either dimension of adoption continues to grow faster than the other.

    The image shows a graph with Competency on the x-axis and Trust on the y-axis. There are 3 sections: Level 1, Level 2, and Level 3, in subsequently larger arches in the background of the graph. The graph shows two diagonal arrows, the bottom one labelled Current Value Delivery and the top one labelled Optimized Value Delivery. The space between the two arrows is labelled Value Loss.

    Use Info-Tech’s Practice Adoption Optimization Model to systematically increase your teams’ ability to deliver

    Using Info-Tech’s Practice adoption optimization model will ensure you incrementally build competency and trust to optimize your value delivery.

    Agile adoption at its core, is about building social capital. Your level of trust with key influencers increases as you continuously enhance your capabilities, enabling the necessary cultural changes away from traditional organizational structures.

    Trust & Competency ↓

    DEFINE

    Begin to document your development workflow or value chain, implement a tracking system for KPIs, and start gathering metrics and reporting them transparently to the appropriate stakeholders.

    ITERATE

    Use collected metrics and retrospectives to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.

    COLLABORATE

    Use information to support changes and adopt appropriate practices to make incremental improvements to the existing environment.

    EMPOWER

    Drive behavioral and cultural changes that will empower teams to be accountable for their own success and learning.

    INNOVATE

    Use your built-up trust and support practice innovation, driving the definition and adoption of new practices.

    Review these key attributes of Agile adoption

    Agile adoption is unique to every organization. Consider these key attributes within your own organizational context when thinking about levels of Agile adoption.

    Adoption Attributes

    Team Organization

    Considers the degree to which teams are able to self-organize based on internal organizational structures (hierarchy vs. meritocracy) and inter-team capabilities.

    Team Coordination

    Considers the degree to which teams can coordinate, both within and across functions.

    Business Alignment

    Considers the degree to which teams can understand and/or map to business objectives.

    Coaching

    Considers what kind of coaching/training is offered and how accessible the training is.

    Empowerment

    Considers the degree to which teams are able and capable to address project, process, and technical challenges without significant burden from process controls and bureaucracy.

    Failure Tolerance

    Considers the degree to which stakeholders are risk tolerant and if teams are capable of turning failures into learning outcomes.

    Why are these important?

    These key attributes function as qualities or characteristics that, when improved, will successively increase the degree to which the business trusts your Agile teams’ ability to meet their objectives.

    Systematically improving these attributes as you graduate levels of the adoption model allows the business to acclimatize to the increased capability the Agile team is offering, and the risk of culture clash with the larger organization decreases.

    Start to consider at what level of adoption each of your service offerings become useful. This will allow you to standardize the way your Agile teams interact with the CoE.

    Activity: Further categorize your use cases within the Agile adoption model

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather the list of your categorized use cases.
    2. Based on Info-Tech’s Agile adoption model, categorize which use cases would be useful to help the Agile team graduate to the next level of adoption.
      • Conceptualize: Begin to document your workflow or value chain, implement a tracking system for KPIs, and gather metrics and report them transparently to the appropriate stakeholders.
      • Iterate: Use collected metrics to stabilize team performance by reducing areas of variability in your workflow and increasing the consistency at which targets are met.
      • Collaborate: Use information to drive changes and adopt appropriate Agile practices to make incremental improvements to the existing environment.
      • Empower: Drive behavioral and cultural changes that will empower teams to be accountable for their own successes given the appropriate resources.
      • Innovate: Use your built-up trust to begin to make calculated risks and innovate more, driving new best practices into the CoE.

    The same service offering could be offered at different levels of adoption. In these cases, you will need to re-visit the use case and differentiate how the service (if at all) will be delivered at different levels of adoption.

    1. Use this opportunity to brainstorm alternative or new use cases for any gaps identified. It is the CoEs goal to assist teams at every level of adoption to meet their business objectives. Use a different colored sticky note for these so you can re-visit and map out their inputs, outputs, metrics, etc.

    Activity: Further categorize your use cases within the Agile adoption model (continued)

    2.1.1 1.5 Hours

    Input

    • List of service offerings

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team

    Example:

    Service Offerings
    Level 5: Innovate
    Level 4: Empower
    Level 3: Collaborate Coaching -- Communications Training
    Level 2: Iterate Tooling Standards
    Level 1: Conceptualize

    Learning Facilitation

    Draw on the service offerings identified in activity 1.2.4

    Phase 2, Step 2: Create an ACE engagement plan

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.2.1 Create an engagement plan for each level of adoption.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Enable Agile teams to interface with ACE service offerings to meet their business objectives

    A Center of Excellence aligned with your service offerings is only valuable if your CoEs customers can effectively access those services. At this stage, you have invested in ensuring that your CoE aligns to your business objectives and that your service offerings align to its customers. Now you need to ensure that these services are accessible in the day-to-day operation of your Agile teams.

    Engagement Process → Service Offering

    Use backwards induction from your delivery method to the service offering. This is an effective method to determine the optimal engagement action for the CoE, as it considers the end customer as the driver for best action for every possible situation.

    Info-Tech Insight

    Your engagement process should be largely informed by your ACE users. Teams have constraints as well as in-the-trenches concerns and issues. If your service offerings don’t account for these, it can lead to rejection of the culture you are trying to inspire.

    Show the way, do not dictate

    Do not fix problems for your Agile teams, give them the tools and knowledge to fix the problems themselves.

    Facilitate learning to drive success

    A primary function of your ACE is to transfer knowledge to Agile teams to increase their capability to achieve desired outcomes.

    While this can take the form of coaching, training sessions, libraries, and wikis, a critical component of ACE is creating interactions where individuals from Agile teams can come together and share their knowledge.

    Ideas come from different experiences. By creating communities of practice (CoP) around topics that the ACE is tasked with supporting (e.g. Agile business analysts), you foster social learning and decrease the likelihood that change will result in some sort of cultural rejection.

    Consider whether creating CoPs would be beneficial in your organization’s context.

    "Communities of practice are a practical way to frame the task of managing knowledge. They provide a concrete organizational infrastructure for realizing the dream of a learning organization." – Etienne Wenger, Digital Habitats: Stewarding technology for communities

    A lack of top-down support will result in your ACE being underutilized

    Top-down support is critical to validate the CoE to its customers and ensure they feel compelled to engage with its services. Relevancy is a real concern for the long-term viability of a CoE and championing its use from a position of authority will legitimize its function and deter its fading from relevancy of day-to-day use for Agile teams.

    Although you are aligning your engagement processes to the customers of your Agile Center of Excellence, you still need your key influencers to champion its lasting organizational relevancy. Don’t let your employees think the ACE is just a coordinating body or a committee that is convenient but non-essential – make sure they know that it drives their own personal growth and makes everyone better as a collective.

    "Even if a CoE is positioned to meet a real organizational need, without some measure of top-down support, it faces an uphill battle to remain relevant and avoid becoming simply one more committee in the eyes of the wider organization. Support from the highest levels of the organization help fight the tendency of the larger organization to view the CoE as a committee with no teeth and tip the scales toward relevancy for the CoE." – Joe Shepley, VP and Practice Lead, Doculabs

    Info-Tech Insight

    Stimulate top-down support with internal certifications. This allows your employees to gain accreditation while at the same time encouraging top-down support and creating a compliance check for the continual delivery and acknowledgement of your evolving best practices.

    Ensure that best practices and lessons learned are injected back into the ACE

    For your employees to continuously improve, so must the Center of Excellence. Ensure the ACE has the appropriate mechanisms to absorb and disseminate best practices that emerge from knowledge transfer facilitation events.

    Facilitated Learning Session →Was the localized adaption well received by others in similar roles? →Document Localized Adaptation →Is there broad applicability and benefit to the proposed innovation? →CoE Absorbs as Best Practice

    Continuous improvement starts with the CoE

    While facilitating knowledge transfer is key, it is even more important that the Center of Excellence can take localized adaptations from Agile teams and standardize them as best practices when well received. If an individual were to leave without sharing their knowledge, the CoE and the larger organization will lose that knowledge and potential innovation opportunities.

    Experience matters

    To organically grow your ACE and be cost effective, you want your teams to continuously improve and to share that knowledge. As individual team members develop and climb the adoption model, they should participate as coaches and champions for less experienced groups so that their knowledge is reaching the widest audience possible.

    Case study: Agile learning at Spotify

    CASE STUDY

    Industry Digital Media

    Source Henrik Kniberg & Anders Ivarsson, 2012

    Methods of Agile learning at Spotify

    Spotify has continuously introduced innovative techniques to facilitate learning and ensure that that knowledge gets injected back into the organization. Some examples are the following:

    • Hack days: Self-organizing teams, referred to as squads, come together, try new ideas, and share them with their co-workers. This facilitates a way to stay up to date with new tools and techniques and land new product innovations.
    • Coaching: Every squad has access to an Agile coach to help inject best practices into their workflow – coaches run retrospectives, sprint planning meetings, facilitate one-on-one coaching, etc.
    • Tribes: Collections of squads that hold regular gatherings to show the rest of the tribe what they’ve been working on so others can learn from what they are doing.
    • Chapters: People with similar skills within a tribe come together to discuss their area of expertise and their specific challenges.
    • Guilds: A wide-reaching community of interest where members from different tribes can come together to share knowledge, tools, and codes, and practice (e.g. a tester guild, an Agile coaching guild).

    The image shows the Spotify model, with two sections, each labelled Tribe, and members from within each Tribe gathered together in a section labelled Guild.

    "As an example of guild work, we recently had a ‘Web Guild Unconference,’ an open space event where all web developers at Spotify gathered up in Stockholm to discuss challenges and solutions within their field."

    Activity: Create an engagement plan for each level of adoption

    2.2.1 30 Minutes per role

    Input

    • Categorized use cases

    Output

    • Role-based engagement plans

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. On the top bar, define the role you are developing the engagement plan for. This will give you the ability to standardize service delivery across all individuals in similar roles.
    2. Import your categorized service offerings for each level of adoption that you think are applicable to the given role.
    3. Using backwards induction, determine the engagement processes that will ensure that those service offerings are accessible and fit the day-to-day operations of the role.
    4. Fill in the template available on the next slide with each role’s engagement plan.

    Document results in the ACE Communications Deck.

    Example engagement plan: Developer

    2.2.1 30 Minutes per role

    Role: Developer
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    3. Learning Facilitation
    1. Tooling Standards
    2. Learning Facilitation
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Knowledge Management
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    2. Based on service request or need identified by dev. manager.
    3. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 2, receive standard Agile tooling standards training.
    2. Weekly mandatory community of practice meetings.
    1. When determined to have graduated to level 3, receive standard Agile communications training.
    2. Weekly mandatory community of practice meetings
    1. Peer-based training on how to effectively self-organize.
    2. Based on service request or need identified by dev. manager.
    1. Review captured key learnings from last and have CoE review KPIs related to any area changed.

    Example engagement plan: Tester

    2.2.1 30 Minutes per role

    Role: Tester
    Level 1Level 2Level 3Level 4Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Product Training
    2. Communications Training
    1. Communications Training
    2. Learning Facilitation
    1. Subject-Matter Expertise
    2. Coaching
    1. Tooling Standards
    2. Training
    3. Coaching
    Engagement Process
    1. Based on service request or need identified by dev. manager.
    1. Weekly mandatory community of practice meetings.
    2. Provide training on effective methods for communicating with development teams based on organizational best practices.
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices. Weekly mandatory community of practice meetings.
    1. Peer-to-peer training with level 5 certified coach.
    2. Based on service request or need identified by dev. manager. .
    1. Periodic updates of organizational tooling standards based on community of practice results.
    2. Automation training.
    3. Provide coaching to level 1 developers on a rotating basis to develop facilitation skills.

    Example engagement plan: Product Owner

    2.2.1 30 Minutes per role

    Role: Product Owner
    Level 1 Level 2 Level 3 Level 4 Level 5
    Service Offering
    1. Onboarding
    2. Coaching
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Communications Training
    3. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    1. Coaching
    2. Learning Facilitation
    Engagement Process
    1. Provide onboarding materials for Agile product owners.
    2. Provide bi-weekly reviews and subsequent guidance at the end of retrospective processes.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. When determined to have graduated to level 3, receive standard training based on organizational testing best practices.
    2. Bi-weekly mandatory community of practice meetings.
    1. Provide monthly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings
    1. Provide quarterly reviews and subsequent guidance based on retrospective results.
    2. Bi-weekly mandatory community of practice meetings

    Phase 2, Step 3: Define metrics to measure success

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    2.3.1 Define existing team-level metrics.

    2.3.2 Define metrics that align with your Agile business objectives.

    2.3.3 Define target ACE performance metrics.

    2.3.4 Define Agile adoption metrics.

    2.3.5 Consolidate your metrics for stakeholder impact.

    2.3.6 Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value.

    Outcomes:

    • Understand the importance of aligning with the functional expectations of your ACE customers.
    • Understand the relationship between engagement and continuous improvement.
    • Create an engagement plan for each level of adoption to standardize the way customers interact with the ACE.

    Craft metrics that will measure the success of your Agile teams

    Quantify measures that demonstrate the effectiveness of your ACE by establishing distinct metrics for each of your service offerings. This will ensure that you have full transparency over the outputs of your CoE and that your service offerings maintain relevance and are utilized.

    Questions to Ask

    1. What are leading indicators of improvements that directly affect the mandate of the CoE?
    2. How do you measure process efficiency and effectiveness?

    Creating meaningful metrics

    Specific

    Measureable

    Achievable

    Realistic

    Time-bound

    Follow the SMART framework when developing metrics for each service offering.

    Adhering to this methodology is a key component of the lean management methodology. This framework will help you avoid establishing general metrics that aren’t relevant.

    "It’s not about telling people what they are doing wrong. It’s about constantly steering everyone on the team in the direction of success, and never letting any individual compromise the progress of the team toward success." – Mary Poppendieck, qtd. in “Questioning Servant Leadership”

    For important advice on how to avoid the many risks associated with metrics, refer to Info-Tech’s Select and Use SDLC Metrics Effectively.

    Ensure your metrics are addressing criteria from different levels of stakeholders and enterprise context

    There will be a degree of overlap between the metrics from your business objectives, service offerings, and existing Agile teams. This is a positive thing. If a metric can speak to multiple benefits it is that much more powerful in commuting successes to your key stakeholders.

    Existing metrics

    Business objective metrics

    Service offering metrics

    Agile adoption metrics

    Finding points of overlap means that you have multiple stakeholders with a vested interest in the positive trend of a specific metric. These consolidated metrics will be fundamental for your CoE as they will help build consensus through communicating the success of the ACE in a common language for a diverse audience.

    Activity: Define existing team-level metrics

    2.3.1 1 Hour

    Input

    • Current metrics

    Output

    • Service offerings categorized within adoption model

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Team
    1. Gather any metrics related documentation that you collected during your requirements gathering in Phase 1.
    2. Collect team-level metrics for your existing Agile teams:
      • Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
      • Look at historical trends and figures when available. Be careful of frequent anomalies as these may indicate a root cause that needs to be addressed.
      • Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    Team Objective Expected Benefits Metrics
    Improve productivity
    • Improve transparency with business decisions
    • Team burndown and velocity
    • Number of releases per milestone
    Increase team morale and motivation
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Team satisfaction with Agile environment
    • Degree of engagement in ceremonies
    Improve transparency with business decisions
    • Teams are engaged and motivated to develop new opportunities to deliver more value quicker.
    • Stakeholder satisfaction with completed product
    • Number of revisions to products in demonstrations

    Activity: Define metrics that align with your Agile business objectives

    2.3.2 1 Hour

    Input

    • Organizational business objectives from Phase 1

    Output

    • Metrics aligned to organizational business objectives

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. List the business objectives that you determined in 1.1.2.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of completing those business objectives, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your business objectives. While engaging in this process, ensure to document the collection method for each metrics.
    Business Objectives Expected Benefits Metrics
    Decrease time-to-market of product releases
    • Faster feedback from customers.
    • Increased customer satisfaction.
    • Competitive advantage.
    Decrease time-to-market of product releases
    • Alignment to organizational best practices.
    • Improved team productivity.
    • Greater collaboration across functional teams.
    • Policy and practice adherence and acknowledgement
    • Number of requests for ACE services
    • Number of suggestions to improve Agile best practices and ACE operations

    Activity: Define target ACE performance metrics

    2.3.3 1 Hour

    Input

    • Service offerings
    • Satisfaction surveys
    • Usage rates

    Output

    • CoE performance metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. Compare these to your team performance metrics.
    Service Offering Expected Benefits Metrics
    Knowledge management
    • Comprehensive knowledgebase that accommodates various company products and office locations.
    • Easily accessible resources.
    • Number of practices extracted from ACE and utilized
    • Frequency of updates to knowledgebase
    Tooling standards
    • Tools adhere to company policies, security guidelines, and regulations.
    • Improved support of tools and technologies.
    • Tools integrate and function well with enterprise systems.
    • Number of teams and functional groups using standardized tools
    • Number of supported standardized tools
    • Number of new tools added to the standards list
    • Number of tools removed from standards list

    Activity: Define Agile adoption metrics

    2.3.4 1 Hour

    Input

    • Agile adoption model

    Output

    • Agile adoption metrics
    1. Define metrics to measure the success of each of your service offerings.
    2. Create a shortlist of expected benefits from those business objectives. These will help to drive metrics that align with the intended purpose of those service offerings, and affirm they are aligned to realizable benefits.
    3. Define metrics that speak to the benefits of your service offerings.
    4. It is possible that you will need to adjust these metrics after baselines are established when you begin to operate the ACE. Keep this in mind moving forward.
    Adoption attributes Expected Benefits Metrics
    Team organization
    • Acquisition of the appropriate roles and skills to successfully deliver products.
    • Degree of flexibility to adjust team compositions on a per project basis
    Team coordination
    • Ability to successfully undertake large and complex projects involving multiple functional groups.
    • Number of ceremonies involving teams across functional groups
    Business alignment
    • Increased delivery of business value from process optimizations.
    • Number of business-objective metrics surpassing targets
    Coaching
    • Teams are regularly trained with new and better best practices.
    • Number of coaching and training requests
    Empowerment
    • Teams can easily and quickly modify processes to improve productivity without following a formal, rigorous process.
    • Number of implemented changes from team retrospectives
    Failure tolerance
    • Stakeholders trust teams will adjust when failures occur during a project.
    • Degree of stakeholder trust to address project issues quickly and effectively

    Activity: Consolidate your metrics for stakeholder impact

    2.3.5 30 Minutes

    Input

    • New and existing Agile metrics

    Output

    • Consolidated Agile metrics

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • ACE
    1. Take all the metrics defined from the previous activities and compare them as a group.
    2. If there are overlapping metrics that are measuring similar outcomes or providing similar benefits, see if there is a way to merge them together so that a single metric can report outcomes to multiple stakeholders. This reduces the amount of resources invested in metrics gathering and helps to show consensus or alignment between multiple stakeholder interests.
    3. Compare these to your existing Agile metrics, and explore ways to consolidate existing metrics that are established with some of your new metrics. Established metrics are trusted and if they can be continued it can be viewed as beneficial from a consensus and consistency perspective to your stakeholders.

    Activity: Use Info-Tech’s ACE Benefits Tracking Tool to monitor, evaluate, refine, and ensure continued business value

    2.3.6 1 Hour

    Purpose

    The CoE governance team can use this tool to take ownership of the project’s benefits, track progress, and act on any necessary changes to address gaps. In the long term, it can be used to identify whether the team is ahead, on track, or lagging in terms of benefits realization.

    Steps

    1. Enter your identified metrics from the following activities into the ACE Benefits Tracking Tool.
    2. Input your baselines from your data collection (Phase 3) and a goal value for each metric.
    3. Document the results at key intervals as defined by the tool.
    4. Use the summary report to identify metrics that are not tracking well for root cause analysis and communicate with key stakeholders the outcomes of your Agile Center of Excellence based on your communication schedule from Phase 3, Step 3.

    INFO-TECH DELIVERABLE

    Download the ACE Benefits Tracking Tool.

    Checkpoint: Are you ready to operate your ACE?

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Self Auditing Guidelines

    • Have you categorized your ACE service offerings within Info-Tech’s Agile adoption model?
    • Have you formalized engagement plans to standardize the access to your service offerings?
    • Do you understand the function of learning events and their criticality to the function of the ACE?
    • Do you understand the key attributes of Agile adoption and how social capital leads to optimized value delivery?
    • Have you defined metrics for different goals (adoption, effective service offerings, business objectives) of the ACE?
    • Do your defined metrics align to the SMART framework?

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1 Further categorize your use cases within the Agile adoption model

    Our analyst team will help you categorize the Centers of Excellence service offerings within Info-Tech’s Agile adoption model to help standardize the way your organization engages with the Center of Excellence.

    2.2.1 Create an engagement plan for each level of adoption

    Our analyst team will help you structure engagement plans for each role within your Agile environment to provide a standardized pathway to personal development and consistency in practice.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    2.3.2 Define metrics that align with your Agile business objectives

    Our analysts will walk you through defining a set of metrics that align with your Agile business objectives identified in Phase 1 of the blueprint so the CoEs monitoring function can ensure ongoing alignment during operation.

    2.3.3 Define target ACE performance metrics

    Our analysts will walk you through defining a set of metrics that monitors how successful the ACE has been at providing its services so that business and IT stakeholders can ensure the effectiveness of the ACE.

    2.3.4 Define Agile adoption metrics

    Our analyst team will help you through defining a set of metrics that aligns with your organization’s fit of the Agile adoption model in order to provide a mechanism to track the progress of Agile teams maturing in capability and organizational trust.

    Phase 3

    Operationalize Your Agile Center of Excellence

    Spread Best Practices With an Agile Center of Excellence

    Operate your ACE to drive optimized value from your Agile teams

    The final step is to engage in monitoring of your metrics program to identify areas for improvement. Using metrics as a driver for operating your ACE will allow you to identify and effectively manage needed change, as well as provide you with the data necessary to promote outcomes to your stakeholders to ensure the long-term viability of the ACE within your organization.

    Phase 1 - Strategically Align the CoE

    Create strategic alignment between the CoE and the organization’s goals, objectives, and vision. This alignment translates into the CoE mandate intended to enhance the way Agile will enable teams to meet business objectives.

    Phase 2 - Standardize the CoEs Service Offerings

    Build an engagement plan based on a standardized adoption model to ensure your CoE service offerings are accessible and consistent across the organization. Create and consolidate key performance indicators to measure the CoEs utility and whether or not the expected value is being translated to tangible results.

    Phase 3 - Operate the CoE

    Operate the CoE to provide service offerings to Agile teams, identify improvements to optimize the function of your Agile teams, and effectively manage and communicate change so that teams can grow within the Agile adoption model and optimize value delivery both within your Agile environment and across functions.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Operate the CoE

    Proposed Time to Completion (in weeks): Variable depending on communication plan

    Step 3.1: Optimize the success of your ACE

    Start with an analyst kick off call:

    • Conduct a baseline assessment of your Agile environment.

    Then complete these activities…

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Step 3.2: Plan change to enhance your Agile initiatives

    Start with an analyst kick off call:

    • Interface with the ACE with your change management function.

    Then complete these activities…

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues.

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Step 3.3: Conduct ongoing retrospectives of your ACE

    Finalize phase deliverable:

    • Build a communications deck for key stakeholders.

    Then complete these activities…

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Review the effectiveness of your service offerings.

    3.3.4 Evaluate your ACE Maturity.

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Phase 3 Results & Insights:

    Inject improvements into your Agile environment with operational excellence. Plan changes and communicate them effectively, monitor outcomes on a regular basis, and keep stakeholders in the loop to ensure that their interests are being looked after to ensure long-term viability of the CoE.

    Phase 3, Step 1: Optimize the success of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Tools:

    3.1.1 Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline.

    3.1.2 Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE.

    3.1.3 Prioritize ACE actions by monitoring your metrics.

    Outcomes:

    • Conduct a baseline assessment of your ACE to measure against using a variety of data sources, including interviews, satisfaction surveys, and historical data.
    • Use the Benefits Tracking Tool to start monitoring the outcomes of the ACE and to keep track of trends.

    Ensure the CoE is able to collect the necessary data to measure success

    Establish your collection process to ensure that the CoE has the necessary resources to collect metrics and monitor progress, that there is alignment on what data sources are to be used when collecting data, and that you know which stakeholder is interested in the outcomes of that metric.

    Responsibility

    • Does the CoE have enough manpower to collect the metrics and monitor them?
    • If automated through technology, is it clear who is responsible for its function?

    Source of metric

    • Is the method of data collection standardized so that multiple people could collect the data in the same way?

    Impacted stakeholder

    • Do you know which stakeholder is interested in this metric?
    • How often should the interested stakeholder be informed of progress?

    Intended function

    • What is the expected benefit of increasing this metric?
    • What does the metric intend to communicate to the stakeholder?

    Conduct a baseline assessment of your ACE to measure success

    Establishing the baseline performance of the ACE allows you to have a reasonable understanding of the impact it is having on meeting business objectives. Use user satisfaction surveys, stakeholder interviews, and any current metrics to establish a concept of how you are performing now. Setting new metrics can be a difficult task so it is important to collect as much current data as possible. After the metrics have been established and monitored for a period of time, you can revisit the targets you have set to ensure they are realistic and usable.

    Without a baseline, you cannot effectively:

    • Establish reasonable target metrics that reflect the performance of your Center of Excellence.
    • Identify, diagnose, and resolve any data that deviates from expected outcomes.
    • Measure ongoing business satisfaction given the level of service.

    Info-Tech Insight

    Invest the needed time to baseline your activities. These data points are critical to diagnose successes and failures of the CoE moving forward, and you will need them to be able to refine your service offerings as business conditions or user expectations change. While it may seem like something you can breeze past, the investment is critical.

    Use a variety of sources to get the best picture of your current state; a combination of methods provides the richest insight

    Interviews

    What to do:

    • Conduct interviews (or focus groups) with key influencers and Agile team members.

    Benefits:

    • Data comes from key business decision makers.
    • Identify what is top of mind for your top-level stakeholders.
    • Ask follow-up questions for detail.

    Challenges:

    • This will only provide a very high-level view.
    • Interviewer biases may skew the results.

    Surveys

    What to do:

    • Distribute an Agile-specific stakeholder satisfaction survey. The survey should be specific to identify factors of your current environment.

    Benefits:

    • Every end user/business stakeholder will be able to provide feedback.
    • The survey will be simple to develop and distribute.

    Challenges:

    • Response rates can be low if stakeholders do not understand the value in their opinions.

    Historical Data

    What to do:

    • Collect and analyze existing Agile data such as past retrospectives, Agile team metrics, etc.

    Benefits:

    • Get a full overview of current service offerings, past issues, and current service delivery.
    • Allows you to get an objective view of what is really going on within your Agile teams.

    Challenges:

    • Requires a significant time investment and analytical skills to analyze the data and generate insights on business satisfaction and needs.

    Use Info-Tech’s ACE Satisfaction Survey to help establish your baseline

    3.1.1 Baseline satisfaction survey

    Purpose

    Conduct a user satisfaction survey prior to setting your baseline for your ACE. This will include high-level questions addressing your overall Agile environment and questions addressing teams’ current satisfaction with their processes and technology.

    Steps

    1. Modify the satisfaction survey template to suit your organization and the service offerings you have defined for the Agile Center of Excellence.
    2. Distribute the satisfaction survey to any users who are expected to interface with the ACE.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your current state.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to measure the maturity level of your ACE

    3.1.2 CoE maturity assessment

    Purpose

    Assessing your ACEs maturity lets you know where they currently are and what to track to get them to the next step. This will help ensure your ACE is following good practices and has the appropriate mechanisms in place to serve your stakeholders.

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your maturity score.
    3. Document the results and communicate them with the relevant key stakeholders.
    4. Combine these results with historical data points (if available) and stakeholder interviews to get a holistic picture of your ACE maturity level.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Activity: Prioritize ACE actions by monitoring your metrics

    3.1.3 Variable time commitment

    Input

    • Metrics from ACE Benefits Tracking Tool

    Output

    • Prioritized actions for the ACE

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE team
    1. Review your ACE Benefits Tracking Tool periodically (at the end of sprint cycles, quarterly, etc.) and document metrics that are trending or actively falling short of goals or expectations.
    2. Take the documented list and have the ACE staff consider what actions or decisions can be prioritized to help mend the identified gaps. Look for any trends that could potentially speak to a larger problem or a specific aspect of the ACE or the organizational Agile environment that is not functioning as expected.
    3. Take the opportunity to review metrics that are also tracking above expected value to see if there are any lessons learned that can be extended to other ACE service offerings (e.g. effective engagement or communication strategies) so that the organization can start to learn what is effective and what is not based on their internal struggles and challenges. Spreading successes is just as important as identifying challenges in a CoE model.

    Phase 3, Step 2: Plan change to enhance your Agile initiatives

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities:

    3.2.1 Assess the interaction and communication points of your Agile teams.

    3.2.2 Determine the root cause of each metric falling short of expectations.

    3.2.3 Brainstorm solutions to identified issues

    3.2.4 Review your metrics program.

    3.2.5 Create a communication plan for change.

    Outcomes:

    • Understand how your existing change management process interfaces with the Center of Excellence.
    • Identify issues and ideate solutions to metrics falling short of expectations.
    • Create a communication plan to prepare groups for any necessary change.

    Manage the adaptation of teams as they adopt Agile capabilities

    As Agile spreads, be cognizant of your cultural tolerance to change and its ability to deliver on such change. Change will happen more frequently and continuously, and there may be conceptual (change tolerance) or capability (delivery tolerance) roadblocks along the way that will need to be addressed.

    The Agile adoption model will help to graduate both the tolerance to change and tolerance to deliver over time. As your level of competency to deliver change increases, organizational tolerance to change, especially amongst management, will increase as well. Remember that optimized value delivery comes from this careful balance of aptitude and trust.

    Tolerance to change

    Tolerance to change refers to the conceptual capacity of your people to consume and adopt change. Change tolerance may become a barrier to success because teams might be too engrained with current structures and processes and find any changes too disruptive and uncomfortable.

    Tolerance to deliver

    Tolerance to deliver refers to the capability to deliver on expected change. While teams may be tolerant, they may not have the necessary capacity, skills, or resources to deliver the necessary changes successfully. The ACE can help solve this problem with training and coaching, or possibly by obtaining outside help where necessary.

    Understand how the ACE interfaces with your current change management process

    As the ACE absorbs best practices and identifies areas for improvement, a change management process should be established to address the implementation and sustainability of change without introducing significant disruptions and costs.

    To manage a continuously changing environment, your ACE will need to align and coordinate with organizational change management processes. This process should be capable of evaluating and incorporating multiple change initiatives continuously.

    Desired changes will need to be validated, and localized adaptations will need to be disseminated to the larger organization, and current state policy and procedures will need to be amended as the adoption of Agile spreads and capabilities increase.

    The goal here is to have the ACE governance group identify and interface with parties relevant to successfully implementing any specific change.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Optimize Change Management

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Where should your Agile change requests come from?

    Changes to the services, structure, or engagement model of your ACE can be triggered from various sources in your organization. You will see that proposed changes may be requested with the best intentions; however, the potential impacts they may have to other areas of the organization can be significant. Consult all sources of ACE change requests to obtain a consensus that your change requests will not deteriorate the ACEs performance and use.

    ACE Governance

    • Sources of ACE Change Requests
      • ACE Policies/Stakeholders
        • Triggers for Change:
          • Changes in business and functional group objectives.
          • Dependencies and legacy policies and procedures.
      • ACE Customers
        • Triggers for Change:
          • Retrospectives and post-mortems.
          • Poor fit of best practices to projects.
      • Metrics
        • Triggers for Change:
          • Performance falling short of expectations.
          • Lack of alignment with changing objectives.
      • Tools and Technologies
        • Triggers for Change:
          • New or enhanced tools and technologies.
          • Changes in development and technology standards.

    Note: Each source of ACE change requests may require a different change management process to evaluate and implement the change.

    Activity: Assess the interaction and communication points of your Agile teams

    3.2.1 1.5 Hours

    Input

    • Understanding of team and organization structure

    Output

    • Current assessment of organizational design

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Identify everyone who is directly or indirectly involved in projects completed by Agile teams. This can include those that are:
    • Informed of a project’s progress.
    • Expected to interface with the Agile team for solution delivery (e.g. DevOps).
    • Impacted by the success of the delivered solutions.
    • Responsible for the removal of impediments faced by the Agile team.
  • Indicate how each role interacts with the others and how frequently these interactions occur for a typical project. Do this by drawing a diagram on a whiteboard using labelled arrows to indicate types and frequency of interactions.
  • Identify the possible communication, collaboration, and alignment challenges the team will face when working with other groups.
  • Agile Team n
    Group Type of Interaction Potential challenges
    Operations
    • Release management
    • Past challenges transitioning to DevOps.
    • Communication barrier as an impediment.
    PMO
    • Planning
    • Product owner not located with team in organization.
    • PMO still primarily waterfall; need Agile training/coaching

    Activity: Determine the root cause of each metric falling short of expectations

    3.2.2 30 Minutes per metric

    Input

    • Metrics from Benefits Tracking Tool

    Output

    • Root causes to issues

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE team
    1. Take each metric from the ACE Benefits Tracking Tool that is lagging behind or has missed expectations and conduct an analysis of why it is performing that way.
    2. Conduct individual webbing sessions to clarify the issues. The goal is to drive out the reasons why these issues are present or why scaling Agile may introduce additional challenges.
    3. Share and discuss these findings with the entire team.

    Example:

    • Lack of best-practice documentation
      • Why?
        • Knowledge siloed within teams
        • No centralized repository for best practices
          • Why?
            • No mechanisms to share between teams
              • Why? Root causes
                • Teams are not sharing localized adaptations
                • CoE is not effectively monitoring team communications
            • Access issues at team level to wiki
              • Why? Root causes
                • Administration issues with best-practice wiki
                • Lack of ACE visibility into wiki access

    Activity: Brainstorm solutions to identified issues

    3.2.3 30 Minutes per metric

    Input

    • Root causes of issues

    Output

    • Fixes and solutions to scaling Agile issues

    Materials

    • Whiteboard
    • Markers
    • Sticky notes

    Participants

    • Development team
    1. Using the results from your root-cause analysis, brainstorm potential solutions to the identified problems. Frame your brainstorming within the following perspectives: people, process, and technology. Map these solutions using the matrix below.
    2. Synthesize your ideas to create a consolidated list of initiatives.
      1. Highlight the solutions that can address multiple issues.
      2. Collaborate on how solutions can be consolidated into a single initiative.
    3. Write your synthesized solutions on sticky notes.
    SOLUTION CATEGORY
    People Process Technology
    ISSUES Poor face-to-face communication
    Lack of best-practice documentation

    Engage those teams affected by change early to ensure they are prepared

    Strategically managing change is an essential component to ensure that the ACE achieves its desired function. If the change that comes with adopting Agile best practices is going to impact other functions and change their expected workflows, ensure they are well prepared and the benefits for said changes are clearly communicated to them.

    Necessary change may be identified proactively (dependency assessments, system integrity, SME indicates need, etc.) or reactively (through retrospectives, discussions, completing root-cause analyses, etc.), but both types need to be handled the same way – through proper planning and communication with the affected parties.

    Plan any necessary change

    Understand the points where other groups will be affected by the adoption of Agile practices and recognize the potential challenges they may face. Plan changes to accommodate interactions between these groups without roadblocks or impediments.

    Communicate the change

    Structure a communication plan based on your identified challenges and proposed changes so that groups are well prepared to make the necessary adjustments to accommodate Agile workflows.

    Review and modify your metrics and baselines to ensure they are achievable in changing environments

    Consider the possible limitations that will exist from environmental complexities when measuring your Agile teams. Dependencies and legacy policies and procedures that pose a bottleneck to desired outcomes will need to be changed before teams can be measured justifiably. Take the time to ensure the metrics you crafted earlier are plausible in your current environment and there is not a need for transitional metrics.

    Are your metrics achievable?

    Specific

    Measureable

    Achievable

    • Adopting Agile is a journey, not just a destination. Ensure that the metrics a team is measured against reflect expectations for the team’s current level of Agile adoption and consider external dependencies that may limit their ability to achieve intended results.

    Realistic

    Time-bound

    Info-Tech Insight

    Use metrics as diagnostics, not as motivation. Teams will find ways to meet metrics they are measured by making sacrifices and taking unneeded risk to do so. To avoid dysfunction in your monitoring, use metrics as analytical tools to inform decision making, not as a yardstick for judgement.

    Activity: Review your metrics program

    3.2.4 Variable time commitment

    Input

    • Identified gaps
    • Agile team interaction points

    Output

    • ACE baselines
    • Past measurements

    Materials

    • ACE Benefits Tracking Tool

    Participants

    • ACE
    1. Now that you have identified gaps in your current state, see if those will have any impact on the achievability of your current metrics program.
    2. Review your root-cause analyses and brainstormed solutions, and hypothesize whether or not they will have any downstream impact to goal attainment. It is possible that there is no impact, but as cross-functional collaboration increases, the likelihood that groups will act as bottlenecks or impediments to expected performance will increase.
    3. Consider how any changes will impact the interaction points between teams based on the results from activity 3.2.1: Assess the interaction and communication points of your Agile teams. If there are too many negative impacts it may be a sign to re-consider the hypothesized solution to the problem and consider alternatives.
    4. In any cases where a metric has been altered, adjust its goal measurement to reflect its changes in the ACE Benefits Tracking Tool.

    Case study: Agile change at the GSA

    CASE STUDY

    Industry Government

    Source Navin Vembar, Agile Government Leadership

    Challenge

    The GSA is tasked with completed management of the Integrated Award Environment (IAE).

    • The IAE manages ten federal information technology systems that enable registering, searching, and applying for federal awards, as well as tracking them.
    • The IAE also manages the Federal Service Desk.

    The IAE staff had to find a way to break down the problem of modernization into manageable chunks that would demonstrate progress, but also had to be sure to capture a wide variety of user needs with the ability to respond to those needs throughout development.

    Had to work out the logistics of executing Agile change within the GSA, an agency that relies heavily on telework. In the case of modernization, they had a product owner in Florida while the development team was spread across the metro Washington, DC area.

    Solution

    Agile provided the ability to build incremental successes that allowed teams successful releases and built enthusiasm around the potential of adopting Agile practices offered.

    • GSA put in place an organization framework that allowed for planning of change at the portfolio level to enable the change necessary to allow for teams to execute tasks at the project level.
    • A four-year plan with incremental integration points allowed for larger changes on a quarterly basis while maintaining a bi-weekly sprint cycle.
    • They adopted IBM’s RTC tool for a Scrum board and on Adobe Connect for daily Scrum sessions to ensure transparency and effectiveness of outcomes across their collocated teams.

    Create a clear, concise communication plan

    Communication is key to avoid surprises and lost productivity created by the implementation of changes.

    User groups and the business need to be given sufficient notice of an impending change. Be concise, be comprehensive, and ensure that the message is reaching the right audience so that no one is blindsided and unable to deliver what is needed. This will allow them to make appropriate plans to accept the change, minimizing the impact of the change on productivity.

    Key Aspects of a Communication Plan

    • The method of communication (email, meetings, workshops, etc.).
    • The delivery strategy (who will deliver the message?).
    • The communication responsibility structure.
    • The communication frequency.
    • A feedback mechanism that allows you to review the effectiveness of your plan.
    • The message that you need to present.

    Communicating change

    • What is the change?
    • Why are we doing it?
    • How are we going to go about it?
    • What are we trying to achieve?
    • How often will we be updated?

    (Cornelius & Associates, The Qualities of Leadership: Leading Change)

    Apply the following principles to enhance the clarity of your message

    1. Be Consistent
    • "This is important because..."
      • The core message must be consistent regardless of audience, channel, or medium.
      • Test your communication and obtain feedback before delivering your message.
      • A lack of consistency can be perceived as deception.
  • Be Clear
    • "This means..."
      • Say what you mean and mean what you say.
      • Choice of language is important.
      • Don’t use jargon.
  • Be Relevant
    • "This affects you because..."
      • Talk about what matters to the audience.
      • Talk about what matters to the change initiative.
      • Tailor the details of the message to each audience’s specific concerns.
      • Communicate truthfully; do not make false promises or hide bad news.
  • Be Concise
    • "In summary..."
      • Keep communication short and to the point so key messages are not lost in the noise.
  • Activity: Create a communication plan for change

    3.2.5 1.5 Hours

    Input

    • Desired messages
    • Stakeholder list

    Output

    • Communication plan

    Materials

    • Whiteboard
    • Markers

    Participants

    • CoE
    1. Define the audience(s) for your communications. Consider who needs to be the audience of your different communication events and how it will impact them.
    2. Identify who the messenger will be to deliver the message.
    3. Identify your communication methods. Decide on the methods you will use to deliver each communication event. Your delivery method may vary depending on the audience it is targeting.
    4. Establish a timeline for communication releases. Set dates for your communication events. This can be recurring (weekly, monthly, etc.) or one-time events.
    5. Determine what the content of the message must include. Use the guidelines on the following slide to ensure the message is concise and impactful.

    Note: It is important to establish a feedback mechanism to ensure that the communication has been effective in communicating the change to the intended audiences. This can be incorporated into your ACE satisfaction surveys.

    Audience Messenger Format Timing Message
    Operations Development team Email
    • Monthly (major release)
    • Ad hoc (minor release and fixes)
    Build ready for release
    Key stakeholders CIO Meeting
    • Monthly unless dictated otherwise
    Updates on outcomes from past two sprint cycles

    Phase 3, Step 3: Conduct ongoing retrospectives of your ACE

    Phase 1

    1.1 Determine the vision of your ACE

    1.2 Define the service offerings of your ACE

    Phase 2

    2.1 Define an adoption plan for your Agile teams

    2.2 Create an ACE engagement plan

    2.3 Define metrics to measure success

    Phase 3

    3.1 Optimize the success of your ACE

    3.2 Plan change to enhance your Agile initiatives

    3.3 Conduct ongoing retrospectives of your ACE

    Activities/Tools:

    3.3.1 Use the outputs from your metrics tracking tool to communicate progress.

    3.3.2 Summarize adjustments in areas where the ACE fell short.

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline.

    3.3.4 Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.5 Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders.

    Outcomes:

    • Conduct a retrospective of your ACE to enable the continuous improvement of your Agile program.
    • Structure a communications deck to communicate with stakeholders the outcomes from introducing the ACE to the organization.

    Reflect on your ACEs performance to lead the way to enterprise agility

    After functioning for a period of time, it is imperative to review the function of your ACE to ensure its continual alignment and see in what ways it can improve.

    At the end of the year, take the time to deliberately review and discuss:

    1. The effectiveness and use of your ACEs service offerings.
    2. What went well or wrong during the ACEs operation.
    3. What can be done differently to improve reach, usability, and effectiveness.
    4. Bring together Agile teams and discuss the processes they follow and inquire about suggestions for improvement.

    What is involved?

    • Use your metrics program to diagnose areas of issue and success. The diagnostic value of your metrics can help lead conversations with your Agile teams when attempting to inquire about suggestions for improvement.
    • Leverage your satisfaction surveys from the creation of your ACE and compare them against satisfaction surveys run after a year of operation. What are the lessons learned between then and now?
    • While it is primarily conducted by the ACE team, keep in mind it is a collaborative function and should involve all members, including Agile teams, product owners, Scrum masters, etc.

    Communicating with your key influencers is vital to ensure long-term operation of the ACE

    To ensure the long-term viability of your ACE and that your key influencers will continue funding, you need to demonstrate the ROI the Center of Excellence has provided.

    The overlying purpose of your ACE is to effectively align your Agile teams with corporate objectives. This means that there have to be communicable benefits that point to the effort and resources invested being valuable to the organization. Re-visit your prioritized stakeholder list and get ready to show them the impact the ACE has had on business outcomes.

    Communication with stakeholders is the primary method of building and developing a lasting relationship. Correct messaging can build bridges and tear down barriers, as well as soften opposition and bolster support.

    This section will help you to prepare an effective communication piece that summarizes the metrics stakeholders are interested in, as well as some success stories or benefits that are not communicable through metrics to provide extra context to ongoing successes of the ACE.

    INFO-TECH RELATED RESEARCH:

    Strategy and Leadership: Manage Stakeholder Relations

    Optimize your stakeholder management process to identify, prioritize, and effectively manage key stakeholders.

    Involve key stakeholders in your retrospectives to justify the funding for your ACE

    Those who fund the ACE have a large influence on the long-term success of your ACE. If you have not yet involved your stakeholders, you need to re-visit your organizational funding model for the ACE and ensure that your key stakeholders include the key decision makers for your funding. While they may have varying levels of interest and desires for granularity of data reporting, they need to at least be informed on a high level and kept as champions of the ACE so that there are no roadblocks to the long-term viability of this program.

    Keep this in mind as the ACE begins to demonstrate success, as it is not uncommon to have additional members added to your funding model as your service scales, especially in the chargeback models.

    As new key influencers are included, the ACEs governing group must ensure that collective interests may align and that more priorities don’t lead to derailment.

    The image shows a matrix. The matrix is labelled with Involvement at the bottom, and Power on the left side, and has the upper left quadrant labelled Keep Satisfied, the upper right quadrant labelled Key players, the lower right quadrant labelled Keep informed, and the lower left quadrant labelled Minimal effort. In the matric, there are several roles shown, with roles such as CFO, Apps Director, Funding Group, and CIO highlighted in the Key players section.

    Use the outputs from your metrics tracking tool to communicate progress

    3.3.1 1 Hour

    Use the ACE Benefits Tracking Tool to track the progress of your Agile environment to monitor whether or not the ACE is having a positive impact on the business’ ability to meet its objectives. The outputs will allow you to communicate incremental benefits that have been realized and point towards positive trends that will ensure the long-term buy-in of your key influencers.

    For communication purposes, use this tool to:

    • Re-visit who the impacted or interested stakeholders are so you can tailor your communications to be as impactful as possible for each key influencer of the ACE.

    The image shows a screen capture of the Agile CoE Metrics Tracking sheet.

    • Collate the benefits of the current projects undertaken by the Center of Excellence to give an overall recap of the ACEs impact.

    The image is a screen capture of the Summary Report sheet.

    Communicate where the ACE fell short

    Part of communicating the effectiveness of your ACE is to demonstrate that it is able to remedy projects and processes when they fall short of expectations and brainstorm solutions that effectively address these challenges. Take the opportunity to summarize where results were not as expected, and the ways in which the ACE used its influence or services to drive a positive outcome from a problem diagnosis. Stakeholders do not want a sugar-coated story – they want to see tangible results based on real scenarios.

    Summarizing failures will demonstrate to key influencers that:

    • You are not cherry-picking positive metrics to report and that the ACE faced challenges that it was able to overcome to drive positive business outcomes.
    • You are being transparent with the successes and challenges faced by the ACE, fostering increased trust within your stakeholders regarding the capabilities of Agile.
    • Resolution mechanisms are working as intended, successfully building failure tolerance and trust in change management policies and procedures.

    Activity: Summarize adjustments in areas where the ACE fell short

    3.3.2 15 Minutes per metric

    Input

    • Diagnosed problems from tracking tool
    • Root-cause analyses

    Output

    • Summary of change management successes

    Materials

    • Whiteboard
    • Markers

    Participants

    • ACE
    1. Create a list of items from the ACE Benefits Tracking Tool that fell short of expectations or set goals.
    2. For each point, create a brief synopsis of the root-cause analysis completed and summarize the brainstormed solution and its success in remedying the issue. If this process is not complete, create a to-date summary of any progress.
    3. Choose two to three pointed success stories from this list that will communicate broad success to your set of stakeholders.
    Name of metric that fell short
    Baseline measurement 65% of users satisfied with ACE services.
    Goal measurement 80% of users satisfied with ACE services.
    Actual measurement 70% of users satisfied with ACE services.
    Results of root-cause analysis Onboarding was not extensive enough; teams were unaware of some of the services offered, rendering them unsatisfied.
    Proposed solution Revamp onboarding process to include capability map of service offered.
    Summary of success TBD

    Re-conduct surveys with the ACE Satisfaction Survey to review the effectiveness of your service offerings

    3.3.3 Re-conduct satisfaction surveys and compare against your baseline

    Purpose

    This satisfaction survey will give you a template to follow to monitor the effectiveness of your ACEs defined service offerings. The goal is to understand what worked, and what did not, so you can add, retract, or modify service offerings where necessary.

    Steps

    1. Re-use the satisfaction survey to measure the effectiveness of the service offerings. Add questions regarding specific service offerings where necessary.
    2. Cross-analyze your satisfaction survey with metrics tied to your service offerings to help understand the root cause of the issues.
    3. Use the root-cause analysis exercises from step 3.2 to find the root causes of issues.
    4. Create a set of recommendations to add, amend, or improve any existing service offerings.

    INFO-TECH DELIVERABLE

    Download the ACE Satisfaction Survey.

    Use Info-Tech’s CoE Maturity Diagnostic Tool to baseline current practices

    3.3.4 ACE Maturity Assessment

    Purpose

    Assess your ACEs maturity by using Info-Tech’s CoE Maturity Diagnostic Tool. Assessing your ACEs maturity lets you know where you currently are, and where to look for improvements. Note that your optimal Maturity Level will depend on organizational specifics (e.g. a small organization with a handful of Agile Teams can be less mature than a large organization with hundreds of Agile Teams).

    Steps

    1. Download the CoE Maturity Diagnostic Tool to assess the maturity of your ACE.
    2. Complete the assessment tool with all members of your ACE team to determine your current Maturity score.
    3. Document the results in the ACE Communications Deck.

    Document results in the ACE Communications Deck.

    INFO-TECH DELIVERABLE

    Download the CoE Maturity Diagnostic Tool.

    Use Info-Tech’s ACE Communications Deck to deliver your outcomes to the key stakeholders

    3.3.5 Structure communications to each of your key stakeholders

    Purpose

    The ACE Communications Deck will give you a template to follow to effectively communicate with your stakeholders and ensure the long-term viability of your Agile Center of Excellence. Fill in the slides as instructed and provide each stakeholder with a targeted view of the successes of the ACE.

    Steps

    1. Determine who your target audience is for the Communications Deck – you may desire to create one for each of your key stakeholders as they may have different sets of interests.
    2. Fill out the ACE Communications Deck with the suggested inputs from the exercises you have completed during this research set.
    3. Review communications with members of the ACE to ensure that there are no communicable benefits that have been missed or omitted in the deck.

    INFO-TECH DELIVERABLE

    Download the ACE Communications Deck.

    Summary of accomplishment

    Knowledge Gained

    • An understanding of social capital as the key driver for organizational Agile success, and how it optimizes the value delivery of your Agile teams.
    • Importance of flexible governance to balance the benefits of localized adaptation and centralized control.
    • Alignment of service offerings with both business objectives and functional expectations as critical to ensuring long-term engagement with service offerings.

    Processes Optimized

    • Knowledge management and transfer of Agile best practices to new or existing Agile teams.
    • Optimization of service offerings for Agile teams based on organizational culture and objectives.
    • Change request optimization via interfacing ACE functions with existing change management processes.
    • Communication planning to ensure transparency during cross-functional collaboration.

    Deliverables Completed

    • A set of service offerings offered by the Center of Excellence that are aligned with the business, Agile teams, and related stakeholders.
    • Engagement plans for Agile team members based on a standardized adoption model to access the ACEs service offerings.
    • A suite of Agile metrics to measure effectiveness of Agile teams, the ACE itself, and its ability to deliver positive outcomes.
    • A communications plan to help create cross-functional transparency over pending changes as Agile spreads.
    • A communications deck to communicate Agile goals, actions, and outcomes to key stakeholders to ensure long-term viability of the CoE.

    Research contributors and experts

    Paul Blaney, Technology Delivery Executive, Thought Leader and passionate Agile Advocate

    Paul has been an Agile practitioner since the manifesto emerged some 20 years ago, applying and refining his views through real life experience at several organizations from startups to large enterprises. He has recently completed the successful build out of the inaugural Agile Delivery Centre of Excellence at TD bank in Toronto.

    John Munro, President Scrum Masters Inc.

    John Munro is the President of Scrum Masters Inc., a software optimization professional services firm using Agile, Scrum, and Lean to help North American firms “up skill” their software delivery people and processes. Scrum Masters’ unique, highly collaborative “Master Mind” consulting model leverages Agile/Lean experts on a biweekly basis to solve clients’ technical and process challenges.

    Doug Birgfeld, Senior Partner Agile Wave

    Doug has been a leader in building great teams, Agile project management, and business process innovation for over 20 years. As Senior Partner and Chief Evangelist at Agile Wave, his mission is to educate and to learn from all those who care about effective government delivery, nationally.

    Related Info-Tech research

    Implement Agile Practices That Work

    Agile is a cultural shift. Don't just do Agile, be Agile.

    Enable Organization-Wide Collaboration by Scaling Agile

    Execute a disciplined approach to rolling out Agile methods in the organization.

    Improve Application Development Throughput

    Drive down your delivery time by eliminating development inefficiencies and bottlenecks while maintaining high quality.

    Implement DevOps Practices That Work

    Accelerate software deployment through Dev and Ops collaboration.

    Related Info-Tech research (continued)

    Maximize the Benefits from Enterprise Applications with a Center of Excellence

    Optimize your organization’s enterprise application capabilities with a refined and scalable methodology.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Be proactive; it costs exponentially more to fix a problem the longer it goes unnoticed.

    Optimize the Change Management Process

    Right-size your change management process.

    Improve Requirements Gathering

    Back to basics: great products are built on great requirements.

    Bibliography

    Ambler, Scott. “Agile Requirements Change Management.” Agile Modeling. Scott Amber + Associates, 2014. Web. 12 Apr. 2016.

    Ambler, Scott. “Center of Excellence (CoEs).” Disciplined Agile 2.0: A Process Decision Framework for Enterprise I.T. Scott Amber + Associates. Web. 01 Apr. 2016.

    Ambler, Scott. “Transforming From Traditional to Disciplined Agile Delivery.” Case Study: Disciplined Agile Delivery Adoption. Scott Amber + Associates, 2013. Web.

    Beers, Rick. “IT – Business Alignment Why We Stumble and the Path Forward.” Oracle Corporation, July 2013. Web.

    Cornelius & Associates. “The Qualities of Leadership: Leading Change.” Cornelius & Associates, n.d. Web.

    Craig, William et al. “Generalized Criteria and Evaluation Method for Center of Excellence: A Preliminary Report.” Carnegie Mellon University Research Showcase @ CMU – Software Engineering Institute. Dec. 2009. Web. 20 Apr. 2016.

    Forsgren, Dr. Nicole et al (2019), Accelerate: State of DevOps 2019, Google, https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

    Gerardi, Bart (2017), Agile Centers of Excellence, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/405819/Agile-Centers-of-Excellence

    Gerardi, Bart (2017), Champions of Agile Adoption, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/418151/Champions-of-Agile-Adoption

    Gerardi, Bart (2017), The Roles of an Agile COE, PMI Projectmanagement.com, https://www.projectmanagement.com/articles/413346/The-Roles-of-an-Agile-COE

    Hohl, P. et al. “Back to the future: origins and directions of the ‘Agile Manifesto’ – views of the originators.” Journal of Software Engineering Research and Development, vol. 6, no. 15, 2018. https://link.springer.com/article/10.1186/s40411-0...

    Kaltenecker, Sigi and Hundermark, Peter. “What Are Self-Organising Teams?” InfoQ. 18 July 2014. Web. 14 Apr. 2016.

    Kniberg, Henrik and Anderson Ivarsson. “Scaling Agile @ Spotify with Tribes, Squads, Chapters & Guilds.” Oct. 2012. Web. 30 Apr. 2016.

    Kumar, Alok et al. “Enterprise Agile Adoption: Challenges and Considerations.” Scrum Alliance. 30 Oct. 2014. Web. 30 May 2016.

    Levison, Mark. “Questioning Servant Leadership.” InfoQ, 4 Sept. 2008. Web. https://www.infoq.com/news/2008/09/servant_leadership/

    Linders, Ben. “Don't Copy the Spotify Model.” InfoQ.com. 6 Oct. 2016.

    Loxton, Matthew (June 1, 2011), CoP vs CoE – What’s the difference, and Why Should You Care?, Wordpress.com

    McDowell, Robert, and Bill Simon. In Search of Business Value: Ensuring a Return on Your Technology Investment. SelectBooks, 2010

    Novak, Cathy. “Case Study: Agile Government and the State of Maine.” Agile Government Leadership, n.d. Web.

    Pal, Nirmal and Daniel Pantaleo. “Services are the Language and Building Blocks of an Agile Enterprise.” The Agile Enterprise: Reinventing your Organization for Success in an On-Demand World. 6 Dec. 2015. Springer Science & Business Media.

    Rigby, Darrell K. et al (2018), Agile at Scale, Harvard Business Review, https://hbr.org/2018/05/agile-at-scale

    Scaledagileframework.com, Create a Lean-Agile Center of Excellence, Scaled Agile, Inc, https://www.scaledagileframework.com/lace/

    Shepley, Joe. “8 reasons COEs fail (Part 2).” Agile Ramblings, 22 Feb. 2010. https://joeshepley.com/2010/02/22/8-reasons-coes-fail-part-2/

    Stafford, Jan. “How upper management misconceptions foster Agile failures.” TechTarget. Web. 07 Mar. 2016.

    Taulli, Tom (2020), RPA Center Of Excellence (CoE): What You Need To Know For Success, Forbes.com, https://www.forbes.com/sites/tomtaulli/2020/01/25/rpa-center-of-excellence-coe-what-you-need-to-know-for-success/#24364620287a

    Telang, Mukta. “The CMMI Agile Adoption Model.” ScrumAlliance. 29 May 2015. Web. 15 Apr. 2016.

    VersionOne. “13th Annual State of Agile Report.” VersionOne. 2019. Web.

    Vembar, Navin. “Case Study: Agile Government and the General Services Administration (Integrated Award Environment).” Agile Government Leadership, n.d. Web.

    Wenger, E., R. A. McDermott, et al. (2002), Cultivating communities of practice: A guide to managing knowledge, Harvard Business Press.

    Wenger, E., White, N., Smith, J.D. Digital Habitats; Stewarding Technology for Communities. Cpsquare (2009).

    Formalize Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}101|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Your organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise. Digital investments have been made in the past but failed to yield or demonstrate business value. Given the pace of change, the current digital strategy is outdated, and new digital opportunities need to be identified to inform the technology innovation roadmap.

    Our Advice

    Critical Insight

    Turn your digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Impact and Result

    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map a customer journey to identify opportunities to transform stakeholder experiences.

    Formalize Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Formalize Your Digital Business Strategy – a document that walks you through a series of activities to help brainstorm and ideate on possible new digital opportunities as an input into building your business case for a new IT innovation roadmap.

    Knowing which digital opportunities create the greatest business value requires a structured approach to ideate, prioritize, and understand the value they create for the business to help inform the creation of your business case for investment approval.

    • Formalize Your Digital Strategy Storyboard

    Infographic

    Further reading

    Formalize Your Digital Business Strategy

    Stay relevant in an evolving digital economy

    Executive Summary

    Your Challenge

    Common Obstacles

    Solution

    • Since 2020, the environment has been volatile, leading many CIOs to rethink their priorities and strategies.
    • The organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise.
    • Digital investments have been made but fail to demonstrate the business value.
    • The current digital strategy was developed in isolation and failed to garner consensus on a common understanding of the digital vision from across the business.
    • CIOs struggle to understand what existing capabilities need to transform or what new digital capabilities are needed to support the digital ambitions.
    • The existing Digital Strategy is synonymous with the IT Strategy.
    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map the customer journey to identify opportunities to transform the stakeholder experience.

    Info-Tech Insight

    Turn your existing digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Info-Tech’s Digital Transformation Journey

    Your journey: An IT roadmap for your Digital Business Strategy

    The image contains a screenshot of Info-Tech's Digital Transformation Journey.

    By now, you understand your current business context and capabilities

    The image contains a screenshot of the IT roadmap for your Digital Business Strategy.

    By this point you have leveraged industry roundtables to better understand the art of the possible, exploring global trends, shifts in market forces, customer needs, emerging technologies, and economic forecasts to establish your business objectives and innovation goals.

    Now you need to formalize digital business strategy.

    Phase 1: Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Phase 2: Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Phase 3: Zero-In on Business Objectives

    The image contains a screenshot of phase 3 Zero-in on business objectives.

    Business and innovation goals are established through stakeholder interviews and a heatmap of your current capabilities for transformation.

    Since 2020, market dynamics have forced organizations to reassess their strategies

    The unprecedented pace of global disruptions has become both a curse and a silver lining for many CIOs. The ability to maximize the value of digital will be vital to remain relevant in the new digital economy.

    The image contains a screenshot of an image that demonstrates how market dynamics force organizations to reassess their strategies.

    Formalize your digital strategy to address industry trends and market dynamics

    The goal of this phase is to ensure the scope of the current digital strategy reflects the right opportunities to allocate capital to resources, assets, and capabilities to drive strategic growth and operational efficiency.

    There are three key activities outlined in this deck that that can be undertaken by industry members to help evolve their current digital business strategy.

    1. Identify New Digitally Enabled Growth Opportunities
      • Host an ideation session to identify new leapfrog ideas
      • Discuss assumptions, value drivers, and risks
      • Translate ideas into opportunities and consolidate
    2. Evaluate New Digital Opportunities and Business Capabilities
      • Build an opportunity profile
      • Identify business capabilities for transformation
    3. Transform Stakeholder Journeys
      • Understand the impact of opportunities on value-chains
      • Identify stakeholder personas
      • Build a stakeholder journey map
      • Compile your new list of digital opportunities
    The image contains a screenshot of Formalize your digital business strategy.

    Info-Tech’s approach

    1. Identify New Digital Opportunities
      • Conduct an ideation session
      • Identify leapfrog ideas from trends
      • Evaluate each leapfrog idea to define opportunity
    2. Evaluate Opportunities and Business Capabilities
      • Build Opportunity Profile
      • Understand the impact of opportunities on business capabilities
    3. Transform Stakeholder Journeys
      • Analyze value chains
      • Map your Stakeholder Journey
      • Breakdown opportunities into initiatives

    Overview of Key Activities

    Formalize your digital business strategy

    Methodology

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Phase 1: New Digital Opportunities

    Phase 2: Evaluate Opportunities and Business Capabilities

    Phase 3: Transform Stakeholder Journeys

    Content Leveraged

    • Digital Business Strategy blueprint
    • Client’s Business Architecture
    1. Hold an ideation session with business executives.
      • Review relevant reports on industry trends, market shifts, and emerging technologies.
      • Establish guiding principles for digital transformation.
      • Leverage a trend-analysis approach to determine the most impactful and relevant trends.
      • From tends, elicit leapfrog ideas for growth opportunities.
      • For each idea, engage in discussion on assumptions, value drivers, benefits, and risks.
    1. Create opportunity profiles.
      • Evaluate each opportunity to determine if it is important to turn into initiatives
    2. Evaluate the impact of opportunities on your business capabilities.
      • Leverage a value-chain analysis to assess the impact of the opportunity across value chains in order to understand the impact across your business capabilities.
    1. Map stakeholder journey:
      • Identify stakeholder personas
      • Identify one journey scenario
      • Map stakeholder journey
      • Consolidate opportunities
    2. Breakdown opportunities into actional initiatives
      • Brainstorm priority initiatives against opportunities.

    Deliverable:

    Client’s Digital Business Strategy

    Phase 1: Deliverable

    1. Compiled list of leapfrog ideas for new growth opportunities

    Phase 2: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Phase 3: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Glossary of Terms

    LEAPFROG IDEAS

    The concept was originally developed in the area of industrial organizations and economic growth. Leapfrogging is the notion that organizations can identify opportunities to skip one or several stages ahead of their competitors.

    DIGITAL OPPORTUNITIES

    Opening of new possibilities to transform or change your business model and create operational efficiencies and customer experiences through the adoption of digital platforms, solutions, and capabilities.

    INITIATIVES

    Breakdown of opportunities into actionable initiatives that creates value for organizations through new or changes to business models, operational efficiencies, and customer experiences.

    1. LEAPFROG IDEAS:
      • Precision medicine
    2. DIGITAL OPPORTUNITY:
      • Machine Learning to sniff out pre-cancer cells
    3. INITIATIVES:
      1. Define genomic analytics capabilities and recruit
      2. Data quality and cleansing review
      3. Implement Machine Learning SW

    Identify Digitally Enabled Opportunities

    Host an ideation session to turn trends into growth opportunities with new leapfrog ideas.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 1

    Host an Ideation Session to Identify New Digital Opportunities

    1.1

    IDENTIFY AND ASSEMBLE YOUR KEY STAKEHOLDERS

    Build support and eliminate blind spots

    It is important to make sure the right stakeholders participate in this working group. Designing a digital strategy will require debate, insights, and business decisions from a broad perspective across the enterprise. The focus is on the value to be generated from digital.

    Consider:

    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?

    Avoid:

    • Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
    • Don’t ignore subject matter experts on either the business or IT side. You will need to consider both.
    1.2

    ESTABLISH GUIDING PRINCIPLES

    Define the guardrails to focus your ideas

    All ideas are great until you need one that works. Establish guiding principles that will help you establish the perimeters for turning big ideas into opportunities.

    Consider:

    • Focus on the breadth and alignment to support business objectives
    • This should help narrow conceptual ideas into actionable initiatives

    Avoid:

    • Don’t recreate the corporate guiding principles
    • Focus on what will help define strategic growth opportunities and operational efficiencies
    1.3

    LEVERAGE STRATEGIC FORESIGHT TO IDENTIFY LEAPFROG IDEAS

    Create space to elicit “big ideas”

    Leverage industry roundtables and trend reports imagining how digital solutions can help drive strategic growth and operational efficiency. Brainstorm new opportunities and discuss their viability to create value and better experiences for your stakeholders.

    Consider:

    • Accelerate this exercise by leveraging stakeholder insights from:
      • Your corporate strategy and financial plan
      • Outputs from stakeholder interviews
      • Market research

    Avoid:

    • Don’t simply go with the existing documented strategic objectives for the business. Ensure they are up to date and interview the decision makers to validate their perspectives if needed.

    Host an Ideation Session

    Identify digitally enabled opportunities

    Industry Roundtables and Trend Reports

    Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Business Documents

    The image contains a screenshot of Business Documents.

    Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Activity: 2-4 hours

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Hold a visioning session with key business executives (e.g., CIO, CEO, CFO, CCO, and COO) and others as needed. Here is a proposed agenda of activities for the ideation session:

    1. Leverage current trend reports and relevant emerging trend reports, market analysis, and customer research to envision future possibilities.
    2. Establish guiding principles for defining your digital strategy and scope.
    3. Leverage insights from trend reports and market analysis to generate leapfrog ideas that can be turned into opportunities.
    4. For each leapfrog idea, engage in a discussion on assumptions, value drivers, benefits, and risks.

    Content Leveraged

    • Digital Trends Report
    • Industry roundtables and trend reports
    • Digital Maturity Assessment
    • Digital Business Strategy v1.0

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    1.1 Executive Stakeholder Engagement

    Assemble Executive Stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role

    2. Identify Stakeholders

    3. Diverse Perspective

    The digital strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    Identify key decision-makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    Don’t be afraid to include contrarians or naysayers. They will help reduce any blind spots but can also become the greatest allies through participation.

    1.2 Guiding Principles

    Set the Guiding Principles

    Guiding principles help define the parameters of your digital strategy. They act as priori decisions that establish the guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgets that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Consider these three components when brainstorming

    Breadth

    Digital strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover a 3600 view across the entire organization.

    Planning Horizon

    Timing should anchor stakeholders to look to the long-term with an eye on the foreseeable future i.e., business value realization in one, two, and three years.

    Depth

    Needs to encompass more than the enterprise view of lofty opportunities but establish boundaries to help define actionable initiatives (i.e., individual projects).

    1.2 Guiding Principles

    Examples of Guiding Principles

    IT Principle NameIT Principle Statement
    1.Enterprise value focusWe aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2.Fit for purposeWe maintain capability levels and create solutions that are fit for purpose without over engineering them.
    3.SimplicityWe choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4.Reuse > buy > buildWe maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
    5.Managed dataWe handle data creation and modification and use it enterprise-wide in compliance with our data governance policy.
    6.Controlled technical diversityWe control the variety of what technology platforms we use.
    7.Managed securityWe manage security enterprise-wide in compliance with our security governance policy.
    8.Compliance to laws and regulationsWe operate in compliance with all applicable laws and regulations.
    9.InnovationWe seek innovative ways to use technology for business advantage.
    10.Customer centricityWe deliver best experiences to our customers with our services and products.
    11.Digital by default We always put digital solutions at the core of our plans for all viable solutions across the organization.
    12.Customer-centricity by designWe design new products and services with the goal to drive greater engagement and experiences with our customers.

    1.3 Trend-Analysis

    Leverage strategic foresight to identify growth opportunities

    What is Strategic Foresight?

    In times of increasing uncertainty, rapid change, market volatility, and complexity, the development of strategies can be difficult. Strategic foresight offers a solution.
    Strategic foresight refers to an approach that uses a range of methodologies, such as scanning the horizon for emerging changes and signals, analyzing megatrends, and developing multiple scenarios to identify opportunities (source: OECD, 2022). However, it cannot predict the future and is distinct from:

    • Forecasting tools
    • Strategic planning
    • Scenario planning (only)
    • Predictive analyses of the future

    Why is Strategic Foresight useful?

    • Reduce uncertainties about the future
    • Better anticipate changes
    • Future-proof to stress test proposed strategies
    • Explore innovation to reveal new products, services, and approaches

    Explore Info-Tech’s Strategic Foresight Process Tool

    “When situations lack analogies to the past, it’s hard to envision the future.”

    - J. Peter Scoblic, HBR, 2020

    1.3 Trend-Analysis

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to get started.

    The image contains screenshots from Info-Tech blueprints.

    Images are from Info-Tech’s Rethinking Higher Education Report and 2023 Tech Trends Report

    1.3 Trend-Analysis

    Scan the Horizon

    Understand how the environment is evolving in your industry

    Scan the horizon to detect early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend on a global scale that could impact your addressable market

    Industry Trend

    An industry trend captures specific use cases of the macro trend in relation to your market and industry. Consider this in terms of shifts in your market dynamics i.e., competitors, size, transaction, international trade, supply/demand, etc.

    Driver(s)

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    1.3 Trend-Analysis

    Identify macro trends

    Macro trends capture a global shift that can change the market and the industry. Here are examples of macro-trends to consider when scanning the horizon for your own organization:

    Talent Availability

    Customer Expectations

    Emerging Technologies

    Regulatory System

    Supply Chain Continuity

    Decentralized workforce

    Hybrid workforce

    Diverse workforce

    Skills gap

    Digital workforce

    Multigenerational workforce

    Personalization

    Digital experience

    Data ownership

    Transparency

    Accessibility

    On-demand

    Mobility

    AI & robotics

    Virtual world

    Ubiquitous connectivity

    Genomics (nano, bio, smart….)

    Big data

    Market control

    Economic shifts

    Digital regulation

    Consumer protection

    Global green

    Resource scarcity

    Sustainability

    Supply chain digitization

    Circular supply chains

    Agility

    Outsource

    1.3 Trend-Analysis

    Determine impact and relevance of trends

    Understand which trends create opportunities or risks for your organization.

    Key Concepts:

    Once an organization has uncovered a set of trends that are of potential importance, a judgment must be made on which of the trends should be prioritized to understand their impact on your market and ultimately, the implications for your business or organization. Consider the following criteria to help you prioritize your trends.

    Impact to Industry: The degree of impact the trend will have on your industry and market to create possibilities or risks for your business. Will this trend create opportunities for the business? Or does it pose a risk that we need to mitigate?

    Relevance to Organization. The relevance of the trend to your organization. Does the trend align with the mission, vision, and business objectives of your organization?

    Activity: 2-4hours

    In order to determine which trends will have an impact on your industry and are relevant to your organization, you need to use a gating approach to short-list those that may create opportunities to capitalize on while you need to manage the ones that pose risk.

    Impact

    What does this trend mean for my industry and market?

    • Degree – how broad or narrow is the impact
    • Likelihood – the reality of disrupting an industry or market
    • Timing – when do we expect disruption?

    Relevance

    What opportunity or risk does it pose to my business/organization?

    • Significance – depth and breadth across the enterprise
    • Duration – how long is the anticipated impact?

    1.3 Trend-Analysis

    Prioritize Trends for Exploration

    The image contains a screenshot of a table to demonstrate the trends.The image contains a graph that demonstrates the trends from the table on a graph to show how to prioritze them based on relevance and impact.

    Info-Tech Insight

    While the scorecard may produce a ranking based on weighted metrics, you need to leverage the group discussion to help contextualize and challenge assumptions when validating the priority. The room for debate is important to truly understand whether a trend is a fad or a fact that needs to be addressed.

    1.3 Trend-Analysis

    Discuss the driver(s) behind the trend

    Determining the root cause(s) of a trend is an important precursor to understanding the how, why, and to what extent a trend will impact your industry and market.

    Trend analysis can be a valuable approach to reduce uncertainties about the future and an opportunity to understand the underlying drivers (forces) that may be contributing to a shift in pattern. Understanding the drivers is important to help determine implication on your organization and potential opportunities.

    The image contains a screenshot of a driver diagram.

    1.3 Trend-Analysis

    Examples of driver(s)

    INDUSTRY

    Healthcare Exemplar

    Macro Trends

    (Transformative change)

    Industry Trend

    (A pattern of change…)

    Drivers

    (“Why”….)

    Accessibility

    Increase in wait times

    Aging population leading to global workforce shortage

    New models of care e.g., diversify scope of practice

    Address capacity issues

    Understanding the drivers is not about predicting the future. Don’t get stuck in “analysis paralysis.” The key objective is to determine what opportunities and risks the trend and its underlying driver pose to your business. This will help elicit leapfrog opportunities that can be funneled into actionable initiatives.

    Other examples…

    Dimensions

    Macro-Trends

    Industry Trend

    Driver

    Social

    Demographic shift

    Global shortage of healthcare workers

    Workforce age

    Customer expectations

    Patients as partners

    Customer demographics

    Technology

    AI and robotics

    Early detection of cancer

    Patient outcomes

    Ubiquitous connectivity

    Virtual health

    Capacity

    Economic

    Recession

    Cost-savings

    Sustainability

    Consumer spending

    Value-for-money

    Prioritization

    Environment

    Climate change

    Shift in manufacturers

    ESG compliant vendors

    Pandemic

    Supply chain disruption

    Local production

    Political

    Regulatory

    Consolidation of professional colleges

    Operational efficiency

    De-regulation

    New models of care

    New service (business) model

    1.3 Trend-Analysis

    Case Study

    Industry

    Healthcare

    Artificial Intelligence (AI) in Precision Medicine (Genomics)

    Precision Medicine has become very popular over the recent years fueled by research but also political and patient demands to focus more on better outcomes vs. profits. A cancer care center in Canada wanted to look at what was driving this popularity but more importantly, what this potentially meant to their current service delivery model and operations and what opportunities and risks they needed to address in the foreseeable future. They determined the following drivers:

    • Improve patient outcomes
    • Earlier detection of cancer
    • Better patient experience
    • Ability to compute vast amounts of data to reduce manual effort and errors
    • Accelerate from research to clinical trials to delivery

    The image contains a screenshot of AI in Genomics.

    1.3 Trend-Analysis

    INDUSTRY

    Healthcare Exemplar

    Category

    Macro-Trends

    Industry Trends

    (Use-Case)

    Drivers

    Impact to Industry

    Impact to Business

    Talent Availability

    Diverse workforce

    Aboriginal health

    Systemic inequities

    Brand and legal

    Policies in place

    Hybrid workforce

    Virtual care

    COVID-19 and infectious disease

    New models of care

    New digital talent

    Customer Expectation

    Personalization

    On-demand care

    Patient experience

    Patients as consumers

    New operating model

    Digital experience

    Patient portals

    Democratization of data

    Privacy and security

    Capacity

    Emerging Technologies

    Internet of Things (IoT)

    Smart glucometers

    Greater mobility

    System redesign

    Shift from hospital to home care

    Quantum computing

    Genomic sequencing

    Accelerate analysis

    Improve quality of data analysis

    Faster to clinical trial and delivery

    Regulatory System

    Consumer protection

    Protect access to sensitive patient data

    HIPPA legislation

    Restrict access to health record

    Electronic health records

    Global green

    Green certification for redev. projects

    Political optics

    Higher costs

    Contract management

    Supply Chain

    Supply chain disruptions

    Surgical strategic sourcing

    Preference cards

    Quality

    Organizational change management

    New pharma entrants

    Telco’s move into healthcare

    Demand/supply

    Funding model

    Resource competition

    Sample Output From Trend Analysis

    1.3 Elicit New Opportunities

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    “The best way to predict the future is to invent it.”

    – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors, who are unable to mobilize to respond to the opportunities.

    1.3 Elicit New Opportunities

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas for opportunities

    Brainstorm ways to generate leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.

    1.3 Elicit New Opportunities

    INDUSTRY: Healthcare

    SOURCE: Memorial Sloan Kettering Cancer Center

    Case Study

    Machine Learning Sensor to Sniff Out Cancer

    Challenge

    Solution

    Results

    Timely access to diagnostic services is a key indicator of a cancer patient’s prognosis i.e., outcome. Early detection of cancer means the difference between life and death for cancer patients.

    Typically, cancer biomarkers need to be present to detect cancer. Often the presence of these biomarkers is late in the disease state when the cancer cells have likely spread, resulting in suspicions of cancer only when the patient does not feel well or suspects something is wrong.

    Researchers in partnership with IBM Watson at Memorial Sloan Kettering Cancer Center (MSK) have created a tool that can sniff for and identify cancer in a blood sample using machine learning.

    Originally, MSK worked with IBM Watson to identify machine learning as an emerging technology that could drive early cancer detection without the use of cancer biomarkers. But they needed to find specific use cases. After a series of concept prototypes, they were able to use machine learning to detect patterns in blood cells vs. cancer biomarkers to detect cancer disease.

    Machine learning was an emerging trend that researchers at MSK felt held great promise. They needed to turn the trend into tangible opportunities by identifying some key use cases that could be prototyped.

    Computational tools in oncology have the ability to greatly reduce clinician labor, improve the consistency of variant classification, and help accelerate the analytics of vast amounts of clinical data that would be prone to errors and delays when done manually.

    From trends to leapfrog ideas

    Additional Examples in the Appendix

    Example of leapfrog ideas that can generate opportunities for consideration

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New stakeholder segment

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services and experiences

    Virtualize Registration

    Empower patients as consumers of healthcare partners

    Direct B2C to close gap between providers and patients by removing middle administrative overhead.

    24/7 On-Demand Patient Portal

    Leverage AI to develop chatbots and on-demand

    Phase 1: Deliverable

    Phase 1 Deliverable

    Example of output from phase 1 ideation session

    Business Objectives

    New Customers

    (Customer Experience)

    New Markets

    (Health Outcomes)

    New Business or

    Operating Models

    (Operational Excellence)

    New Service Offering

    (Value for Money)

    Description:

    Focus on improving experiences for patients and providers

    Improve quality and standards of care to continually drive better health outcomes

    Deliver care better, faster, and more efficiently

    Reduce cost per capital of delivery care and increase value for services

    Trends:

    • Global workforce shortage due to ageing demographics
    • Clinicians are burnt-out and unable to practice at the top of their profession
    • On-demand care/mobile/wearables
    • Virtual care
    • Faster access to quality service
    • Help navigating complex medical ecosystem from primary to acute to community
    • Standardize care across regions
    • New models of care to expand capacity
    • Improve medication errors
    • Opportunities to use genomics to design personalized medicine
    • Automate tasks
    • Leverage AI and robotics more effectively
    • Regulatory colleges consolidation mandate
    • Use data and analytics to forecast capacity and health outcomes
    • Upskill vs. virtualize workforce
    • Payment reform i.e., move to value-based care vs. fee-for-service
    • Consolidation of back-office functions like HR, supply chain, IT, etc. to reduce cost i.e., shared services model

    Digital Opportunities:

    1. Virtual health command center
    2. Self-scheduling patient portal
    3. Patient way-finder
    4. Smart glucometer for diabetes
    1. Machine learning for early detection of cancer
    2. Visualization tools for capacity planning and forecasting
    3. Contact tracing apps for public health
    1. Build advanced analytics capabilities with new skills and business intelligence tools
    2. Pharmacy robotics
    3. Automate registration
    1. Automate provider billing solution
    2. Payment gateways – supplier portal in the cloud

    Phase 2

    Evaluate Opportunities and Business Capabilities

    Build a better understanding of the opportunities and their impact on your business.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 2

    Evaluate Opportunities and Business Capabilities

    2.1

    CREATE OPPORTUNITY PROFILES

    Evaluate each opportunity

    Some opportunities will have an immediate and significant impact on your business. Some may have a significant impact but on a longer time scale or some may be unlikely to have a significant impact at all. Understanding these trends is an important context for your digital business strategy.

    Consider:

    • Does this opportunity conform with your guiding principles?
    • Can this opportunity feasibly deliver the anticipated benefits?
    • Is this opportunity desired by your stakeholders?

    Avoid:

    • Overly vague language. Opportunities need to be specific enough to evaluate what impact they will have.
    • Simply following what competitors are doing. Be ambitious and tailor your digital strategy to your organizational values, goals, and priorities.
    2.2

    UNDERSTAND THE IMPACT OF OPPORTUNITIES ON BUSINESS CAPABILITIES

    Understand the impact across your value chains

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities. You need to assess their impacts across value chains. Does the opportunity impact existing value chain(s) or create a new value chain?

    Consider:

    • How well does this opportunity align with your digital vision, mission, and goals?
    • What will be the overall impact of this opportunity?
    • How urgently must you act?

    Avoid:

    • Guessing. Validate assumptions and use clear, unbiased information to make decisions. Info-Tech has extensive resources to assist in evaluating trends, opportunities, and solutions.
    • Making everything a high priority. Most organizations can only prioritize one to two initiatives at a time.

    2.1 Build an opportunity profile

    Evaluate each opportunity

    Discussion Framework:

    In your discussion, evaluate each opportunity to assess assumptions, value drivers, and benefits.

    Ideas matter, but not all ideas are created equal. Now that you have elicited opportunities, discuss the assumptions, risks, and benefits associated with each new digital opportunity.

    Design Thinking

    Leverage the guiding principles as the guardrails to limit the scope of your new digital opportunities. You may want to consider taking a design-thinking approach to innovation by discussing the merits of each opportunity based on:

    • DesirabilityDesirability: People want it. Does the solution enable the organization to meet the expectations of stakeholders?
    • Feasibility
    • Feasibility: Able to Execute. Do we have the capabilities to deliver e.g., the right skills, partners, technology, and leadership?

    • Viability
    • Viability: Delivers Value. Will this idea meet business goals e.g., cost, revenue, and benefits?

    Source: Adapted from IDEO

    Transform the Business

    Must Prioritize

    Should Plan

    Drive Digital Experiences

    Build Digital Capabilities

    High Value/Low Complexity

    • stakeholders want it
    • easy to implement
    • capabilities exist to deliver
    • creates significant value
    • strategic growth = competitive advantage

    High Value/High Complexity

    • customers want it
    • not easy to implement without carefully planning
    • need to invest in developing capabilities
    • Competitive differentiator

    Low Value/Low Complexity

    • stakeholders don’t want it
    • easy to implement but takes resources away from priority
    • some capabilities exist
    • creates marginal value
    • minimal growth

    Low Value/High Complexity

    • stakeholders don’t want it
    • difficult to implement
    • need to invest in developing capabilities
    • no real strategic growth

    Could Have

    Don’t Need

    Transform Operations

    IMPACT

    COMPLEXITY

    Source: Adapted from MoSCoW prioritization model

    Exemplar: Opportunity Profile

    Example:

    An example of a template to capture the output of discussion.

    Automate the Registration Process Around Admission, Discharge, and Transfer (ADT)

    Description of Opportunity:

    ADT is a critical function of registration that triggers patient identification to support services and billing. Currently, ADT is a heavily manual process with a high degree of errors as a result of human intervention. There is an opportunity to leverage intelligent automation by using RPA and AI.

    Alignment With Business Objectives

    Improve patient outcome

    Drive operational efficiency and effectiveness

    Better experiences for patients

    Business Architecture

    This opportunity may impact the following business capabilities:

    • Referral evaluation
    • Admission, discharge, and transfer management
    • Scheduling management
    • Patient registry management
    • Provider registry management
    • Patient billing
    • Provider billing
    • Finance management
    • EHR/EMR integration management
    • Enterprise data warehouse for reporting
    • Provincial/state quality reporting

    Benefits & Outcomes

    • Reduce errors by manual registration
    • Improve turnaround time for registration
    • Create a consistent customer experience
    • Improve capacity
    • Virtualize low-value work

    Key Risks & Assumptions

    • Need to add skills & knowledge to maintain systems
    • Perception of job loss or change by unions
    • assume documentation of standard work for automation vs. non-standard

    Opportunity Owner

    VP, Health Information Management (HIM)

    Incremental Value

    Reduce errors in patient identity

    • Next Steps
    • Investigate use cases for RPA and AI in registration
    • Build business case for funding

    2.2 Business capabilities impact

    Understand the impact on your business capabilities

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities.

    You will need:

    Industry Reference Architecture.Industry Reference Architecture

    Activity: 1-2 hours

    1. Using your industry reference architecture, highlight the business capabilities that may be impacted by the opportunity. Use a value chain analysis approach to help with this exercise.
    2. Referring to your Prioritized Opportunities for Transformation, prioritize areas to transform. Priority should be given to low maturity areas that are highly or urgently relevant to your overall strategic goals.
    +
    Prioritized Opportunities for Transformation.Prioritized Opportunities for TransformationPrioritized Business Capability Map.

    2.2 Business capabilities impact

    Start with a value chain analysis

    This will help identify the impact on your business capabilities.

    As we identify and prioritize the opportunities available to us, we need to assess impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The image contains a screenshot of the value chain analysis.

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.

    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    Exemplar: Prioritized Business Capability Map

    The image contains a screenshot of the exemplar prioritized business capability map.

    In this example, intelligent automation for referral and admission would create opportunity to virtualize repeatable tasks.

    Phase 3

    ETransform Stakeholder Journeys

    Understand the impact of opportunities across the value chain and possibilities of new or better stakeholder experiences.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 3

    Identify opportunities to transform stakeholder experiences

    3.1 IDENTIFY STAKEHOLDER PERSONA

    Understand WHO gains value from the value chain

    To define a stakeholder scenario, you need to understand whom we are mapping for. Developing stakeholder personas is a great way to understand their needs through a lens of empathy.

    Consider:

    • Keep your stakeholder persona groupings to the core clusters typical of your industry.
    • See it from their perspective not the business’s.

    Avoid:

    • Don’t create a multitude of personas based on discrete nuances.
    3.2 BUILD A STAKEHOLDER JOURNEY

    Identify opportunities to transform the stakeholder experience

    A stakeholder or customer journey helps teams visualize the impact of a given opportunity through a value chain. This exercise uncovers the specific initiatives and features that should be considered in the evolution of the digital strategy.

    Consider:

    • Which stakeholders may be most affected by this opportunity?
    • How might stakeholders feel about a given solution as they move through the journey? What pain points can be solved?

    Avoid:

    • Simply listing steps in a process. Put yourself in the shoes of whoever’s journey you are mapping. What do they care about?
    • Choosing a stakeholder with limited involvement in the process.
    3.3 BREAKDOWN OPPORTUNITIES INTO INITIATIVES ALIGNED TO BUSINESS OBJECTIVES

    Unlock key initiatives to deliver value

    Opportunities need to be broken down into actionable initiatives that can be turned into business cases with clear goals, benefits realization, scope, work plans, and investment ask.

    Consider:

    • Multiple initiatives can be grouped into one opportunity that is similar or in phases.
    • Ensure the initiatives support and enable the business goals.

    Avoid:

    • Creating a laundry list of initiatives.
    • Initiatives that don’t align with business goals.

    Map Stakeholder Journey

    Conduct a journey mapping exercise to further refine and identify value streams to transform.

    Stakeholder Journey Mapping

    Digital Business Strategy Blueprint

    Activity: 4-6 hours

    Our analysts can guide and support you, where needed.

    1. First download the Define Your Digital Business Strategy blueprint to review the Stakeholder Journey Mapping exercise.
    2. Identify a stakeholder persona and a one-journey scenario.
    3. Map a stakeholder journey using a single persona across one-journey scenarios to identify pain points and opportunities to improve experiences and generate value.
    4. Consolidate a list of opportunities for business case prioritization.

    Key Concepts:

    Value Stream: a set of activities to create and capture value for and from the end consumer.

    Value Chain: a string of end-to-end processes that creates value for the consumer.

    Journey Scenario: a specific use case across a value chain (s).

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Stakeholder Persona.Stakeholder Persona

    1-Journey Use Case.1-Journey Use Case

    Map Stakeholder Journey 
Map Stakeholder Journey

    Content Leveraged

    • Stakeholder Persona
    • Journey Use Case
    • Map Stakeholder Journey

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    Download the Define Your Digital Business Strategy blueprint for Customer Journey Mapping Activities

    3.1 Persona identification

    Identify a stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    Learn more about applying design thinking methodologies

    3.1 Persona identification

    Identify a stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    3.1 Persona identification

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phases 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.

    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a registration clerk who is part of the Health Information Management team responsible for registering and adjudicating patient identity.

    The image contains a screenshot example of two existing value chains to be transformed.

    Identify one new value chain.

    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.

    The image contains a screenshot of one value chain.

    3.1 Persona identification

    Example Stakeholder Persona

    Stakeholder demographics

    Name: Anne

    Age: 35

    Occupation: HIM Clerk

    Location: Unity Hospital System

    Pains

    What are their frustrations, fears, and anxieties?

    • Volume of patients to schedule
    • Too many applications to access
    • Data quality is an error
    • Extensive manual entry of data prone to errors
    • Disruptions with calls from patients, doctors, and FOI requests

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Automate some non-valuable tasks that can also reduce human errors. Allow patients to self-schedule online or answer FAQs via a chatbox. Would love to have a virtual triage to alleviate volume of calls and redirects.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Reduce errors in data entry for patient identity (reduce manual look-ups).
    • Have standard requests go through a chatbot.
    • Have physicians automate billing through front-end speech recognition software.

    3.1 Persona identification

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.

    Leverage the following format to define the journey statement.

    “As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].”

    The image contains a screenshot of a journey statement for mapping.

    3.2 Stakeholder Journey-Map

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    The image contains a screenshot of an example of journey mapping.

    Embrace design-thinking methodologies to elevate the stakeholder journey and build a competitive advantage for your organization.

    3.2 Stakeholder Journey-Map

    Key Concepts

    0. Name: Annie Smith

    Age: 35

    Occupation: HIM Registration Clerk for Unity Hospital System

    Key Concepts.0.Stakeholder Persona

    A fictitious profile of a representative stakeholder group that shares a common yet discrete set of characteristics that embodies how they think, feel, and act.

    1. Journey (Value Chain)

    Describes the end-to-end steps or processes that a customer takes across the value chain that groups a set of activities, interactions, touch-points, and experiences.

    2. Persona’s Goals

    Exemplifies what the persona is thinking and wanting across each specific step of their journey.

    3. Nature of Activity (see detailed definition in this section)

    This section captures two key components: 1) the description of the action or interaction between the personas to achieve their goals, and 2) the classification of the activity to determine the feasibility for automation. The type is based on four main characteristics: 1) routine cognitive, 2) non-routine cognitive , 3) routine manual, and 4) non-routine manual.

    4. Type of Touch-Point

    The channel by which a persona interacts or touches products, services, the organization, or information.

    5. Key Moments & Pain Points

    Captures the emotional experience and value of the persona across each step and interaction.

    6. Metrics

    This section captures the KPIs used to measure the experience, process or activity today. Future KPIs will need to be developed to measure the opportunities.

    7. Opportunities refer to both the possible initiatives to address the persona’s pain points, and the ability to enable business goals.

    3.2 Stakeholder Journey-Map

    Opportunities for Automation: Nature of Activity

    Example
    We identified opportunities for automation

    Categorize the activity type to identify opportunities for automation. While there is no perfect framework for automation, this 4x4 matrix provides a general guide to identifying automation opportunities for consideration.

    Automation example list.Automation Quadrant Analysis

    Info-Tech Insight

    Automation is more than a 1:1 relationship between the defined task or job and automation. When considering automation, look for opportunities to: 1) streamline across multiple processes, 2) utilize artificial intelligence to augment or virtualize manual tasks, and 3) create more structured data to allow for improved data quality over the long-term.

    3.2 Stakeholder Journey-Map

    Example of stakeholder journey output: Healthcare

    Stakeholder: HIM Clerks

    Journey: Follow-up visit of 80-year-old diabetes patient at diabetic clinic outpatient

    Journey

    (Value Chain)

    AppointmentRegistrationIdentity ReconciliationEligibility VerificationTreatment Consult

    Persona’s Goals

    • Confirm appointment
    • Verify referral through provider registry
    • Request medical insurance or care card
    • Enroll patient into CIS
    • Patient registry validation
    • Secondary identification request
    • Verify eligibility through the patient registry
    • Schedule follow referrals & appointments
    • Coding for billing

    Nature of Activity

    Priority

    Priority

    Investigate – ROI

    Investigate – ROI

    Defer

    Type of Touchpoint

    • Telephone (land/mobile)
    • Email
    • CIS Application
    • Verbal
    • Patient registry system
    • Telephone
    • Patient and provider registry
    • CIS
    • Email, call, verbal
    • Physician billing
    • Hospital ERP
    • CIS
    • Paper appointments

    Pain Points & Gains

    • Volume of calls
    • Manual scheduling
    • Too many applications
    • Data entry errors
    • Limited languages
    • Too many applications
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Patient identity not linked to physician billing
    • Manual coding entry

    Metrics

    Time to appointment

    Time to enrollment

    Patient mis-match

    Provider mis-match

    Percentage of errors in billing codes

    Opportunities

    • Patient scheduling portal (24/7)
    • Use of AI and chatbots
    • Automate patient matching index digitalization and integration
    • Automate provider matching index digitalization and integration
    • Natural language processing using front-end speech recognition software for billing

    Break opportunities into a series of initiatives aligned to business objectives

    Opportunity 1

    Virtual Registration

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise master patient index integration with patient registry
    • Intelligent automation for outpatient department
    • Customer service chat box for triage FOI1
    • Front-end speech recognition for billing (FESR)

    Opportunity 2

    Machine Learning Pre-Cancer Diagnosis

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise Datawarehouse architecture (build data lake)
    • Build genomics analytics capabilities e.g., recruitment, data-quality review
    • Implementation of machine learning software
    • Supply chain integration with ERP for medical and research supplies
    FOI = Freedom of Information

    Info-Tech Insight

    Evaluate if an opportunity will require a series of discrete activities to execute and/or if they can be a stand-alone initiative.

    Now you are ready to select and prioritize digital initiatives for business case development

    After completing all three phases of activities in this blueprint, you will have compiled a list of new and planned digital initiatives for prioritization and business case development in the next phase.

    Consolidated List of Digital Initiatives.

    Example: Consolidated List of Digital Initiatives

    The next step will focus on prioritizing and building a business case for your top digital initiatives.

    IT Roadmap for your Digital Business Strategy.

    Appendix: Additional Examples

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Examples
    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 1 Finance

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Open banking

    Account integrators (AISPs)

    Payment integrators
    (PISPs)

    Data monetization

    Social payments

    Example 2: Retail

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Virtual cashier

    (RFID Enablement)

    Big-box retailers

    Brick & mortar stores

    Automated stores driving new customer experiences

    Digital cart

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Exemplars in Appendix

    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 3:

    Manufacturing

    Trend

    New Customer

    New Market

    New Business or

    Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    IT/OT convergence

    Value-added resellers

    New geographies

    Train quality-control algorithms and sell as a service to other manufacturers

    Quality control as a service

    Case Study: International Airport

    Persona Journey Map: International/Domestic Departure

    Persona: Super Traveler

    Name: Annie Smith

    Age: 35

    Occupation: Engineer, Global Consultant

    Journey Activity Name: Inspired to Travel

    Persona’s Goals

    What Am I Thinking?

    • I am planning on traveling to Copenhagen, Denmark for work.
    • It’s my first time and I need to gather information about the destination, accommodation, costs, departure information, bag weight, etc..

    Nature of Activity

    What Am I Doing?

    • Logging onto airline website
    • Confirming departure gates

    Type of Touchpoint

    • Airport rewards program
    • Airport Website
    • Online hotel eCommerce
    • Social media
    • Transportation services on mobile

    Key moments & pain points

    How Am I Feeling?

    • Frustrated because the airport website is difficult to navigate to get information
    • Annoyed because there is no FAQ online and I have to call; there’s a long wait to speak to someone.
    • Stress & uncertainty (cancellation, logistics, insurance, etc..)

    Metrics

    • Travel dates
    • Trip price & budget

    Opportunities

    • Tailored communication based on search history
    • Specific messaging (e.g., alerts for COVID-19, changes in events, etc.)
    • Interactive VR experience that guides customers through the airport as a navigator

    Related Info-Tech Research

    Tech Trends and Priorities Research Center

    • Access Info-Tech’s Tech Trends reports and research center to learn about current industry trends, shifts in markets, and disruptions that are impacting your industry and sector. This is a great starting place to gain insights into how the ecosystem is changing your business and the impact of these changes on IT.

    Digital Business Strategy

    • Leverage Info-Tech’s Digital Business Strategy to identify opportunities to transform the customer experience.

    Industry Reference Architecture

    • Access Info-Tech’s Industry coverage to accelerate your understanding of your business capabilities and opportunities for automation.

    Contact Your Account Manager

    Research Contributors and Experts

    Joanne Lee

    Joanne Lee

    Principal, Research Director, CIO Strategy

    Info-Tech Research Group

    Kim Osborne-Rodgriguez

    Kim Osborne-Rodgriguez

    Research Director, CIO Strategy

    Info-Tech Research Group

    Joanne is an executive with over 25 years of in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.

    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG’s CIO management consulting services and the Western Canada Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.

    Joanne holds a Master’s in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach to digital transformation, with a track record of supporting successful implementations.

    Kim holds a Bachelor’s degree in Mechatronics Engineering from University of Waterloo.

    Research Contributors and Experts

    Jack Hakimian

    Jack Hakimian

    Vice President, Research

    Info-Tech Research Group

    Charl Lombard.

    Charl Lombard

    President, Digital Transformation Consulting

    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Charl has more than 20 years of professional services experience, “majoring” in digital transformation and strategic topics. He has led multiple successful Digital Transformation programs across a range of industries like Information technology, hospitality, Advanced Industries, High Tech, Entertainment, Travel and Transport, Insurance & Financial Services, Metals & Mining, Electric Power, Renewable Energy, Telecoms, Manufacturing) across different geographics (i.e., North America, EU, Africa) in both private and public sectors.

    Prior to joining Info-Tech Research Group, Charl was the Vice President of Global Product Management and Strategy (Saber Hospitality Solution), Associate President, McKinsey Transformation Practice, e-Business Practice for PwC, and tech start-up founder and investor.

    Charl is a frequent speaker at innovation and digital transformation conferences and holds an MBA from the University of Cape Town Graduate School of Business, and a bachelor’s degree from the University of Pretoria, South Africa.

    Research Contributors and Experts

    Mike Tweedie

    Mike Tweedie

    Practice Lead, CIO Strategy

    Info-Tech Research Group

    Michael Alemany

    Michael Alemany

    Vice President, Digital Transformation Consulting

    Info-Tech Research Group

    Mike Tweedie brings over 25 years of experience as a technology executive. He’s led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor’s degree in Architecture from Ryerson University.

    Michael is a leader in Info-Tech’s digital transformation consulting practice. He brings over 10 years of experience working with companies across a range of industries. His work experience includes ~4.5 years at McKinsey & Company where he led large-scale transformations for fortune 500 companies. Prior to joining Info-Tech, he worked for Sabre Corp., an SaaS platform provider for the travel and hospitality sector, leading Product Strategy & Operations. Michael holds an MBA from the Tuck School of Business at Dartmouth and a B.S in Business Strategy from Brigham Young University.

    Research Contributors and Experts

    Duane Cooney

    Duane Cooney

    Executive Counselor, Healthcare

    Info-Tech Research Group

    Denis Goulet

    Denis Goulet

    Senior Workshop Director

    Info-Tech Research Group

    Duane brings over 30 years of experiences a healthcare IT leader with a passion for the transformation of people, processes, and technology. He has led large-scale health technology transformation and operations across the enterprise. Before joining Info-Tech, Duane served as the Deputy CIO, Senior Information Technology Director, and Enterprise Architect for both public not-for-profit and private sectors. He has a Bachelors in Computer Science and is a graduate of EDS Operations. He holds certifications in EHR, LEAN/Agile, ITIL, and PMP.

    Denis is an IAF Certified Professional Facilitator who has helped organizations and technology executives develop IT strategies for small to large global enterprises. He firmly believes in a collaborative value-driven approach. Prior to joining Info-Tech Research Group, Denis held several industry positions as CIO, Chief Administrative Office (City Manager), General Manager, and Vice President of Engineering. Denis holds an MBA from Queen’s University and a Diploma in Technology Engineering and Executive Municipal Management.

    Jay Cappis.

    Jay Cappis

    Executive Advisor, Real-Estate

    Info-Tech Research Group

    Christine Brick.

    Christine Brick

    Executive Advisor, Financial Services
    Info-Tech Research Group

    Jay brings over 30 years of experience in management and technology across small and medium enterprises to large global enterprises including Exxon and Xerox. His cross-industry experience includes professional services, commercial real estate, oil and gas, digital start-ups, insurance, and aerospace. Jay has led business process improvements and change management and has expertise in software development lifecycle management and DevOps practices.

    Christine brings over 20 years in IT transformation across DevOps, infrastructure, operations, supply chain, IT Strategy, modernization, cost optimization, data management, and operational risk. She brings expertise in business transformation, mergers and acquisitions, vendor selection, and contract management.

    Bibliography

    Bhatia, AD. “Transforming through disruptions: A conversation with Dan Antonelli. Transformation Insights.” McKinsey & Company. January 31, 2022. Web
    Bertoletti, Antonella and Peter Eeles. “Use an IT Maturity Model.” IBM Garage Methodology. Web. accessed May 30, 2022.
    Catlin, Tanguy, Jay Scanlan, and Paul Willmott. “Raising your Digital Quotient.” McKinsey Quarterly. June 1, 2015. Article
    Custers, Heidi. “Digital Blueprint. Reference Architecture. Deloitte Digital.Accessed May 15, 2022.
    Coundouris, Anthony. “Reviewed: The Top 5 Digital Transformation Frameworks in 2020.” Run-frictionless Blog. Accessed May 15, 2022. Web.
    Daub, Matthias and Anna Wiesinger. “Acquiring the Capabilities you need to go digital.” Business Technology Office – McKinsey and Company. March 2015. Web.
    De La Boutetiere, Alberto Montagner and Angelika Reich. “Unlocking success in digital transformations.” McKinsey and Company. October 2018. Web.
    “Design Thinking Defined.” IDEO.com. November 21, 2022. Web.
    Dorner, Karle and David Edelman. “What ‘Digital’ really means.” McKinsey Digital. July 2015. Web
    “Everything Changed. Or Did it? Harvey Nash KPMG CIO Survey 2020.” KPMG, 2020
    Kane, Gerald C., Doug Palmer, Ahn Nguyen Phillips, David Kiron, Natasha Buckley. “Aligning the organization for its digital future.” Findings from the 2016 Digital Business Global Executive Study and Research Project. MIT Sloan Management Review. July 26, 2016. Web
    LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021
    Mindtools Content Team. “Cause and Effect Analysis.” Mindtools.com. November 21, 2022. Web.
    “Strategic Foresight.” OECD.org. November 21, 2022, Web
    Sall, Sherman, Dan Lichtenfeld. “The Digital ME Method. Turning digital opportunities into customer engagement and business growth.” Sygnific. 2017. Web.
    Scoblic, J. Peter. “Learning from the Future. How to make robust strategy in times of deep uncertainty.” Harvard Business Review, August 2020.
    Silva, Bernardo and Schoenwaelder, Tom. ‘Why Good Strategies fail. Addressing the three critical strategic tensions.” Deloitte Monitor Group. 2019.

    Application Portfolio Management

    • Buy Link or Shortcode: {j2store}28|cart{/j2store}
    • Related Products: {j2store}28|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $81,275
    • member rating average days saved: 20
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • The chances are that you, too, have too many or far too many applications in your organization. You will not be alone. Almost 60% of companies report the same issue. 
    • That is due to poorly managed portfolios.
    • Your application managers now need to support too many non-critical applications, and they spend insufficient time on the vital applications.
    • You can rarely find the required pieces to rationalize your portfolio in one place. You will need to find the resources and build a team.
    • The lack of standard practices to define the value that each application in a portfolio provides to the company causes misalignments.

    Our advice

    Insight

    • There is no silver bullet solution. Going too rigid in your approach causes delays in value realization through application portfolio management. It may even prevent this altogether. Define flexible inputs to your portfolio and align closely with your business goals.

    Impact and results 

    • Define the outputs of your application rationalization effort, with clear roles and responsibilities.
    • Tailor the application rationalization framework (ARF) to your company's motivations, goals, and limitations.
    • Apply various application assessments to build a clear picture of your portfolio.
    • Build an application portfolio roadmap that shows your target state based on your rationalization decisions.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows you why you should rationalize your application portfolio using a tailored framework for your company. We'll show you our methodology and the ways we can help you in handling this.

    Lay the foundations

    Define why you want to rationalize your application portfolio. Define the end state and scope. Build your action plan.

    • Build an Application Rationalization Framework – Phase 1: Lay Your Foundations (ppt)
    • Application Rationalization Tool (xls)

    Plan the application rationalization framework

    Understand what the core assessments are that you perform in these rationalizations. Define your framework and how rigorous you want to apply the reviews based on your business context.

    • Build an Application Rationalization Framework – Phase 2: Plan Your Application Rationalization Framework (ppt)

    Test and adapt your application rationalization framework (ARF)

    Our tool allows you to test the elements of your ARF. Then do a retrospective and adapt based on your experience and desired outcomes. 

    • Build an Application Rationalization Framework – Phase 3: Test and Adapt Your Application Rationalization Framework (ppt)
    • Application TCO Calculator (xls)
    • Value Calculator (xls)

    Initiate your roadmap

    Review your dispositions to ensure they align with your goals. 

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap (ppt)
    • Disposition Prioritization Tool (xls)

     

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    • Buy Link or Shortcode: {j2store}139|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $63,667 Average $ Saved
    • member rating average days saved: 110 Average Days Saved
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With Adobe’s transition to a cloud-based subscription model, it’s important for organizations to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Our Advice

    Critical Insight

    • Focus on user needs first. Examine which products are truly needed versus nice to have to prevent overspending on the Creative Cloud suite.
    • Examine what has been deployed. Knowing what has been deployed and what is being used will greatly aid in completing your true-up.
    • Compliance is not automatic with products that are in the cloud. Shared logins or computers that have desktop installs that can be access by multiple users can cause noncompliance.

    Impact and Result

    • Visibility into license deployments and needs
    • Compliance with internal audits

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend Research & Tools

    Start here – read the Executive Brief

    Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing to avoid overspending and to maximize negotiation leverage.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Manage your Adobe agreements

    Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.

    • Adobe ETLA vs. VIP Pricing Table
    • Adobe ETLA Forecasted Costs and Benefits
    • Adobe ETLA Deployment Forecast
    [infographic]

    Further reading

    Master the Secrets of Adobe’s Creative Cloud Contracts to Right-Size Your Adobe Spend

    Learn the essential steps to avoid overspending and to maximize negotiation leverage with Adobe.

    ANALYST PERSPECTIVE

    Only 18% of Adobe licenses are genuine copies: are yours?

    "Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "

    Scott Bickley

    Research Lead, Vendor Practice

    Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • IT managers scoping their Adobe licensing requirements and compliance position.
    • CIOs, CTOs, CPOs, and IT directors negotiating licensing agreements in search of cost savings.
    • ITAM/Software asset managers responsible for tracking and managing Adobe licensing.
    • IT and business leaders seeking to better understand Adobe licensing options (Creative Cloud).
    • Vendor management offices in the process of a contract renewal.

    This Research Will Help You:

    • Understand and simplify licensing per product to help optimize spend.
    • Ensure agreement type is aligned to needs.
    • Navigate the purchase process to negotiate from a position of strength.
    • Manage licenses more effectively to avoid compliance issues, audits, and unnecessary purchases.

    This Research Will Also Assist:

    • CFOs and the finance department
    • Enterprise architects
    • ITAM/SAM team
    • Network and IT architects
    • Legal
    • Procurement and sourcing

    This Research Will Help Them:

    • Understand licensing methods in order to make educated and informed decisions.
    • Understand the future of the cloud in your Adobe licensing roadmap.

    Executive summary

    Situation

    • Adobe’s dominant market position and ownership of the creative software market is forcing customers to refocus the software acquisition process to ensure a positive ROI on every license.
    • In early 2017, Adobe announced it would stop selling perpetual Creative Suite 6 products, forcing future purchases to be transitioned to the cloud.

    Complication

    • Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
    • With transition to a cloud-based subscription model, organizations need to actively manage licenses, software provisioning, and consumption.
    • Without a detailed understanding of Adobe’s various purchasing models, overspending often occurs.
    • Organizations have experienced issues in identifying commercial licensed packages with their install files, making it difficult to track and assign licenses.

    Resolution

    • Gain visibility into license deployments and needs with a strong SAM program/tool; this will go a long way toward optimizing spend.
      • Number of users versus number of installs are not the same, and confusing the two can result in overspending. Device-based licensing historically would have required two licenses, but now only one may be required.
    • Ensure compliance with internal audits. Adobe has a very high rate of piracy stemming from issues such as license overuse, misunderstanding of contract language, using cracks/keygens, virtualized environments, indirect access, and sharing of accounts.
    • A handful of products are still sold as perpetual – Acrobat Standard/Pro, Captivate, ColdFusion, Photoshop, and Premiere Elements – but be aware of what is being purchased and used in the organization.
      • Beware of products deployed on server, where the number of users accessing that product cannot easily be counted.

    Info-Tech Insight

    1. Your user-need analysis has shifted in the new subscription-based model. Determine which products are needed versus nice to have to prevent overspending on the Creative Cloud suite.
    2. Examine what you need, not what you have. You can no longer mix and match applications.
    3. Compliance is not automatic with products that are in the cloud. Shared logins or computers with desktop installs that can be accessed by multiple users can cause noncompliance.

    The aim of this blueprint is to provide a foundational understanding of Adobe

    Why Adobe

    In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.

    What to know

    Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.

    The Future

    Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).

    Info-Tech Insight

    Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.

    Learn the “Adobe way,” whether you are reviewing existing spend or considering the purchase of new products

    1. Legacy on-premises Adobe Creative Suite products used to be available in multiple package configurations, enabling right-sized spend with functionality. Adobe’s support for legacy Creative Suites CS6 products ended in May 2017.
    2. While early ETLAs allowed customer application packaging at a lower price than the full Creative Cloud suite, this practice has been discontinued. Now, the only purchasing options are the full suite or single-application subscriptions.
    3. Buyers must now assess alternative Adobe products as an option for non-power users. For example, QuarkXPress, Corel PaintShop Pro, CorelDRAW, Bloom, and Affinity Designer are possible replacements for some Creative Cloud applications.
    4. Document Cloud, Adobe’s latest step in creating an Acrobat-focused subscription model, limits the ability to reduce costs with an extended upgrade cycle. These changes go beyond the licensing model.
    5. Organizations need to perform a cost-benefit analysis of single app purchases vs. the full suite to right-size spend with functionality.

    As Adobe’s dominance continues to grow, organizations must find new ways to maintain a value-added relationship

    Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.

    The image contains two pie graphs. The first is labelled FY2014 Revenue Mix, and the second graph is titled FY2017E Revenue Mix.

    Source: Adobe, 2017

    "Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."

    – Omid Razavi, Global Head of Success, ServiceNow

    Consider your route forward

    Consider your route forward, as ETLA contract commitments, scope, and mechanisms differ in structure to the perpetual models previously utilized. The new model shortchanges technology procurement leaders in their expectations of cost-usage alignment and opex flexibility (White, 2016).

    ☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.

    ☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.

    ☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.

    ☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.

    The image contains a screenshot of a diagram listing the adobe toolkit. The toolkit includes: Adobe ETLA Deployment Forecast Tool, Adobe ETLA Forecasted Cost and Benefits, Adobe ETLA vs. VIP Pricing Table.

    Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal

    Info-Tech Insight

    IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.

    Apply licensing best practices and examine the potential for cost savings through an unbiased third-party perspective

    Establish Licensing Requirements

    • Understand Adobe’s product landscape and transition to cloud.
    • Analyze users and match to correct Adobe SKU.
    • Conduct an internal software assessment.
    • Build an effective licensing position.

    Evaluate Licensing Options

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)

    Evaluate Agreement Options

    • Price
    • Discounts
    • Price protection
    • Terms and conditions

    Purchase and Manage Licenses

    • Learn negotiation tactics to enhance your current strategy.
    • Control the flow of communication.
    • Assign the right people to manage the environment.

    Preventive practices can help find measured value ($)

    Time and resource disruption to business if audited

    Lost estimated synergies in M&A

    Cost of new licensing

    Cost of software audit, penalties, and back support

    Lost resource allocation and time

    Third party, legal/SAM partners

    Cost of poor negotiation tactics

    Lost discount percentage

    Terms and conditions improved

    Explore Adobe licensing and optimize spend – project overview

    Establish Licensing Requirements

    Evaluate Licensing Options

    Evaluate Agreement Options

    Purchase and Manage Licenses

    Best-Practice Toolkit

    • Assess current state and align goals; review business feedback.
    • Interview key stakeholders to define business objectives and drivers.
    • Review licensing options.
    • Review licensing rules.
    • Determine the ideal contract type.
    • Review final contract.
    • Discuss negotiation points.
    • License management.
    • Future licensing strategy.

    Guided Implementations

    • Engage in a scoping call.
    • Assess the current state.
    • Determine licensing position.
    • Review product options.
    • Review licensing rules.
    • Review contract option types.
    • Determine negotiation points.
    • Finalize the contract.
    • Discuss license management.
    • Evaluate and develop a roadmap for future licensing.

    PHASE 1

    Manage Your Adobe Agreements

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Managing Adobe Contracts

    Proposed Time to Completion: 3-6 weeks

    Step 1.1: Establish Licensing Requirements

    Start with a kick-off call:

    • Assess the current state.
    • Determine licensing position.

    Then complete these activities…

    • Complete a deployment count, needs analysis, and internal audit.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Step 1.2: Determine Licensing Options

    Review findings with analyst:

    • Review licensing options.
    • Review licensing rules.
    • Review contract option types.

    Then complete these activities…

    • Select licensing option.
    • Document forecasted costs and benefits.

    With these tools & templates:

    Adobe ETLA vs. VIP Pricing Table

    Adobe ETLA Forecasted Costs and Benefits

    Step 1.3: Purchase and Manage Licenses

    Review findings with analyst:

    • Review final contract.
    • Discuss negotiation points.
    • Plan a roadmap for SAM.

    Then complete these activities…

    • Negotiate final contract.
    • Evaluate and develop a roadmap for SAM.

    With these tools & templates:

    Adobe ETLA Deployment Forecast

    Adobe’s Cloud – Snapshot of what has changed

    1. Since Adobe has limited the procurement and licensing options with the introduction of Creative Cloud, there are three main choices:
      1. Direct online purchase at Adobe.com
      2. Value Incentive Plan (VIP): Creative Cloud for teams–based purchase with a volume discount (minimal, usually ~10%); may have some incentives or promotional pricing
      3. Enterprise Term License Agreement (ETLA): Creative Cloud for Enterprise (CCE)
    2. Adobe has discontinued support for legacy perpetual licenses, with the latest version being CS6, which is steering organizations to prioritize their options for products in the creative and document management space.
    3. Document Cloud (DC) is the cloud product replacing the Acrobat perpetual licensing model. DC extends the subscription-based model further and limits options to extend the lifespan of legacy on-premises licenses through a protracted upgrade process.
    4. The subscription model, coupled with limited discount options on transactional purchases, forces enterprises to consider the ETLA option. The ETLA brings with it unique term commitments, new pricing structures, and true-up mechanisms and inserts the "land and expand" model vs. license reassignment.

    Info-Tech Insight

    Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.

    Core concepts of Adobe agreements: Discounting, pricing, and bundling

    ETLA

    Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.

    Adobe Cloud Bundling

    Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.

    Custom Bundling

    The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.

    Higher and Public Education

    Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.

    Info-Tech Insight

    Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Track deployment and needs

    The image contains a screenshot of Info-Tech's Adobe deployment tool for SAM: Track deployment and needs.

    Use Info-Tech’s Adobe deployment tool for SAM: Audit

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Audit tab.

    Use Info-Tech’s Adobe deployment tool for SAM: Cost

    The image contains a screenshot of the Adobe Deployment Tool for SAM, specifically the Cost tab.

    Use Info-Tech’s tools to compare ETLA vs. VIP and to document forecasted costs and benefits

    Is the ETLA or VIP option better for your organization?

    Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    The image contains a screenshot of Info-Tech's Adobe ETLA vs. VIP Pricing Table.

    Your ETLA contains multiple products and is a multi-year agreement.

    Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.

    The image contains a screenshot of Info-Tech's ETLA Forecasted Costs and Benefits.

    Adobe’s Creative Cloud Complete offering provides access to all Adobe creative products and ongoing upgrades

    Why subscription model?

    The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.

    Key Characteristics:

    • Available as a month-to-month or annual subscription license
    • Can be purchased for one user, for a team, or for an enterprise
    • Subject to annual payment and true-up of license fees
    • Can only true-up during lifespan of contract; quantities cannot be reduced until renewal
    • May contain auto-renewal clauses – beware!

    Key things to know:

    1. Applications can be purchased individually if users require only one specific product. A few products continue to have on-premises licensing options, but most are offered by per-user subscriptions.
    2. At the end of the subscription period, the organization no longer has any rights to the software and would have to return to a previously owned version.
    3. True-downs are not possible (in contrast to Microsoft’s Office 365).
    4. Downgrade rights are not included or are limited by default.

    Which products are in the Creative Cloud bundle?

    Adobe Acrobat® XI Pro

    Adobe After Effects® CC

    Adobe Audition® CC

    Adobe Digital Publishing Suite, Single Edition

    Adobe InDesign® CC

    Adobe Dreamweaver® CC

    Adobe Edge Animate

    Adobe Edge Code preview

    Adobe Edge Inspect

    Adobe Photoshop CC

    Adobe Edge Reflow preview

    Adobe Edge Web Fonts

    Adobe Extension Manager

    ExtendScript Toolkit

    Adobe Fireworks® CS6

    Adobe Flash® Builder® 4.7 Premium Edition

    Adobe Flash Professional CC

    Adobe Illustrator® CC

    Adobe Prelude® CC

    Adobe Premiere® Pro CC

    Adobe Scout

    Adobe SpeedGrade® CC

    Adobe Muse CC

    Adobe Photoshop Lightroom 6

    Adobe offers different solutions for teams vs. enterprise licensing

    Evaluate the various options for Creative Cloud, as they can be purchased individually, for teams, or for enterprise.

    Bundle Name

    Target Customer

    Included Applications

    Features

    CC (for Individuals)

    Individual users

    The individual chooses

    • Sync, store, and share assets
    • Adobe Portfolio website
    • Adobe Typekit font collection
    • Microsoft Teams integration
    • Can only be purchased through credit card

    CC for Teams (CCT)

    Small to midsize organizations with a small number of Adobe users who are all within the same team

    Depends on your team’s requirements. You can select all applications or specific applications.

    Everything that CC (for individuals) does, plus

    • One license per user; can reassign CC licenses
    • Web-based admin console
    • Centralized deployment
    • Usage tracking and reporting
    • 100GB of storage per user
    • Volume discounts for 10+ seats

    CC for Enterprise (CCE)

    Large organizations with users who regularly use multiple Adobe products on multiple machines

    All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts

    Everything that CCT does, plus

    • Employees can activate a second copy of software on another device (e.g. home computer) as long as they share the same Adobe ID and are not used simultaneously
    • Ability to reassign licenses from old users to new users
    • Custom storage options
    • Greater integration with other Adobe products
    • Larger volume discounts with more seats

    For further information on specific functionality differences, reference Adobe’s comparison table.

    A Cloud-ish solution: Considerations and implications for IT organizations

    ☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.

    ☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.

    ☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.

    Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.

    VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.

    Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.

    When moving to Adobe cloud, validate that license requirements meet organizational needs, not a sales quota

    Follow these steps in your transition to Creative Cloud.

    Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.

    Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.

    Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.

    Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).

    Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.

    Source: The ITAM Review

    Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.

    Acquiring Adobe Software

    Adobe offers four common licensing methods, which are reviewed in detail in the following slides.

    Most common purchasing models

    Points for consideration

    • Value Incentive Plan (VIP)
    • Cumulative Licensing Program (CLP)
    • Transactional Licensing Program (TLP)
    • Enterprise Term License Agreement (ETLA)
    • Adobe, as with many other large software providers, includes special benefits and rights when its products are purchased through volume licensing channels.
    • Businesses should typically refrain from purchasing individual OEM (shrink wrap) licenses or those meant for personal use.
    • Purchase record history is available online, making it easier for your organization to manage entitlements in the case of an audit.

    "Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."

    B-lay

    CLP and TLP

    The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.

    The image contains a screenshot of a table comparing CLP and TLP.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    VIP and ETLA

    The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.

    The image contains a screenshot of a table comparing VIP and ETLA.

    Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”

    ETLA commitments risk creating “shelfware-as-a-service”

    The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.

    ☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.

    ☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.

    ☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.

    ☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.

    ☑ Technical support is included in the ETLA.

    ☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.

    "For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."

    B-lay

    ETLA recommendations

    1. Assess the end-user requirements with a high degree of scrutiny. Perform an analysis that matches the licensee with the correct Adobe product SKU to reduce the risk of overspending.
    • Leverage metering data that identifies actual usage and lack thereof, match to user profile functional requirements, and then determine end users’ actual license requirements.
  • Build in time to evaluate alternative products where possible and position the organization to leverage a Plan B vendor to replace or mitigate growth on the Adobe platform. Re-evaluate options well in advance of the ETLA renewal.
  • Secure price protection through negotiating a price cap or an extended ETLA term beyond the standard three-year term. Short of obtaining an escalation cap, which Adobe is strongly resisting, build in price increases for the ETLA renewal years.
    • Demand price transparency and granularity in the proposal process.
    • Validate that volume discounts are appropriate and show through to the true-up line item pricing.
  • Negotiate a true-down mechanism upfront with Adobe if usage decline is inevitable or expected due to a merger or acquisition, divestiture, or material restructuring event.
  • INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.

    Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.

    Prepare for Adobe’s true-up process

    How the true-up process works

    When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.

    Higher-education specific

    Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.

    Info-Tech Insight

    Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.

    Audits and software asset management with Adobe

    Watch out for:

    • Virtual desktops, freeware, and test and trial licenses
    • Adobe products that may be bundled into a suite; a manual check will be needed to ensure the suite isn’t recognized as a standalone license
    • Pirated licenses with a “crack” built into the software

    Simplify your process – from start to finish – with these steps:

    Determine License Entitlements

    Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.

    Gather Deployment Information

    Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.

    Determine Effective License Position

    Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.

    Plan Changes to License Position

    Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.

    Adobe Genuine Software Integrity Service

    • This service was started in 2014 to combat non-genuine software sold by non-authorized resellers.
    • The service works hand in hand with the cloud movement to reduce piracy.
    • Every Adobe product now contains an executable file that will scan your machine for non-genuine software.
    • If non-genuine software is detected, the user will be notified and directed to the official Adobe website for next steps.

    Detailed list of Adobe licensing contract types

    The table below describes Adobe contract types beyond the four typical purchasing models explained in the previous slides:

    Option

    What is it?

    What’s included?

    For

    Term

    CLP (Cumulative Licensing Program)

    10,000 plus points, support and maintenance optional

    Select Adobe perpetual desktop products

    Business

    2 years

    EA (Adobe Enterprise Agreement)

    100 licenses plus maintenance and support for eligible Adobe products

    All applications

    100+ users requirement

    3 years

    EEA (Adobe Enterprise Education Agreement)

    Creative Cloud enterprise agreement for education establishments

    Creative Cloud applications without services

    Education

    1 or 2 years

    ETLA (Enterprise Term License Agreement)

    Licensing program designed for Adobe’s top commercial, government, and education customers

    All Creative Cloud applications

    Large enterprise companies

    3 years

    K-12 – Enterprise Agreement

    Enterprise agreement for primary and secondary schools

    Creative Cloud applications without services

    Education

    1 year

    K-12 – School Site License

    Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size

    Creative Cloud applications without services

    Education

    1 year

    TLP (Transactional Licensing Program)

    Agreement for SMBs that want volume licensing bonuses

    Perpetual desktop products only

    Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements

    N/A

    Upgrade Plan

    Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade

    Dependent on the existing perpetual estate

    Anyone

    N/A

    VIP (Value Incentive Plan)

    VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model

    Creative Cloud of teams

    Business, government, and education

    Insight breakdown

    Insight 1

    Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.

    Insight 2

    Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.

    Insight 3

    With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.

    Summary of accomplishment

    Knowledge Gained

    • The key pieces of licensing information that should be gathered about the current state of your own organization.
    • An in-depth understanding of the required licenses across all of your products.
    • Clear methodology for selecting the most effective contract type.
    • Development of measurable, relevant metrics to help track future project success and identify areas of strength and weakness within your licensing program.

    Processes Optimized

    • Understanding of the importance of licensing in relation to business objectives.
    • Understanding of the various licensing considerations that need to be made.
    • Contract negotiation.

    Deliverables Completed

    • Adobe ETLA Deployment Forecast
    • Adobe ETLA Forecasted Cost and Benefits
    • Adobe ETLA vs. VIP Pricing Table

    Related Info-Tech Research

    Take Control of Microsoft Licensing and Optimize Spend

    Create an Effective Plan to Implement IT Asset Management

    Establish an Effective System of Internal IT Controls to Mitigate Risks

    Optimize Software Asset Management

    Take Control of Compliance Improvement to Conquer Every Audit

    Cut PCI Compliance and Audit Costs in Half

    Bibliography

    “Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.

    “Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.

    “Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.

    “Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.

    Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.

    Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.

    de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.

    “Find the best program for your organization.” Adobe, Web. 1 Feb 2018.

    Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.

    Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.

    “Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.

    Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.

    Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.

    Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.

    “Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.

    Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.

    Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.

    Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.

    “Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.

    White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.

    Get the Most Out of Workday

    • Buy Link or Shortcode: {j2store}239|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Your Workday systems are critical to supporting the organization’s business processes.They are expensive. Direct benefits and ROI can be hard to measure.
    • Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.
    • Application optimization is essential to staying competitive and productive in today’s digital environment.

    Our Advice

    Critical Insight

    Continuous assessment and optimization of your Workday enterprise resource planning (ERP) is critical to the success of your organization.

    Impact and Result

    • Build an ongoing optimization team to conduct application improvements.
    • Assess your Workday application(s) and the environment in which they exist. Take a business first strategy to prioritize optimization efforts.
    • Validate Workday capabilities, user satisfaction, processes, issues around data, integrations, and vendor management to build out an optimization strategy
    • Pull this all together to develop a prioritized optimization roadmap.

    Get the Most Out of Workday Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get the Most Out of Workday – A guide to help the business leverages to accomplish its goals.

    Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. Take a proactive approach to optimize your enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.

    • Get the Most Out of Workday – Phases 1-4

    2. Get the Most Out of Workday Workbook – A tool to document and assist with this project.

    The Get the Most out of Workday Workbook serves as the holding document for the different elements of the Get the Most out Workday blueprint. Use each assigned tab to input the relevant information for the process of optimizing Workday.

    • Get the Most Out of Workday Workbook

    3. Workday Application Inventory Tool – A tool to define applications and capabilities around ERP.

    Use this tool provide Info-Tech with information surrounding your ERP application(s). This inventory will be used to create a custom Application Portfolio Assessment (APA) for your ERP. The template includes demographics, application inventory, departments to be surveyed and data quality inclusion.

    • Workday Application Inventory Tool

    Infographic

    Workshop: Get the Most Out of Workday

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Workday Application Vision

    The Purpose

    Define your workday application vision.

    Key Benefits Achieved

    Set the foundation for optimizing Workday by building a cross-functional team, aligning with organizational strategy, inventorying current system state, defining your timeframe, and exploring current costs.

    Activities

    1.1 Identify stakeholders and build your optimization team.

    1.2 Build an ERP strategy model.

    1.3 Inventory current system state.

    1.4 Define optimization timeframe.

    1.5 Understand Workday costs.

    Outputs

    Workday optimization team

    Workday business model

    Workday optimization goals

    System inventory and data flow

    Application and business capabilities list

    Workday optimization timeline

    2 Map Current-State Capabilities

    The Purpose

    Map current-state capabilities.

    Key Benefits Achieved

    Measure the state of your current Workday system to understand where it is not performing well.

    Activities

    2.1 Assess Workday capabilities.

    2.2 Review your satisfaction with the vendor/product and willingness for change.

    Outputs

    Workday capability gap analysis

    Workday user satisfaction (application portfolio assessment)

    Workday SoftwareReviews survey results

    Workday current costs

    3 Assess Workday

    The Purpose

    Assess Workday.

    Key Benefits Achieved

    Explore underperforming areas to:

    Uncover where user satisfaction is lacking and possible root causes.

    Identify process and workflows that are creating issues for end users and identify improvement options.

    Understand where data issues are occurring and explore how you can improve these.

    Identify integration points and explore if there are any areas of improvement.

    Investigate your relationship with the vendor and product, including that relative to others.

    Identify any areas for cost optimization (optional).

    Activities

    3.1 Prioritize optimization opportunities.

    3.2 Discover optimization initiatives.

    Outputs

    Product and vendor satisfaction opportunities

    Capability and feature optimization opportunities

    Process optimization opportunities

    Integration optimization opportunities

    Data optimization opportunities

    Workday cost-saving opportunities

    4 Build the Optimization Roadmap

    The Purpose

    Build the optimization roadmap.

    Key Benefits Achieved

    Understanding where you need to improve is the first step, now understand where to focus your optimization efforts, build out next steps and put a timeframe in place.

    Activities

    4.1 Build your optimization roadmap.

    Outputs

    Workday optimization roadmap

    Further reading

    Get the Most Out of Workday

    In today’s connected world, the continuous optimization of enterprise applications to realize your digital strategy is key.

    EXECUTIVE BRIEF

    Analyst Perspective

    Focus optimization on organizational value delivery.

    HR, finance, and planning systems are the core foundation of enterprise resource systems (ERP) systems. These are core tools that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.

    Workday is expensive, benefits can be difficult to quantify, and optimization can be difficult to navigate. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.

    Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.

    IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user satisfaction, measure module satisfaction, and improve vendor relations to create an optimization plan that will drive a cohesive technology strategy that delivers results.

    Lisa Highfield

    Research Director, Enterprise Applications

    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Your Workday systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure.

    Workday application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm.

    Application optimization is essential to staying competitive and productive in today’s digital environment.

    Common Obstacles

    Balancing optimization with stabilization is one of the most difficult decisions for Workday application leaders.

    Competing priorities and often unclear enterprise application strategies make it difficult to make decisions about what, how, and when to optimize.

    Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps.

    Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.

    Info-Tech's Approach

    In today’s changing world, it is imperative to evaluate your applications for optimization and to look for opportunities to capitalize on rapidly expanding technologies, integrated data, and employee solutions that meet the needs of your organization.

    Assess your Workday applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.

    Validate capabilities, user satisfaction, and issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy.

    Pull this all together to prioritize optimization efforts and develop a concrete roadmap.

    Info-Tech Insight

    Workday is investing heavily in expanding and deepening its finance and expanded product offerings, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized Workday optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.

    The image shows a graphic titled Get the Most Out of Your ERP. The centre of the graphic shows circular gears labelled with text such as Processes; User Satisfaction; Integrations; Data; and Vendor Relations. There is also text surrounding the central gears in concentric circles, and on either side, there are sets of arrows titled Service-centric capabilities and Product-centric capabilities.

    Insight summary

    Continuous assessment and optimization of your Workday ERP is critical to the success of your organization.

    • Applications and the environments in which they live are constantly evolving.
    • This blueprint provides business and application managers with a method to complete a health assessment of their Workday systems to identify areas for improvement and optimization.
    • Put optimization practices into effect by:
      • Aligning and prioritizing key business and technology drivers.
      • Identifying ERP process classification and performing a gap analysis.
      • Measuring user satisfaction across key departments.
      • Evaluating vendor relations.
      • Understanding how data plays into the mix.
      • Pulling it all together into an optimization roadmap.

    Workday enterprise resource planning (ERP) facilitates the flow of information across business units. It allows for the seamless integration of data across financial and people systems to create a holistic view of the enterprise to support decision making.

    In many organizations, Workday is considered the core people systems and is becoming more widely adopted for finance and a full ERP system.

    ERP systems are considered the lifeblood of organizations. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    Workday enterprise resource planning (ERP)

    Workday

    • Finance
    • Human Resources Management
    • Talent and Performance
    • Payroll and Workforce Management
    • Employee Experience
    • Student Information Systems
    • Professional Services Automation
    • Analytics and Reporting
    • Spend Management
    • Enterprise Planning

    What is Workday?

    Workday has many modules that work together to facilitate the flow of information across the business. Workday’s unique data platform allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making.

    In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.

    Workday operates in many industry verticals and performs well in service organizations.

    An ERP system:

    • Automates processes, reducing the amount of manual, routine work.
    • Integrates with core modules, eliminating the fragmentation of systems.
    • Centralizes information for reporting from multiple parts of the value chain to a single point.

    Workday Fast Facts

    Product Description

    • Workday offers HR, Finance, planning systems, and extended offerings. Workday prides itself on rapidly expanding its product portfolio to meet the needs of organizations in a changing world.
    • The integrated cloud data model Workday has been built on allows for seamless end-to-end organizational data.
    • Offerings include Financial Management, Human Capital Management, Workday Adaptive Planning, Spend Management, Talent Management, Payroll & Workforce Management, Analytics & Reporting, Student, Professional Services Automation, Platform & Product Extensions, Workday Peakon Employee Voice, and most recently VNDLY (contract and vendor management).

    Evolution of Workday

    Workday HCM 2006

    Workday Financial Management 2007

    Workday 10 (Finance & HCM) 2010

    Workday Student (Higher Education) 2011

    Workday Cloud (PAAS) 2017

    Acquisition of Adaptive Insights 2018

    Acquisition of VNDLY 2021

    Vendor Description

    • Workday was founded in 2005 by Aneel Bhusri and Dave Duffield (former PeopleSoft founder.)
    • The platform-as-a-service (PaaS) bundles and modules are sold in a subscription model to customers.
    • Workday has untaken several acquisitions in recent years to grow the product and invests in early-stage companies through Workday Ventures.
    • Workday is publicly traded (2012); Nasdaq: WDAY.

    Employees: 12,500

    Headquarters: Pleasanton, CA

    Website: workday.com

    Founded: 2005

    Presence: Global, Publicly Traded

    Workday by the numbers

    77%

    77% of clients were satisfied with the product’s business value created. 78% of clients were satisfied that the cost is fair relative to value, and 95% plan to renew. (SoftwareReviews, 2022)

    50% of Fortune 500

    Workday has seen steady growth working with over 50% of Fortune 500 companies. 4,100 of those are HCM and finance customers. It has seen great success in service industries and has a 95% gross retention rate. (Diginomica)

    40%

    Workday reported a 40% year-over-year increase in Workday Financial Management deployments for both new and existing customers, as accelerated demand for Workday cloud-based continues. (Workday, June 2021)

    Workday Finance

    A great opportunity for Workday

    Workday continues to invest in Workday Finance

    • 35% of the Fortune 500 and 50% of the Fortune 50 use Workday HCM products (Seeking Alpha, 2019).
    • The customer base for Workday Financial Management has increased from 45 in 2014 to 530 in 2019 with 9 Fortune 500 companies in the mix. This infers that Financial Management is a product that will drive future growth for Workday.

    Recent Finance-Related Acquisitions

    • Zimit - Quotation Management
    • Stories.bi - Augmented Analytics
    • Adaptive Insights - Business Planning
    • SkipFlag - Machine Learning (AI)
    • Platfora - Analytics
    • VNDLY - Contractor and Vendor Management

    Workday challenges and dissatisfaction

    Workday challenges and dissatisfaction

    Organizational

    • Competing Priorities
    • Lack of Strategy
    • Budget Challenges

    People and teams

    • Knowledgeable Staff/Turnover
    • Lack of Internal Skills
    • Ability to Manage New Products
    • Lack of Training

    Technology

    • Integration Issues
    • Selecting Tools & Technology
    • Keeping Pace With Technology Changes
    • Update Challenges

    Data

    • Access to Data
    • Data Literacy
    • Data Hygiene
    • One View of the Customer

    Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.

    Info-Tech Insight

    While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.

    Where are applications leaders focusing?

    Big growth numbers

    Year-over-year call topic requests

    Enterprise Application Optimization - 124%

    Product - 65%

    Enterprise Application Selection - 76%

    Agile - 79%

    (Info-Tech case data, 2022; N=3,293)

    We are seeing Applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together.

    Other changes

    Year-over-year call topic requests

    Application Portfolio Management - 13%

    Business Process Management - 4%

    Software Development Lifecycle -25%

    (Info-Tech case data, 2022; N=3,293)

    Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization.

    Application optimization is risky without a plan

    Avoid these common pitfalls:

    • Not considering how this pays into the short-, medium-, and long-term ERP strategy.
    • Not considering application optimization as a business and IT partnership, which requires the continuous formal engagement of all participants.
    • Not having a good understanding of your current state, including integration points and data.
    • Not adequately accommodating feedback and changes after digital applications are deployed and employed.
    • Not treating digital applications as a motivator for potential future IT optimization efforts and incorporating digital assets in strategic business planning.
    • Not involving department leads, management, and other subject-matter experts to facilitate the organizational change digital applications bring.

    “A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.” – Norelus, Pamidala, and Senti, 2020

    Info-Tech’s methodology for getting the most out of your ERP

    1. Map Current-State Capabilities 2. Assess Your Current State 3. Identify Key Optimization Areas 4. Build Your Optimization Roadmap
    Phase Steps
    1. Identify Stakeholders and Build Your Workday Optimization Team
    2. Build an ERP Strategy Model
    3. Inventory Current System State
    4. Define Business Capabilities
    • Conduct a Gap Analysis for ERP Processes
    • Assess User Satisfaction
    • Review Your Satisfaction With the Vendor and Product
    1. Identify Key Optimization Areas
    2. Evaluate Product Sustainability Over the Short, Medium, and Long Term
    3. Identify Any Product Changes Anticipated Over Short, Medium, and Long Term
    1. Prioritize Optimization Opportunities
    2. Identify Key Optimization Areas
    3. Compile Optimization Assessment Results
    Phase Outcomes
    1. Stakeholder map
    2. Workday optimization team
    3. Workday business model
    4. Strategy alignment
    5. Systems inventory and diagram
    6. Business capabilities map
    7. Key Workday processes list
    1. Gap analysis for Workday-related processes
    2. Understanding of user satisfaction across applications and processes
    3. Insight into Workday data quality
    4. Quantified satisfaction with the vendor and product
    5. Understanding Workday costs
    1. List of Workday optimization opportunities
    1. Workday optimization roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Get the Most Out of Your Workday Workbook

    Identify and prioritize your Workday optimization goals.

    Application Portfolio Assessment

    Assess IT-enabled user satisfaction across your Workday portfolio.

    Key deliverable:

    Workday Optimization Roadmap

    Complete an assessment of processes, user satisfaction, data quality, and vendor management.

    Case Study

    MANAGED AP AUTOMATION with OneSource Virtual

    TripAdvisor + OneSource

    INDUSTRY: Travel

    SOURCE: OneSource Virtual, 2017

    Challenge

    TripAdvisor needed a solution that would decrease administrative labor from its accounting department.

    “We needed something that was already compatible with our Workday tenant, that didn’t require a lot of customizations and would be an enhancement to our processes.” – Director of Accounting Operations, Scott Garner

    Requirements included:

    • Easy implementation
    • Existing system compatibility
    • Enhancement to the company’s process
    • Competitive pricing
    • Secure

    Solution

    TripAdvisor chose to outsource its accounts payable services to OneSource Virtual (OSV).

    OneSource Virtual offers the comprehensive finance and accounting outsourcing solutions needed to improve efficiency, eliminate paper processes, reduce errors, and improve cash flow.

    Managed AP services include scanning and auditing all extracted invoice data for accuracy, transmitting AP files with line-item details from invoices, and creating full invoice images in Workday.

    Results

    • Accurate and timely invoice processing for over 3,000 invoices per month.
    • Empowered employees to focus on higher-level tasks rather than day-to-day data entry.
    • 50+ hours saved per week on routine data entry.
    • Employees had 30% of their time freed up to focus on high-value tasks.
    • Allowed TripAdvisor to become more scalable across departments and as an organization.

    Info-Tech offers various levels of support to suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Phase 1

    Call #1: Scope requirements, objectives, and your specific challenge.

    Phase 2

    Call #2:

    • Build the Workday team.
    • Align organizational goals.

    Call #3:

    • Map current state.
    • Inventory Workday capabilities and processes.
    • Explore Workday-related costs.

    Phase 3

    Call #4: Understand product satisfaction and vendor management.

    Call #5: Review APA results.

    Call #6: Understand Workday optimization opportunities.

    Call #7: Determine the right Workday path for your organization.

    Phase 4

    Call #8: Build out optimization roadmap and next steps.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Day 1Day 2Day 3Day 4Day 5
    Define Your Workday Application VisionMap Current StateAssess WorkdayBuild Your Optimization RoadmapNext Steps and

    Wrap-Up (offsite)

    Activities

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    4.1 Build Your Optimization Roadmap

    5.1 Complete In-progress Deliverables From Previous Four Days.

    5.2 Set Up Review Time for Workshop Deliverables and to Discuss Next Steps.

    Deliverables
    1. Workday optimization team
    2. Workday business model
    3. Workday optimization goals
    4. System inventory and data flow
    5. Application and business capabilities list
    6. Workday optimization timeline
    1. Workday capability gap analysis
    2. Workday user satisfaction (application portfolio assessment)
    3. Workday SoftwareReviews survey results
    4. Workday current costs
    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Workday cost-saving opportunities
    1. Workday optimization roadmap

    Phase 1

    Map Current-State Capabilities

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Align your organizational goals
    • Gain a firm understanding of your current state
    • Inventory Workday and related applications
    • Confirm the organization’s capabilities

    This phase involves the following participants:

    • CFO
    • Department Leads – Finance, Procurement, Asset Management
    • Applications Director
    • Senior Business Analyst
    • Senior Developer
    • Procurement Analysts

    Step 1.1

    Identify Stakeholders and Build Your Optimization Team

    Activities

    1.1.1 Identify Stakeholders Critical to Success

    1.1.2 Map Your Workday Optimization Stakeholders

    1.1.3 Determine Your Workday Optimization Team

    Map Current State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with your corporate strategy

    This step involves the following participants:

    • Stakeholders
    • Project sponsors and leaders

    Outcomes of this step

    • Stakeholder map
    • Workday optimization team

    ERP optimization stakeholders

    • Understand the roles necessary to Get the Most Out of Your Workday.
    • Understand the role of each player within your project structure. Look for listed participants on the activities slides to determine when each player should be involved.
    Title Role Within the Project Structure
    Organizational Sponsor
    • Owns the project at the management/C-suite level
    • Responsible for breaking down barriers and ensuring alignment with your organizational strategy
    • CIO, CFO, COO, or similar
    Project Manager
    • The IT individual(s) that oversee day-to-day project operations
    • Responsible for preparing and managing the project plan and monitoring the project team’s progress
    • Applications Manager or other IT Manager, Business Analyst, Business Process Owner, or similar
    Business Unit Leaders
    • Works alongside the IT Project Manager to ensure the strategy is aligned with business needs
    • In this case, likely to be a marketing, sales, or customer service lead
    • Sales Director, Marketing Director, Customer Care Director, or similar
    Optimization Team
    • Comprised of individuals whose knowledge and skills are crucial to project success
    • Responsible for driving day-to-day activities, coordinating communication, and making process and design decisions; can assist with persona and scenario development for ERP
    • Project Manager, Business Lead, ERP Manager, Integration Manager, Application SMEs, Developers, Business Process Architects, and/or similar SMEs
    Steering Committee
    • Comprised of the C-suite/management-level individuals that act as the project’s decision makers
    • Responsible for validating goals and priorities, defining the project scope, enabling adequate resourcing, and managing change
    • Project Sponsor, Project Manager, Business Lead, CFO, Business Unit SMEs, or similar

    Info-Tech Insight

    Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.

    1.1.1 Identify Workday optimization stakeholders

    1 hour

    1. Hold a meeting to identify the Workday optimization stakeholders.
    2. Use the next slide as a guide.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Understand how to navigate the complex web of stakeholders in ERP

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Sponsor End User IT Business
    Description An internal stakeholder who has final sign-off on the ERP project. Front-line users of the ERP technology. Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. Additional stakeholders that will be impacted by any ERP technology changes.
    Examples
    • CEO
    • CIO/CTO
    • COO
    • CFO
    • Warehouse personnel
    • Sales teams
    • HR admins
    • Applications manager
    • Vendor relationship manager(s)
    • Director, Procurement
    • VP, Marketing
    • Manager, HR
    Values Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives.

    Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    The image shows a graph with dots on it, titled Example: Stakeholder Involvement during Selection.

    Activity 1.1.2 Map your Workday optimization stakeholders

    1 hour

    1. Use the list of Workday optimization stakeholders.
    2. Map each stakeholder on the quadrant based on their expected Influence and involvement in the project.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    The image shows a graph titled Map the Organization's Stakeholders, with stakeholders listed on the left, and arranged in quadrants. Along the bottom of the graph is the text: Involvement, with an arrow pointing to the right. Along the left side of the graph is the text: Influence, with an arrow pointing upwards.

    Map the organization’s stakeholders

    The image shows the same organization stakeholder map shown in the previous section.

    The Workday optimization team

    Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, and Operations) to create a well-aligned ERP optimization strategy.

    Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Human Resources, Operations, Manufacturing, Marketing, Sales, Service, and Finance as well as IT.

    Required Skills/Knowledge Suggested Project Team Members
    Business
    • Department leads
    • Business process leads
    • Business analysts
    • Subject matter experts
    • SMEs/Business process leads across all functional areas, for example, Strategy, Sales, Marketing, Customer Service, Finance, HR
    IT
    • Application development
    • Enterprise integration
    • Business processes
    • Data management
    • Product owner
    • ERP application manager
    • Business process manager
    • Integration manager
    • Application developer
    • Data stewards
    Other
    • Operations
    • Administrative
    • Change management
    • COO
    • CFO
    • Change management officer

    1.1.3 Determine your Workday optimization team

    1 hour

    1. Have the project manager and other key stakeholders discuss and determine who will be involved in the Workday optimization project.
      • The size of the team will depend on the initiative and size of your organization.
      • Key business leaders in key areas and IT representatives should be involved.

    Note: Depending on your initiative and size of your organization, the size of this team will vary.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.2

    Build an ERP Strategy Model

    Activities

    1.2.1 Explore Organizational Goals and Business Needs

    1.2.2 Discover Environmental Factors and Technology Drivers

    1.2.3 Consider Potential Barriers to Achieving Workday Optimization

    1.2.4 Set the Foundation for Success

    1.2.5 Discuss Workday Strategy and Develop Your ERP Optimization Goals

    Map Current State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Identify ERP drivers and objectives
    • Explore ERP challenges and pain points
    • Discover ERP benefits and opportunities
    • Align the ERP foundation with the corporate strategy

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • ERP business model
    • Strategy alignment

    Align your Workday strategy with the corporate strategy

    Corporate Strategy

    Your corporate strategy:

    • Conveys the current state of the organization and the path it wants to take.
    • Identifies future goals and business aspirations.
    • Communicates the initiatives that are critical for getting the organization from its current state to the desired future state.

    Unified ERP Strategy

    • The ideal ERP strategy is aligned with overarching organizational business goals and broader IT initiatives.
    • Include all affected business units and departments in these conversations.
    • The ERP optimization can be and should be linked, with metrics, to the corporate strategy and ultimate business objectives.

    IT Strategy

    Your IT strategy:

    • Communicates the organization’s budget and spending on ERP.
    • Identifies IT initiatives that will support the business and key ERP objectives.
    • Outlines staffing and resourcing for ERP initiatives.

    ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.

    ERP Business Model Template

    The image shows a template of the ERP Business Model. At the top, there is a section for ERP Needs, then on the left and right, Environmental Factors and Organizational Goals. At the center, there is a box with text that reads Barriers, with empty space underneath it, then the text: ERP Strategy, and then the heading Enables with empty space beneath it. At the bottom are Technology Drivers. There are notes attached to sections. For ERP Needs, the note reads: What are your business drivers? What are your current ERP pains?. For the Environmental Factors section, the note reads: What factors impacting your strategy are out of your control?. For the Technology Drivers section, the note reads: Why do you need a new system? What is the purpose for becoming an integrated organization?.

    Conduct interviews to elicit the business context

    Stakeholder Interviews

    Begin by conducting interviews of your executive team. Interview the following leaders:

    1. Chief Information Officer
    2. Chief Executive Officer
    3. Chief Financial Officer
    4. Chief Revenue Officer/Sales Leader
    5. Chief Operating Officer/Supply Chain & Logistics Leader
    6. Chief Technology Officer/Chief Product Officer

    INTERVIEWS MUST UNCOVER:

    1. Your organization’s mission & vision
    2. Your organization’s top business goals
    3. Your organization’s top business initiatives
    4. The stakeholder’s top goals and initiatives
    5. Tools and systems needed to facilitate organizational and departmental goals

    Understand the mission, vision, and goals of the organization and supporting departments

    Business Needs Business Drivers
    Definition A business need is a requirement associated with a particular business process. A business need is a requirement associated with a particular business process.
    Examples
    • Audit tracking
    • Authorization levels
    • Business rules
    • Data quality
    • Customer satisfaction
    • Branding
    • Time-to-resolution

    Info-Tech Insight

    One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.

    1.2.1 Explore organizational goals and business needs

    60 minutes

    1. Discuss organizational mission, vision, and goals. What are the top initiatives underway? Are you contracting, expanding, or innovating?
    2. Discuss business needs to support organizational goals. What are identified goals and initiatives at the departmental level? What tools and resources within the Workday system will help make this successful?
    3. Understand how the company is running today and what the organization’s future will look like. Envision the future system state.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows the same ERP Business Model Template from the previous section, zoomed in on the centre of the graphic.

    Organizational Goals

    • Organization’s mission and vision
    • Top business goals
    • Initiatives underway

    Business Needs

    • Departmental goals
    • Business drivers
    • Key initiatives
    • Key capabilities to support the organization
    • Requirements to support the business capability and process

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Organization’s mission and vision
    • Top business goals (~3)
    • Initiatives underway
    • KPIs and metrics that are important to the organization in achieving its goals and objectives

    Business Needs

    • Departmental goals
    • Key initiatives
    • Key capabilities to support the organization
    • Tools and systems required to support business capability or process
    • KPIs and metrics that are important to the department/stakeholder in achieving its goals and objectives

    Understand the technology drivers and environmental factors

    Technology Drivers Environmental Factors
    Definition Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business. Look three to five years ahead, what challenges will the business face? Where will you have to adapt and pivot? How can we prepare for this?
    Examples
    • Deployment model (i.e. SaaS)
    • Integration
    • Reporting capabilities
    • Fragmented technologies
    • Economic and political factors
    • Competitive influencers
    • Compliance regulations

    Info-Tech Insight

    A comprehensive plan that takes into consideration organizational goals, departmental needs, technology drivers, and environmental factors will allow for a collaborative approach to defining your Workday strategy.

    1.2.2 Discover environmental factors and technology drivers

    30 minutes

    1. Identify business drivers that are contributing to the organization’s need for ERP.
    2. Understand how the company is running today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard or flip charts and markers to capture key findings.
    3. Consider external considerations, organizational drivers, technology drivers, and key functional requirements.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same ERP Business Model Template from previous sections. In this instance, it is zoomed into the centre of the graphic, with the environmental factors section circled.

    External Considerations

    • Funding constraints
    • Regulations

    Technology Considerations

    • Data accuracy
    • Data quality
    • Better reporting

    Functional Requirements

    • Information availability
    • Integration between systems
    • Secure data

    Download the Get the Most Out of Your Workday Workbook

    Create a realistic ERP foundation by identifying the challenges and barriers the project will bestow

    There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.

    Common Internal Barriers

    Management Support Organizational Culture Organizational Structure IT Readiness
    Definition The degree of understanding and acceptance toward ERP systems. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new ERP system.
    Questions
    • Is an ERP project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Quality of implementation
    • Need for reliance on consultants

    1.2.3 Consider potential barriers to achieving Workday optimization

    1-3 hours

    1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same zoomed-in section of the ERP Strategy Business Model Template seen in previous sections. In this instance, the Barriers section is circled.

    Functional Gaps

    • No online purchase order requisitions

    Technical Gaps

    • Inconsistent reporting – data quality concerns

    Process Gaps

    • Duplication of data
    • Lack of system integration

    Barriers to Success

    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Barriers

    • Organizational silos
    • Lack of formal process documentation
    • Funding availability
    • What goes first? Organizational priorities

    What does success look like?

    Top 15 Critical Success Factors for ERP System Implementation

    The image shows a horizontal bar graph with the text: Frequency of Citation (n=127) at the top. Different implementation strategies are listed on the left, in descending order of frequency.

    (Epizitone and Olugbara, 2019; CC BY 4.0)

    Info-Tech Insight

    Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.

    “Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology

    1.2.3 Set the foundation for success

    1-3 hours

    1. Open tab 1.2, “Strategy & Goals,” in the Get the Most Out of Your Workday Workbook.
    2. Identify barriers to ERP optimization success.
    3. Review the ERP critical success factors and how they relate to your optimization efforts.
    4. Discuss potential barriers to successful ERP optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image is the same zoomed-in section of the ERP Strategy Business Model Template seen in previous sections. In this instance, the Enablers section is circled.

    Business Benefits

    • Business-IT alignment

    IT Benefits

    • Compliance
    • Scalability
    • Operational efficiency

    Organizational Benefits

    • Data accuracy
    • Data quality
    • Better reporting

    Enablers of Success

    • Change management
    • Training
    • Alignment with strategic objectives

    Download the Get the Most Out of Your Workday Workbook

    ERP Business Model

    Organizational Goals

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Enablers

    • Cross-trained employees
    • Desire to focus on value-add activities
    • Collaborative
    • Top-level executive support
    • Effective change management process

    The Business Value Matrix

    Rationalizing and quantifying the value of Workday

    Benefits can be realized internally and externally to the organization or department and have different drivers of value.

    • Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.
    • Human benefits refer to how an application can deliver value through a user’s experience.
    • Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.
    • Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    Organizational Goals

    Increased Revenue

    Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    Reduced Costs

    Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    Enhanced Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Business Value Matrix

    The image shows a matrix, with Human benefits and Financial Benefits on the horizontal axis, and Outward and Inward on the Vertical axis.

    1.2.4 Define your Workday strategy and optimization goals

    30 minutes

    1. Discuss the Workday business model exercises and ERP critical success factors.
    2. Through the lens of corporate goals and objectives think about the supporting ERP technology. How can the ERP system bring value to the organization? What are the top things that will make this initiative a success? What major themes are emerging?
    3. Develop five to ten optimization goals that will form the basis for the success of this initiative.
      • What is a strong statement that will help guide decision making throughout the life of the ERP project?
      • What are your overarching requirements for business processes?
      • What do you ultimately want to achieve?
      • What is a statement that will ensure all stakeholders are on the same page for the project?

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Workday strategy and optimization goals

    Key Themes Emerging / Workday Strategy

    • Efficiency
    • Effectiveness
    • Integrity
    • One source of truth for data
    • One team
    • Customer service, external and internal

    Optimization Goals

    • Support Business Agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use ERP best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for “One Source of Truth”: Unified data model and integrate processes where possible. Assess integration needs carefully.

    Step 1.3

    Inventory Current System State

    Activities

    1.3.1 Inventory Workday Applications and Interactions

    1.3.2 Draw Your Workday System Diagram

    1.3.3 Inventory Your Workday Modules and Business Capabilities (or Business Processes)

    1.3.4 Define Your Key Workday Optimization Modules and Business Capabilities

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Inventory of applications
    • Mapping interactions between systems

    This step involves the following participants:

    • Workday Optimization Team
    • Enterprise Architect
    • Data Architect

    Outcomes of this step

    • Systems inventory
    • Systems diagram

    1.3.1 Inventory Workday applications and interfaces

    1-3+ hours

    1. Enter your Workday systems, Workday extended applications, and integrated applications within scope.
    2. Include any abbreviated names or nicknames.
    3. List the application type or main function. List the modules the organization has licensed.
    4. List any integrations.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    ERP Data Flow

    When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.

    The image shows a flowchart, with example ERP Data. There is a colour-coded legend for the data, and at the bottom of the graphic, there is text that reads: Be sure to include enterprise applications that are not included in the ERP application portfolio. There are also definitions of abbreviated terms at the bottom of the graphic.

    1.3.2 Draw your Workday system diagram (optional)

    1-3+ hours

    1. From the Workday application inventory, diagram your network. Include:
      • Any internal or external systems
      • Integration points
      • Data flow

    The image shows the flowchart section of th image that appears in the previous section.

    Download the Get the Most Out of Your Workday Workbook

    Sample Workday and integrations map

    The image shows a sample map of Workday and integrations. There is a colour-coded legend at the bottom right.

    Business capability map (Level 0)

    In business architecture, the primary view of an organization is known as a business capability map.

    A business capability defines what a business does to enable value creation, rather than how.

    Business capabilities:

    • Represent stable business functions.
    • Are unique and independent of each other.
    • Will typically have a defined business outcome.

    A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.

    The image shows a Business Capability Map, which is divided into 4 sections: Products and Services Development; Revenue Generation; Demand Fulfillment; and Enterprise Management and Planning

    The value stream

    Value stream defined:

    Value Streams:

    Design Product

    • Manufacturers work proactively to design products and services that will meet consumer demand.
    • Products are driven by consumer demand and government regulations.

    Produce Product

    • Production processes and labor costs are constantly analyzed for efficiencies and accuracies.
    • Quality of product and services are highly regulated through all levels of the supply chain.

    Sell Product

    • Sales networks and sales staff deliver the product from the organization to the end consumer.
    • Marketing plays a key role throughout the value stream connecting consumers’ wants and needs to the products and services offered.

    Customer Service

    • Relationships with consumers continue after the sale of products and services.
    • Continued customer support and data mining is important to revenue streams.

    Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates. There are two types of value streams: core value streams and support value streams.

    • Core value streams are mostly externally facing. They deliver value to either an external or internal customer and they tie to the customer perspective of the strategy map.
    • Support value streams are internally facing and provide the foundational support for an organization to operate.

    Taking a value stream approach to process mapping allows you to move across departmental and system boundaries to understand the underlying business capability.

    Some mistakes organizations make are over-customizing processes, or conversely, not customizing when required. Workday provides good baseline process that work for most organizations. However, if a process is broken or not working efficiently take the time to investigate it, including underlying policies, roles, workflows, and integrations.

    Process frameworks

    Help define your inventory of sales, marketing, and customer services processes.

    Operating Processes
    1. Develop vision and strategy 2. Develop and manage products and services 3. Market and sell products and services 4. Deliver physical products 5. Deliver services
    Management and Support Processes
    6. Manage customer service
    7. Develop and manage human capital
    8. Manage IT
    9. Manage financial resources
    10. Acquire, construct, and manage assets
    11. Manage enterprise risk, compliance, remediation, and resiliency
    12. Manage external relationships
    13. Develop and manage business capabilities

    (APQC)

    If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.

    APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.

    APQC’s Process Classification Framework

    Process mapping hierarchy

    A process classification framework is helpful for organizations to effectively define their processes and manage them appropriately.

    Use Info-Tech’s related industry resources or publicly available process frameworks (such as APQC) to develop and map your business processes.

    These processes can then be mapped to supporting applications and modules. Policies, roles, and workflows also play a role and should be considered in the overall functioning.

    APQC’s Process Classification Framework

    The image shows a chart, titled PCL Levels Explained, with each of the PCF Levels listed, and a brief description of each.

    (APQC)

    Focus on level-1 processes

    Level 1 Level 2 Level 3 Level 4
    Market and sell products and services Understand markets, customers, and capabilities Perform customer and market intelligence analysis Conduct customer and market research
    Market and sell products and services Develop a sales strategy Develop a sales forecast Gather current and historic order information
    Deliver services Manage service delivery resources Manage service delivery resource demand Develop baseline forecasts
    ? ? ? ?

    Info-Tech Insight

    Focus your initial assessment on the level-1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.

    You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.

    Process mapping and supporting ERP modules

    The operating model

    An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.

    From your developed processes and your Workday license agreements you will be able to pinpoint the scope for investigation, including the processes and modules.

    The image shows three images, overlapping one another. At the back is a chart with three sections, and boxes beneath. In front of that is a graphic with Objectives, Value Streams, Capabilities, and Processes written down the left side, and descriptions on the right. Below that image is an arrow pointing downward to the text Supporting Workday Modules. In front is a circular graphic with the word Workday in the centre, and circles with text in them around it.

    Workday modules and process enablement

    Workday Finance

    • Accounts Receivable and Collections
    • Accounts Payable and Payments
    • Asset Management
    • Audit and Controls
    • Billing and Invoicing
    • Cash Management
    • Contracts
    • Financial Reporting and Analysis
    • [Global] Close and Consolidation
    • Multi-GAAP/Multi-book/Multi-chart of Accounts
    • Revenue Management

    Spend Management

    • Strategic Sourcing
    • Procure to Pay
    • Inventory
    • Expenses

    Professional Services Automation

    • Project and Resource Management
    • Project Financials
    • Project Billing
    • Expense Management
    • Time Tracking

    Enterprise Planning

    • Financial planning
    • Reporting
    • Analytics
    • Budgets
    • Insights
    • Workforce planning
    • Sales planning
    • Operational planning

    Analytics and Reporting

    • Financial Management Core Reporting
    • Human Capital Management Core Reporting
    • Benchmarking
    • Data Hub
    • Augmented Analytics

    Student

    • Admissions
    • Financial Aid
    • Advising
    • Student Finance
    • Student Records

    Human Capital Management (HCM)

    • Human Resource Management
    • Organization Management
    • Business Process Management
    • Reporting and Analytics
    • Employee and Manager Self-Service
    • Contingent Labor Management
    • Skills Cloud
    • Absence Management
    • Benefits Administration
    • ACA Management
    • Compensation
    • Talent Optimization

    Payroll and Workforce Management

    • Scheduling and Labor Management
    • Time and Attendance
    • Absence
    • Payroll

    Employee Experience

    • Employee Engagement Insights
    • Diversity, Inclusion, and Belonging Measurement
    • Health and Well-Being Metrics
    • Back-to-Workplace Readiness
    • Confidential Employee-Manager Conversations
    • Attrition Prediction
    • Continuous Industry Benchmarks

    Talent and Performance

    • Talent Profile
    • Continuous Feedback
    • Survey Campaigns
    • Embedded Analytics
    • Goal Management
    • Performance Management
    • Talent Review
    • Calibration
    • Competencies
    • Career and Development Planning
    • Succession Planning
    • Talent Marketplace
    • Mobile
    • Expenses

    1.3.3 Inventory your Workday modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes that you want to investigate and are within scope for this optimization initiative.
    3. List the top modules, capabilities, or processes that will be within the scope of this optimization initiative.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    1.3.4 Define your key Workday optimization modules and business capabilities

    1-3+ hours

    1. Look at the major functions or processes within the scope of ERP.
    2. From the inventory of current systems, choose the submodules or processes for this optimization initiative. Base this on those that are most critical to the business, those with the lowest levels of satisfaction, or those that perhaps need more knowledge around them.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.4

    Define Optimization Timeframe

    Activities

    1.4.1 Define Workday Key Dates, and Workday Optimization Roadmap Timeframe and Structure

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will guide you through the following activities:

    • Defining key dates related to your optimization initiative
    • Identifying key building blocks for your optimization roadmap

    This step involves the following participants:

    • Workday Optimization Team
    • Vendor Management

    Outcomes of this step

    • Optimization Key Dates
    • Optimization Roadmap Timeframe and Structure

    1.4.1 Optimization roadmap timeframe and structure

    1-3+ hours

    1. Key items and dates relevant to your optimization initiatives, such as any products reaching end of life or end of contract, or budget proposal submission deadlines.
    2. Enter the expected Optimization Initiative Start Date.
    3. Enter the Roadmap Length. This is the total amount of time you expect to participate in the Workday Optimization Initiative. This includes short-, medium-, and long-term initiatives.
    4. Enter your Roadmap Date markers – how you want dates displayed on the roadmap.
    5. Enter column time values – what level of granularity will be helpful for this initiative?
    6. Enter the sprint or cycle timeframe – use this if following Agile.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 1.5

    Understand Workday Costs

    Activities

    1.5.1 Document Costs Associated With Workday

    Map Current-State Capabilities

    Step 1.1

    Step 1.2

    Step 1.3

    Step 1.4

    Step 1.5

    This step will walk you through the following activities:

    • Define your Workday direct and indirect costs
    • List your Workday expense line items

    This step involves the following participants:

    • Finance representatives
    • Workday Optimization Team

    Outcomes of this step

    • Current Workday and related costs

    1.5.1 Document costs associated with Workday

    1-3 hours

    Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.

    1. Identify the types of technology costs associated with each current system:
      1. System Maintenance
      2. Annual Renewal
      3. Licensing
    2. Identify the cost of people associated with each current system:
      1. Full-Time Employees
      2. Application Support Staff
      3. Help Desk Tickets

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Phase 2

    Assess Your Current State

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will guide you through the following activities:

    • Determine process relevance
    • Perform a gap analysis
    • Perform a user satisfaction survey
    • Assess software and vendor satisfaction

    This phase involves the following participants:

    • Workday Optimization Team
    • Users across functional areas of your ERP and related technologies

    Step 2.1

    Assess Workday Capabilities

    Activities

    2.1.1 Rate Capability Relevance to Organizational Goals

    2.1.2 Complete a Workday Application Portfolio Assessment

    2.1.3 (Optional) Assess Workday Process Maturity

    Assess Workday Capabilities

    Step 2.1

    Step 2.2

    This step will guide you through the following activities:

    • Capability Relevance
    • Process Gap Analysis
    • Application Portfolio Assessment

    This step involves the following participants:

    • Workday Users

    Outcomes of this step

    • Workday Capability Assessment

    Benefits of the Application Portfolio Assessment

    Assess the health of the application portfolio

    • Get a full 360-degree view of the effectiveness, criticality, and prevalence of all relevant applications to get a comprehensive view of the health of the applications portfolio.
    • Identify opportunities to drive more value from effective applications, retire nonessential applications, and immediately address at-risk applications that are not meeting expectations.

    Provide targeted department feedback

    • Share end-user satisfaction and importance ratings for core IT services, IT communications, and business enablement to focus on the right end-user groups or lines of business, and ramp up satisfaction and productivity.

    Gain insight into the state of data quality

    • Data quality is one of the key issues causing poor ERP user satisfaction and business results. This can include the relevance, accuracy, timeliness, or usability of the organization’s data.
    • Targeted, open-ended feedback around data quality will provide insight into where optimization efforts should be focused.

    2.1.1 Complete a current state assessment (via the Application Portfolio Assessment)

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

    1. Download the Workday Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your Workday system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1 “Workday Assessment” if required.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image shows a number of charts relating to applications, such as Overall Applications Portfolio Satisfaction and Most Critical Applications. Data is shown in each category relating to number of users, usability, data quality, status, and others.

    2.1.2 Complete the Application Portfolio Assessment

    3 hours

    Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around Workday.

    1. Download the Workday Application Inventory Tool.
    2. Complete the “Demographics” tab (tab 2).
    3. Complete the “Inventory” tab (tab 3).
      1. Complete the inventory by treating each module within your Workday system as an application.
      2. Treat every department as a separate column in the department section. Feel free to add, remove, or modify department names to match your organization.
      3. Include data quality for all applications applicable.

    Option 2: Create a survey manually.

    1. Use tab Reference 2.1 “APA Questions” as a guide for creating your survey.
    2. Send out surveys to end users.
    3. Modify tab 2.1 “Workday Assessment” if required.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    2.1.3 (Optional) Assess Workday process maturity

    1. As with any ERP system, the issues encountered may not be related to the system itself but processes that have developed over time.
    2. Use this opportunity to interview key stakeholders to learn about deeper capability processes.
      1. Identify key stakeholders.
      2. Hold sessions to document deeper processes.
      3. Discuss processes and technical enablement in each area.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Process Maturity Assessment

    Process Assessment

    Strong

    Moderate

    Weak

    1.1 Financial Planning and Analysis

    1.2 Accounting and Financial Close

    1.3 Treasury Management

    1.4 Financial Operations

    1.5 Governance, Risk & Compliance

    2.1 Core HR

    Description All aspects related to financial operations
    Key Success Indicators Month-end reporting in 5 days AR at risk managing down (zero over 90 days) Weekly operating cash flow updates
    Timely liquidity for claims payments Payroll audit reporting and insights reporting 90% of workflow tasks captured in ERP
    EFT uptake Automated reconciliations Reduce audit hours required
    Current Pain Points A lot of voided and re-issued checks NIDPP Integration with banks; can’t get the information back into existing ERP
    There is no payroll integration No payroll automation and other processes Lack of integration with HUB
    Not one true source of data Incentive payment processing Rewards program management
    Audit process is onerous Reconcile AP and AR for dealers

    Stakeholders Interviewed:

    The process is formalized, documented, optimized, and audited.

    The process is poorly documented. More than one person knows how to do it. Inefficient and error-prone.

    The process is not documented. One person knows how to do it. The process is ad hoc, not formalized, inconsistent.

    Capability Processes:

    General Ledger

    Accounts Receivable

    Incentives Management

    Accounts Payable

    General Ledger Consolidation

    Treasury Management

    Cash Management

    Subscription / recurring payments

    Treasury Transactions

    Step 2.2

    Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Activities

    2.2.1 Rate Your Vendor and Product Satisfaction

    2.2.2 Review Workday Product Scores (if applicable)

    2.2.3 Evaluate Your Product Satisfaction

    2.2.4 Check Your Business Process Change Tolerance

    Product Satisfaction

    Step 2.1

    Step 2.2

    This step will guide you through the following activities:

    • Rate your vendor and product satisfaction
    • Compare with survey data from SoftwareReviews

    This step involves the following participants:

    • Workday Product Owner(s)
    • Procurement Representative
    • Vendor Contracts Manager

    Outcomes of this step

    • Quantified satisfaction with vendor and product

    2.2.1 Rate your vendor and product satisfaction

    30 minutes

    Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).

    1. Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
    2. Option 2: Use the Get the Most Out of Your Workday Workbook to review your satisfaction with your Workday software.

    Record this information in the Get the Most Out of Your Workday Workbook

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your Workday Workbook

    2.2.2 Review Workday product scores (if applicable)

    30 minutes

    1. Download the scorecard for your Workday product from the SoftwareReviews website. (Note: Not all products are represented or have sufficient data, so a scorecard may not be available.)
    2. Use the Get the Most Out of Your Workday Workbook tab 2.3 to record the scorecard results.
    3. Use your Get the Most Out of Your Workday Workbook to flag areas where your score may be lower than the product scorecard. Brainstorm ideas for optimization.

    Record this information in the Get the Most Out of Your Workday Workbook.

    SoftwareReviews’ Enterprise Resource Planning Category

    Download the Get the Most Out of Your Workday Workbook

    2.2.3 How does your satisfaction compare with your peers?

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    The image shows two data quadrants, one titled Enterprise Resource Planning - Enterprise, and Enterprise Resource Planning - Midmarket.

    (SoftwareReviews ERP Mid-Market, 2022; SoftwareReviews ERP Enterprise, 2022)

    2.2.4 Check your business process change tolerance

    1 hours

    Input

    • Business process capability map

    Output

    • Heat map of risk areas that require more attention to validate best practices or minimize customization

    Materials

    • Whiteboard/flip charts
    • Get the Most Out of Your Workday Workbook

    Participants

    • Implementation team
    • SMEs
    • Departmental Leaders
    1. As a group, list your level-0 and level-1 business capabilities. Sample on the next slide.
    2. Assess the department’s willingness for change and the risk of maintaining the status quo.
    3. Color-code the level-0 business capabilities based on:
      1. Green – Willing to follow best practices
      2. Yellow – May be challenging or unique business model
      3. Red – Low tolerance for change

    Record this information in the Get the Most Out of Your Workday Workbook

    Heat map representing desire for best practice or those having the least tolerance for change

    Legend:

    Willing to follow best practice

    May be challenging or unique business model

    Low tolerance for change

    Out of Scope

    Product-Centric Capabilities
    R&D Production Supply Chain Distribution Asset Mgmt
    Idea to Offering Plan to Produce Procure to Pay Forecast to Delivery Acquire to Dispose
    Add/Remove Shop Floor Scheduling Add/Remove Add/Remove Add/Remove
    Add/Remove Product Costing Add/Remove Add/Remove Add/Remove
    Service-Centric Capabilities
    Finance HR Marketing Sales Service
    Record to Report Hire to Retire Market to Order Quote to Cash Issue to Resolution
    Add/Remove Add/Remove Add/Remove Add/Remove Add/Remove
    Add/Remove Add/Remove Add/Remove Add/Remove Add/Remove

    Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor, supporting change and guiding best practice.

    For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.

    Phase 3

    Identify Key Optimization Opportunities

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Identify key optimization areas
    • Create an optimization roadmap

    This phase involves the following participants:

    • Workday Optimization Team

    Step 3.1

    Prioritize optimization opportunities

    Activities

    3.1.1 Prioritize Optimization Capability Areas

    Build Your Optimization Roadmap

    Step 3.1

    Step 3.2

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • Application optimization plan

    Info-Tech Insight

    Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    Address process gaps:

    • ERP and related technologies are invaluable to the goal of organizational enablement, but they must have supported processes driven by business goals.
    • Identify areas where capabilities need to be improved and work toward optimization.

    Support user satisfaction:

    • The best technology in the world won’t deliver business results if it’s not working for the users who need it.
    • Understand concerns, communicate improvements, and support users in all roles.

    Improve data quality:

    • Data quality is unique to each business unit and requires tolerance, not perfection.
    • Implement data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.

    Proactively manage vendors:

    • Vendor management is a critical component of technology enablement and IT satisfaction.
    • Assess your current satisfaction against that of your peers and work toward building a process that is best fit for your organization.

    Assessing application business value

    The Business

    Keepers of the organization’s mission, vision, and value statements that define IT success. The business maintains the overall ownership and evaluation of the applications.

    Business Value of Applications

    IT

    Technical subject matter experts of the applications they deliver and maintain. Each IT function works together to ensure quality applications are delivered to stakeholder expectations.

    First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.

    In this context…

    business value is

    the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.

    Business value IS NOT

    the user’s experience or satisfaction with the application.

    Brainstorm IT initiatives to enable high areas of opportunity to support the business

    Create or Improve:

    • ERP Capabilities
    • Optimization Initiatives

    Capabilities are what the system and business do that creates value for the organization.

    Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.

    Brainstorm ERP optimization initiatives in each area. Ensure you are looking for all-encompassing opportunities within the context of IT, the business, and Workday systems.

    • Process
    • Technology
    • Organization

    Discover the value drivers of your applications

    Financial vs. Human Benefits

    Financial benefits refer to the degree to which the value source can be measured through monetary metrics and are often quite tangible.

    Human benefits refer to how an application can deliver value through a user’s experience.

    Inward vs. Outward Orientation

    Inward refers to value sources that have an internal impact and improve your organization’s effectiveness and efficiency in performing its operations.

    Outward refers to value sources that come from your interaction with external factors, such as the market or your customers.

    The image shows a business value matrix, with Human benefit and Financial benefit in the horizontal and Outward and Inward on the vertical. In the top left quadrant is Reach Customers; top right is Increase Revenue or Deliver Value; bottom left is Enhance Services, and bottom right is Reduce Costs.

    The image shows a graph titled Perceived business benefits from using digital tools. It is a bar graph, showing percentages assigned to each perceived benefit. The source is Collins et al, 2017.

    Increased Revenue

    Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.

    Reduced Costs

    Reduction of overhead. The ways in which an application limits the operational costs of business functions.

    Enhanced Services

    Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.

    Reach Customers

    Application functions that enable and improve the interaction with customers or produce market information and insights.

    Prioritize Workday optimization areas that will bring the most value to the organization

    Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.

    The image shows a graph, separated into quadrants. On the x-axis is Satisfaction, from low to high, and on the Y-axis is Relevant to Organizational Goals from Low to High. The top left quadrant is High Priority, top right is Maintain, and the two lower quadrants are both low priority.

    Value vs. Effort

    How important is it? vs. How difficult is it?

    How important is it? How Difficult is it?

    What is the value?

    • Increase revenue
    • Decrease costs
    • Enhanced services
    • Reach customers

    What is the benefit?

    • How can it help us reach our goals?

    What is the impact?

    • To organizational goals
    • To ERP goals
    • To departmental goals

    What is the cost?

    • Hours x Rates ++ =

    What is the level of effort?

    • Development effort
    • Operational effort
    • Implementation effort
    • Outside resource coordination

    What is the risk of implementing/not implementing?

    What is the complexity?

    (Roadmunk)

    RICE method

    Measure the “total impact per time worked”

    The image shows a graphic with the word Confidence at the top, then an arrow pointing upwards that reads Impact. Below that, there is an arrow pointing horizontally in both directions that reads Reach, and then a horizontal line, with the word Effort below it.

    Reach Impact Confidence Effort

    How many people will this improvement impact? Internal: # of users OR # of transactions per period

    External: # of customers OR # of transactions per period

    What is the scale of impact? How much will the improvement affect satisfaction?

    Example Weighting:

    1 = Massive Impact

    2 = High Impact

    1 = Medium Impact

    0.5 = Low Impact

    0.25 = Very Low Impact

    How confident are we that the improvements are achievable and that they will meet the impact estimates?

    Example Weighting:

    1 = High Confidence

    0.80 = Medium Confidence

    0.50 = Low Confidence

    How much investment will be required to implement the improvement initiative?

    FTE hours x cost per hour

    (Intercom)

    3.1.1 Prioritize and rate optimization capability areas

    1-3 hours

    1. Use tab 3.1 Optimization Priorities.
    2. From the Workday Key Capabilities (pulled from tab 1.3 Key Capabilities), discuss areas of scope for the Workday optimization initiative.
    3. Discuss the four areas of the business value matrix and identify how each module, along with organizational goals, can bring value to the organization.
    4. Rate each of your Workday capabilities for the level of importance to your organization. The levels of importance are:
      • Crucial
      • Important
      • Secondary
      • Unimportant
      • Not applicable

    Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Step 3.2

    Discover Optimization Initiatives

    Activities

    3.2.1 Discover Product and Vendor Satisfaction Opportunities

    3.2.2 Discover Capability and Feature Optimization Opportunities

    3.2.3 Discover Process Optimization Opportunities

    3.2.4 Discover Integration Optimization Opportunities

    3.2.5 Discover Data Optimization Opportunities

    3.2.6 Discover Workday Cost-Saving Opportunities

    Build Your Optimization Roadmap

    Step 3.1

    Step 3.2

    This step will guide you through the following activities:

    • Explore existing process gaps
    • Identify the impact of processes on user satisfaction
    • Identify the impact of data quality on user satisfaction
    • Review your overall product satisfaction and vendor management

    This step involves the following participants:

    • Workday Optimization Team

    Outcomes of this step

    • Application optimization plan
    Content for New section Tag Goes HereThe image shows a graphic title Product Feature Satisfaction, showing features in rank order and data on each.
    Content for New section Tag Goes HereThe image shows a graphic titled Vendor Capability Satisfaction, showing features in rank order with related data.

    Workday’s partner landscape

    Workday uses an extensive partner network to help deliver results.

    ADVISORY PARTNERS

    Workday Advisory Partners have in-depth knowledge to help customers determine what’s best for their needs and how to maximize business value. They guide you through digital acceleration strategy and planning, product selection, change management, and more.

    SERVICES PARTNERS

    Workday Services Partners represent a curated community of global systems integrators and regional firms that help companies deploy Workday and continually adopt new capabilities.

    SOFTWARE PARTNERS

    Workday Software Partners are a global ecosystem of application, content, and technology software companies that design, build, and deploy solution extensions to help customers enhance the capabilities of Workday.

    Global payroll PARTNERS

    Workday’s Global Payroll Cloud (GPC) program makes it easy to expand payroll (outside of the US, Canada, the UK, and France) to third-party payroll providers around the world using certified, prebuilt integrations from Workday Partners. Payroll partners provide solutions in more than 100 countries.

    Adaptive planning PARTNERS

    Adaptive planning partners guide you through all aspects of everything from integration to deployment.

    With large-scale ERP and HCM systems, the success of the system can be as much about the SI (Systems Integrator) or vendor partners as it is about the core product.

    In evaluating your Workday system, think about Workday’s extensive partner network to understand how you can capitalize on your installation.

    You do not need to reinvent the system; you may just need an additional service partner or bolt-on solution to round out your product functionality.

    Improving vendor management

    Create a right-size, right-fit strategy for managing the vendors relevant to your organization.

    The image shows a matrix, with strategic value on the x-axis from low to high, and Vendor Spend/Switching Costs on the y-axis, from low to high. In the top left is Operational, top right is Strategic; lower left is commodity; and lower right Tactical.

    Info-Tech Insight

    A vendor management initiative is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.

    The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.

    Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”

    Jump Start Your Vendor Management Initiative

    3.2.1 Discover product and vendor satisfaction

    1-2 hours

    1. Review tab 2.2 Vend. & Prod. Sat. to review the overall Product (and Vendor) satisfaction of your Workday system.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Overall Product (and Vendor) Evaluation area.
      • Document overall product satisfaction.
      • How does your satisfaction compare with your peers?
      • Is the overall system fit for use?
      • Do you have a proactive vendor management strategy in place?
      • Is the product dissatisfaction at the point that you need to evaluate if it is time to replace the product?
      • Could your vendor or SI help you achieve better results?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.1 Overall Product (and Vendor) Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image is a graphic, with the Five Most Critical Applications section at the top, with related data, and other sets of data included in smaller text at the bottom of the image.

    3.2.2 Discover capability and feature optimization opportunities

    1-2 hours

    1. Review tab 2.2 Vend. & Prod. Sat. and tab 3.1 Optimization Priorities to review the satisfaction with the capabilities and features of your Workday system.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
      • What capabilities and features are performing the worst?
      • Do other organizations and users struggle with these areas?
      • Why is it not performing well?
      • Is there an opportunity for improvement?
      • What are some optimization initiatives that could be undertaken?

    Record this information in the Get the Most Out of Your Workday Workbook

    The image is a box with text in it, titled 3.2.2 Capabilities and Features Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Process optimization: the hidden goldmine

    Know your strategic goals and KPIs that will deliver results.

    Goals of Process Improvement Process Improvement Sample Areas Improvement Possibilities
    • Optimize business and improve value drivers
    • Reduce TCO
    • Reduce process complexity
    • Eliminate manual processes
    • Increase efficiencies
    • Support digital transformation and enablement
    • Order to cash
    • Procure to pay
    • Order to replenish
    • Plan to produce
    • Request to settle
    • Make to order
    • Make to stock
    • Purchase to order
    • Increase number of process instances processed successfully end to end
    • Increase number of instances processed in time
    • Increase degree of process automation
    • Speed up cycle times of supply chain processes
    • Reduce number of process exceptions
    • Apply internal best practices across organizational units

    3.2.3 Discover process optimization opportunities

    1-2 hours

    1. Use tab 3.1 Optimization Priorities and tab 2.2 Bus Proc Change Tolerance to review process optimization opportunities.
    2. Use tab 3.2 Optimization Initiatives to answer the following questions in the Capabilities and Features Evaluation area to answer the following questions:
      • List underperforming capabilities around process.
      • Answer the following:
        • What is the state of the current processes?
        • Is there an opportunity for process improvement?
        • What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled Processes Optimization.

    Download the Get the Most Out of Your Workday Workbook

    Integration provides long-term usability

    Balance the need for secure, compliant data availability with organizational agility.

    The benefits of integration

    • The largest benefit is the extended use of data. The ERP data can be used in the enterprise-level business intelligence suite rather than the application-specific analytics.
    • Enhanced data security. Integrated approaches lend themselves to auditable processes such as sign-on and limit the email movement of data.
    • Regulatory compliance. Large multi-site organizations have many layers of regulation. A clear understanding of where orders, deliveries, and payments were made streamlines the audit process.

    The challenges of integration

    • Extending a single instance ERP to multiple sites. The challenge for data management is the same as any SaaS application. The connection and data replication present challenges.
    • Combining data from equally high-volume systems. For Workday it is recommended that one instance is set to primary and all other sites are read-only to maintain data integrity.
    • Incorporating data from the separate system(s). The proprietary and locked-in nature of the data collection and definitions for ERP systems often limit the movement of data between separate systems.

    Common integration and consolidation scenarios

    Financial Consolidation Data Backup Synchronization Across Sites Legacy Consolidation
    • Financial consolidation requires a holistic view of data format and accounting schedules
    • Problem: Controlling financial documentation across geographic regions. Most companies are required to report in each region where they maintain a presence. Stakeholders and senior management also need a holistic view. This leads to significant strain on the financial department to consolidate both revenue and budget allocations for cross-site projects across the various geographic locations on a regular basis.
    • Solution: For enterprises with a single vendor or Workday-only portfolios, Workday can offer integration tools. For those needing to integrate with other ERPs the use of a connector may be required to send financial data to the main system. The format and accounting calendar for transactions should match the primary ERP system to allow consolidation. The local specific format should be a role-based customization at the level of the site’s specific instance.
    • Use a data center as the main repository to ensure all geographic locations have equal access to the necessary data.
    • Problem: ERP systems generate high volumes of data. Most systems have a defined schedule of back-up during off-hours. Multi-instance brings additional issues through lack of defined off-hours, higher volume of data, and the potential for cross-site or instance data relationships. This leads to headaches for both the Database Administrator and Business Analysts.
    • Solution: The best solution is an offsite data center with high availability. This may include cloud storage or hosted data centers. Regardless of where the data is stored, centralize the data and replicate to each site. Ensure that the data center can mirror the database and Binary Large Object (BLOB) storage that exists for each site.
    • Set up synchronization schedules based on data usage, not site location.
    • Problem: Providing access to up-to-date transactions requires copying of both contextual information (permissions, timestamp, location, history) and the transaction itself across multiple sites to allow local copies to be used for analysis and audits. The sheer volume of information makes timely synchronization difficult.
    • Solution: Not all data needs to be synchronized in a timely fashion. In Workday, administrators can use NetWeaver to maintain and alter global data synchronization through the Master Data Management module. Permissions can be given to users to perform on-demand synchronization of data attached to that user.
    • Carefully define older transactions. Only active transactions should be brought in the ERP. Send older data to storage.
    • Problem: Subsidiaries and acquired companies often have a Tier 2 ERP product. Prior to fully consolidating the processes, many enterprises will want to migrate data to their ERP system to build compliance and audit trails. Migration of data often breaks historical linkages between transactions.
    • Solution: Workday offers tools to integrate data across applications that can be used as part of a data migration strategy. The process of data migration should be combined with data warehousing to ensure a cost-effective process. For most enterprises, the lack of experience in data migration will necessitate the use of consultants and Independent Software Vendors (ISV).

    For more information: Implement a Multi-site ERP

    3.2.4 Discover integration optimization opportunities

    1-2 hours

    1. Use tab 3.2 Optimization Initiatives to answer the following questions in the Integration Evaluation area:
      1. Are there some areas where integration could be improved?
      2. Is there an opportunity for process improvement?
      3. What are some optimization initiatives that could be undertaken in this area?

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled Integration Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Use a data strategy that fixes the enterprise-wide data management issues

    Your data management must allow for flexibility and scalability for future needs.

    IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. This serves as the storage facility for millions of transactions, formatted to allow analysis and comparison.

    Key considerations:

    • Technical: At what stage does data move to the warehouse? Can processes be automated to dump data or to do a scheduled data movement?
    • Process: Data integration requires some level of historical context for all data. Ensure that all data has multiple metadata tags to future-proof the data.
    • People: Who will be accessing the data and what are the key items that users will need to adapt to the data warehouse process?

    Info-Tech Insight

    Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.

    Optimizing Workday data, additional considerations

    Data Quality Management Effective Data Governance Data-Centric Integration Strategy Extensible Data Warehousing
    • Prevention is 10x cheaper than remediation. Stop fixing data quality with band-aid solutions and start fixing at the source of the problem.
    • Data quality is unique to each business unit and requires tolerance, not perfection. If the data allows the business to operate at the desired level, don’t waste time fixing data that may not need to be fixed.
    • Implement a set of data quality initiatives that are aligned with overall business objectives and aimed at addressing data practices and the data itself.
    • Develop a prioritized data quality improvement project roadmap and long-term improvement strategy.
    • Build related practices with more confidence and less risk after achieving an appropriate level of data quality.
    • Data governance enables data-driven insight. Think of governance as a structure for making better use of data.
    • Collaboration is critical. The business may own the data, but IT understands the data. Data governance will not work unless the business and IT work together.
    • Data governance powers the organization up the data value chain through policies and procedures, master data management, data quality, and data architecture.
    • Create a roadmap to prioritize initiatives and delineate responsibilities among data stewards, data owners, and the data governance steering committee.
    • Ensure buy-in from business and IT stakeholders. Communicate initiatives to end users and executives to reduce resistance.
    • Every enterprise application involves data integration. Any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.
    • Build your data integration practice with a firm foundation in governance and a reference architecture. Ensure that your process is scalable and sustainable.
    • Support the flow of data through the organization and meet the organization’s requirements for data latency, availability, and relevancy.
    • Data availability must be frequently reviewed and repositioned to continue to grow with the business.
    • A data warehouse is a project, but successful data warehousing is a program. An effective data warehouse requires planning beyond the technology implementation.
    • Governance, not technology, needs to be the core support system for enabling a data warehouse program.
    • Leverage an approach that focuses on constructing a data warehouse foundation that can address a combination of operational, tactical, and ad hoc business needs.
    • Invest time and effort to put together pre-project governance to inform and guide your data warehouse implementation.
    • Select the most suitable architecture pattern to ensure the data warehouse is “built right” at the very beginning.

    Build Your Data Quality Program

    Establish Data Governance

    Build a Data Integration Strategy

    Build an Extensible Data Warehouse Foundation

    3.2.5 Discover data optimization opportunities

    1-2 hours

    1. Use your 2.1 APA survey and/or tab 2.2 Vendor & Prod Sat to better understand issues related to data.
    • Note: Data issues happen for a number of reasons:
      • Poor underlying data in the system
      • More than one source of truth
      • Inability to consolidate data
      • Inability to measure KPIs (key performance indicators) effectively
      • Reporting that is cumbersome or non-existent
  • Use tab 3.2 Optimization Initiatives to answer the following questions in the Data Evaluation area:
    • What are some underlying issues?
    • Is there an opportunity for data improvement?
    • What are some optimization initiatives that could be undertaken in this area?
  • Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.5 Data Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Content for New section Tag Goes HereThe image shows a graphic, with a bar graph at the bottom, showing Primary Reason for Leaving Workday Human Capital Management.

    Info-Tech Insight

    The number one reason organizations leave Workday is because of cost. Do not be strong-armed into a contract you do not feel comfortable with. Do your homework, know your leverage points, be fully prepared for cost negotiations, use their competition to your advantage, and get support – such as Info-Tech’s vendor management resources and team.

    Approach contracts and pricing strategically

    Don’t go into contract negotiation blind.

    • Understand the vendor – year-end, market strategy, and competitive position.
    • Take the time to understand the contract. including contract details such as length of the contract, full-service equivalent (FSE, employee count,) innovation fees, modules included, and renewal clauses.
    • Be fully prepared to take a proactive approach to cost negotiations.
      • Use Info-Tech’s vendor management services to support you.
      • Go in prepared.
      • Use your leverage points – FSE count, Module Bundles, CPI & Innovation Fees.
      • Use competition to your advantage.

    Since 2007, Workday has been steadily growing its market share and footprint in human capital management, finance, and student information systems.

    Organizations considering additional modules or undergoing contract renewal need to gain insight into areas of leverage and other relevant vendor information.

    Key issues that occur include pricing transparency and contractual flexibility on terms and conditions. Adequate planning and communication need to be taken into consideration before entering into any agreement.

    3.2.6 Discover Workday cost-saving opportunities

    1-2 hours

    1. Use tab 1.5 Current Costs, as an input for this exercise. Another great resource is Info-Tech’s Workday vendor management resources which you can use to help understand cost-saving strategies.
    2. Use tab 3.2 Optimization Initiatives Costs Evaluation area to list cost savings initiatives and opportunities.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a box with text in it, titled 3.2.6 Costs Evaluation.

    Download the Get the Most Out of Your Workday Workbook

    Other optimization opportunities

    There are many opportunities to improve your Workday portfolio. Choose the ones that are right for your business.

    • Artificial intelligence (AI) (and management of the AI lifecycle)
    • Machine learning (ML)
    • Augment business interactions
    • Automatically execute sales pipelines
    • Process mining
    • Workday application monitoring
    • Be aware of the Workday product roadmap
    • Implement and take advantage of Workday tools and product offerings

    Phase 4

    Build Your Optimization Roadmap

    Phase 1

    1.1 Identify Stakeholders and Build Your Optimization Team

    1.2 Build an ERP Strategy Model

    1.3 Inventory Current System State

    1.4 Define Optimization Timeframe

    1.5 Understand Workday Costs

    Phase 2

    2.1 Assess Workday Capabilities

    2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change

    Phase 3

    3.1 Prioritize Optimization Opportunities

    3.2 Discover Optimization Initiatives

    Phase 4

    4.1 Build Your Optimization Roadmap

    This phase will walk you through the following activities:

    • Review the different options to solve the identified pain points
    • Build out a roadmap showing how you will get to those solutions
    • Build a communication plan that includes the stakeholder presentation

    This phase involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Get the Most Out of Your Workday

    Step 4.1

    4.1 Build Your Optimization Roadmap

    Activities

    4.1.1 Evaluate Optimization Initiatives

    4.1.2 Prioritize Your Workday Initiatives

    4.1.3 Build a Roadmap

    4.1.4 Build a Visual Roadmap

    Next steps

    Step 4.1

    This step will walk you through the following activities:

    • Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution.

    This step involves the following participants:

    • Primary stakeholders in each value stream supported by the ERP
    • ERP Applications support team

    Outcomes of this step

    • A strategic direction is set
    • An initial roadmap is laid out

    Evaluate your optimization initiatives and determine next steps to build out your optimization roadmap

    The image shows a chart titled Value Drivers, with specific categories and criteria listed along the top as headings. The rows below the headings are blank.

    Activity 4.1.1 Evaluate optimization Initiatives

    1 hour

    1. Evaluate your optimization initiatives from tab 3.2, Optimization Initiatives.
    2. Complete Value Drivers:
    • Relevance to Organizational Goals and Objectives
    • Applications Portfolio Assessment Survey:
      • Impact: Number of Users, Importance to Role
      • Current State: Satisfaction With Features, Usability, and Data Quality.
    • Value Drivers: Increase Revenue, Decrease Costs, Enhanced Services, or Reach Customers.
    • Additional Factors:
      • Current to Future Risk Profile
      • Number of Departments to Benefit
      • Importance to Stakeholder Relations
  • Complete Effort and Cost Estimations:
    • Resources: Do we have resources available and the skillset?
    • Cost
    • Overall Effort Rating
  • Gut Check: “Is it achievable? Have we done it or something similar before? Are we willing to invest in it?“
  • Decision to Proceed
  • Next Steps
  • Record this information in the Get the Most Out of Your Workday Workbook.

    Download the Get the Most Out of Your Workday Workbook

    Activity 4.1.2 Determine your optimization roadmap building blocks

    1 hour

    Optimization initiatives: Determine which if any to proceed with.

    1. Identify initiatives.
    2. For each item on your roadmap assign an owner who will be accountable to the completion of the roadmap item.
    3. Wherever possible, assign a start date, month, or quarter. The more specific you can be the better.
    4. Identify completion dates to create a sense of urgency. If you are struggling with start dates, it can help to start with a finish date and “back in” to a start date based on estimated efforts.
    5. Include periphery tasks such as communication strategy.

    Record this information in the Get the Most Out of Your Workday Workbook.

    Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.

    Download the Get the Most Out of Your Workday Workbook

    Activity 4.1.3 – Build a visual Workday optimization roadmap (optional)

    1 hour

    For some, a visual representation of a roadmap is easier to comprehend.

    Consider taking the roadmap built in 4.1.2 and creating a visual roadmap.

    Record this information in the Get the Most Out of Your Workday Workbook.

    The image shows a chart that tracks Initiative and Owner across multiple years.

    Download the Get the Most Out of Your Workday Workbook

    Summary of Accomplishment

    Get the Most Out of Your Workday

    ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.

    Get the Most Out of Your Workday allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:

    • Alignment and prioritization of key business and technology drivers.
    • Identification of processes, including classification and gap analysis.
    • Measurement of user satisfaction across key departments.
    • Improved vendor relations.
    • Data quality initiatives.

    This formal Workday optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors

    Ben Dickie

    Research Practice Lead

    Info-Tech Research Group

    Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.

    Scott Bickley

    Practice Lead and Principal Research

    Director Info-Tech Research Group

    Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management.

    Andy Neil

    Practice Lead, Applications

    Info-Tech Research Group

    Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models.

    Bibliography

    “9 product prioritization frameworks for product managers.” Roadmunk, n.d. Accessed 15 May 2022.

    Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.

    Collins, George, et al., “Connecting Small Businesses in the US.” Deloitte Commissioned by Google, 2017. Web.

    Epizitone, Ayogeboh, and Oludayo O. Olugbara. "Critical Success Factors for ERP System Implementation to Support Financial Functions." Academy of Accounting and Financial Studies Journal, vol. 23, no. 6, 2019. Accessed 12 Oct. 2021

    Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.

    Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.

    Lauchlan, Stuart. “Workday accelerates into fiscal 2023 with a strong year end as cloud adoption gets a COVID-bounce.” diginomica, 1 March 2022. Web.

    "Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.

    Noble, Simon-Peter. “Workday: A High-Quality Business That's Fairly Valued.” Seeking Alpha, 8 Apr. 2019. Web.

    Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb. 2020. Accessed 21 Feb. 2021.

    "Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.

    Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.

    “Workday Enterprise Management Cloud Product Scorecard.” SoftwareReviews, May 2022. Web.

    “Workday Meets Growing Customer Demand with Record Number of Deployments and Industry-Leading Customer Satisfaction Score.” Workday, Inc., 7 June 2021. Web.

    Integrate Physical Security and Information Security

    • Buy Link or Shortcode: {j2store}383|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations

    Physical security is often managed by facilities, not by IT security, resulting in segmented security systems. Integrating physical and information security introduces challenges in:

    • Understanding the value proposition of investment in governing and managing integrated systems, including migration costs, compared to separated security systems.
    • Addressing complex risks and vulnerabilities of an integrated security system.
    • Operationalizing enhanced capabilities created by adoption of emerging and disruptive technologies.

    Our Advice

    Critical Insight

    • Integrate security in people, process, and technology to improve your overall security posture. Having siloed systems running security is not beneficial. Many organizations are realizing the benefits of consolidating into a single platform across physical security, cybersecurity, HR, legal, and compliance.
    • Plan and engage stakeholders. Assemble the right team to ensure the success of your integrated security ecosystem, decide the governance model, and clearly define the roles and responsibilities.
    • Enhance strategy and risk management. Strategically, we want a physical security system that is interoperable with most technologies, flexible with minimal customization, functional, and integrated, despite the challenges of proprietary configurations, complex customization, and silos.

    Impact and Result

    Info-Tech's approach is a modular, incremental, and repeatable process to integrate physical and information security to:

    • Ensure the integration will meet the business' needs and determine effort and technical requirements.
    • Establish GRC processes that include integrated risk management and compliance.
    • Design and deploy an integrated security architecture.
    • Establish security metrics of effectiveness and efficiency for senior management and leadership.

    Integrate Physical Security and Information Security Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Integrate Physical Security and Information Security Storyboard – A step-by-step document that walks you through how to integrate physical security and information security.

    Info-Tech provides a three-phased framework for integrating physical security and information security: Plan, Enhance, and Monitor & Optimize.

    • Integrate Physical Security and Information Security Storyboard

    2. Integrate Physical Security and Information Security Requirements Gathering Tool – A tool to map organizational goals to IT goals, facilities goals, OT goals (if applicable), and integrated security goals.

    This tool serves as a repository for information about security integration elements, compliance, and other factors that will influence your integration of physical security and information security.

    • Integrate Physical Security and Information Security Requirements Gathering Tool

    3. Integrate Physical Security and Information Security RACI Chart Tool – A tool to identify and understand the owners of various security integration stakeholders across the organization.

    Populating a RACI chart (Responsible, Accountable, Consulted, and Informed) is a critical step that will assist you in organizing roles for carrying out integration steps. Complete this tool to assign tasks to suitable roles.

    • Integrate Physical Security and Information Security RACI Chart Tool

    4. Integrate Physical Security and Information Security Communication Deck – A tool to present your findings in a prepopulated document that summarizes the work you have completed.

    Complete this template to effectively communicate your integrated security plan to stakeholders.

    • Integrate Physical Security and Information Security Communication Deck
    [infographic]

    Further reading

    Integrate Physical Security and Information Security

    Securing information security, physical security, or personnel security in silos may not secure much

    Analyst Perspective

    Ensure integrated security success with close and continual collaboration

    From physical access control systems (PACS) such as electronic locks and fingerprint biometrics to video surveillance systems (VSS) such as IP cameras to perimeter intrusion detection and prevention to fire and life safety and beyond: physical security systems pose unique challenges to overall security. Additionally, digital transformation of physical security to the cloud and the convergence of operational technology (OT), internet of things (IoT), and industrial IoT (IIoT) increase both the volume and frequency of security threats.

    These threats can be safety, such as the health impact when a gunfire attack downed wastewater pumps at Duke Energy Substation, North Carolina, US, in 2022. The threats can also be economic, such as theft of copper wire, or they can be reliability, such as when a sniper attack on Pacific Gas & Electric’s Metcalf Substation in California, US, damaged 17 out of 21 power transformers in 2013.

    Considering the security risks organizations face, many are unifying physical, cyber, and information security systems to gain the long-term overall benefits a consolidated security strategy provides.

    Ida Siahaan
    Ida Siahaan

    Research Director, Security and Privacy Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Physical security is often managed by facilities, not by IT security, resulting in segmented security systems. Meanwhile, integrating physical and information security introduces challenges in:

    • Value proposition of investment in governing and managing integrated systems including the migration costs compared to separated security systems.
    • Addressing complex risks and vulnerabilities of an integrated security system.
    • Operationalizing on enhanced capabilities created by adoption of emerging and disruptive technologies.

    Common Obstacles

    Physical security systems integration is complex due to various components such as proprietary devices and protocols and hybrid systems of analog and digital technology. Thus, open architecture with comprehensive planning and design is important.

    However, territorial protection by existing IT and physical security managers may limit security visibility and hinder security integration.

    Additionally, integration poses challenges in staffing, training and awareness programs, and dependency on third-party technologies and their migration plans.

    Info-Tech's Approach

    Info-Tech’s approach is a modular, incremental, and repeatable process to integrate physical and information security that enables organizations to:

    • Determine effort and technical requirements to ensure the integration will meet the business needs.
    • Establish GRC processes including integrated risk management and compliance.
    • Design and deploy integrated security architecture.
    • Establish metrics to monitor the effectiveness and efficiency of the security program.

    Info-Tech Insight

    An integrated security architecture, including people, process, and technology, will improve your overall security posture. These benefits are leading many organizations to consolidate their siloed systems into a single platform across physical security, cybersecurity, HR, legal, and compliance.

    Existing information security models are not comprehensive

    Current security models do not cover all areas of security, especially if physical systems and personnel are involved and safety is also an important property required.

    • The CIA triad (confidentiality, integrity, availability) is a well-known information security model that focuses on technical policies related to technology for protecting information assets.
    • The US Government’s Five Pillars of Information Assurance includes CIA, authentication, and non-repudiation, but it does not cover people and processes comprehensively.
    • The AAA model, created by the American Accounting Association, has properties of authentication, authorization, and accounting but focuses only on access control.
    • Donn Parker expanded the CIA model with three more properties: possession, authenticity, and utility. This model, which includes people and processes, is known as the Parkerian hexad. However, it does not cover physical and personnel security.

    CIA Triad

    The CIA Triad for Information Security: Confidentiality, Integrity, Availability


    Parkerian Hexad

    The Parkerian Hexad for Security: Confidentiality, Possession, Utility, Availability, Authenticity and Integrity

    Sources: Parker, 1998; Pender-Bey, 2012; Cherdantseva and Hilton, 2015

    Adopt an integrated security model

    Adopt an integrated security model which consists of information security, physical security, personnel security, and organizational security.

    The security ecosystem is shifting from segregation to integration

    Security ecosystem is shifting from the past proprietary model to open interfaces and future open architecture

    Sources: Cisco, n.d.; Preparing for Technology Convergence in Manufacturing, Info-Tech Research Group, 2018

    Physical security includes:

    • Securing physical access,
      e.g. facility access control, alarms, surveillance cameras
    • Securing physical operations
      (operational technology – OT), e.g. programmable logic controllers (PLCs), SCADA

    Info-Tech Insight

    Why is integrating physical and information security gaining more and more traction? Because the supporting technologies are becoming more matured. This includes, for example, migration of physical security devices to IP-based network and open architecture.

    Reactive responses to physical security incidents

    April 1995

    Target: Alfred P. Murrah Federal Building, Oklahoma, US. Method: Bombing. Impact: Destroyed structure of 17 federal agencies, 168 casualties, over 800 injuries. Result: Creation of Interagency Security Committee (ISC) in Executive Order 12977 and “Vulnerability Assessment of Federal Facilities” standard.
    (Source: Office of Research Services, 2017)

    April 2013

    Target: Pacific Gas & Electric’s Metcalf Substation, California, US. Method: Sniper attack. Impact: Out of 21 power transformers, 17 were damaged. Result: Creation of Senate Bill No. 699 and NERC- CIP-014 standard.
    (Source: T&D World, 2023)

    Sep. 2022

    Target: Nord Stream gas pipelines connecting Russia to Germany, Baltic sea. Method: Detonations. Impact: Methane leaks (~300,000 tons) at four exclusive economic zones (two in Denmark and two in Sweden). Result: Sweden’s Security Service investigation.
    (Source: CNBC News, 2022)

    Dec. 2022

    Target: Duke Energy Substation, North Carolina, US. Method: Gunfire. Impact: Power outages of ~40,000 customers and wastewater pumps in sewer lift stations down. Result: State of emergency was declared.
    (Source: CBS News, 2022)

    Info-Tech Insight

    When it comes to physical security, we have been mostly reactive. Typically the pattern starts with physical attacks. Next, the impacted organization mitigates the incidents. Finally, new government regulatory measures or private sector or professional association standards are put in place. We must strive to change our pattern to become more proactive.

    Physical security market forecast and top physical security challenges

    Physical security market forecast
    (in billions USD)

    A forecast by MarketsandMarkets projected growth in the physical security market, using historical data from 2015 until 2019, with a CAGR of 6.4% globally and 5.2% in North America.

    A forecast by MarketsandMarkets projected growth in the physical security market, using historical data from 2015 until 2019, with a CAGR of 6.4% globally and 5.2% in North America.

    Source: MarketsandMarkets, 2022

    Top physical security challenges

    An Ontic survey (N=359) found that threat data management (40%) was the top physical security challenge in 2022, up from 33% in 2021, followed by physical security threats to the C-suite and company leadership (35%), which was a slight increase from 2021. An interesting decrease is data protection and privacy (32%), which dropped from 36% in 2021.

    An Ontic survey (N=359) found that threat data management (40%) was the top physical security challenge in 2022, up from 33% in 2021, followed by physical security threats to the C-suite and company leadership (35%), which was a slight increase from 2021. An interesting decrease is data protection and privacy (32%), which dropped from 36% in 2021.

    Source: Ontic Center for Protective Intelligence, 2022

    Info-Tech Insight

    The physical security market is growing in systems and services, especially the integration of threat data management with cybersecurity.

    Top physical security initiatives and operations integration investments

    We know the physical security challenges and how the physical security market is growing, but what initiatives are driving this growth? These are the top physical security initiatives and top investments for physical security operations integration:

    Top physical security initiatives

    The number one physical security initiative is integrating physical security systems. Other initiatives with similar concerns included data and cross-functional integration

    A survey by Brivo asked 700 security professionals about their top physical security initiatives. The number one initiative is integrating physical security systems. Other initiatives with similar concerns included data and cross-functional integration.

    Source: Brivo, 2022

    Top investments for physical security operations integration

    The number one investment is on access control systems with software to identify physical threat actors. Another area with similar concern is integration of digital physical security with cybersecurity.

    An Ontic survey (N=359) on areas of investment for physical security operations integration shows the number one investment is on access control systems with software to identify physical threat actors. Another area with similar concern is integration of digital physical security with cybersecurity.

    Source: Ontic Center for Protective Intelligence, 2022

    Evaluate security integration opportunities with these guiding principles

    Opportunity focus

    • Identify the security integration problems to solve with visible improvement possibilities
    • Don’t choose technology for technology’s sake
    • Keep an eye to the future
    • Use strategic foresight

    Piece by piece

    • Avoid taking a big bang approach
    • Test technologies in multiple conditions
    • Run inexpensive pilots
    • Increase flexibility
    • Build a technology ecosystem

    Buy-in

    • Collaborate with stakeholders
    • Gain and sustain support
    • Maintain transparency
    • Increase uptake of open architecture

    Key Recommendations:

    Focus on your master plan

    Build a technology ecosystem

    Engage stakeholders

    Info-Tech Insight

    When looking for a quick win, consider learning the best internal or external practice. For example, in 1994 IBM reorganized its security operation by bringing security professionals and non-security professionals in one single structure, which reduced costs by approximately 30% in two years.

    Sources: Create and Implement an IoT Strategy, Info-Tech Research Group, 2022; Baker and Benny, 2013; Erich Krueger, Omaha Public Power District (contributor); Doery Abdou, March Networks Corporate (contributor)

    Case Study

    4Wall Entertainment – Asset Owner

    Industry: Architecture & Engineering
    Source: Interview

    4Wall Entertainment is quite mature in integrating its physical and information security; physical security has always been under IT as a core competency.

    4Wall Entertainment is a provider of entertainment lighting and equipment to event venues, production companies, lighting designers, and others, with a presence in 18 US and UK locations.

    After many acquisitions, 4Wall Entertainment needed to standardize its various acquired systems, including physical security systems such as access control. In its integrated security approach, IT owns the integrated security, but they interface with related entities such as HR, finance, and facilities management in every location. This allows them to obtain information such as holidays, office hours, and what doors need to be accessed as inputs to the security system and to get sponsorship in budgeting.

    In the past, 4Wall Entertainment tried delegating specific physical security to other divisions, such as facilities management and HR. This approach was unsuccessful, so IT took back the responsibility and accountability.

    Currently, 4Wall Entertainment works with local vendors, and its biggest challenge is finding third-party vendors that can provide nationwide support.

    In the future, 4Wall Entertainment envisions physical security modernization such as camera systems that allow more network accessibility, with one central system to manage and IoT device integration with SIEM and MDR.

    Results

    Lessons learned in integrating security from 4Wall Entertainment include:

    • Start with forming relationships with related divisions such as HR, finance, and facilities management to build trust and encourage sponsorship across management.
    • Create policies, procedures, and standards to deploy in various systems, especially when acquiring companies with low maturity in security.
    • Select third-party providers that offer the required functionalities, good customer support, and standard systems interoperability.
    • Close skill gaps by developing training and awareness programs for users, especially for newly acquired systems and legacy systems, or by acquiring expertise from consulting services.
    • Complete cost-benefit analysis for solutions on legacy systems to determine whether to keep them and create interfacing with other systems, upgrade them, or replace them entirely with newer systems.
    • Delegate maintenance of specific highly regulated systems, such as fire alarms and water sprinklers, to facilities management.
    Integration of Physical and Information Security Framework. Inputs: Integrated Items, Stakeholders, and Security Components. Phases, Outcomes and Benefits: Plan, Enhance and Monitor & Optimize.

    Tracking progress of physical and information security integration

    Physical security is often part of facilities management. As a result, there are interdependencies with both internal departments (such as IT, information security, and facilities) and external parties (such as third-party vendors). IT leaders, security leaders, and operational leaders should keep the big picture in mind when designing and implementing integration of physical and information security. Use this checklist as a tool to track your security integration journey.

    Plan

    • Engage stakeholders and justify value for the business.
    • Define roles and responsibilities.
    • Establish/update governance for integrated security.
    • Identify integrated elements and compliance obligations.

    Enhance

    • Determine the level of security maturity and update security strategy for integrated security.
    • Assess and treat risks of integrated security.
    • Establish/update integrated physical and information security policies and procedures.
    • Update incident response, disaster recovery, and business continuity plan.

    Monitor & Optimize

    • Identify skill requirements and close skill gaps for integrating physical and information security.
    • Design and deploy integrated security architecture and controls.
    • Establish, monitor, and report integrated security metrics on effectiveness and efficiency.

    Benefits of the security integration framework

    Today’s matured technology makes security integration possible. However, the governance and management of single integrated security presents challenges. These can be overcome using a multi-phased framework that enables a modular, incremental, and repeatable integration process, starting with planning to justify the value of investment, then enhancing the integrated security based on risks and open architecture. This is followed by using metrics for monitoring and optimization.

    1. Modular

      • Implementing a consolidated security strategy is complex and involves the integration of process, software, data, hardware, and network and infrastructure.
      • A modular framework will help to drive value while putting in appropriate guardrails.
    2. Incremental

      • Integration of physical security and information security involves many components such as security strategy, risk management, and security policies.
      • An incremental framework will help track, manage, and maintain each step while providing appropriate structure.
    3. Repeatable

      • Integration of physical security and information security is a journey that can be approached with a pilot program to evaluate effectiveness.
      • A repeatable framework will help to ensure quick time to value and enable immediate implementation of controls to meet operational and security requirements.

    Potential risks of the security integration framework

    Just as medicine often comes with side effects, our Integration of Physical and Information Security Framework may introduce risks too. However, as John F. Kennedy, thirty-fifth president of the United States, once said, "There are risks and costs to a program of action — but they are far less than the long-range cost of comfortable inaction."

    Plan Phase

    • Lack of transparency in the integration process can lead to lack of trust among stakeholders.
    • Lack of support from leadership results in unclear governance or lack of budget or human resources.
    • Key stakeholders leave the organization during the engagement and their replacements do not understand the organization’s operation yet.

    Enhance Phase

    • The risk assessment conducted focuses too much on IT risk, which may not always be applicable to physical security systems nor OT systems.
    • The integrated security does not comply with policies and regulations.

    Monitor and Optimize Phase

    • Lack of knowledge, training, and awareness.
    • Different testing versus production environments.
    • Lack of collected or shared security metrics.

    Data

    • Data quality issues and inadequate data from physical security, information security, and other systems, e.g. OT, IoT.
    • Too much data from too many tools are complex and time consuming to process.

    Develop an integration of information security, physical security, and personnel security that meets your organization’s needs

    Integrate security in people, process, and technology to improve your overall security posture

    Having siloed systems running security is not beneficial. Many organizations are realizing the benefits of consolidating into a single platform across physical security, cybersecurity, HR, legal, and compliance.

    Plan and engage stakeholders

    Assemble the right team to ensure the success of your integrated security ecosystem, decide the governance model, and clearly define the roles and responsibilities.

    Enhance strategy and risk management

    Strategically, we want a physical security system that is interoperable with most technologies, flexible with minimal customization, functional, and integrated, despite the challenges of proprietary configurations, complex customization, and silos.

    Monitor and optimize

    Find the most optimized architecture that is strategic, realistic, and based on risk. Next, perform an evaluation of the security systems and program by understanding what, where, when, and how to measure and to report the relevant metrics.

    Focus on master plan

    Identify the security integration problems to solve with visible improvement possibilities, and don’t choose technology for technology’s sake. Design first, then conduct market research by comparing products or services from vendors or manufacturers.

    Build a technology ecosystem

    Avoid a big bang approach and test technologies in multiple conditions. Run inexpensive pilots and increase flexibility to build a technology ecosystem.

    Deliverables

    Each step of this framework is accompanied by supporting deliverables to help you accomplish your goals:

    Integrate Physical Security and Information Security Requirements Gathering Tool

    Map organizational goals to IT goals, facilities goals, OT goals (if applicable), and integrated security goals. Identify your security integration elements and compliance.

    Integrate Physical Security and Information Security RACI Chart Tool

    Identify various security integration stakeholders across the organization and assign tasks to suitable roles.

    Key deliverable:

    Integrate Physical Security and Information Security Communication Deck

    Present your findings in a prepopulated document that summarizes the work you have completed.

    Plan

    Planning is foundational to engage stakeholders. Start with justifying the value of investment, then define roles and responsibilities, update governance, and finally identify integrated elements and compliance obligations.

    Plan

    Engage stakeholders

    • To initiate communication between the physical and information security teams and other related divisions, it is important to identify the entities that would be affected by the security integration and involve them in the process to gain support from planning to delivery and maintenance.
    • Possible stakeholders:
      • Executive leadership, Facilities Management leader and team, IT leader, Security & Privacy leader, compliance officer, Legal, Risk Management, HR, Finance, OT leader (if applicable)
    • A successful security integration depends on aligning your security integration initiatives and migration plan to the organization’s objectives by engaging the right people to communicate and collaborate.

    Info-Tech Insight

    It is important to speak the same language. Physical security concerns safety and availability, while information security concerns confidentiality and integrity. Thus, the two systems have different goals and require alignment.

    Similarly, taxonomy of terminologies needs to be managed,1 e.g. facility management with an emergency management background may have a different understanding from a CISO with an information security background when discussing the same term. For example:

    In emergency management prevention means “actions taken to eliminate the impact of disasters in order to protect lives, property and the environment, and to avoid economic disruption.”2

    In information security prevention is “preventing the threats by understanding the threat environment and the attack surfaces, the risks, the assets, and by maintaining a secure system.”3

    Sources: 1 Owen Yardley, Omaha Public Power District (contributor); 2 Translation Bureau, Government of Canada, n.d.; 3 Security Intelligence, 2020


    Map organizational goals to integrated security goals

    Input

    • Corporate, IT, and Facilities strategies

    Output

    • Your goals for the integrated security strategy

    Materials

    • Integrate Physical Security and Information Security Requirements Gathering Tool

    Participants

    • Executive leadership
    • Facilities Management leader and team
    • IT leader
    • Security & Privacy leader
    • Compliance officer
    • Legal
    • Risk Management
    • HR & Finance
    • OT leader (if applicable)
    1. As a group, brainstorm organization goals.
      • Review relevant corporate, IT, and facilities strategies.
    2. Record the most important business goals in the “Goals Cascade” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool. Try to limit the number of business goals to no more than ten goals. This limitation will be critical to helping focus on your integrated security goals.
    3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

    Download the Integrate Physical Security and Information Security Requirements Gathering Tool.

    Record organizational goals

    A table to identify Organization, IT, OT(if applicable), Facilities, and Security Goals Definitions.

    Refer to the Integration of Physical and Information Security Framework when filling in the table.

    1. Record your identified organizational goals in the “Goals Cascade” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool.
    2. For each organizational goal, identify IT alignment goals.
    3. For each organizational goal, identify OT alignment goals (if applicable).
    4. For each organizational goal, identify Facilities alignment goals.
    5. For each organizational goal, select an integrated security goal from the drop-down menu.

    Justify value for the business

    Facilities in most cases have a team that is responsible for physical security installations such as access key controllers. Whenever there is an issue, they contact the provider to fix the error. However, with smart buildings and smart devices, the threat surface grows to include information security threats, and Facilities may not possess the knowledge and skills required to deal with them. At the same time, delegating physical security to IT may add more tasks to their already-too-long list of responsibilities. Consolidating security to a focused security team that covers both physical and information security can help.1 We need to develop the security integration business case beyond physical security "gates, guns, and guards" mentality.2

    An example of a cost-benefit analysis for security integration:

    Benefits

    Metrics

    Operational Efficiency and Cost Savings

    • Reduction in deployment, maintenance, and staff time in manual operations of physical security devices such as logs collection from analog cameras to be automated into digital.
    • Reduction in staffing costs by bringing physical security SOC and information security SOC in one single structure.

    Reliability Improvements

    • Reduction in field crew time by identifying hardware that can be virtualized to have a centralized remote control.
    • Improvement of operating reliability through continuous and real-time monitoring of equipment such as door access control systems and camera surveillance systems.

    Customers & Users Benefits

    • Improvement of customer safety for essential services such as access to critical locations only by authorized personnel.
    • Improvement of reliability of services and address human factor in adoption of change by introducing change as a friendly activity.

    Cost

    Metrics

    Equipment and Infrastructure

    • Upgrade of existing physical security equipment, e.g. replacement of separated access control, video management system (VMS), and physical access control system (PACS) with a unified security platform.
    • Implementation of communication network equipment and labor to install, configure, and maintain the new network component.

    Software and Commission

    • The software and maintenance fee as well as upgrade implementation project cost.
    • Labor cost of field commissioning and troubleshooting.
    • Integration with security systems, e.g. event and log management, continuous monitoring, and investigation.

    Support and Resources

    • Cost to hire/outsource security FTEs for ongoing management and operation of security devices, e.g. SOC, MSSP.
    • Cost to hire/outsource FTEs to analyze, design, and deploy the integrated security architecture, e.g. consulting fee.

    Sources: 1 Andrew Amaro, KLAVAN Security Services (contributor); 2 Baker and Benny, 2013;
    Industrial Control System Modernization, Info-Tech Research Group, 2023; Lawrence Berkeley National Laboratory, 2021

    Plan

    Define roles and responsibilities

    Input

    • List of relevant stakeholders

    Output

    • Roles and responsibilities for the integration of physical and information security program

    Materials

    • Integrate Physical Security and Information Security RACI Chart Tool

    Participants

    • Executive leadership
    • Facilities Management leader and team
    • HR & Finance
    • IT leader and team
    • OT leader and team
    • Security & Privacy leader and team

    Many factors impact an organization’s level of effectiveness as it relates to integration of physical and information security. How the team interacts, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, we need to identify stakeholders that are:

    • Responsible: The person(s) who does the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
    • Accountable: The person(s) who is accountable for the completion of the activity. Ideally, this is a single person and is often an executive or program sponsor.
    • Consulted: The person(s) who provides information. This is usually several people, typically called subject matter experts (SMEs).
    • Informed: The person(s) who is updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

    Download the Integrate Physical Security and Information Security RACI Chart Tool

    Define RACI chart

    Define Responsible, Accountable, Consulted, Informed (RACI) stakeholders.

    1. Customize the Work Units to best reflect your operation with applicable stakeholders.
    2. Customize the Action rows as required.

    Integrate Physical Security and Information Security RACI Chart

    Sources: ISC, 2015; ISC, 2021

    Info-Tech Insight

    The roles and responsibilities should be clearly defined. For example, IT Security should be responsible for the installation and configuration of all physical access controllers and devices, and facility managers should be responsible for the physical maintenance including malfunctioning such as access device jammed or physically broken.

    Plan

    Establish/update governance for integrated security

    HR & Finance

    HR provides information such as new hires and office hours as input to the security system. Finance assists in budgeting.

    Security & Privacy

    The security and privacy team will need to evaluate solutions and enforce standards on various physical and information security systems and to protect data privacy.

    Business Leaders

    Business stakeholders will provide clarity for their strategy and provide input into how they envision security furthering those goals.

    IT Executives

    IT stakeholders will be a driving force, ensuring all necessary resources are available and funded.

    Facilities/ Operations

    Operational plans will include asset management, monitoring, and support to meet functional goals and manage throughout the asset lifecycle.

    Infrastructure & Enterprise Architects

    Each solution added to the environment will need to be chosen and architected to meet business goals and security functions.

    Info-Tech Insight

    Assemble the right team to ensure the success of your integrated security ecosystem and decide the governance model, e.g. security steering committee (SSC) or a centralized single structure.

    Adapted from Create and Implement an IoT Strategy, Info-Tech Research Group, 2022

    What does the SSC do?

    Ensuring proper governance over your security program is a complex task that requires ongoing care and feeding from executive management to succeed.

    Your SSC should aim to provide the following core governance functions for your security program:

    1. Define Clarity of Intent and Direction

      How does the organization’s security strategy support the attainment of the business, IT, facilities management, and physical and information security strategies? The SSC should clearly define and communicate strategic linkage and provide direction for aligning security initiatives with desired outcomes.
    2. Establish Clear Lines of Authority

      Security programs contain many important elements that need to be coordinated. There must be clear and unambiguous authority, accountability, and responsibility defined for each element so lines of reporting/escalation are clear and conflicting objectives can be mediated.
    3. Provide Unbiased Oversight

      The SSC should vet the organization’s systematic monitoring processes to ensure there is adherence to defined risk tolerance levels and that monitoring is appropriately independent from the personnel responsible for implementing and managing the security program.
    4. Optimize Security Value Delivery

      Optimized value delivery occurs when strategic objectives for security are achieved and the organization’s acceptable risk posture is attained at the lowest possible cost. This requires constant attention to ensure controls are commensurate with any changes in risk level or appetite.

    Adapted from Improve Security Governance With a Security Steering Committee , Info-Tech Research Group, 2018

    Plan

    Identify integrated elements and compliance obligations

    To determine what elements need to be integrated, it’s important to scope the security integration program and to identify the consequences of integration for compliance obligations.

    INTEGRATED ELEMENTS

    What are my concerns?

    Process integrations

    Determine which processes need to be integrated and how

    • Examples: Security prevention, detection, and response; risk assessment

    Software and data integration

    Determine which software and data need to be integrated and how

    • Examples: Threat management tools, SIEM, IDPS, security event logs

    Hardware integration

    Determine which hardware needs to be integrated and how

    • Examples: Sensors, alarms, cameras, keys, locks, combinations, and card readers

    Network and infrastructure

    Determine which network and infrastructure components need to be integrated and how

    • Example: Network segmentation for physical access controllers.

    COMPLIANCE

    How can I address my concerns?

    Regulations

    Adhere to mandatory laws, directives, industry standards, specific contractual obligations, etc.

    • Examples: NERC CIP (North American Utilities), Network and Information Security (NIS) Directive (EU), Health and Safety at Work etc Act 1974 (UK), Occupational Safety and Health Act, 1970 (US), Emergency Management Act, 2007 (Canada)

    Standards

    Adhere to voluntary standards and obligations

    • Examples: NIST Cybersecurity Framework (CSF), The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (US), Cybersecurity Maturity Model Certification (CMMC), Service Organization Control (SOC 1 and 2)

    Guidelines

    Adopt guidelines that can improve the integrated security program

    • Examples: Best Practices for Planning and Managing Physical Security Resources (US Interagency Security Committee), Information Security Manual - Guidelines for Physical Security (Australian Cyber Security Centre), 1402-2021-Guide for Physical Security of Electric Power Substations (IEEE)

    Record integrated elements

    Scope and Boundaries from the Integrate Physical Security and Information Security Requirements Gathering Tool.

    Refer to the “Scope” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool when filling in the following elements.

    1. Record your integrated elements, i.e. process integration, software and data integration, hardware integration, network and infrastructure, and physical scope of your security integration, in the “Scope” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool.
    2. For each of your scoping give the rationale for including them in the Comments column. Careful attention should be paid to any elements that are not in scope.

    Record your compliance obligations

    Refer to the “Compliance Obligations” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool.

    1. Identify your compliance obligations. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      • Laws
      • Government regulations
      • Industry standards
      • Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your integrated security, include those that include physical security requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Integrate Physical Security and Information Security Requirements Gathering Tool.
    3. Refer to the “Compliance DB” tab for lists of standards/regulations/ guidelines.
    The “Compliance Obligations” tab of the Integrate Physical Security and Information Security Requirements Gathering Tool.

    Remediate third-party compliance gaps

    If you have third-party compliance gaps, there are four primary ways to eliminate them:

    1. Find a New, Compliant Partner

      Terminate existing contract and find another organization to partner with.
    2. Bring the Capability In-House

      Expense permitting, this may be the best way to protect yourself.
    3. Demand Compliance

      Tell the third party they must become compliant. Make sure you set a deadline.
    4. Accept Noncompliance and Assume the Risk

      Sometimes remediation just isn’t cost effective and you have no choice.

    Follow Contracting Best Practices to Mitigate the Risk of Future Third-Party Compliance Gaps

    1. Perform Initial Due Diligence: Request proof of third-party compliance prior to entering into a contract.
    2. Perform Ongoing Due Diligence: Request proof of third-party contractor compliance annually.
    3. Contract Negotiation: Insert clauses requesting periodic assertions of compliance.

    View a sample contract provided by the US Department of Health and Human Services.

    Source: Take Control of Compliance Improvement to Conquer Every Audit, Info-Tech Research Group, 2015

    Pitfalls to avoid when planning security integration

    • No Resources Lineups

      Integration of security needs support from leadership, proper planning, and clear and consistent communication across the organization.
    • Not Addressing Holistic Security

      Create policies and procedures and follow standards that are holistic and based on threats and risks, e.g. consolidated access control policies.
    • Lack of Governance

      While the IT department is a critical partner in cybersecurity, the ownership of such a role sits squarely in the organizational C-suite, with regular reporting to the board of directors (if applicable).
    • Overlooking Business Continuity Effort

      IT and physical security are integral to business continuity and disaster recovery strategies.
    • Not Having Relevant Training and Awareness

      Provide a training and awareness program based on relevant attack vectors. Trained employees are key assets to the development of a safe and secure environment. They must form the base of your security culture.
    • Overbuilding or Underbuilding

      Select third-party providers that offer systems interoperability with other security tools. The intent is to promote a unified approach to security to avoid a cumbersome tooling zoo.

    Sources: Real Time Networks, 2022; Andrew Amaro, KLAVAN Security Services (contributor)

    Enhance

    Enhancing is the development of an integrated security strategy, policies, procedures, BCP, DR, and IR based on the organization’s risks.

    Enhance

    Determine the level of security maturity and update the security strategy

    • Before updating your security strategies, you need to understand the organization’s business strategies, IT strategies, facilities strategies, and physical and information security strategies. The goal is to align your integrated security strategies to contribute to your organization’s success.
    • The integrated security leaders need to understand the direction of the organization. For example:
      • Growth expectation
      • Expansions or mergers anticipation
      • Product or service changes
      • Regulatory requirements
    • Wise security investments depend on aligning your security initiatives to the organization’s objectives by supporting operational performance and ensuring brand protection and shareholder values.
    Integrated security strategies. Consists of an organization’s business strategies, IT strategies, facilities strategies, and physical and information security strategies.

    Sources: Amy L. Meger, Platte River Power Authority (contributor); Baker and Benny, 2013; IFSEC Global, 2023; Security Priorities 2023, Info-Tech Research Group, 2023; Build an Information Security Strategy, Info-Tech Research Group, 2020; ISC, n.d.

    Understanding security maturity

    Maturity models are very effective for determining security states. This table provides examples of general descriptions for physical and information security maturity levels.

    Determine which framework is suitable and select the description that most accurately reflects the ideal state for security in your organization.

    Level 1

    Level 2

    Level 3

    Level 4

    Level 5

    Minimum security with simple physical barriers. Low-level security to prevent and detect some unauthorized external activity. Medium security to prevent, detect, and assess most unauthorized external activity and some unauthorized internal activity. High-level security to prevent, detect, and assess most unauthorized external and internal activity. Maximum security to prevent, detect, assess, and neutralize all unauthorized external and internal activity.

    Physical security maturity level1

    Initial/Ad hoc security programs are reactive. Developing security programs can be effective at what they do but are not holistic. A defined security program is holistic, documented, and proactive. Managed security programs have robust governance and metrics processes. An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs).

    Information security maturity level2

    Sources: 1 Fennelly, 2013; 2 Build an Information Security Strategy, Info-Tech Research Group, 2020

    Enhance

    Assess and treat integrated security risks

    The risk assessment conducted consists of analyzing existing inherent risks, existing pressure to the risks such as health and safety laws and codes of practice, new risks from the integration process, risk tolerance, and countermeasures.

    • Some organizations already integrate security into corporate security that consists of risk management, compliance, governance, information security, personnel security, and physical security. However, some organizations are still separating security components, especially physical security and information security, which limits security visibility and the organization’s ability to complete a comprehensive risks assessment.
    • Many vendors are also segregating physical security and information security solutions because their tools do well only on certain aspects. This forces organizations to combine multiple tools, creating a complex environment.
    • Additionally, risks related to people such as mental health issues must be addressed properly. The prevalence of hybrid work post-pandemic makes this aspect especially important.
    • Assess and treat risks based on the organization’s requirements, including its environments. For example, the US federal facility security organization is required to conduct risk assessments at least every five years for Level I (lowest risk) and Level II facilities and at least every three years for Level III, IV, and V (highest risk) facilities.

    Sources: EPA, n.d.; America's Water Infrastructure Act (AWIA), 2018; ISC, 2021

    “In 2022, 95% of US companies are consolidating into a single platform across physical security, cybersecurity, HR, legal and compliance.”

    Source: Ontic Center for Protective Intelligence, 2022; N=359

    Example risk levels

    The risk assessment conducted is based on a combination of physical and information security factors such as certain facilities factors. The risk level can be used to determine the baseline level of protection (LOP). Next, the baseline LOP is customized to the achievable LOP. The following is an example for federal facilities determined by Interagency Security Committee (ISC).

    Risk factor, points and score. Facility security level (FSL), level of risk, and baseline level of protection.

    Source: ISC, 2021

    Example assets

    It is important to identify the organization’s requirements, including its environments (IT, IoT, OT, facilities, etc.), and to measure and evaluate its risks and threats using an appropriate risk framework and tools with the critical step of identifying assets prior to acquiring solutions.

    Organizational requirements including its environments(IT, loT, OT, facilities, etc.)

    Info-Tech Insight

    Certain exceptions must be identified in risk assessment. Usually physical barriers such as gates and intrusion detection sensors are considered as countermeasures,1 however, under certain assessment, e.g. America's Water Infrastructure Act (AWIA),2 physical barriers are also considered assets and as such must also be assessed.

    Compromising a fingerprint scanner

    An anecdotal example of why physical security alone is not sufficient.

    Biometrics: secure access and data security.

    Image by Rawpixel.com on Freepik

    Lessons learned from using fingerprints for authentication:

    • Fingerprint scanners can be physically circumvented by making a copy an authorized user’s fingerprint with 3D printing or even by forcefully amputating an authorized user’s finger.
    • Authorized users may not be given access when the fingerprint cannot be recognized, e.g. if the finger is covered by bandage due to injury.
    • Integration with information security may help detect unauthorized access, e.g. a fingerprint being scanned in a Canadian office when the same user was scanned at a close time interval from an IP in Europe will trigger an alert of a possible incident.

    Info-Tech Insight

    In an ideal world, we want a physical security system that is interoperable with all technologies, flexible with minimal customization, functional, and integrated. In the real world, we may have physical systems with proprietary configurations that are not easily customized and siloed.

    Source: Robert Dang, Info-Tech Research Group

    Use case: Microchip implant

    Microchip implants can be used instead of physical devices such as key cards for digital identity and access management. Risks can be assessed using quantitative or qualitative approaches. In this use case a qualitative approach is applied to impact and likelihood, and a quantitative approach is applied to revenue and cost.

    Asset: Microchip implant

    Benefits

    Impact

    • Improve user satisfaction by removing the need to carry key cards, IDs, etc.
    • Improve operating reliability by reducing the likelihood of losing physical devices such as key cards.
    • Improve reliability of services through continuous and real-time connection with other systems such as payment system.

    Likelihood

    • Improve user satisfaction: High
    • Improve operating reliability: High
    • Improve reliability of services: High

    Revenue

    • Acquire new customers or retain existing customers by making daily lives easier with no need to carry key cards, IDs, etc.
    • Cost reduction in staffing of security personnel, e.g. reducing the staffing of building guards or receptionist.

    Risks

    Impact

    • Security: issues such as biohacking of wearable technology and interconnected devices.
    • Safety: issues such as infections or reactions in the body's immune system.
    • Privacy: issues such as unauthorized surveillance and tracking of activities.

    Likelihood

    • Biohacking: Medium
    • Infections: Low
    • Surveillance: High

    Cost

    • Installation costs and hardware costs.
    • Overall lifecycle cost including estimated software and maintenance costs.
    • Estimated cost of training and estimated increase in productivity.

    Sources: Business Insider, 2018; BBC News, 2022; ISC, 2015

    Enhance

    Update integrated security policies and procedures

    Global policies with local implementation

    This model works for corporate groups with a parent company. In this model, global security policies are developed by a parent company and local policies are applied to the unique business that is not supported by the parent company.

    Update of existing security policies

    This model works for organizations with sufficient resources. In this model, integrated security policies are derived from various policies. For example, physical security in smart buildings/devices (sensors, automated meters, HVAC, etc.) and OT systems (SCADA, PLCs, RTUs, etc.) introduce unique risk exposures, necessitating updates to security policies.

    Customization of information security policies

    This model works for smaller organizations with limited resources. In this model, integrated security policies are derived from information security policies. The issue is when these policies are not applicable to physical security systems or other environments, e.g. OT systems.

    Sources: Kris Krishan, Waymo (contributor); Isabelle Hertanto, Info-Tech Research Group (contributor); Physical and Environmental Security Policy Template, Info-Tech Research Group, 2022.

    Enhance

    Update BCP, DR, IR

    • Physical threats such as theft of material, vandalism, loitering, and the like are also part of business continuity threats.
    • These threats can be carried out by various means such as vehicles breaching perimeter security, bolt cutters used for cutting wire and cable, and ballistic attack.
    • Issues may occur when security operations are owned separately by physical security or information security, thus lacking consistent application of best practices.
    • To overcome this issue, organizations need to update BCP, DR, and IR holistically based on a cost-benefit analysis and the level of security maturity, which can be defined based on the suitable framework.

    Sources: IEEE, 2021; ISC, 2021

    “The best way to get management excited about a disaster plan is to burn down the building across the street.”

    Source: Dan Erwin, Security Officer, Dow Chemical Co., in Computerworld, 2022

    Optimize

    Optimizing means working to make the most effective and efficient use of resources, starting with identifying skill requirements and closing skill gaps, followed by designing and deploying integrated security architecture and controls, and finally monitoring and reporting integrated security metrics.

    Optimize

    Identify skill requirements and close skill gaps

    • The pandemic changed how people work and where they choose to work, and most people still want a hybrid work model. Our survey in July 2022 (N=516) found that 55.8% of employees have the option to work offsite 2-3 days per week, 21.0% can work offsite 1 day per week, and 17.8% can work offsite 4 days per week.
    • The investment (e.g. on infrastructure and networks) to initiate remote work was huge, and the costs didn’t end there; organizations needed to maintain the secure remote work infrastructure to facilitate the hybrid work model.
    • Moreover, roles are evolving due to convergence and modernization. These new roles require an integrative skill set. For example, the grid security and ops team might consist of an IT security specialist, a SCADA technician/engineer, and an OT/IIOT security specialist, where OT/IIOT security specialist is a new role.
    Identify skill gaps that hinder the successful execution of the hybrid work security strategy. Use the identified skill gaps to define the technical skill requirements for current and future work roles. Conduct a skills assessment on your current workforce to identify employee skill gaps. Decide whether to train (including certification), hire, contract, or outsource to close each skill gap.

    Strategic investment in internal security team

    Internal security governance and management using in-house developed tools or off-the-shelf solutions, e.g. security information and event management (SIEM).

    Security management using third parties

    Internal security management using third-party security services, e.g. managed security service providers (MSSPs).

    Outsourcing security management

    Outsourcing the entire security functions, e.g. using managed detection and response (MDR).

    Sources: Info-Tech Research Group’s Security Priorities 2023, Close the InfoSec Skills Gap, Build an IT Employee Engagement Program, and Grid Modernization

    Select the right certifications

    What are the options?

    • One issue in security certification is the complexity of relevancy in topics with respect to roles and levels.
    • The European Union Agency for Cybersecurity (ENISA) takes the approach of analyzing existing certifications of ICS/SCADA professionals' cybersecurity skills by orientation, scope, and supporting bodies that are grouped into specific certifications, relevant certifications, and safety certifications (ENISA, 2015).
    • This approach can also be applied to integrated security certifications.

    Physical security certification

    • Examples: Industrial Security Professional Certification (NCMS-ISP); Physical Security Professional (ASIS-PSP); Physical Security Certification (CDSE-PSC); ISC I-100, I-200, I-300, and I-400

    Cyber physical system security certification

    • Examples: Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course

    Information security certification

    • Examples: Network and Information Security (NIS) Driving License, ISA/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP)

    Safety Certifications

    • Examples: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organizations (ENSHPO)
    Table showing options for Certification orientation, scope and supporting bodies.

    Optimize

    Design and deploy integrated security architecture and controls

    • A survey by Brivo found that 38% of respondents have partly centralized security platforms, 25% have decentralized platforms, and 36% have centralized platforms (Brivo, 2022; N=700).
    • If your organization’s security program is still decentralized or partly centralized and your organization is planning to establish an integrated security program, then the recommendation is to perform a holistic risk assessment based on probability and impact assessments on threats and vulnerabilities.
    • The impacted factors, for example, are customers served, criticality of services, equipment present inside the building, personnel response time for operational recovery and the mitigation of hazards, and costs.
    • Frameworks such as Sherwood Applied Business Security Architecture (SABSA), Control Objectives for Information and Related Technologies (COBIT), and The Open Group Architecture Framework (TOGAF) can be used to build security architecture that aligns security goals with business goals.
    • Finally, analyze the security design against the design criteria.

    Sources: ISA and Honeywell Integrated Security Technology Lab, n.d.; IEEE, 2021

    “As long as organizations treat their physical and cyber domains as separate, there is little hope of securing either one.”

    Source: FedTech magazine, 2009

    Analyze architecture design

    Cloud, on-premises, or hybrid? During the pandemic, many enterprises were under tight deadlines to migrate to the cloud. Many did not refactor data and applications correctly for cloud platforms during migration, with the consequence of high cloud bills. This happened because the migrated applications cannot take advantage of on-premises capabilities such as autoscaling. Thus, in 2023, it is plausible that enterprises will bring applications and data back on-premises.

    Below is an example of a security design analysis of platform architecture. Design can be assessed using quantitative or qualitative approaches. In this example, a qualitative approach is applied using high-level advantages and disadvantages.

    Design criteria

    Cloud

    Hybrid

    On-premises

    Effort

    Consumer effort is within a range, e.g. < 60%

    Consumer effort is within a range e.g. < 80%

    100% organization

    Reliability

    High reliability

    High reliability

    Medium reliability that depends on data centers

    Cost

    High cost when data and applications are not correctly designed for cloud

    Optimized cost when data and applications are correctly designed either for cloud or native

    Medium cost when data and applications take advantage of on-prem capabilities

    Info-Tech Insight

    It is important for organizations to find the most optimized architecture to support them, for example, a hybrid architecture of cloud and on-premises based on operations and cost-effectiveness. To help design a security architecture that is strategic, realistic, and based on risk, see Info-Tech’s Identify the Components of Your Cloud Security Architecture research.

    Sources: InfoWorld, 2023; Identify the Components of Your Cloud Security Architecture , Info-Tech Research Group, 2021

    Analyze equipment design

    Below is an example case of a security design analysis of electronic security systems. Design can be assessed using quantitative or qualitative approaches. In this example a qualitative approach is applied using advantages and disadvantages.

    Surveillance design criteria

    Video camera

    Motion detector

    Theft of security system equipment

    Higher economic loss Lower economic loss

    Reliability

    Positive detection of intrusion Spurious indication and lower reliability

    Energy savings and bandwidth

    Only record when motion is detected Detect and process all movement

    Info-Tech Insight

    Once the design has been analyzed, the next step is to conduct market research to analyze the solutions landscape, e.g. to compare products or services from vendors or manufacturers.

    Sources: IEEE, 202; IEC, n.d.; IEC, 2013

    Analyze off-the-shelf solutions

    Criteria to consider when comparing solutions:

    Criteria to consider when comparing solutions: 1 - Visibility and asset management. 2 - Threat detection, mitigation and response. 3 - Risk assessment and vulnerability management. 4 - Usability, architecture, Cost.

    Visibility and Asset Management

    Passively monitoring data using various protocol layers, actively sending queries to devices, or parsing configuration files of physical security devices, OT, IoT, and IT environments on assets, processes, and connectivity paths.

    Threat Detection, Mitigation, and Response (+ Hunting)

    Automation of threat analysis (signature-based, specification-based, anomaly-based, flow-based, content-based, sandboxing) not only in IT but also in relevant environments, e.g. physical, IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics.

    Risk Assessment and Vulnerability Management

    Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management.

    Usability, Architecture, Cost

    The user and administrative experience, multiple deployment options, extensive integration capabilities, and affordability.

    Source: Secure IT/OT Convergence, Info-Tech Research Group, 2022

    Optimize

    Establish, monitor, and report integrated security metrics

    Security metrics serve various functions in a security program.1 For example:

    • As audit requirements. For integrated security, the requirements are derived from mandatory or voluntary compliance, e.g. NERC CIP.
    • As an indicator of maturity level. For integrated security, maturity level is used to measure the state of security, e.g. C2M2, CMMC.
    • As a measurement of effectiveness and efficiency. Security metrics consist of operational metrics, financial metrics, etc.

    Safety

    Physical security interfaces with the physical world. Thus, metrics based on risks related to safety are crucial. These metrics motivate personnel by making clear why they should care about security.
    Source: EPRI, 2017

    Business Performance

    The impact of security on the business can be measured with various metrics such as operational metrics, service level agreements (SLAs), and financial metrics.
    Source: BMC, 2022

    Technology Performance

    Early detection leads to faster remediation and less damage. Metrics such as maximum tolerable downtime (MTD) and mean time to recovery (MTR) indicate system reliability.
    Source: Dark Reading, 2022

    Security Culture

    Measure the overall quality of security culture with indicators such as compliance and audit, vulnerability management, and training and awareness.

    Info-Tech Insight

    Security failure can be avoided by evaluating the security systems and program. Security evaluation requires understanding what, where, when, and how to measure and to report the relevant metrics.

    Related Info-Tech Research

    Secure IT/OT Convergence

    The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

    Hence, IT and OT need to collaborate, starting with communication to build trust and to overcome their differences and followed by negotiation on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

    Preparing for Technology Convergence in Manufacturing

    Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication.

    Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations.

    This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

    Bibliography

    "1402-2021 - IEEE Guide for Physical Security of Electric Power Substations." IEEE, 2021. Accessed 25 Jan. 2023.

    "2022 State of Protective Intelligence Report." Ontic Center for Protective Intelligence, 2022. Accessed 16 Jan. 2023.

    "8 Staggering Statistics: Physical Security Technology Adoption." Brivo, 2022. Accessed 5 Jan. 2023.

    "America's Water Infrastructure Act of 2018." The United States' Congress, 2018. Accessed 19 Jan. 2023.

    Baker, Paul and Daniel Benny. The Complete Guide to Physical Security. Auerbach Publications. 2013

    Bennett, Steve. "Physical Security Statistics 2022 - Everything You Need to Know." WebinarCare, 4 Dec. 2022. Accessed 30 Dec. 2022.

    "Best Practices for Planning and Managing Physical Security Resources: An Interagency Security Committee Guide." Interagency Security Committee (ISC), Dec. 2015. Accessed 23 Jan. 2023.

    Black, Daniel. "Improve Security Governance With a Security Steering Committee." Info-Tech Research Group, 23 Nov. 2018. Accessed 30 Jan. 2023.

    Borg, Scott. "Don't Put Up Walls Between Your Security People." FedTech Magazine, 17 Feb. 2009. Accessed 15 Dec. 2022.

    Burwash, John. “Preparing for Technology Convergence in Manufacturing.” Info-Tech Research Group, 12 Dec. 2018. Accessed 7 Dec. 2022.

    Carney, John. "Why Integrate Physical and Logical Security?" Cisco. Accessed 19 Jan. 2023.

    "Certification of Cyber Security Skills of ICS/SCADA Professionals." European Union Agency for Cybersecurity (ENISA), 2015. Accessed 27 Sep. 2022.

    Cherdantseva, Yulia and Jeremy Hilton. "Information Security and Information Assurance. The Discussion about the Meaning, Scope and Goals." Organizational, Legal, and Technological Dimensions of IS Administrator, Almeida F., Portela, I. (eds.), pp. 1204-1235. IGI Global Publishing, 2013.

    Cobb, Michael. "Physical security." TechTarget. Accessed 8 Dec. 2022.

    “Conduct a Drinking Water or Wastewater Utility Risk Assessment.” United States Environmental Protection Agency (EPA), n.d. Web.

    Conrad, Sandi. "Create and Implement an IoT Strategy." Info-Tech Research Group, 28 July 2022. Accessed 7 Dec. 2022.

    Cooksley, Mark. "The IEC 62443 Series of Standards: A Product Manufacturer's Perspective." YouTube, uploaded by Plainly Explained, 27 Apr. 2021. Accessed 26 Aug. 2022.

    "Cyber and physical security must validate their value in 2023." IFSEC Global, 12 Jan. 2023. Accessed 20 Jan. 2023.

    "Cybersecurity Evaluation Tool (CSET®)." Cybersecurity and Infrastructure Security Agency (CISA). Accessed 23 Jan. 2023.

    "Cybersecurity Maturity Model Certification (CMMC) 2.0." The United States' Department of Defense (DOD), 2021. Accessed 29 Dec. 2022.

    “Cyber Security Metrics for the Electric Sector: Volume 3.” Electric Power Research Institute (EPRI), 2017.

    Czachor, Emily. "Mass power outage in North Carolina caused by gunfire, repairs could take days." CBS News, 5 Dec. 2022. Accessed 20 Jan. 2023.

    Dang, Robert, et al. “Secure IT/OT Convergence.” Info-Tech Research Group, 9 Dec. 2022. Web.

    "Emergency Management Act (S.C. 2007, c. 15)." The Government of Canada, 2007. Accessed 19 Jan. 2023.

    "Emergency management vocabulary." Translation Bureau, Government of Canada. Accessed 19 Jan. 2023.

    Fennelly, Lawrence. Effective physical security. Butterworth-Heinemann, 2013.

    Ghaznavi-Zadeh, Rassoul. "Enterprise Security Architecture - A Top-down Approach." The Information Systems Audit and Control Association (ISACA). Accessed 25 Jan. 2023.

    "Good Practices for Security of Internet of Things." European Union Agency for Cybersecurity (ENISA), 2018. Accessed 27 Sep. 2022.

    "Health and Safety at Work etc Act 1974." The United Kingdom Parliament. Accessed 23 Jan. 2023.

    Hébert, Michel, et al. “Security Priorities 2023.” Info-Tech Research Group, 1 Feb. 2023. Web.

    "History and Initial Formation of Physical Security and the Origin of Authority." Office of Research Services (ORS), National Institutes of Health (NIH). March 3, 2017. Accessed 19 Jan. 2023.

    "IEC 62676-1-1:2013 Video surveillance systems for use in security applications - Part 1-1: System requirements - General." International Electrotechnical Commission (IEC), 2013. Accessed 9 Dec. 2022.

    "Incident Command System (ICS)." ICS Canada. Accessed 17 Jan. 2023.

    "Information Security Manual - Guidelines for Physical Security." The Australian Cyber Security Centre (ACSC), Dec. 2022. Accessed 13 Jan. 2023.

    "Integrated Physical Security Framework." Anixter. Accessed 8 Dec. 2022.

    "Integrating Risk and Security within a TOGAF® Enterprise Architecture." TOGAF 10, The Open Group. Accessed 11 Jan. 2023.

    Latham, Katherine. "The microchip implants that let you pay with your hand." BBC News, 11 Apr. 2022. Accessed 12 Jan. 2023.

    Linthicum, David. "2023 could be the year of public cloud repatriation." InfoWorld, 3 Jan. 2023. Accessed 10 Jan. 2023.

    Ma, Alexandra. "Thousands of people in Sweden are embedding microchips under their skin to replace ID cards." Business Insider, 14 May 2018. Accessed 12 Jan. 2023.

    Mendelssohn, Josh and Dana Tessler. "Take Control of Compliance Improvement to Conquer Every Audit." Info-Tech Research Group, 25 March 2015. Accessed 27 Jan. 2023.

    Meredith, Sam. "All you need to know about the Nord Stream gas leaks - and why Europe suspects 'gross sabotage'." CNBC, 11 Oct. 2022. Accessed 20 Jan. 2023.

    Nicaise, Vincent. "EU NIS2 Directive: what’s changing?" Stormshield, 20 Oct. 2022. Accessed 17 Nov. 2022.

    "NIST SP 800-53 Rev. 5 Security and Privacy Controls for Information Systems and Organizations." The National Institute of Standards and Technology (NIST), 13 Jul. 2022. Accessed 27 Jan. 2023.

    "North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) Series." NERC. Accessed 23 Jan. 2023.

    "North America Physical Security Market - Global Forecast to 2026." MarketsandMarkets, June 2021. Accessed 30 Dec. 2022.

    "NSTISSI No. 4011 National Training Standard For Information Systems Security (InfoSec) Professionals." The United States Committee on National Security Systems (CNSS), 20 Jun. 1994. Accessed 23 Jan. 2023.

    "Occupational Safety and Health Administration (OSH) Act of 1970." The United States Department of Labor. Accessed 23 Jan. 2023.

    Palter, Jay. "10 Mistakes Made in Designing a Physical Security Program." Real Time Networks, 7 Sep. 2022. Accessed 6 Jan. 2023.

    Parker, Donn. Fighting Computer Crime. John Wiley & Sons, 1998.

    Pathak, Parag. "What Is Threat Management? Common Challenges and Best Practices." Security Intelligence, 2020. Accessed 5 Jan. 2023.

    Pender-Bey, Georgie. "The Parkerian Hexad." Lewis University, 2012. Accessed 24 Jan. 2023.

    Philippou, Oliver. "2023 Trends to Watch: Physical Security Technologies." Omdia. Accessed 20 Jan. 2023.

    Phinney, Tom. "IEC 62443: Industrial Network and System Security." ISA and Honeywell Integrated Security Technology Lab. Accessed 30 Jan. 2023.

    "Physical Security Market, with COVID-19 Impact Analysis - Global Forecast to 2026." MarketsandMarkets, Jan. 2022. Accessed 30 Dec. 2022.

    "Physical Security Professional (PSP)" ASIS International. Accessed 17 Jan. 2023.

    "Physical Security Systems (PSS) Assessment Guide" The United States' Department of Energy (DOE), Dec. 2016. Accessed 23 Jan. 2023.

    "Policies, Standards, Best Practices, Guidance, and White Papers." Interagency Security Committee (ISC). Accessed 23 Jan. 2023.

    "Profiles, Add-ons and Specifications." ONVIF. Accessed 9 Dec. 2022.

    "Protective Security Policy Framework (PSPF)." The Australian Attorney-General's Department (AGD). Accessed 13 Jan. 2023.

    "Satellites detect methane plume in Nord Stream leak." The European Space Agency (ESA), 6 oct. 2022. Accessed 23 Jan. 2023.

    ""Satellites detect methane plume in Nord Stream leak." The European Space Agency (ESA), 6 oct. 2022. Accessed 23 Jan. 2023.

    Satgunananthan, Niru. "Challenges in Security Convergence?" LinkedIn, 8 Jan. 2022. Accessed 20 Dec. 2022.

    Sooknanan, Shastri and Isaac Kinsella. "Identify the Components of Your Cloud Security Architecture." Info-Tech Research Group, 12 March 2021. Accessed 26 Jan. 2023.

    "TC 79 Alarm and electronic security systems." International Electrotechnical Commission (IEC), n.d. Accessed 9 Dec. 2022.

    "The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard." Interagency Security Committee (ISC), 2021. Accessed 26 Jan. 2023.

    "The Short Guide to Why Security Programs Can Fail." CyberTalk, 23 Sep. 2021. Accessed 30 Dec. 2022.

    Verton, Dan. "Companies Aim to Build Security Awareness." Computerworld, 27 Nov. 2022. Accessed 26 Jan. 2023.

    "Vulnerability Assessment of Federal Facilities." The United States' Department of Justice, 28 Jun. 1995. Accessed 19 Jan. 2023.

    "What is IEC 61508?" 61508 Association. Accessed 23 Jan. 2023.

    Wolf, Gene. "Better Include Physical Security With Cybersecurity." T&D World 5 Jan. 2023. Accessed 19 Jan. 2023.

    Wood, Kate, and Isaac Kinsella. “Build an Information Security Strategy.” Info-Tech Research Group, 9 Sept. 2020. Web.

    Woolf, Tim, et al. "Benefit-Cost Analysis for Utility-Facing Grid Modernization Investments: Trends, Challenges, and Considerations." Lawrence Berkeley National Laboratory, Feb. 2021. Accessed 15 Nov. 2022.

    "Work Health and Safety Act 2011." The Australian Government. Accessed 13 Jan. 2023.

    Wu, Jing. “Industrial Control System Modernization: Unlock the Value of Automation in Utilities.” Info-Tech Research Group, 6 April 2023. Web.

    Research Contributors and Experts

    Amy L. Meger, IGP

    Information and Cyber Governance Manager
    Platte River Power Authority

    Andrew Amaro

    Chief Security Officer (CSO) & Founder
    KLAVAN Security

    Bilson Perez

    IT Security Manager
    4Wall Entertainment

    Dan Adams

    VP of Information Technology
    4Wall Entertainment

    Doery Abdou

    Senior Manager
    March Networks Corporate

    Erich Krueger

    Manager of Security Engineering
    Omaha Public Power District

    Kris Krishan

    Head of IT
    Waymo

    Owen Yardley

    Director, Facilities Security Preparedness
    Omaha Public Power District

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    • Buy Link or Shortcode: {j2store}472|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • The organization is planning to move resources to cloud or devise a networking strategy for their existing cloud infrastructure to harness value from cloud.
    • The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies and provide access to shared services on cloud.
    • A perennial challenge for infrastructure on cloud is planning for governance vs flexibility which is often overlooked.

    Our Advice

    Critical Insight

    Don’t wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and the future.

    Impact and Result

    • Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.
    • Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Deck – A document to guide you through designing your network in the cloud.

    What cloud networking topology should you use? How do you provide access to shared resources in the cloud or hybrid infrastructure? What sits in the hub and what sits in the spoke?

    • Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud Storyboard
    [infographic]

    Further reading

    Considerations for a Hub and Spoke Model When Deploying Infrastructure in the Cloud

    Don't revolve around a legacy design; choose a network design that evolves with the organization.

    Analyst Perspective

    Cloud adoption among organizations increases gradually across both the number of services used and the amount those services are used. However, network builders tend to overlook the vulnerabilities of network topologies, which leads to complications down the road, especially since the structures of cloud network topologies are not all of the same quality. A network design that suits current needs may not be the best solution for the future state of the organization.

    Even if on-prem network strategies were retained for ease of migration, it is important to evaluate and identify the cloud network topology that can not only elevate the performance of your infrastructure in the cloud, but also that can make it easier to manage and provision resources.

    An "as the need arises" strategy will not work efficiently since changing network designs will change the way data travels within your network, which will then need to be adopted to existing application architectures. This becomes more complicated as the number of services hosted in the cloud grows.

    Keep a network strategy in place early on and start designing your infrastructure accordingly. This gives you more control over your networks and eliminates the need for huge changes to your infrastructure down the road.

    This is a picture of Nitin Mukesh

    Nitin Mukesh
    Senior Research Analyst, Infrastructure and Operations
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The organization is planning to move resources to the cloud or devise a networking strategy for their existing cloud infrastructure to harness value from the cloud.

    The right topology needs to be selected to deploy network level isolation, design the cloud for management efficiencies, and provide access to shared services in the cloud.

    A perennial challenge for infrastructure in the cloud is planning for governance vs. flexibility, which is often overlooked.

    Common Obstacles

    The choice of migration method may result in retaining existing networking patterns and only making changes when the need arises.

    Networking in the cloud is still new, and organizations new to the cloud may not be aware of the cloud network designs they can consider for their business needs.

    Info-Tech's Approach

    Define organizational needs and understand the pros and cons of cloud network topologies to strategize for the networking design.

    Consider the layered complexities of addressing the governance vs. flexibility spectrum for your domains when designing your networks.

    Insight Summary

    Don't wait until the necessity arises to evaluate your networking in the cloud. Get ahead of the curve and choose the topology that optimizes benefits and supports organizational needs in the present and future.

    Your challenge

    Selecting the right topology: Many organizations migrate to the cloud retaining a mesh networking topology from their on-prem design, or they choose to implement the mesh design leveraging peering technologies in the cloud without a strategy in place for when business needs change. While there may be many network topologies for on-prem infrastructure, the network design team may not be aware of the best approach in cloud platforms for their requirements, or a cloud networking strategy may even go overlooked during the migration.

    Finding the right cloud networking infrastructure for:

    • Management efficiencies
    • Network-level isolation of resources
    • Access to shared services

    Deciding between governance and flexibility in networking design: In the hub and spoke model, if a domain is in the hub, the greater the governance over it, and if it sits in the spoke, the higher the flexibility. Having a strategy for the most important domains is key. For example, some security belongs in the hub and some security belongs in the spoke. The tradeoff here is if it sits completely in the spoke, you give it a lot of freedom, but it becomes harder to standardize across the organization.

    Mesh network topology

    A mesh is a design where virtual private clouds (VPCs) are connected to each other individually creating a mesh network. The network traffic is fast and can be redirected since the nodes in the network are interconnected. There is no hierarchical relationship between the networks, and any two networks can connect with each other directly.

    In the cloud, this design can be implemented by setting up peering connections between any two VPCs. These VPCs can also be set up to communicate with each other internally through the cloud service provider's network without having to route the traffic via the internet.

    While this topology offers high redundancy, the number of connections grows tremendously as more networks are added, making it harder to scale a network using a mesh topology.

    Mesh Network on AWS

    This is an image of a Mesh Network on AWS

    Source: AWS, 2018

    Constraints

    The disadvantages of peering VPCs into a mesh quickly arise with:

    • Transitive connections: Transitive connections are not supported in the cloud, unlike with on-prem networking. This means that if there are two networks that need to communicate, a single peering link can be set up between them. However, if there are more than two networks and they all need to communicate, they should all be connected to each other with separate individual connections.
    • Cost of operation: The lack of transitive routing requires many connections to be set up, which adds up to a more expensive topology to operate as the number of networks grows. Cloud providers also usually limit the number of peering networks that can be set up, and this limit can be hit with as few as 100 networks.
    • Management: Mesh tends to be very complicated to set up, owing to the large number of different peering links that need to be established. While this may be manageable for small organizations with small operations, for larger organizations with robust cybersecurity practices that require multiple VPCs to be deployed and interconnected for communications, mesh opens you up to multiple points of failure.
    • Redundancy: With multiple points of failure already being a major drawback of this design, you also cannot have more than one peered connection between any two networks at the same time. This makes designing your networking systems for redundancy that much more challenging.
    Number of virtual networks 10 20 50 100
    Peering links required
    [(n-1)*n]/2
    45 190 1225 4950

    Proportional relationship of virtual networks to required peering links in a mesh topology

    Case study

    INDUSTRY: Blockchain
    SOURCE: Microsoft

    An organization with four members wants to deploy a blockchain in the cloud, with each member running their own virtual network. With only four members on the team, a mesh network can be created in the cloud with each of their networks being connected to each other, adding up to a total of 12 peering connections (four members with three connections each). While the members may all be using different cloud accounts, setting up connections between them will still be possible.

    The organization wants to expand to 15 members within the next year, with each new member being connected with their separate virtual networks. Once grown, the organization will have a total of 210 peering connections since each of the virtual networks will then need 14 peering connections. While this may still be possible to deploy, the number of connections makes it harder to manage and would be that much more difficult to deploy if the organization grows to even 30 or 40 members. The new scale of virtual connections calls for an alternative networking strategy that cloud providers offer – the hub and spoke topology.

    This is an image of the connections involved in a mesh network with four participants.

    Source: Microsoft, 2017

    Hub and spoke network topology

    In hub and spoke network design, each network is connected to a central network that facilitates intercommunication between the networks. The central network, also called the hub, can be used by multiple workloads/servers/services for hosting services and for managing external connectivity. Other networks connected to the hub through network peering are called spokes and host workloads.

    Communications between the workloads/servers/services on spokes pass in or out of the hub where they are inspected and routed. The spokes can also be centrally managed from the hub with IT rules and processes.

    A hub and spoke design enable a larger number of virtual networks to be interconnected as each network only needs one peered connection (to the hub) to be able to communicate with any other network in the system.

    Hub and Spoke Network on AWS

    This is an image of the Hub and Spoke Network on AWS

    What hub and spoke networks do better

    1. Ease of connectivity: Hub and spoke decreases the liabilities of scale that come from a growing business by providing a consistent connection that can be scaled easily. As more networks are added to an organization, each will only need to be connected once – to the hub. The number of connections is considerably lower than in a mesh topology and makes it easier to maintain and manage.
    2. Business agility and scalability: It is easier to increase the number of networks than in mesh, making it easier to grow your business into new channels with less time, investment, and risk.
    3. Data collection: With a hub and spoke design, all data flows through the hub – depending on the design, this includes all ingress and egress to and from the system. This makes it an excellent central network to collect all business data.
    4. Network-level isolation: Hub and spoke enables separation of workloads and tiers into different networks. This is particularly useful to ensure an issue affecting a network or a workload does not affect the rest.
    5. Network changes: Changes to a separated network are much easier to carry out knowing the changes made will not affect all the other connected networks. This reduces work-hours significantly when systems or applications need to be altered.
    6. Compliance: Compliance requirements such as SOC 1 and SOC 2 require separate environments for production, development, and testing, which can be done in a hub and spoke model without having to re-create security controls for all networks.

    Hub and spoke constraints

    While there are plenty of benefits to using this topology, there are still a few notable disadvantages with the design.

    Point-to-point peering

    The total number of total peered connections required might be lower than mesh, but the cost of running independent projects is cheaper on mesh as point-to-point data transfers are cheaper.

    Global access speeds with a monolithic design

    With global organizations, implementing a single monolithic hub network for network ingress and egress will slow down access to cloud services that users will require. A distributed network will ramp up the speeds for its users to access these services.

    Costs for a resilient design

    Connectivity between the spokes can fail if the hub site dies or faces major disruptions. While there are redundancy plans for cloud networks, it will be an additional cost to plan and build an environment for it.

    Leverage the hub and spoke strategy for:

    Providing access to shared services: Hub and spoke can be used to give workloads that are deployed on different networks access to shared services by placing the shared service in the hub. For example, DNS servers can be placed in the hub network, and production or host networks can be connected to the hub to access it, or if the central network is set up to host Active Directory services, then servers in other networks can act as spokes and have full access to the central VPC to send requests. This is also a great way to separate workloads that do not need to communicate with each other but all need access to the same services.

    Adding new locations: An expanding organization that needs to add additional global or domestic locations can leverage hub and spoke to connect new network locations to the main system without the need for multiple connections.

    Cost savings: Apart from having fewer connections than mesh that can save costs in the cloud, hub and spoke can also be used to centralize services such as DNS and NAT to be managed in one location rather than having to individually deploy in each network. This can bring down management efforts and costs considerably.

    Centralized security: Enterprises can deploy a center of excellence on the hub for security, and the spokes connected to it can leverage a higher level of security and increase resilience. It will also be easier to control and manage network policies and networking resources from the hub.

    Network management: Since each spoke is peered only once to the hub, detecting connectivity problems or other network issues is made simpler in hub and spoke than on mesh. A network manager deployed on the cloud can give access to network problems faster than on other topologies.

    Hub and spoke – mesh hybrid

    The advantages of using a hub and spoke model far exceed those of using a mesh topology in the cloud and go to show why most organizations ultimately end up using the hub and spoke as their networking strategy.

    However, organizations, especially large ones, are complex entities, and choosing only one model may not serve all business needs. In such cases, a hybrid approach may be the best strategy. The following slides will demonstrate the advantages and use cases for mesh, however limited they might be.

    Where it can be useful:

    An organization can have multiple network topologies where system X is a mesh and system Y is a hub and spoke. A shared system Z can be a part of both systems depending on the needs.

    An organization can have multiple networks interconnected in a mesh and some of the networks in the mesh can be a hub for a hub-spoke network. For example, a business unit that works on data analysis can deploy their services in a spoke that is connected to a central hub that can host shared services such as Active Directory or NAT. The central hub can then be connected to a regional on-prem network where data and other shared services can be hosted.

    Hub and spoke – mesh hybrid network on AWS

    This is an image of the Hub and spoke – mesh hybrid network on AWS

    Why mesh can still be useful

    Benefits Of Mesh

    Use Cases For Mesh

    Security: Setting up a peering connection between two VPCs comes with the benefit of improving security since the connection can be private between the networks and can isolate public traffic from the internet. The traffic between the networks never has to leave the cloud provider's network, which helps reduce a class of risks.

    Reduced network costs: Since the peered networks communicate internally through the cloud's internal networks, the data transfer costs are typically cheaper than over the public internet.

    Communication speed: Improved network latency is a key benefit from using mesh because the peered traffic does not have to go over the public internet but rather the internal network. The network traffic between the connections can also be quickly redirected as needed.

    Higher flexibility for backend services: Mesh networks can be desirable for back-end services if egress traffic needs to be blocked to the public internet from the deployed services/servers. This also helps avoid having to set up public IP or network address translation (NAT) configurations.

    Connecting two or more networks for full access to resources: For example, consider an organization that has separate networks for each department, which don't all need to communicate with each other. Here, a peering network can be set up only between the networks that need to communicate with full or partial access to each other such as finance to HR or accounting to IT.

    Specific security or compliance need: Mesh or VPC peering can also come in handy to serve specific security needs or logging needs that require using a network to connect to other networks directly and in private. For example, global organizations that face regulatory requirements of storing or transferring data domestically with private connections.

    Systems with very few networks that do not need internet access: Workloads deployed in networks that need to communicate with each other but do not require internet access or network address translation (NAT) can be connected using mesh especially when there are security reasons to keep them from being connected to the main system, e.g. backend services such as testing environments, labs, or sandboxes can leverage this design.

    Designing for governance vs. flexibility in hub and spoke

    Governance and flexibility in managing resources in the cloud are inversely proportional: The higher the governance, the less freedom you have to innovate.

    The complexities of designing an organization's networks grow with the organization as it becomes global and takes on more services and lines of business. Organizations that choose to deploy the hub and spoke model face a dilemma in choosing between governance and flexibility for their networks. Organizations need to find that sweet spot to find the right balance between how much they want to govern their systems, mainly for security- and cost-monitoring, and how much flexibility they want to provide for innovation and other operations, since the two usually tend to have an inverse relationship.

    This decision in hub and spoke usually means that the domains chosen for higher governance must be placed in the hub network, and the domains that need more flexibility in a spoke. The key variables in the following slide will help determine the placement of the domain and will depend entirely on the organization's context.

    The two networking patterns in the cloud have layered complexities that need to be systematically addressed.

    Designing for governance vs. flexibility in hub and spoke

    If a network has more flexibility in all or most of these domains, it may be a good candidate for a spoke-heavy design; otherwise, it may be better designed in a hub-centric pattern.

    • Function: The function the domain network is assigned to and the autonomy the function needs to be successful. For example, software R&D usually requires high flexibility to be successful.
    • Regulations: The extent of independence from both internal and external regulatory constraints the domain has. For example, a treasury reporting domain typically has high internal and external regulations to adhere to.
    • Human resources: The freedom a domain has to hire and manage its resources to perform its function. For example, production facilities in a huge organization have the freedom to manage their own resources.
    • Operations: The freedom a domain has to control its operations and manage its own spending to perform its functions. For example, governments usually have different departments and agencies, each with its own budget to perform its functions.
    • Technology: The independence and the ability a domain has to manage its selection and implementation of technology resources in the cloud. For example, you may not want a software testing team to have complete autonomy to deploy resources.

    Optimal placement of services between the hub and spoke

    Shared services and vendor management

    Resources that are shared between multiple projects or departments or even by the entire organization should be hosted on the hub network to simplify sharing these services. For example, e-learning applications that may be used by multiple business units to train their teams, Active Directory accessed by most teams, or even SAAS platforms such as O365 and Salesforce can leverage buying power and drive down the costs for the organization. Shared services should also be standardized across the organization and for that, it needs to have high governance.

    Services that are an individual need for a network and have no preexisting relationship with other networks or buying power and scale can be hosted in a spoke network. For example, specialized accounting software used exclusively by the accounting team or design software used by a single team. Although the services are still a part of the wider network, it helps separate duties from the shared services network and provides flexibility to the teams to customize and manage their services to suit their individual needs.

    Network egress and interaction

    Network connections, be they in the cloud or hybrid-cloud, are used by everyone to either connect to the internet, access cloud services, or access the organization's data center. Since this is a shared service, a centralized networking account must be placed in the hub for greater governance. Interactions between the spokes in a hub and spoke model happens through the hub, and providing internet access to the spokes through the hub can help leverage cost benefits in the cloud. The network account will perform routing duties between the spokes, on-prem assets, and egress out to the internet.

    For example, NAT gateways in the cloud that are managed services are usually charged by the hour, and deploying NAT on each spoke can be harder to manage and expensive to maintain. A NAT gateway deployed in a central networking hub can be accessed by all spokes, so centralizing it is a great option.

    Note that, in some cases, when using edge locations for data transfers, it may be cost effective to deploy a NAT in the spoke, but such cases usually do not apply to most organizational units.

    A centralized network hub can also be useful to configure network policies and network resources while organizational departments can configure non-network resources, which helps separate responsibilities for all the spokes in the system. For example, subnets and routes can be controlled from the central network hub to ensure standardized network policies across the network.

    Security

    While there needs to be security in the hub and the spokes individually, finding the balance of operation can make the systems more robust. Hub and spoke design can be an effective tool for security when a principal security hub is hosted in the hub network. The central security hub can collect data from the spokes as well as non-spoke sources such as regulatory bodies and threat intelligence providers, and then share the information with the spokes.

    Threat information sharing is a major benefit of using this design, and the hub can take actions to analyze and enrich the data before sharing it with spokes. Shared services such as threat intelligence platforms (TIP) can also benefit from being centralized when stationed in the hub. A collective defense approach between the hub and spoke can be very successful in addressing sophisticated threats.

    Compliance and regulatory requirements such as HIPAA can also be placed in the hub, and the spokes connected to it can make use of it instead of having to deploy it in each spoke individually.

    Cloud metering

    The governance vs. flexibility paradigm usually decides the placement of cloud metering, i.e. if the organization wants higher control over cloud costs, it should be in the central hub, whereas if it prioritizes innovation, the spokes should be allowed to control it. Regardless of the placement of the domain, the costs can be monitored from the central hub using cloud-native monitoring tools such as Azure Monitor or any third-party software deployed in the hub.

    For ease of governance and since resources are usually shared at a project level, most cloud service providers suggest that an individual metering service be placed in the spokes. The centralized billing system of the organization, however, can make use of scale and reserved instances to drive down the costs that the spokes can take advantage of. For example, billing and access control resources are placed in the lower levels in GCP to enable users to set up projects and perform their tasks. These billing systems in the lower levels are then controlled by a centralized billing system to decide who pays for the resources provisioned.

    Don't get stuck with your on-prem network design. Design for the cloud.

    1. Peering VPCs into a mesh design can be an easy way to get onto the cloud, but it should not be your networking strategy for the long run.
    2. Hub and spoke network design offers more benefits than any other network strategy to be adopted only when the need arises. Plan for the design early on and keep a strategy in place to deploy it as early as possible.
    3. Hybrid of mesh and hub and spoke will be very useful in connecting multiple large networks especially when they need to access the same resources without having to route the traffic over the internet.
    4. Governance vs. flexibility should be a key consideration when designing for hub and spoke to leverage the best out of your infrastructure.
    5. Distribute domains across the hub or spokes to leverage costs, security, data collection, and economies of scale, and to foster secure interactions between networks.

    Cloud network design strategy

    This is an image of the framework for developing a Cloud Network Design Strategy.

    Bibliography

    Borschel, Brett. "Azure Hub Spoke Virtual Network Design Best Practices." Acendri Solutions, 13 Jan. 2022. Web.
    Singh, Garvit. "Amazon Virtual Private Cloud Connectivity Options." AWS, January 2018. Web.
    "What Is the Hub and Spoke Information Sharing Model?" Cyware, 16 Aug. 2021. Web.
    Youseff, Lamia. "Mesh and Hub-and-Spoke Networks on Azure." Microsoft, Dec. 2017. Web.

    Gain Control of Cloud Integration Strategies Before they Float Away

    • Buy Link or Shortcode: {j2store}362|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • IT is typically backlogged with tasks while the business waits to implement key solutions to remain competitive. In this competitive space, Cloud solutions offer attractive benefits to business stakeholders especially around agility and cost.
    • Moving to the Cloud involves more than outsourcing a component of the technology stack. Roles, processes, and authentication technologies need to be redefined to fit a distributed stack where parts of the IT solution space reside on-premise while the rest are in the Cloud.
    • Cloud integration means accepting loss of control in product development. A Cloud vendor will address the needs of most constituents and any high degree of customization which counteracts their business model. This makes integration a complex initiative involving two separate parties trying to align.

    Our Advice

    Critical Insight

    • Cloud integration is a fundamental commitment to change within the organization as it deeply impacts roles, processes, and technologies.
    • Be prepared to lose some degree of control of SLA management. IT will have to manage multiple Cloud SLAs and deliver a lowest common approach to the business. This may mean lowering the SLA standards previously set with on-premise solutions.
    • Cloud integration isn’t just about the technology. It is a dedication to establish solid relationships with the Cloud vendor. Understanding where the cloud solution is moving and what issues are being addressed are critical to creating an organizational road map for the future.

    Impact and Result

    • Develop a Cloud integration strategy by proactively understanding the impact of Cloud integration efforts to the organization.
    • Realize that Cloud integration will be an ongoing process of collaboration with the business, and that the initial implementation does not constitute an end.
    • Implement an integrated support structure that includes on-premise and cloud stacks.

    Gain Control of Cloud Integration Strategies Before they Float Away Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the impacts of Cloud computing on Data, Application, Access, and Service Level Agreement integration

    Assess your current level of Cloud adoption and integration, focusing on solutions that are emerging in the market and the applicability to your IT environment.

    • Storyboard: Gain Control of Cloud Integration Strategies Before they Float Away
    • Cloud Integration Checklist
    • None
    [infographic]

    Cybersecurity in Healthcare 2024

    Healthcare cybersecurity is a major concern for healthcare organizations and patients alike. In 2024, the healthcare industry faces several cybersecurity challenges, including the growing threat of ransomware, the increasing use of mobile devices in healthcare, and the need to comply with new regulations.

    Continue reading

    The First 100 Days As CIO

    • Buy Link or Shortcode: {j2store}540|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $54,525 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: High Impact Leadership
    • Parent Category Link: /lead
    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Our Advice

    Critical Insight

    • Foundational understanding must be achieved before you start. Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    • Listen before you act (usually). In most situations, executives benefit from listening to peers and staff before taking action.
    • Identify quick wins early and often. Fix problems as soon as you recognize them to set the tone for your tenure.

    Impact and Result

    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    The First 100 Days As CIO Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why the first 100 days of being a new executive is a crucial time that requires the right balance of listening with taking action. See how seven calls with an executive advisor will guide you through this period.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Check in with your executive advisor over seven calls

    Organize your first 100 days as CIO into activities completed within two-week periods, aided by the guidance of an executive advisor.

    • The First 100 Days As CIO – Storyboard
    • Organizational Catalog
    • Cultural Archetype Calculator
    • IT Capability Assessment

    2. Communicate your plan to your manager

    Communicate your strategy with a presentation deck that you will complete in collaboration with Info-Tech advisors.

    • The First 100 Days As CIO – Presentation Deck

    3. View an example of the final presentation

    See an example of a completed presentation deck, from the new CIO of Gotham City.

    • The First 100 Days As CIO – Presentation Deck Example

    4. Listen to our podcast

    Check out The Business Leadership podcast in Info-Tech's special series, The First 100 Days.

    • "The First 100 Days" Podcast – Alan Fong, CTO, DealerFX
    • "The First 100 Days" Podcast – Denis Gaudreault, country manager for Intel’s Canada and Latin America region
    • "The First 100 Days" Podcast – Dave Penny & Andrew Wertkin, BlueCat
    • "The First 100 Days" Podcast – Susan Bowen, CEO, Aptum
    • "The First 100 Days" Podcast – Wayne Berger, CEO IWG Plc Canada and Latin America
    • "The First 100 Days" Podcast – Eric Wright, CEO, LexisNexis Canada
    • "The First 100 Days" Podcast – Erin Bury, CEO, Willful
    [infographic]

    Further reading

    The First 100 Days As CIO

    Partner with Info-Tech for success in this crucial period of transition.

    Analyst Perspective

    The first 100 days refers to the 10 days before you start and the first three months on the job.

    “The original concept of ‘the first 100 days’ was popularized by Franklin Delano Roosevelt, who passed a battery of new legislation after taking office as US president during the Great Depression. Now commonly extended to the business world, the first 100 days of any executive role is a critically important period for both the executive and the organization.

    But not every new leader should follow FDR’s example of an action-first approach. Instead, finding the right balance of listening and taking action is the key to success during this transitional period. The type of the organization and the mode that it’s in serves as the fulcrum that determines where the point of perfect balance lies. An executive facing a turnaround situation will want to focus on more action more quickly. One facing a sustaining success situation or a realignment situation will want to spend more time listening before taking action.” (Brian Jackson, Research Director, CIO, Info-Tech Research Group)

    Executive summary

    Situation

    • You’ve been promoted from within to the role of CIO.
    • You’ve been hired externally to take on the role of CIO.

    Complication

    Studies show that two years after a new executive transition, as many as half are regarded as failures or disappointments (McKinsey). First impressions are hard to overcome, and a CIO’s first 100 days are heavily weighted in terms of how others will assess their overall success. The best way to approach this period is determined by both the size and the mode of an organization.

    Resolution

    • Work with Info-Tech to prepare a 100-day plan that will position you for success.
    • Collaborate to collect the details needed to identify the right mode for your organization and determine how it will influence your plan.
    • Use Info-Tech’s diagnostic tools to align your vision with that of business executives and form a baseline for future reference.

    Info-Tech Insight

    1. Foundational understanding must be achieved before you start.
      Hit the ground running before day one by using company documents and initial discussions to pin down the company’s type and mode.
    2. Listen before you act (usually).
      In most situations, executives benefit from listening to peers and staff before taking action.
    3. Identify quick wins early and often.
      Fix problems as soon as you recognize them to set the tone for your tenure.

    The First 100 Days: Roadmap

    A roadmap timeline of 'The 100-Day Plan' for your first 100 days as CIO and related Info-Tech Diagnostics. Step A: 'Foundational Preparation' begins 10 days prior to your first day. Step B: 'Management's Expectations' is Days 0 to 30, with the diagnostic 'CIO-CEO Alignment'. Step C: 'Assessing the IT Team' is Days 10 to 75, with the diagnostics 'IT M&G Diagnostic' at Day 30 and 'IT Staffing Assessment' at Day 60. Step D: 'Assess the Key Stakeholders' is Days 40 to 85 with the diagnostic 'CIO Business Vision Survey'. Step E: 'Deliver First-Year Plan' is Days 80 to 100.

    Concierge service overview

    Organize a call with your executive advisor every two weeks during your first 100 days. Info-Tech recommends completing our diagnostics during this period. If you’re not able to do so, instead complete the alternative activities marked with (a).

    Call 1 Call 2 Call 3 Call 4 Call 5 Call 6 Call 7
    Activities
    Before you start: Day -10 to Day 1
    • 1.1 Interview your predecessor.
    • 1.2 Learn the corporate structure.
    • 1.3 Determine STARS mode.
    • 1.4 Create a one-page intro sheet.
    • 1.5 Update your boss.
    Day 0 to 15
    • 2.1 Introduce yourself to your team.
    • 2.2 Document your sphere of influence.
    • 2.3 Complete a competitor array.
    • 2.4 Complete the CEO-CIO Alignment Program.
    • 2.4(a) Agree on what success looks like with the boss.
    • 2.5 Inform team of IT M&G Framework.
    Day 16 to 30
    • 3.1 Determine the team’s cultural archetype.
    • 3.2 Create a cultural adjustment plan.
    • 3.3 Initiate IT M&G Diagnostic.
    • 3.4 Conduct a high-level analysis of current IT capabilities.
    • 3.4 Update your boss.
    Day 31 to 45
    • 4.1 Inform stakeholders about CIO Business Vision survey.
    • 4.2 Get feedback on initial assessments from your team.
    • 4.3 Initiate CIO Business Vision survey.
    • 4.3(a) Meet stakeholders and catalog details.
    Day 46 to 60
    • 5.1 Inform the team that you plan to conduct an IT staffing assessment.
    • 5.2 Initiate the IT Staffing Assessment.
    • 5.3 Quick wins: Make recommend-ations based on CIO Business Vision Diagnostic/IT M&G Framework.
    • 5.4 Update your boss.
    Day 61 to 75
    • 6.1 Run a start, stop, continue exercise with IT staff.
    • 6.2 Make a categorized vendor list.
    • 6.3 Determine the alignment of IT commitments with business objectives.
    Day 76 to 90
    • 7.1 Finalize your vision – mission – values statement.
    • 7.2 Quick Wins: Make recommend-ations based on IT Staffing Assessment.
    • 7.3 Create and communicate a post-100-day plan.
    • 7.4 Update your boss.
    Deliverables Presentation Deck Section A: Foundational Preparation Presentation Deck slides 9, 11-13, 19-20, 29 Presentation Deck slides 16, 17, 21 Presentation Deck slides 30, 34 Presentation Deck slides 24, 25, 2 Presentation Deck slides 27, 42

    Call 1

    Before you start: Day -10 to Day 1

    Interview your predecessor

    Interviewing your predecessor can help identify the organization’s mode and type.

    Before reaching out to your predecessor, get a sense of whether they were viewed as successful or not. Ask your manager. If the predecessor remains within the organization in a different role, understand your relationship with them and how you'll be working together.

    During the interview, make notes about follow-up questions you'll ask others at the organization.

    Ask these open-ended questions in the interview:

    • Tell me about the team.
    • Tell me about your challenges.
    • Tell me about a major project your team worked on. How did it go?
    • Who/what has been helpful during your tenure?
    • Who/what created barriers for you?
    • What do your engagement surveys reveal?
    • Tell me about your performance management programs and issues.
    • What mistakes would you avoid if you could lead again?
    • Why are you leaving?
    • Could I reach out to you again in the future?

    Learn the corporate structure

    Identify the organization’s corporate structure type based on your initial conversations with company leadership. The type of structure will dictate how much control you'll have as a functional head and help you understand which stakeholders you'll need to collaborate with.

    To Do:

    • Review the organization’s structure list and identify whether the structure is functional, prioritized, or a matrix. If it's a matrix organization, determine if it's a strong matrix (project manager holds more authority), weak matrix (functional manager holds more authority), or balanced matrix (managers hold equal authority).

    Functional

    • Most common structure.
    • Traditional departments such as sales, marketing, finance, etc.
    • Functional managers hold most authority.

    Projectized

    • Most programs are implemented through projects with focused outcomes.
    • Teams are cross-functional.
    • Project managers hold the most authority.

    Matrix

    • Combination of projectized and functional.
    • Organization is a dynamic environment.
    • Authority of functional manager flows down through division, while authority of project manager flows sideways through teams.

    This organization is a ___________________ type.

    (Source: Simplilearn)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    Based on your interview process and discussions with company leadership, and using Michael Watkins’ STARS assessment, determine which mode your organization is in: startup, turnaround, accelerated growth, realignment, or sustaining success.

    Knowing the mode of your organization will determine how you approach your 100-day plan. Depending on the mode, you'll rebalance your activities around the three categories of assess, listen, and deliver.

    To Do:

    • Review the STARS table on the right.

    Based on your situation, prioritize activities in this way:

    • Startup: assess, listen, deliver
    • Turnaround: deliver, listen, assess
    • Accelerated Growth: assess, listen, deliver
    • Realignment: listen, assess, deliver
    • Sustaining success: listen, assess, deliver

    This organization is a ___________________ type.

    (Source: Watkins, 2013.)

    Presentation Deck, slide 6

    Determine the mode of the organization: STARS

    STARS Startup Turnaround Accelerated Growth Realignment Sustaining Success
    Definition Assembling capabilities to start a project. Project is widely seen as being in serious trouble. Managing a rapidly expanding business. A previously successful organization is now facing problems. A vital organization is going to the next level.
    Challenges Must build strategy, structures, and systems from scratch. Must recruit and make do with limited resources. Stakeholders are demoralized; slash and burn required. Requires structure and systems to scale; hiring and onboarding. Employees need to be convinced change is needed; restructure at the top required. Risk of living in shadow of a successful former leader.
    Advantages No rigid preconceptions. High-energy environment and easy to pivot. A little change goes a long way when people recognize the need. Motivated employee base willing to stretch. Organization has clear strengths; people desire success. Likely a strong team; foundation for success likely in place.

    Satya Nadella's listen, lead, and launch approach

    CASE STUDY

    Industry Software
    Source Gregg Keizer, Computerworld, 2014

    When Satya Nadella was promoted to the CEO role at Microsoft in 2014, he received a Glassdoor approval rating of 85% and was given an "A" grade by industry analysts after his first 100 days. What did he do right?

    • Created a sense of urgency by shaking up the senior leadership team.
    • Already understood the culture as an insider.
    • Listened a lot and did many one-on-one meetings.
    • Established a vision communicated with a mantra that Microsoft would be "mobile-first, cloud-first."
    • Met his words with actions. He launched Office for iPad and made many announcements for cloud platform Azure.
    Photo of Satya Nadella, CEO, Microsoft Corp.
    Satya Nadella, CEO, Microsoft Corp. (Image source: Microsoft)

    Listen to 'The First 100 Days' podcast – Alan Fong

    Create a one-page introduction sheet to use in communications

    As a new CIO, you'll have to introduce yourself to many people in the organization. To save time on communicating who you are as a person outside of the office, create a brief one-pager that includes a photo of you, where you were born and raised, and what your hobbies are. This helps make a connection more quickly so your conversations can focus on the business at hand rather than personal topics.

    For your presentation deck, remove the personal details and just keep it professional. The personal aspects can be used as a one-pager for other communications. (Source: Personal interview with Denis Gaudreault, Country Lead, Intel.)

    Presentation Deck, slide 5

    Call 2

    Day 1 to Day 15

    Introduce yourself to your team

    Prepare a 20-second pitch about yourself that goes beyond your name and title. Touch on your experience that's relevant to your new role or the industry you're in. Be straightforward about your own perceived strengths and weaknesses so that people know what to expect from you. Focus on the value you believe you'll offer the group and use humor and humility where you're comfortable. For example:

    “Hi everyone, my name is John Miller. I have 15 years of experience marketing conferences like this one to vendors, colleges, and HR departments. What I’m good at, and the reason I'm here, is getting the right people, businesses, and great ideas in a room together. I'm not good on details; that's why I work with Tim. I promise that I'll get people excited about the conference, and the gifts and talents of everyone else in this room will take over from there. I'm looking forward to working with all of you.”

    Have a structured set of questions ready that you can ask everyone.

    For example:
    • How well is the company performing based on expectations?
    • What must the company do to sustain its financial performance and market competitiveness?
    • How do you foresee the CIO contributing to the team?
    • How have past CIOs performed from the perspective of the team?
    • What would successful performance of this role look like to you? To your peers?
    • What challenges and obstacles to success am I likely to encounter? What were the common challenges of my predecessor?
    • How do you view the culture here and how do successful projects tend to get approved?
    • What are your greatest challenges? How could I help you?

    Get to know your sphere of influence: prepare to connect with a variety of people before you get down to work

    Your ability to learn from others is critical at every stage in your first 100 days. Keep your sphere of influence in the loop as you progress through this period.

    A diagram of circles within circles representing your spheres of influence. The smallest circle is 'IT Leaders' and is noted as your 'Immediate circle'. The next largest circle is 'IT Team', then 'Peers - Business Leads', then 'Internal Clients' which is noted as you 'Extended circle'. The largest circle is 'External clients'.

    Write down the names, or at least the key people, in each segment of this diagram. This will serve as a quick reference when you're planning communications with others and will help you remember everyone as you're meeting lots of new people in your early days on the job.

    • Everyone knows their networks are important.
    • However, busy schedules can cause leaders to overlook their many audiences.
    • Plan to meet and learn from all people in your sphere to gain a full spectrum of insights.

    Presentation Deck, slide 29

    Identify how your competitors are leveraging technology for competitive advantage

    Competitor identification and analysis are critical steps for any new leader to assess the relative strengths and weaknesses of their organization and develop a sense of strategic opportunity and environmental awareness.

    Today’s CIO is accountable for driving innovation through technology. A competitive analysis will provide the foundation for understanding the current industry structure, rivalry within it, and possible competitive advantages for the organization.

    Surveying your competitive landscape prior to the first day will allow you to come to the table prepared with insights on how to support the organization and ensure that you are not vulnerable to any competitive blind spots that may exist in the evaluations conducted by the organization already.

    You will not be able to gain a nuanced understanding of the internal strengths and weaknesses until you are in the role, so focus on the external opportunities and how competitors are using technology to their advantage.

    Info-Tech Best Practice

    For a more in-depth approach to identifying and understanding relevant industry trends and turning them into insights, leverage the following Info-Tech blueprints:

    Presentation Deck, slide 9

    Assess the external competitive environment

    Associated Activity icon

    INPUT: External research

    OUTPUT: Competitor array

    1. Conduct a broad analysis of the industry as a whole. Seek to answer the following questions:
      1. Are there market developments or new markets?
      2. Are there industry or lifestyle trends, e.g. move to mobile?
      3. Are there geographic changes in the market?
      4. Are there demographic changes that are shaping decision making?
      5. Are there changes in market demand?
    2. Create a competitor array by identifying and listing key competitors. Try to be as broad as possible here and consider not only entrenched close competitors but also distant/future competitors that may disrupt the industry.
    3. Identify the strengths, weaknesses, and key brand differentiators that each competitor brings to the table. For each strength and differentiator, brainstorm ways that IT-based innovation enables each. These will provide a toolkit for deeper conversations with your peers and your business stakeholders as you move further into your first 100 days.
    Competitor Strengths Weaknesses Key Differentiators IT Enablers
    Competitor 1
    Competitor 2
    Competitor 3

    Complete the CEO-CIO Alignment Program

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CEO-CEO Alignment Program (recommended)

    OUTPUT: Desired and target state of IT maturity, Innovation goals, Top priorities

    Materials: Presentation Deck, slides 11-13

    Participants: CEO, CIO

    Introduce the concept of the CEO-CIO Alignment Program using slide 10 of your presentation deck and the brief email text below.

    Talk to your advisory contact at Info-Tech about launching the program. More information is available on Info-Tech’s website.

    Once the report is complete, import the results into your presentation:

    • Slide 11, the CEO’s current and desired states
    • Slide 12, IT innovation goals
    • Slide 13, top projects and top departments from the CEO and the CIO

    Include any immediate recommendations you have.

    Hello CEO NAME,

    I’m excited to get started in my role as CIO, and to hit the ground running, I’d like to make sure that the IT department is aligned with the business leadership. We will accomplish this using Info-Tech Research Group’s CEO-CIO Alignment Program. It’s a simple survey of 20 questions to be completed by the CEO and the CIO.

    This survey will help me understand your perception and vision as I get my footing as CIO. I’ll be able to identify and build core IT processes that will automate IT-business alignment going forward and create an effective IT strategy that helps eliminate impediments to business growth.

    Research shows that IT departments that are effectively aligned to business goals achieve more success, and I’m determined to make our IT department as successful as possible. I look forward to further detailing the benefits of this program to you and answering any questions you may have the next time we speak.

    Regards,
    CIO NAME

    New KPIs for CEO-CIO Alignment — Recommended

    Info-Tech CEO-CIO Alignment Program

    Info-Tech's CEO-CIO Alignment Program is set up to build IT-business alignment in any organization. It helps the CIO understand CEO perspectives and priorities. The exercise leads to useful IT performance indicators, clarifies IT’s mandate and which new technologies it should invest in, and maps business goals to IT priorities.

    Benefits

    Master the Basics
    Cut through the jargon.
    Take a comprehensive look at the CEO perspective.
    Target Alignment
    Identify how IT can support top business priorities. Address CEO-CIO differences.
    Start on the Right Path
    Get on track with the CIO vision. Use correct indicators and metrics to evaluate IT from day one.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    The desired maturity level of IT — Alternative

    Associated Activity icon Use only if you can’t complete the CEO-CIO Alignment Program

    Step 1: Where are we today?

    Determine where the CEO sees the current overall maturity level of the IT organization.

    Step 2: Where do we want to be as an organization?

    Determine where the CEO wants the IT organization to be in order to effectively support the strategic direction of the business.

    A colorful visual representation of the different IT maturity levels. At the bottom is 'STRUGGLE, Unable to Provide Reliable Business Services', then moving upwards are 'SUPPORT, Reliable Infrastructure and IT Service Desk', 'OPTIMIZE, Effective Fulfillment of Work Orders, Functional Business Applications, and Reliable Service Management', 'EXPAND, Effective Execution on Business Projects, Strategic Use of Analytics and Customer Technology', and at the top is 'TRANSFORM, Reliable Technology Innovation'.

    Presentation Deck, slide 11

    Tim Cook's powerful use of language

    CASE STUDY

    Industry Consumer technology
    Source Carmine Gallo, Inc., 2019

    Apple CEO Tim Cook, an internal hire, had big shoes to fill after taking over from the late Steve Jobs. Cook's ability to control how the company is perceived is a big credit to his success. How does he do it? His favorite five words are “The way I see it..." These words allow him to take a line of questioning and reframe it into another perspective that he wants to get across. Similarly, he'll often say, "Let me tell you the way I look at it” or "To put it in perspective" or "To put it in context."

    In your first two weeks on the job, try using these phrases in your conversations with peers and direct reports. It demonstrates that you value their point of view but are independently coming to conclusions about the situation at hand.

    Photo of Tim Cook, CEO, Apple Inc.
    Tim Cook, CEO, Apple Inc. (Image source: Apple)

    Listen to 'The First 100 Days' podcast – Denis Gaudreault

    Inform your team that you plan to do an IT Management & Governance Diagnostic survey

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: IT Management & Governance Diagnostic (recommended)

    OUTPUT: Process to improve first, Processes important to the business

    Materials: Presentation Deck, slides 19-20

    Participants: CIO, IT staff

    Introduce the IT Management & Governance Diagnostic survey that will help you form your IT strategy.

    Explain that you want to understand current IT capabilities and you feel a formal approach is best. You’ll also be using this approach as an important metric to track your department’s success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take action on the email when it’s sent to them.

    Example email:

    Hello TEAM,

    I appreciate meeting each of you, and so far I’m excited about the talents and energy on the team. Now I need to understand the processes and capabilities of our department in a deeper way. I’d like to map our process landscape against an industry-wide standard, then dive deeper into those processes to understand if our team is aligned. This will help us be accountable to the business and plan the year ahead. Advisory firm Info-Tech Research Group will be reaching out to you with a simple survey that shouldn’t take too long to complete. It’s important to me that you pay attention to that message and complete the survey as soon as possible.

    Regards,
    CIO NAME

    Call 3

    Day 16 to Day 30

    Leverage team interviews as a source of determining organizational culture

    Info-Tech recommends that you hold group conversations with your team to uncover their opinions of the current organizational culture. This not only helps build transparency between you and your team but also gives you another means of observing behavior and reactions as you listen to team members’ characterizations of the current culture.

    A visualization of the organizational culture of a company asks the question 'What is culture?' Five boxes are stacked, the bottom two are noted as 'The invisible causes' and the top two are noted as 'The visible signs'. From the bottom, 'Fundamental assumptions and beliefs', 'Values and attitudes', 'The way we do things around here', 'Behaviors', and at the top, 'Environment'. (Source: Hope College Blog Network)

    Note: It is inherently difficult for people to verbalize what constitutes a culture – your strategy for extracting this information will require you to ask indirect questions to solicit the highest value information.

    Questions for Discussion:

    • What about the current organizational environment do you think most contributes to your success?
    • What barriers do you experience as you try to accomplish your work?
    • What is your favorite quality that is present in our organization?
    • What is the one thing you would most like to change about this organization?
    • Do the organization's policies and procedures support your efforts to accomplish work or do they impede your progress?
    • How effective do you think IT’s interactions are with the larger organization?
    • What would you consider to be IT’s top three guiding principles?
    • What kinds of people fail in this organization?

    Supporting Tool or Template icon See Info-Tech’s Cultural Archetype Calculator.

    Use the Competing Values Framework to define your organization’s cultural archetype

    THE COMPETING VALUES FRAMEWORK (CVF):

    CVF represents the synthesis of academic study of 39 indicators of effectiveness for organizations. Using a statistical analysis, two polarities that are highly predictive of differences in organizational effectiveness were isolated:

    1. Internal focus and integration vs. external focus and differentiation.
    2. Stability and control vs. flexibility and discretion.

    By plotting these dimensions on a matrix of competing values, four main cultural archetypes are identified with their own value drivers and theories of effectiveness.

    A map of cultural archetypes with 'Internal control and integration' on the left, 'External focus and differentiation' on the right, 'Flexibility and discretion' on top, and 'Stability and control' on the bottom. Top left is 'Clan Archetype', internal and flexible. Top right is 'Adhocracy Archetype', external and flexible. Bottom left is 'Hierarchy Archetype', internal and controlled. Bottom right is 'Market Archetype', external and controlled.

    Presentation Deck, slide 16

    Create a cultural adjustment plan

    Now that you've assessed the cultural archetype, you can plan an appropriate approach to shape the culture in a positive way. When new executives want to change culture, there are a few main options at hand:

    Autonomous evolution: Encourage teams to learn from each other. Empower hybrid teams to collaborate and reward teams that perform well.

    Planned and managed change: Create steering committee and project-oriented taskforces to work in parallel. Appoint employees that have cultural traits you'd like to replicate to hold responsibility for these bodies.

    Cultural destruction: When a toxic culture needs to be eliminated, get rid of its carriers. Putting new managers or directors in place with the right cultural traits can be a swift and effective way to realign.

    Each option boils down to creating the right set of incentives and deterrents. What behaviors will you reward and which ones will you penalize? What do those consequences look like? Sometimes, but not always, some structural changes to the team will be necessary. If you feel these changes should be made, it's important to do it sooner rather than later. (Source: “Enlarging Your Sphere of Influence in Your Organization,” MindTools Corporate, 2014.)

    As you're thinking about shaping a desired culture, it's helpful to have an easy way to remember the top qualities you want to espouse. Try creating an acronym that makes it easy for staff to remember. For example: RISE could remind your staff to be Responsive, Innovative, Sustainable, and Engaging (RISE). Draw upon your business direction from your manager to help produce desired qualities (Source: Jennifer Schaeffer).

    Presentation Deck, slide 17

    Gary Davenport’s welcome “surprise”

    CASE STUDY

    Industry Telecom
    Source Interview with Gary Davenport

    After Gary Davenport was hired on as VP of IT at MTS Allstream, his first weekend on the job was spent at an all-executive offsite meeting. There, he learned from the CEO that the IT department had a budget reduction target of 25%, like other departments in the company. “That takes your breath away,” Davenport says.

    He decided to meet the CEO monthly to communicate his plans to reduce spending while trying to satisfy business stakeholders. His top priorities were:

    1. Stabilize IT after seven different leaders in a five-year period.
    2. Get the IT department to be respected. To act like business owners instead of like servants.
    3. Better manage finances and deliver on projects.

    During Davenport’s 7.5-year tenure, the IT department became one of the top performers at MTS Allstream.

    Photo of Gary Davenport.
    Gary Davenport’s first weekend on the job at MTS Allstream included learning about a 25% reduction target. (Image source: Ryerson University)

    Listen to 'The First 100 Days' podcast – David Penny & Andrew Wertkin

    Initiate IT Management & Governance Diagnostic — Recommended

    Info-Tech Management & Governance Diagnostic

    Talk to your Info-Tech executive advisor about launching the survey shortly after informing your team to expect it. You'll just have to provide the names and email addresses of the staff you want to be involved. Once the survey is complete, you'll harvest materials from it for your presentation deck. See slides 19 and 20 of your deck and follow the instructions on what to include.

    Benefits

    A sample of the 'High Level Process Landscape' materials available from Info-Tech. A sample of the 'Strategy and Governance In Depth Results' materials available from Info-Tech. A sample of the 'Process Accountability' materials available from Info-Tech.
    Explore IT Processes
    Dive deeper into performance. Highlight problem areas.
    Align IT Team
    Build consensus by identifying opposing views.
    Ownership & Accountability
    Identify process owners and hold team members accountable.

    Supporting Tool or Template icon Additional materials available on Info-Tech’s website.

    Conduct a high-level analysis of current IT capabilities — Alternative

    Associated Activity icon

    INPUT: Interviews with IT leadership team, Capabilities graphic on next slide

    OUTPUT: High-level understanding of current IT capabilities

    Run this activity if you're not able to conduct the IT Management & Governance Diagnostic.

    Schedule meetings with your IT leadership team. (In smaller organizations, interviewing everyone may be acceptable.) Provide them a list of the core capabilities that IT delivers upon and ask them to rate them on an effectiveness scale of 1-5, with a short rationale for their score.

    • 1. Not effective (NE)
    • 2. Somewhat Effective (SE)
    • 3. Effective (E)
    • 4. Very Effective (VE)
    • 5. Extremely Effective (EE)

    Presentation Deck, slide 21

    Use the following set of IT capabilities for your assessment

    Strategy & Governance

    IT Governance Strategy Performance Measurement Policies Quality Management Innovation

    People & Resources

    Stakeholder Management Resource Management Financial Management Vendor Selection & Contract Management Vendor Portfolio Management Workforce Strategy Strategic Comm. Organizational Change Enablement

    Service Management & Operations

    Operations Management Service Portfolio Management Release Management Service Desk Incident & Problem Management Change Management Demand Management

    Infrastructure

    Asset Management Infrastructure Portfolio Management Availability & Capacity Management Infrastructure Management Configuration Management

    Information Security & Risk

    Security Strategy Risk Management Compliance, Audit & Review Security Detection Response & Recovery Security Prevention

    Applications

    Application Lifecycle Management Systems Integration Application Development User Testing Quality Assurance Application Maintenance

    PPM & Projects

    Portfolio Management Requirements Gathering Project Management

    Data & BI

    Data Architecture BI & Reporting Data Quality & Governance Database Operations Enterprise Content Management

    Enterprise Architecture

    Enterprise Architecture Solution Architecture

    Quick wins: CEO-CIO Alignment Program

    Complete this while waiting on the IT M&G survey results. Based on your completed CEO-CIO Alignment Report, identify the initiatives you can tackle immediately.

    If you are here... And want to be here... Drive toward... Innovate around...
    Business Partner Innovator Leading business transformation
    • Emerging technologies
    • Analytical capabilities
    • Risk management
    • Customer-facing tech
    • Enterprise architecture
    Trusted Operator Business Partner Optimizing business process and supporting business transformation
    • IT strategy and governance
    • Business architecture
    • Projects
    • Resource management
    • Data quality
    Firefighter Trusted Operator Optimize IT processes and services
    • Business applications
    • Service management
    • Stakeholder management
    • Work orders
    Unstable Firefighter Reduce use disruption and adequately support the business
    • Network and infrastructure
    • Service desk
    • Security
    • User devices

    Call 4

    Day 31 to Day 45

    Inform your peers that you plan to do a CIO Business Vision survey to gauge your stakeholders’ satisfaction

    Associated Activity icon Run the diagnostic program or use the alternative activities to complete your presentation

    INPUT: CIO Business Vision survey (recommended)

    OUTPUT: True measure of business satisfaction with IT

    Materials: Presentation Deck, slide 30

    Participants: CIO, IT staff

    Meet the business leaders at your organization face-to-face if possible. If you can't meet in person, try a video conference to establish some rapport. At the end of your introduction and after listening to what your colleague has to say, introduce the CIO Business Vision Diagnostic.

    Explain that you want to understand how to meet their business needs and you feel a formal approach is best. You'll also be using this approach as an important metric to track your department's success. Tell them that Info-Tech Research Group will be conducting the survey and it’s important to you that they take the survey when the email is sent to them.

    Example email:

    Hello PEER NAMES,

    I'm arranging for Info-Tech Research Group to invite you to take a survey that will be important to me. The CIO Business Vision survey will help me understand how to meet your business needs. It will only take about 15 minutes of your time, and the top-line results will be shared with the organization. We will use the results to plan initiatives for the future that will improve your satisfaction with IT.

    Regards,
    CIO NAME

    Gain feedback on your initial assessments from your IT team

    There are two strategies for gaining feedback on your initial assessments of the organization from the IT team:

    1. Review your personal assessments with the relevant members of your IT organization as a group. This strategy can help to build trust and an open channel for communication between yourself and your team; however, it also runs the risk of being impacted by groupthink.
    2. Ask for your team to complete their own assessments for you to compare and contrast. This strategy can help extract more candor from your team, as they are not expected to communicate what may be nuanced perceptions of organizational weaknesses or criticisms of the way certain capabilities function.

    Who you involve in this process will be impacted by the size of your organization. For larger organizations, involve everyone down to the manager level. In smaller organizations, you may want to involve everyone on the IT team to get an accurate lay of the land.

    Areas for Review:

    • Strategic Document Review: Are there any major themes or areas of interest that were not covered in my initial assessment?
    • Competitor Array: Are there any initiatives in flight to leverage new technologies?
    • Current State of IT Maturity: Does IT’s perception align with the CEO’s? Where do you believe IT has been most effective? Least effective?
    • IT’s Key Priorities: Does IT’s perception align with the CEO’s?
    • Key Performance Indicators: How has IT been measured in the past?

    Info-Tech Best Practice

    You need your team’s hearts and minds or you risk a short tenure. Overemphasizing business commitment by neglecting to address your IT team until after you meet your business stakeholders will result in a disenfranchised group. Show your team their importance.

    Susan Bowen's talent maximization

    CASE STUDY

    Industry Infrastructure Services
    Source Interview with Susan Bowen

    Susan Bowen was promoted to be the president of Cogeco Peer 1, an infrastructure services firm, when it was still a part of Cogeco Communications. Part of her mandate was to help spin out the business to a new owner, which occurred when it was acquired by Digital Colony. The firm was renamed Aptum and Bowen was put in place as CEO, which was not a certainty despite her position as president at Cogeco Peer 1. She credits her ability to put the right talent in the right place as part of the reason she succeeded. After becoming president, she sought a strong commitment from her directors. She gave them a choice about whether they'd deliver on a new set of expectations – or not. She also asks her leadership on a regular basis if they are using their talent in the right way. While it's tempting for directors to want to hold on to their best employees, those people might be able to enable many more people if they can be put in another place.

    Bowen fully rounded out her leadership team after Aptum was formed. She created a chief operating officer and a chief infrastructure officer. This helped put in place more clarity around roles at the firm and put an emphasis on client-facing services.

    Photo of Susan Bowen, CEO, Aptum.
    Susan Bowen, CEO, Aptum (Image source: Aptum)

    Listen to 'The First 100 Days' podcast – Susan Bowen

    Initiate CIO Business Vision survey – new KPIs for stakeholder management — Recommended

    Info-Tech CIO Business Vision

    Be sure to effectively communicate the context of this survey to your business stakeholders before you launch it. Plan to talk about your plans to introduce it in your first meetings with stakeholders. When ready, let your executive advisor know you want to launch the tool and provide the names and email addresses of the stakeholders you want involved. After you have the results, harvest the materials required for your presentation deck. See slide 30 and follow the instructions on what to include.

    Benefits

    Icon for Key Stakeholders. Icon for Credibility. Icon for Improve. Icon for Focus.
    Key Stakeholders
    Clarify the needs of the business.
    Credibility
    Create transparency.
    Improve
    Measure IT’s progress.
    Focus
    Find what’s important.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Create a catalog of key stakeholder details to reference prior to future conversations — Alternative

    Only conduct this activity if you’re not able to run the CIO Business Vision diagnostic.

    Use the Organizational Catalog as a personal cheat sheet to document the key details around each of your stakeholders, including your CEO when possible.

    The catalog will be an invaluable tool to keep the competing needs of your different stakeholders in line, while ensuring you are retaining the information to build the political capital needed to excel in the C-suite.

    Note: It is important to keep this document private. While you may want to communicate components of this information, ensure your catalog remains under lock and (encryption) key.

    Screenshot of the Organizational Catalog for Stakeholders. At the top are spaces for 'Name', 'Job Title', etc. Boxes include 'Key Personal Details', 'Satisfaction Levels With IT', 'Preferred Communications', 'Key Activities', 'In-Flight and Scheduled Projects', 'Key Performance Indicators', and 'Additional Details'.

    Info-Tech Insight

    While profiling your stakeholders is important, do not be afraid to profile yourself as well. Visualizing how your interests overlap with those of your stakeholders can provide critical information on how to manage your communications so that those on the receiving end are hearing exactly what they need.

    Activity: Conduct interviews with your key business stakeholders — Alternative

    Associated Activity icon

    1. Once you have identified your key stakeholders through your interviews with your boss and your IT team, schedule a set of meetings with those individuals.
    2. Use the meetings to get to know your stakeholders, their key priorities and initiatives, and their perceptions of the effectiveness of IT.
      1. Use the probative questions to the right to elicit key pieces of information.
      2. Refer to the Organizational Catalog tool for more questions to dig deeper in each category. Ensure that you are taking notes separate from the tool and are keeping the tool itself secure, as it will contain private information specific to your interests.
    3. Following each meeting, record the results of your conversation and any key insights in the Organizational Catalog. Refer to the following slide for more details.

    Questions for Discussion:

    • Be indirect about your personal questions – share stories that will elicit details about their interests, kids, etc.
    • What are your most critical/important initiatives for the year?
    • What are your key revenue streams, products, and services?
    • What are the most important ways that IT supports your success? What is your satisfaction level with those services?
    • Are there any current in-flight projects or initiatives that are a current pain point? How can IT assist to alleviate challenges?
    • How is your success measured? What are your targets for the year on those metrics?

    Presentation Deck, slide 34

    Call 5

    Day 46 to Day 60

    Inform your team that you plan to do an IT staffing assessment

    Associated Activity icon Introduce the IT Staffing Assessment that will help you get the most out of your team

    INPUT: Email template

    OUTPUT: Ready to launch diagnostic

    Materials: Email template, List of staff, Sample of diagnostic

    Participants: CIO, IT staff

    Explain that you want to understand how the IT staff is currently spending its time by function and by activity. You want to take a formal approach to this task and also assess the team’s feelings about its effectiveness across different processes. The results of the assessment will serve as the foundation that helps you improve your team’s effectiveness within the organization.

    Example email:

    Hello PEER NAMES,

    The feedback I've heard from the team since joining the company has been incredibly useful in beginning to formulate my IT strategy. Now I want to get a clear picture of how everyone is spending their time, especially across different IT functions and activities. This will be an opportunity for you to share feedback on what we're doing well, what we need to do more of, and what we're missing. Expect to receive an email invitation to take this survey from Info-Tech Research Group. It's important to me that you complete the survey as soon as you're can. Attached you’ll find an example of the report this will generate. Thank you again for providing your time and feedback.

    Regards,
    CIO NAME

    Wayne Berger's shortcut to solve staffing woes

    CASE STUDY

    Industry Office leasing
    Source Interview with Wayne Berger

    Wayne Berger was hired to be the International Workplace Group (IWG) CEO for Canada and Latin America in 2014.

    Wayne approached his early days with the office space leasing firm as a tour of sorts, visiting nearly every one of the 48 office locations across Canada to host town hall meetings. He heard from staff at every location that they felt understaffed. But instead of simply hiring more staff, Berger actually reduced the workforce by 33%.

    He created a more flexible approach to staffing:

    • Employees no longer just reported to work at one office; instead, they were ready to go to wherever they were most needed in a specific geographic area.
    • He centralized all back-office functions for the company so that not every office had to do its own bookkeeping.
    • Finally, he changed the labor profile to consist of full-time staff, part-time staff, and time-on-demand workers.
    Photo of Wayne Berger, CEO, IWG Plc.
    Wayne Berger, CEO, IWG Plc (Image source: IWG)

    Listen to 'The First 100 Days' podcast – Wayne Berger

    Initiate IT Staffing Assessment – new KPIs to track IT performance — Recommended

    Info-Tech IT Staffing Assessment

    Info-Tech’s IT Staffing Assessment provides benchmarking of key metrics against 4,000 other organizations. Dashboard-style reports provide key metrics at a glance, including a time breakdown by IT function and by activity compared against business priorities. Run this survey at about the 45-day mark of your first 90 days. Its insights will be used to inform your long-term IT strategy.

    Benefits

    Icon for Right-Size IT Headcount. Icon for Allocate Staff Correctly. Icon for Maximize Teams.
    Right-Size IT Headcount
    Find the right level for stakeholder satisfaction.
    Allocate Staff Correctly
    Identify staff misalignments with priorities.
    Maximize Teams
    Identify how to drive staff.

    Supporting Tool or Template icon Additional materials are available on Info-Tech’s website.

    Quick wins: Make recommendations based on IT Management & Governance Framework

    Complete this exercise while waiting on the IT Staffing Assessment results. Based on your completed IT Management & Governance report, identify the initiatives you can tackle immediately. You can conduct this as a team exercise by following these steps:

    1. Create a shortlist of initiatives based on the processes that were identified as high need but scored low in effectiveness. Think as broadly as possible during this initial brainstorming.
    2. Write each initiative on a sticky note and conduct a high-level analysis of the amount of effort that would be required to complete it, as well as its alignment with the achievement of business objectives.
    3. Draw the matrix below on a whiteboard and place each sticky note onto the matrix based on its potential impact and difficulty to address.
    A matrix of initiative categories based on effort to achieve and alignment with business objectives. It is split into quadrants: the vertical axis is 'Potential Impact' with 'High, Fully supports achievement of business objectives' at the top and 'Low, Limited support of business objectives' at the bottom; the horizontal axis is 'Effort' with 'Low' on the left and 'High' on the right. Low impact, low effort is 'Low Current Value, No immediate attention required, but may become a priority in the future if business objectives change'. Low impact, high effort is 'Future Reassessment, No immediate attention required, but may become a priority in the future if business objectives change'. High impact, high effort is 'Long-Term Initiatives, High impact on business outcomes but will take more effort to implement. Schedule these in your long-term roadmap'. High impact, low effort is 'Quick Wins, High impact on business objectives with relatively small effort. Some combination of these will form your early wins'.

    Call 6

    Day 61 to Day 75

    Run a start, stop, continue exercise with your IT staff — Alternative

    This is an alternative activity to running an IT Staffing Assessment, which contains a start/stop/continue assessment. This activity can be facilitated with a flip chart or a whiteboard. Create three pages or three columns and label them Start, Stop, and Continue.

    Hand out sticky notes to each team member and then allow time for individual brainstorming. Instruct them to write down their contributions for each category on the sticky notes. After a few minutes, have everyone stick their notes in the appropriate category on the board. Discuss as a group and see what themes emerge. Record the results that you want to share in your presentation deck (GroupMap).

    Gather your team and explain the meaning of these categories:

    Start: Activities you're not currently doing but should start doing very soon.

    Stop: Activities you're currently doing but aren’t working and should cease.

    Continue: Things you're currently doing and are working well.

    Presentation Deck, slide 24

    Determine the alignment of IT commitments with business objectives

    Associated Activity icon

    INPUT: Interviews with IT leadership team

    OUTPUT: High-level understanding of in-flight commitments and investments

    Run this only as an alternative to the IT Management & Governance Diagnostic.

    1. Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.
    2. Determine the following about IT’s current investment mix:
      1. What are the current IT investments and assets? How do they align to business goals?
      2. What investments in flight are related to which information assets?
      3. Are there any immediate risks identified for these key investments?
      4. What are the primary business issues that demand attention from IT consistently?
      5. What choices remain undecided in terms of strategic direction of the IT organization?
    3. Document your key investments and commitments as well as any points of misalignment between objectives and current commitments as action items to address in your long-term plans. If they are small fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Determine the alignment of IT commitments with business objectives

    Run this only as an alternative to the IT Staffing Assessment diagnostic.

    Schedule meetings with IT leadership to understand what commitments have been made to the business in terms of new products, projects, or enhancements.

    Determine the following about IT’s current investment mix:

    • What are the current IT investments and assets?
    • How do they align to business goals?
    • What in-flight investments are related to which information assets?
    • Are there any immediate risks identified for these key investments?
    • What are the primary business issues that demand attention from IT consistently?
    • What remains undecided in terms of strategic direction of the IT organization?

    Document your key investments and commitments, as well as any points of misalignment between objectives and current commitments, as action items to address in your long-term plans. If they are small-effort fixes, consider them during your quick-win identification.

    Presentation Deck, slide 25

    Make a categorized vendor list by IT process

    As part of learning the IT team, you should also create a comprehensive list of vendors under contract. Collaborate with the finance department to get a clear view of how much of the IT budget is spent on specific vendors. Try to match vendors to the IT processes they serve from the IT M&G framework.

    You should also organize your vendors based on their budget allocation. Go beyond just listing how much money you’re spending with each vendor and categorize them into either “transactional” relationships or “strategic relationships.” Use the grid below to organize them. Ideally, you’ll want most relationships to be high spend and strategic (Source: Gary Davenport).

    A matrix of vendor categories with the vertical axis 'Spend' increasing upward, and the horizontal axis 'Type of relationship' with values 'Transactional' or 'Strategic'. The bottom left corner is 'Low Spend Transactional', the top right corner is 'High Spend Strategic'.

    Where to source your vendor list:

    • Finance department
    • Infrastructure managers
    • Vendor manager in IT

    Further reading: Manage Your Vendors Before They Manage You

    Presentation Deck, slide 26

    Jennifer Schaeffer’s short-timeline turnaround

    CASE STUDY

    Industry Education
    Source Interview with Jennifer Schaeffer

    Jennifer Schaeffer joined Athabasca University as CIO in November 2017. She was entering a turnaround situation as the all-online university lacked an IT strategy and had built up significant technical debt. Armed with the mandate of a third-party consultant that was supported by the president, Schaeffer used a people-first approach to construct her strategy. She met with all her staff, listening to them carefully regardless of role, and consulted with the administrative council and faculty members. She reflected that feedback in her plan or explained to staff why it wasn’t relevant for the strategy. She implemented a “strategic calendaring” approach for the organization, making sure that her team members were participating in meetings where their work was assessed and valued. Drawing on Spotify as an inspiration, she designed her teams in a way that everyone was connected to the customer experience. Given her short timeline to execute, she put off a deep skills analysis of her team for a later time, as well as creating a full architectural map of her technology stack. The outcome is that 2.5 years later, the IT department is unified in using the same tooling and optimization standards. It’s more flexible and ready to incorporate government changes, such as offering more accessibility options.

    Photo of Jennifer Schaeffer.
    Jennifer Schaeffer took on the CIO role at Athabasca University in 2017 and was asked to create a five-year strategic plan in just six weeks.
    (Image source: Athabasca University)

    Listen to 'The First 100 Days' podcast – Eric Wright

    Call 7

    Day 76 to Day 90

    Finalize your vision – mission – values statement

    A clear statement for your values, vision, and mission will help crystallize your IT strategy and communicate what you're trying to accomplish to the entire organization.

    Mission: This statement describes the needs that IT was created to meet and answers the basic question of why IT exists.

    Vision: Write a statement that captures your values. Remember that the vision statement sets out what the IT organization wants to be known for now and into the future.

    Values: IT core values represent the standard axioms by which the IT department operates. Similar to the core values of the organization as a whole, IT’s core values are the set of beliefs or philosophies that guide its strategic actions.

    Further reading: IT Vision and Mission Statements Template

    Presentation Deck, slide 42

    John Chen's new strategic vision

    CASE STUDY

    Industry Mobile Services
    Source Sean Silcoff, The Globe and Mail

    John Chen, known in the industry as a successful turnaround executive, was appointed BlackBerry CEO in 2014 following the unsuccessful launch of the BlackBerry 10 mobile operating system and a new tablet.

    He spent his first three months travelling, talking to customers and suppliers, and understanding the company's situation. He assessed that it had a problem generating cash and had made some strategic errors, but there were many assets that could benefit from more investment.

    He was blunt about the state of BlackBerry, making cutting observations of the past mistakes of leadership. He also settled a key question about whether BlackBerry would focus on consumer or enterprise customers. He pointed to a base of 80,000 enterprise customers that accounted for 80% of revenue and chose to focus on that.

    His new mission for BlackBerry: to transform it from being a "mobile technology company" that pushes handset sales to "a mobile solutions company" that serves the mobile computing needs of its customers.

    Photo of John Chen, CEO of BlackBerry.
    John Chen, CEO of BlackBerry, presents at BlackBerry Security Summit 2018 in New York City (Image source: Brian Jackson)

    Listen to 'The First 100 Days' podcast – Erin Bury

    Quick wins: Make recommendations based on the CIO Business Vision survey

    Based on your completed CIO Business Vision survey, use the IT Satisfaction Scorecard to determine some initiatives. Focus on areas that are ranked as high importance to the business but low satisfaction. While all of the initiatives may be achievable given enough time, use the matrix below to identify the quick wins that you can focus on immediately. It’s important to not fail in your quick-win initiative.

    • High Visibility, Low Risk: Best bet for demonstrating your ability to deliver value.
    • Low Visibility, Low Risk: Worth consideration, depending on the level of effort required and the relative importance to the stakeholder.
    • High Visibility, High Risk: Limit higher-risk initiatives until you feel you have gained trust from your stakeholders, demonstrating your ability to deliver.
    • Low Visibility, High Risk: These will be your lowest value, quick-win initiatives. Keep them in a backlog for future consideration in case business objectives change.
    A matrix of initiative categories based on organizational visibility and risk of failure. It is split into quadrants: the vertical axis is 'Organizational Visibility' with 'High' at the top and 'Low' at the bottom; the horizontal axis is 'Risk of Failure' with 'Low' on the left and 'High' on the right. 'Low Visibility, Low Risk, Few stakeholders will benefit from the initiative’s implementation.' 'Low Visibility, High Risk, No immediate attention is required, but it may become a priority in the future if business objectives change.' 'High Visibility, Low Risk, Multiple stakeholders will benefit from the initiative’s implementation, and it has a low risk of failure.' 'High Visibility, High Risk, Multiple stakeholders will benefit from the initiative’s implementation, but it has a higher risk of failure.'

    Presentation Deck, slide 27

    Create and communicate a post-100 plan

    The last few slides of your presentation deck represent a roundup of all the assessments you’ve done and communicate your plan for the months ahead.

    Slide 38. Based on the information on the previous slide and now knowing which IT capabilities need improvement and which business priorities are important to support, estimate where you'd like to see IT staff spend their time in the near future. Will you be looking to shift staff from one area to another? Will you be looking to hire staff?

    Slide 39. Take your IT M&G initiatives from slide 19 and list them here. If you've already achieved a quick win, list it and mark it as completed to show what you've accomplished. Briefly outline the objectives, how you plan to achieve the result, and what measurement will indicate success.

    Slide 40. Reflect your CIO Business Vision initiatives from slide 31 here.

    Slide 41. Use this roadmap template to list your initiatives by roughly when they’ll be worked on and completed. Plan for when you’ll update your diagnostics.

    Expert Contributors

    Photo of Alan Fong, Chief Technology Officer, Dealer-FX Alan Fong, Chief Technology Officer, Dealer-FX
    Photo of Andrew Wertkin, Chief Strategy Officer, BlueCat NetworksPhoto of David Penny, Chief Technology Officer, BlueCat Networks Andrew Wertkin, Chief Strategy Officer, BlueCat Networks
    David Penny, Chief Technology Officer, BlueCat Networks
    Photo of Susan Bowen, CEO, Aptum Susan Bowen, CEO, Aptum
    Photo of Erin Bury, CEO, Willful Erin Bury, CEO, Willful
    Photo of Denis Gaudreault, Country Manager, Intel Canada and Latin America Denis Gaudreault, Country Manager, Intel Canada and Latin America
    Photo of Wayne Berger, CEO, IWG Plc Wayne Berger, CEO, IWG Plc
    Photo of Eric Wright, CEO, LexisNexis Canada Eric Wright, CEO, LexisNexis Canada
    Photo of Gary Davenport Gary Davenport, past president of CIO Association” of Canada, former VP of IT, Enterprise Solutions Division, MTS AllStream
    Photo of Jennifer Schaeffer, VP of IT and CIO, Athabasca University Jennifer Schaeffer, VP of IT and CIO, Athabasca University

    Bibliography

    Beaudan, Eric. “Do you have what it takes to be an executive?” The Globe and Mail, 9 July 2018. Web.

    Bersohn, Diana. “Go Live on Day One: The Path to Success for a New CIO.” PDF document. Accenture, 2015. Web.

    Bradt, George. “Executive Onboarding When Promoted From Within To Follow A Successful Leader.” Forbes, 15 Nov. 2018. Web.

    “CIO Stats: Length of CIO Tenure Varies By Industry.” CIO Journal, The Wall Street Journal. 15 Feb. 2017. Web.

    “Enlarging Your Sphere of Influence in Your Organization: Your Learning and Development Guide to Getting People on Side.” MindTools Corporate, 2014.

    “Executive Summary.” The CIO's First 100 Days: A Toolkit. PDF document. Gartner, 2012. Web.

    Forbes, Jeff. “Are You Ready for the C-Suite?” KBRS, n.d. Web.

    Gallo, Carmine. “Tim Cook Uses These 5 Words to Take Control of Any Conversation.” Inc., 9 Aug. 2019. Web.

    Giles, Sunnie. “The Most Important Leadership Competencies, According to Leaders Around the World.” Harvard Business Review, 15 March 2016. Web.

    Godin, Seth. “Ode: How to tell a great story.” Seth's Blog. 27 April 2006. Web.

    Green, Charles W. “The horizontal dimension of race: Social culture.” Hope College Blog Network, 19 Oct. 2014. Web.

    Hakobyan, Hayk. “On Louis Gerstner And IBM.” Hayk Hakobyan, n.d. Web.

    Bibliography

    Hargrove, Robert. Your First 100 Days in a New Executive Job, edited by Susan Youngquist. Kindle Edition. Masterful Coaching Press, 2011.

    Heathfield, Susan M. “Why ‘Blink’ Matters: The Power of Your First Impressions." The Balance Careers, 25 June 2019. Web.

    Hillis, Rowan, and Mark O'Donnell. “How to get off to a flying start in your new job.” Odgers Berndtson, 29 Nov. 2018. Web.

    Karaevli, Ayse, and Edward J. Zajac. “When Is an Outsider CEO a Good Choice?” MIT Sloan Management Review, 19 June 2012. Web.

    Keizer, Gregg. “Microsoft CEO Nadella Aces First-100-Day Test.” Computerworld, 15 May 2014. Web.

    Keller, Scott, and Mary Meaney. “Successfully transitioning to new leadership roles.” McKinsey & Company, May 2018. Web.

    Kress, R. “Director vs. Manager: What You Need to Know to Advance to the Next Step.” Ivy Exec, 2016. Web.

    Levine, Seth. “What does it mean to be an ‘executive’.” VC Adventure, 1 Feb. 2018. Web.

    Lichtenwalner, Benjamin. “CIO First 90 Days.” PDF document. Modern Servant Leader, 2008. Web.

    Nawaz, Sabina. “The Biggest Mistakes New Executives Make.” Harvard Business Review, 15 May 2017. Web.

    Pruitt, Sarah. “Fast Facts on the 'First 100 Days.‘” History.com, 22 Aug. 2018. Web.

    Rao, M.S. “An Action Plan for New CEOs During the First 100 Days.” Training, 4 Oct. 2014. Web.

    Reddy, Kendra. “It turns out being a VP isn't for everyone.” Financial Post, 17 July 2012. Web.

    Silcoff, Sean. “Exclusive: John Chen’s simple plan to save BlackBerry.” The Globe & Mail, 24 Feb. 2014. Web.

    Bibliography

    “Start Stop Continue Retrospective.” GroupMap, n.d. Web.

    Surrette, Mark. “Lack of Rapport: Why Smart Leaders Fail.” KBRS, n.d. Web.

    “Understanding Types of Organization – PMP Study.” Simplilearn, 4 Sept. 2019. Web.

    Wahler, Cindy. “Six Behavioral Traits That Define Executive Presence.” Forbes, 2 July 2015. Web.

    Watkins, Michael D. The First 90 Days, Updated and Expanded. Harvard Business Review Press, 2013.

    Watkins, Michael D. “7 Ways to Set Up a New Hire for Success.” Harvard Business Review, 10 May 2019. Web.

    “What does it mean to be a business executive?” Daniels College of Business, University of Denver, 12 Aug. 2014. Web.

    Yeung, Ken. “Turnaround: Marissa Mayer’s first 300 days as Yahoo’s CEO.” The Next Web, 19 May 2013. Web.

    Equip Managers to Effectively Manage Virtual Teams

    • Buy Link or Shortcode: {j2store}600|cart{/j2store}
    • member rating overall impact: 9.7/10 Overall Impact
    • member rating average dollars saved: $20,240 Average $ Saved
    • member rating average days saved: 4 Average Days Saved
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Virtual team members must rely upon collaboration technology to communicate and collaborate.
    • Management practices and approaches that work face to face do not always translate effectively in virtual contexts.
    • Managers cannot rely upon spontaneous social interactions that happen organically when people are colocated to build meaningful and trusting relationships. Space and time need to be created in a virtual environment for this to happen.
    • Observing an employee’s performance or development can be more difficult, and relying on others’ feedback becomes more critical for managing performance and development.

    Our Advice

    Critical Insight

    • Managing virtual teams does not require developing new manager competencies. Instead, managers need to “dial up” competencies they already have and adjust their approaches.
    • Setting clear expectations with virtual teams creates the foundation needed to manage them effectively.
    • Virtual employees crave more meaningful interactions about performance and development with their managers.

    Impact and Result

    • Create a solid foundation for managing virtual teams by setting clear expectations and taking a more planful approach to managing performance and employee development.
    • Dial up key management competencies that you already have. Managers do not need to develop new competencies; they just need to adjust and refocus their approaches.

    Equip Managers to Effectively Manage Virtual Teams Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Equip managers to effectively manage virtual teams

    Equip managers to become more effective with managing remote teams.

    The workbook serves as a reference guide participants will use to support formal training.

    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Workbook: Equip Managers to Effectively Manage Virtual Teams
    • Standard Participant Training Session Evaluation Template

    2. Additional Resources

    Many organizations are developing plans to allow employees more flexible work options, including remote work. Use these resources to help managers and employees make the most of remote work arrangements.

    • Work-From-Home Tips for Managers
    • Work-From-Home Tips for Employees
    • Health & Safety at Home Infographic
    • Wellness and Working From Home
    • Ergonomic Workspaces Infographic
    [infographic]

    Further reading

    Equip Managers to Effectively Manage Virtual Teams

    Learning objectives

    Describe the benefits of virtual teams.

    Create a plan for adopting effective management practices and setting clear expectations with virtual teams.

    Identify potential solutions to the challenges of managing performance and developing members of virtual teams.

    Create an action plan to increase effectiveness in managing virtual teams.

    Target audience

    People managers who manage or plan to manage virtual teams.

    Training length

    Two three-hour sessions

    Training material

    • Use the speaker’s notes in the notes pane section of each slide to plan and practice the training session.
    • Activity slides are scattered throughout this training deck and are clearly numbered in the slide title.
    • Notes in italics are written to the facilitator and are not meant to be read aloud.
    • Download the Workbook for participants to use.

    Suggested materials for activities:

    • Index cards or sticky notes
    • Markers
    • Whiteboard/large table space/flip chart

    Agenda & activities

    Section 1

    Section 2

    10 min

    Welcome: Overview & Introductions

    • Introductions
    10 min

    Welcome: Overview & Introductions

    • Session 1 Review
    • Session 2 Overview
    50 min

    1.1 Introduction to virtual teams

    • What kind of virtual team do you lead?
    • Virtual team benefits and challenges
    55 min

    2.1 Managing wellbeing in a virtual team context

    • Share current practices and challenges regarding wellbeing in virtual teams
    • Identify and discuss proposed solutions
    • Develop draft action plan for managing wellbeing in a virtual team context
    5 min

    Break

    5 min Break
    45 min

    1.2 Laying the foundation for a virtual team

    • Identify behaviors to better inform, interact with, and involve team members
    60 min

    2.2 Managing performance in a virtual team context

    • Share current performance management practices for virtual teams
    • Identify challenges of current practices and propose solutions
    • Develop draft action plan for managing performance in a virtual team context
    10 min

    Break

    10 min Break
    55 min

    1.2 Laying the foundation for a virtual team

    • Identify and share ways you prefer to communicate for different activities
    • Develop draft action plan for laying the foundation for a virtual team
    40 min

    Action planning & conclusion

    • Refine consolidated action plan (three parts) and commit to implementing it
    • Key takeaways
    5 min

    Session 1 Wrap-Up

    Recommended Customization

    Review all slides and adjust the language or content as needed to suit your organizational context and culture.

    The pencil icon to the left denotes slides requiring customization of the slide and/or the speaker’s notes, e.g. adding in an organization-specific process.

    Customization instructions are found in the notes pane.

    Tips

    • Adjust the speaker’s notes on the slides before (or after) any slides you modify or delete to ensure logical transitions between slides.
    • Update the agenda to reflect new timings if major modifications are made.
    • Even seasoned leaders need to be reminded of the basics now and again. Rather than delete more basic slides, cut back on the amount of time spent covering them and frame the content as a refresher.
    • Participant Workbooks
    • Relevant organization-specific documents (see side panel)
    • Training Session Feedback Form

    Required Information

    • Communication guidelines for managers (e.g. cadence of manager interactions)
    • Performance management process and guidelines
    • Employee development guidelines
    • List of available resources (e.g. social collaboration tools)

    Effectively Manage Virtual Teams

    Section 1.1

    Practical foundations for managing teams in a remote environment

    Feasibility of virtual IT teams

    Most organizations are planning some combination of remote and onsite work in 2022.

    This is an image of a bar graph demonstrating the percentage of companies who have the following plans for return to work: Full work-from-home (All employees WFH permanently) - 4% ; No work-from-home permitted	9% ; Partial work-from-home team (Eligible employees can WFH for a certain portion of their work week)	23% ; Balanced work-from-home team (All employees can WFH for a certain portion of their work week)	28% ; Hybrid work-from-home team (Eligible employees WFH on a full-time basis)	37%

    Source: IT Talent Trends, 2022; n=199

    Speaker’s Notes:

    Most organizations are planning some combination of remote and onsite work in 2022 – the highest reported plans for WFH were hybrid, balanced, and partial work-from-home. This builds on our findings in the IT Talent Trends 2022 report.

    Feasibility of virtual IT teams

    What percentage of roles in IT are capable of being performed remotely permanently?

    Approximately what percentage of roles in IT are capable of being performed remotely permanently?

    0% to less than 10%: 3%; 10% to less than 25%: 5%; 25% to less than 50%: 12%; 50% to less than 75%: 30%; 75% to 100%L 50%.

    IT Talent Trends, 2022; n=207

    Speaker’s Notes:

    80% of respondents estimated that 50 to 100% of IT roles can be performed remotely.

    Virtual teams take all kinds of forms

    A virtual team is any team that has members that are not colocated and relies on technology for communications.

    This image depicts the three levels of virtual teams, Municipal; National; Global.

    Speaker’s Notes:

    Before we start, it will be useful to review what we mean by the term “virtual team.” For our purposes we will be defining a virtual team as any team that has members that are not colocated and relies on technology for communications.

    There are a wide variety of virtual work arrangements and a variety of terms used to describe them. For example, some common terms include:

    • “Flexible work arrangements”: Employees have the option to work where they see fit (within certain constraints). They may choose to work from the office, home, a shared office space, the road, etc.
    • “Remote work,” “work from home,” and “telecommuting”: These are just various ways of describing how or where people are working virtually. They all share the idea that these kinds of employees are not colocated.
    • “Multi-office team”: the team members all work in office environments, but they may not always be in the same office as their team members or manager.

    Our definition of virtual work covers all of these terms. It is also distance neutral, meaning that it applies equally to teams that are dispersed globally or regionally or even those working in the same cities but dispersed throughout different buildings. Our definition also applies whether virtual employees work full time or part time.

    The challenges facing managers arise as soon as some team members are not colocated and have to rely on technology to communicate and coordinate work. Greater distances between employees can complicate challenges (e.g. time zone coordination), but the core challenges of managing virtual teams are the same whether those workers are merely located in different buildings in the same city or in different buildings on different continents.

    1.1 What kind of virtual team do you lead?

    15 Minutes

    Working on your own, take five minutes to figure out what kind of virtual team you lead.

    1. How many people on your team work virtually (all, most, or a small percentage)?
    2. How often and how regularly do they tend to work virtually (full time, part time regularly, or part time as needed)?
    3. What kinds of virtual work arrangements are there on your team (multi-site, work from home, mobile employees)?
    4. Where do your workers tend to be physically located (different offices but in the same city/region or globally dispersed)?
    5. Record this information in your workbook.
    6. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Size of virtual team
    • Current remote work practices

    Output

    • Documented list of current state of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Advantages

    Benefits to the organization

    Benefits to employees

    Operational continuity in disaster situations that prevent employees from coming into the office.

    Cost savings: Employees who WFH half the time can save $2,500 to $4,000 per year (Global Workplace Analytics, 2021).

    Cost savings: Organizations save ~$11,000 annually per employee working from home half the time (Global Workplace Analytics, 2021).

    Time savings: Employees who WFH half the time save on average 11 workdays per year (Global Workplace Analytics, 2021).

    Increased attraction: 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2021).

    Improved wellbeing:

    83% employees agree that WFH would make them happier.

    80% agree that WFH would decrease their stress.

    81% agree that WFH would improve their ability to manage their work-life balance.

    (Owl Labs, 2021)

    Increased retention: 74% of employees would be less likely to leave their employer if they could WFH (Owl Labs, 2021).

    Increased flexibility: 32% of employees rated the “ability to have a flexible schedule” as the biggest benefit of WFH (OWL Labs, 2021).

    Increased productivity: 50% of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Increased engagement: Offsite employees tend to have higher overall engagement than onsite employees (McLean & Company Engagement Survey, 2020).

    Speaker’s Notes:

    Remote work arrangements are becoming more and more common, and for good reason: there are a lot of benefits to the organization – and to employees.

    #1: Save Money

    Perhaps one of the most common reasons for opting for remote-work arrangements is the potential cost savings. One study found that organizations could save about $11,000 per employee working from home half the time (Global Workplace Analytics, 2021).

    #2 Increased Attraction

    In addition, supporting remote-work arrangements can attract employees. One study found that 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2019).

    #3 Improve productivity.

    There are also improvements to productivity. Fifty percent of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).

    Remote work also has benefits to employees.

    #1: Save Money

    As with organizations, employees also benefit financially from remote work arrangements, saving between $2,500 and $4,000 and on average 11 working days while working from home half of the time.

    #2: Improved Wellbeing

    Most employees agree that working from home makes them happier, reduces stress, and provides an improved work-life balance through increased flexibility.

    Challenges

    Organizations

    • Concerns that WFH may stifle innovation (Scientific American, 2021), likely due to the potential lack of collaboration and knowledge sharing.
    • Fewer organic opportunities for informal interaction between employees working from home means active efforts are required to foster organizational culture.

    Leaders

    • 42% of managers believe that monitoring the productivity of their direct reports is a top challenge of WFH (Ultimate Software, 2019).
    • The lack of in-person supervision compounded with a lack of trust in employees leads many leaders to believe that WFH will result in a drop in productivity.

    Employees

    • 20% of employees report collaboration/communication as their top struggle with WFH (Owl Labs, 2021).
    • Employees often experience burnout from working longer hours due to the lack of commute, blurring of work and home life, and the perceived need to prove their productivity.

    Many of these barriers can be addressed by changing traditional mindsets and finding alternative ways of working, but the traditional approach to work is so entrenched that it has been hard to make the shift.

    Speaker’s Notes:

    Many organizations are still grappling with the challenges of remote work. Some are just perceived challenges, while others are quite real.

    Limited innovation and a lack of informal interaction are a potential consequence of failing to properly adapt to the remote-work environment.

    Leaders also face challenges with remote work. Losing in-person supervision has led to the lack of trust and a perceived drop in productivity.

    A study conducted 2021 asked remote workers to identify their biggest struggle with working remotely. The top three struggles remote workers report facing are unplugging after work, loneliness, and collaborating and/or communicating.

    Seeing the struggles remote workers identify is a good reminder that these employees have a unique set of challenges. They need their managers to help them set boundaries around their work; create feelings of connectedness to the organization, culture, and team; and be expert communicators.

    1.2 Virtual teams: benefits and challenges

    20 Minutes

    1. Discuss and list:
      1. Any positives you’ve experienced since managing virtual employees.
      2. Any challenges you’ve had to manage connected to managing virtual employees.
    2. Record information in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Personal experiences managing remote teams

    Output

    • List of benefits and challenges of remote work

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 1.2

    Laying the foundations for a virtual team

    The 3i’s: Inform, interact, and involve your way to effective management:

    Inform

    Interact Involve

    ↓ Down

    Connect

    ↑ Up

    Tell employees the whys

    Get to know employees

    Solicit input from employees

    Speaker’s Notes:

    Effectively managing a virtual team really comes down to adopting management approaches that will engage virtual employees.

    Managing a virtual team does not actually require a new management style. The basics of effective management are the same in both colocated and virtual teams; however, the emphasis on certain behaviors and actions we take often differs. Managing a virtual team requires much more thoughtfulness and planning in our everyday interactions with our teams as we cannot rely on the relative ease of face-to-face interactions available to colocated teams.

    The 3i’s Engaging Management Model is useful when interacting with all employees and provides a handy framework for more planful interactions with virtual employees.

    Think of your management responsibilities in these three buckets – they are the most important components of being an effective manager. We’re first going to look at inform and involve before moving on to interact.

    Inform: Relay information down from senior management and leaders to employees. Communicate the rationale behind decisions and priorities, and always explain how they will directly affect employees.

    Why is this important? According to McLean & Company’s Engagement Survey data, employees who say their managers keep them well informed about decisions that affect them are 3.4 times more likely to be engaged (Source: McLean & Company, 2020; N=77,363). Your first reaction to this might be “I already do this,” which may very well be the case. Keep in mind, though, we sometimes tend to communicate on a “need-to-know basis,” especially when we are stressed or short on time. Engaging employees takes more. Always focus on explaining the “why?” or the rationale behind business decisions.

    It might seem like this domain should be the least affected, since important company announcements probably continue in a remote environment. But remember that information like that also flows informally. And even in formal settings, there are question-and-answer opportunities. Or maybe your employee might come to your office to ask for more details. Virtual team members can’t gather around the watercooler. They don’t have the same opportunities to hear information in passing as people who are colocated do, so managers need to make a concerted effort to share information with virtual team members in a clear and timely way.

    Swinging over to the other end, we have involve: Involve your employees. Solicit information and feedback from employees and collaborate with them.

    However, it’s not enough to just solicit their feedback and input; you also need to act on it.

    Make sure you involve your employees in a meaningful way. Such collaboration makes employees feel like a valued part of the team. Not to mention that they often have information and perspectives that can help make your decisions stronger!

    Employees who say their department leaders act on feedback from them are 3.9 times more likely to be engaged than those whose leaders don’t. (Source: McLean & Company, 2020; N=59,779). That is a huge difference!

    Keeping virtual employees engaged and feeling connected and committed to the organization requires planful and regular application of the 3i’s model.

    Finally, Interact: Connect with employees on a personal level; get to know them and understand who they are on a personal and professional level.

    Why? Well, over and above the fact that it can be rewarding for you to build stronger relationships with your team, our data shows that human connection makes a significant difference with employees. Employees who believe their managers care about them as a person are 3.8 times more likely to be engaged than those who do not (Source: McLean & Company, 2017; N=70,927).

    And you might find that in a remote environment, this is the area that suffers the most, since a lot of these interactions tend to be unscripted, unscheduled, and face to face.

    Typically, if we weren’t in the midst of a pandemic, we’d emphasize the importance of allocating some budget to travel and get some face-to-face time with your staff. Meeting and interacting with team members face to face is crucial to building trusting relationships, and ultimately, an effective team, so given the context of our current circumstances, we recommend the use of video when interacting with your employees who are remote.

    Relay information down from senior management to employees.

    Ensure they’ve seen and understand any organization-wide communication.

    Share any updates in a timely manner.

    Connect with employees on a personal level.
    Ask how they’re doing with the new work arrangement.
    Express empathy for challenges (sick family member, COVID-19 diagnosis, etc.).
    Ask how you can support them.
    Schedule informal virtual coffee breaks a couple of times a week and talk about non-work topics.

    Get information from employees and collaborate with them.
    Invite their input (e.g. have a “winning remotely” brainstorming session).
    Escalate any challenges you can’t address to your VP.
    Give them as much autonomy over their work as possible – don’t micromanage.

    1.3 Identify behaviors to inform, interact with, and involve team members

    20 Minutes

    Individually:

    1. Identify one behavior for each of Inform, Interact, and Involve to improve.
    2. Record information in the workbook.

    As a group:

    1. Discuss behaviors to improve for each of Inform, Interact, and Involve and record new ideas to incorporate into your leadership practice.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • 3i's Model
    • Current leadership behaviors to improve

    Output

    • List of behaviors to better inform, interact, and involve team members

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Laying the foundation: Set clear expectations

    Tasks

    • What are the daily and weekly team activities? How do they affect one another?

    Goals

    • Clarify any adjustments to strategy based on the situation; clarify metrics.

    Communication

    • How often and when will you check in? What should they come to you for? What modalities will you use and when?

    Roadblocks

    • Involve your team in deciding how to handle roadblocks and challenges.

    Speaker’s Notes:

    Clear expectations are important in any environment, remote or not. But it is much harder to do in a remote environment. The barrier to seeking clarification is so much higher (For example, email vs. catching someone in hallway, or you can’t notice that a colleague is struggling without them asking).

    Communication – This is one area where the importance actually changes in a remote context. We’ve been talking about a lot of practices that are the same in importance whether you’re in an office or remote, and maybe you just enact them differently. But clarity around communication processes is actually tremendously more important in a remote environment.

    Adopt a five-step process to set specific and documented expectations

    1. Check in with how your team member is doing on a daily basis. Don’t forget to ask how they are doing personally.
    2. Follow up on previously set expectations. Ask how things are going. Discuss if priorities or expectations have changed and update expectations accordingly.
    3. Ask if they are experiencing any roadblocks and collaborate to find solutions.
    4. Provide feedback and recognition as appropriate.
    5. Document newly set expectations – either through a collaboration tool or through email.

    Speaker’s Notes:

    Suggested best practices: Hold daily team check-ins and hold separate individual check-ins. Increase frequency of these.

    During Check-in
    1. Set up a running Teams chat for your team.
    • This is your community. You must be the biggest cheerleader and keep the team feeling like they are contributing. Make sure everyone is involved.
  • Start each workday with a video scrum to discuss what’s coming today for your team.
    • Ask: What are you planning to work on today? Are there any roadblocks I can help with? Technology working OK?
  • Right after your team meeting, set up an “every morning video call” one-on-one meeting with each team member (5-10 minutes max).
    • Ask: What are you working on today? What will your momentum metrics be? What do you need from me?
  • Set up a separate video call at the end of the afternoon to review what everyone did (5 minutes max).
    • Ask: What went well? What went poorly? How can we improve?
  • After a Check-in
    1. Be accessible:
      • Ensure your team knows the best way to get in touch with you.
      • Email is not ideal for informal, frequent contact – use messaging instead.
    2. Be available:
      • Keep a running conversation going in Teams.
      • Respond in a timely manner; address issues quickly so that your team has what they need to succeed.
      • Let your team know if you’ll be away/offline for longer than an hour during the workday and ask them to do the same (e.g. for an appointment).
      • Help address roadblocks, answer questions, clarify priorities, etc.

    Define communication requirements

    • Set up an ongoing communication with your team.
      • E.g. a running conversation on Slack or Teams
    • Schedule daily virtual meetings and check-ins.
      • This can help to maintain a sense of normalcy and conduct a pulse check on your team.
    • Use video for important conversations.
      • Video chat creates better rapport, shows body language, and lessens feelings of isolation, but it can be taxing.
    • Set expectations about communication.
      • Differentiate between day-to-day communication and updates on the state of events.
    • Clearly communicate the collaboration toolkit.
      • What do we have available? What is the purpose of each?

    Speaker’s Notes:

    With organizational expectations set, we need to establish team expectations around how we collaborate and communicate.

    Today there is no lack of technology available to support our virtual communication. We can use the phone, conference calls, videoconferencing, Skype, instant messaging, [insert organization-specific technological tools.], etc.

    However, it is important to have a common understanding of which tools are most appropriate when and for what.

    What are some of the communication channel techniques you’ve found useful in your informal interactions with employees or that you’ve seen work well between employees?

    [Have participants share any technological tools they find useful and why.]

    Check in with your team on communication requirements

    • Should we share our calendars, hours of availability, and/or IM status?
    • How often should we meet as a team and one on one? Should we institute a time when we should not communicate virtually?
    • Which communication channel should we use in what context? How should we decide which communication method to use?
    • Should I share guidelines for email and meeting etiquette (or any other communication methods)?
    • Should we establish a new team charter?
    • What feedback does the team have regarding how we’ve been communicating?

    Speaker’s Notes:

    Whenever we interact, we make the following kinds of social exchanges. We exchange:

    • Information: Data or opinions
    • Emotions: Feelings and evaluations about the data or opinions
    • Motivations: What we feel like doing in response to data or opinions

    We need to make sure that these exchanges are happening as each team member intends. To do this, we have to be sensitive to what information is being conveyed, what emotions are involved in the interaction, and how we are motivating each other to act through the interaction. Every interaction will have intended and unintended effects on others. No one can pay attention to all of these aspects of communication all the time, but if we develop habits that are conducive to successful exchanges in all three areas, we can become more effective.

    In addition to being mindful of the exchange in our communication, as managers it is critical to build trusting relationships and rapport with employees as we saw in the 3i's model. However, in virtual teams we cannot rely on running into someone in the kitchen or hallway to have an informal conversation. We need to be thoughtful and deliberate in our interactions with employees. We need to find alternative ways to build these relationships with and between employees that are both easy and accepted by ourselves and employees. Because of that, it is important to set communication norms and really understand each other’s preferences. For example:

    • Timing of responses. Set the expectation that emails should be responded to within X hours/days unless otherwise noted in the actual email.
    • When it’s appropriate to send an email vs. using instant messaging.
    • A team charter – the team’s objectives, individual roles and responsibilities, and communication and collaboration guidelines.

    1.4 Identify and share ways you prefer to communicate for different activities

    20 Minutes

    1. Brainstorm and list the different types of exchanges you have with your virtual employees and they have with each other.
    2. List the various communication tools in use on your team.
    3. Assign a preferred communication method for each type of exchange

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current types of exchanges on team
    • Communication methods used

    Output

    • Defined ways to communicate for each communication method

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.1
    Balancing wellbeing and performance in a virtual team context

    The pandemic has taken a significant toll on employees’ mental wellbeing

    44% of employees reported declined mental wellbeing since the start of the pandemic.

    • 44% of those who work from home.
    • 34% of those who have other work arrangements (i.e. onsite).
      (Qualtrics, 2020)

    "If one of our colleagues were to fall, break their leg, and get a cast, colleagues would probably rally around that person signing their cast. But, really, we don’t view the health of our brain the same as we do the health of our body."
    – Centre for Addiction and Mental Health (CAMH) Employee

    Speaker’s Notes:

    Despite being over two years into the pandemic, we are still seeing its effect on the physical and mental health of employees.

    The mental health aspect has been often overlooked by organizations, but in order to have a safe, happy, and productive team, you need to give mental health the same level of focus as physical heath. This requires a change in mindset in order for you as a leader to support your team's mental wellbeing during the pandemic and beyond.

    Employees are reporting several key mental wellbeing challenges

    Stress: 67%

    Employees report increasingly high levels of stress from the onset of COVID-19, stating that it has been the most stressful time in their careers.
    (Qualtrics, 2020)

    Anxiety: 57%

    Similarly, employees’ anxiety levels have peaked because of the pandemic and the uncertainty it brings.
    (Qualtrics, 2020)

    Four main themes surrounding stress & anxiety

    • Fear of contracting COVID-19
    • Financial pressures
    • Job security and uncertainty
    • Loneliness caused by social isolation

    Speaker’s Notes:

    The stress and uncertainty about the future caused by the pandemic and its fallout are posing the biggest challenges to employees.

    Organizations shutting down operations, moving to fully remote, or requiring some of their employees to be on site based on the current situation causes a lot of anxiety as employees are not able to plan for what is coming next.

    Adding in the loss of social networks and in-person interactions exacerbates the problem employees are facing. As leaders, it is your job to understand and mitigate these challenges wherever possible.

    Re-examine your workplace barriers to mental wellbeing

    New Barriers

    Old Barriers

    • Childcare/eldercare responsibilities
    • Fear of workplace health risks
    • Work location
    • Lost support networks
    • Changed work schedules
    • Social distancing
    • Workload
    • Fear of stigma
    • Benefits limits
    • Limits to paid time off
    • Lack of manager knowledge

    Key considerations:

    • Work Environment
      • Accessibility of mental wellbeing programs and initiatives
    • Organizational Culture
      • Modeling of wellbeing
      • Paid time off
      • Discussions around mental wellbeing
    • Total Rewards
      • Benefits coverage
      • Employee assistance programs (EAPs)
      • Manager knowledge

    Speaker’s Notes:

    Organizational barriers to mental wellbeing are sadly not new. Workloads, stigma around mental health, lack of sick days, and limits to benefits for mental health supports were challenges before the pandemic. Adding in the new barriers can very easily result in a tipping point for many employees who are simply not equipped to deal with or supported in dealing with the added burden of remote work in a post-pandemic world.

    To provide the needed support to your employees, it’s important to be mindful of the key considerations.

    Holistic employee wellbeing has never been more critical than it is right now

    Employee Wellbeing

    Physical

    The physical body; ensuring a person has the freedom, opportunities, and resources needed to sustainably maintain bodily health.

    Mental

    The psychological ability to cope with information, emotions, desires, and stressors (e.g. change, threats, etc.) in a healthy and balanced way. Essential for day-to-day living and functioning.

    Social

    The state of personal and professional relationships, including personal and community engagement. The capability for genuine, authentic, and mutually affirming interactions with others.

    Financial

    The state of a person’s finances; ensuring that a person feels capable to handle their financial situation and behaviors. The ability to live productively without the weight of financial stress.

    Speaker’s Notes:

    As a manager, you need to be mindful of all of these. Create an atmosphere where people are able to come to you for help if they are struggling in one of these areas. For example, some people might be more comfortable raising physical safety or comfort concerns (personal protective equipment, ergonomics) than concerns about mental health. Or they might feel like their feelings of loneliness are not appropriate to bring into their professional life.

    Wellbeing is a delicate subject, and most of the time, people are reluctant to talk about it. It requires vulnerability. And here’s the thing about it: Your staff will not drive a change in your team around making these topics more acceptable. It has to be the manager. You have to be the one to not just tell but show them that it’s OK to talk about this

    Encourage human-centered workplace behaviors

    Promote empathy as a focus value

    • Listen and show compassion.
    • Allow room for emotions.

    Encourage social connection

    • Leverage networks.
    • Infuse fun where possible.
    • Encourage community and sense of joint purpose.

    Cultivate a growth mindset

    • Encourage mindfulness and resilience.
    • Express gratitude.

    Empower others

    • Ask employees what they need and co-create solutions.
    • Integrate needs of personal and family life with work life.
    • Be clear on accountability.

    Speaker’s Notes:

    As a leader, your focus should be on encouraging the right behaviors on your team and in yourself.
    Show empathy; allowing room for emotion and showing you are willing and able to listen goes a long way to establishing trust.

    A growth mindset applies to resilience too. A person with a growth mindset is more likely to believe that even though they’re struggling now, they will get through it.

    Infuse fun – schedule social check-ins. This is not wasted time, or time off work – it is an integral part of the workday. We have less of it now organically, so you must bring it back deliberately. Remember that theme? We are deliberately reinfusing important organic elements into the workday.

    The last item, empowerment, is interesting – being clear on accountability. Have clear performance expectations. It might sound like telling people what to do would be disempowering, but it’s the opposite. By clarifying the goals of what they need to achieve, you empower them to invent their own “how,” because you and they are both sure they will arrive at the place that you agreed on. We will talk more about this in performance management.

    Emphasize the importance of wellbeing by setting the tone for the team

    Managers must…

    • LEAD BY EXAMPLE
      • Employees look to their managers for cues about how to react in a crisis. If the manager reacts with stress and fear, the team will follow.
    • ENCOURAGE OPEN COMMUNICATION
      • Frequent check-ins and transparent communication are essential during a time of crisis, especially when working remotely.
    • ACKNOWLEDGE THE SITUATION
      • Recognizing the stress that teams may be facing and expressing confidence in them goes a long way.
    • PROMOTE WELLBEING
      • Managers who take care of themselves can better support their teams and encourage them to practice good self-care too.
    • REDUCE STIGMA
      • Reducing stigma around mental health encourages people to come forward with their struggles and get the support they need.

    Speaker’s Notes:

    Emphasize the importance of wellbeing with what you do. If you do not model self-care behavior, people will follow what you do, not what you say.

    Lead by example – Live the behaviors you want to see in your employees. If you show confidence, positivity, and resiliency, it will filter down to your team.

    Encourage open communication – Have regular meetings where your team is able to set the agenda, or allow one-on-ones to be guided by the employee. Make sure these are scheduled and keep them a priority.

    Acknowledge the situation – Pretending things are normal doesn’t help the situation. Talk about the stress that the team is facing and express confidence that you will get through it together.

    Promote wellbeing – Take time off, don’t work when you’re sick, and you will be better able to support your team!

    Reduce stigma – Call it out when you see it and be sure to remind people of and provide access to any supports that the organization has.

    Conduct dedicated conversations around wellbeing

    1. Check in with how each team member is doing frequently and ask how they are doing personally.
    2. Discuss how things are going. Ask: “How is your work situation working out for you so far? Do you feel supported? How are you taking care of yourself in these circumstances?”
    3. Ask if there are any stressors or roadblocks that they have experienced and collaborate to find solutions.
    4. Provide reassurance of your support and confidence in them.
    5. Document the plan for managing stressors and roadblocks – either through a collaboration tool or through email.

    Speaker’s Notes:

    Going back to the idea of a growth mindset – this may be uncomfortable for you as a manager. So here’s a step-by-step guide that over time you can morph into your own style.

    With your team – be prepared to share first and to show it is OK to be vulnerable and address wellbeing seriously.

    1. Make sure you make time for the personal. Ask about their lives and show compassion.
    2. Give opportunities for them to bring up things that might stay hidden otherwise. Ask questions that show you care.
    3. Help identify areas they are struggling with and work with them to move past those areas.
    4. Make sure they feel supported in what they are going through and reassured of their place on the team.
    5. Roll wellbeing into your planning process. This signals to team that you see wellbeing as important, not just a checklist to cover during a team meeting, and are ready to follow through on it.

    Recognize when professional help is needed

    SIGNS OF BURNOUT: Overwhelmed; Frequent personal disclosure; Trouble sleeping and focusing; Frequent time off; Strained relationships; Substance abuse; Poor work performance

    Speaker’s Notes:

    As a leader, it is important to be on the lookout for warning signs of burnout and know when to step in and direct individuals to professional help.

    Poor work performance – They struggle to maintain work performance, even after you’ve worked with them to create coping strategies.

    Overwhelmed – They repeatedly tell you that they feel overwhelmed, very stressed, or physically unwell.

    Frequent personal disclosure – They want to discuss their personal struggles at length on a regular basis.

    Trouble sleeping and focusing – They tell you that they are not sleeping properly and are unable to focus on work.

    Frequent time off – They feel the need to take time off more frequently.

    Strained relationships – They have difficulty communicating effectively with coworkers; relationships are strained.

    Substance abuse – They show signs of substance abuse (e.g. drunk/high while working, social media posts about drinking during the day).

    Keeping an eye out for these signs and being able to step in before they become unmanageable can mean the difference between keeping and losing an employee experiencing burnout.

    Remember: Managers also need support

    • Added burden
    • Lead by example
    • Self-care

    Speaker’s Notes:

    If you’ve got managers under you, be mindful of their unique stressors. Don’t forget to check in with them, too.

    If you are a manager, remember to take care of yourself and check in with your own manager about your own wellbeing.

    2.1 Balance wellbeing and performance in a virtual team context

    30 Minutes

    1. Brainstorm and list current practices and challenges connected to wellbeing on your teams.
    2. Choose one or two wellbeing challenges that are most relevant for your team.
    3. Discuss as a group and identify one solution for each challenge that you can put into action with your own virtual team. Document this under “Action plan to move forward” on the workbook slide “2.1 Balancing wellbeing and performance in a virtual team context.”

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current practices and challenges connected to wellbeing

    Output

    • Action plan for each challenge listed

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Section 2.2

    Managing performance in a virtual team context

    Virtual employees are craving more meaningful interactions with their managers

    A survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees.

    1. 16% less likely to strongly agree their manager involves them in setting goals at work.
    2. 28% less likely to strongly agree they continually work with their manager to clarify work priorities.
    3. 29% less likely to strongly agree they have reviewed their greatest successes with their manager in the last six months.
    4. 30% less likely to strongly agree they have talked with their manager about progress toward goals in the last six months.

    Speaker’s Notes:

    In many cases, we have put people into virtual roles because they are self-directed and self-motivated workers who can thrive with the kind of autonomy and flexibility that comes with virtual work. As managers, we should expect many of these workers to be proactively interested in how they are performing and in developing their careers.

    It would be a mistake to take a hands-off approach when managing virtual workers. A recent survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees. It was also one of the aspects of their work experience they were least satisfied with overall (Gallup, State of the American Workplace, 2017). Simply put, virtual employees are craving more meaningful conversations with their managers.

    While conversations about performance and development are important for all employees (virtual or non-virtual), managers of remote teams can have a significant positive impact on their virtual employees’ experience and engagement at work by making efforts to improve their involvement and support in these areas.

    During this module we will work together to identify ways that each of us can improve how we manage the performance of our virtual employees. At the end of the module everyone will create an action plan that they can put in place with their own teams. In the next module, we go through a similar set of activities to create an action plan for our interactions with employees about their development.

    Building blocks of performance management

    • Goal Setting

    • Setting Expectations

    • Measuring Progress

    • Feedback & Coaching

    Speaker’s Notes:

    [Include a visualization of your existing performance management process in the slide. Walk the participants through the process to remind them of what is expected. While the managers participating in the training should know this, there may be different understandings of it, or it might just be the case that it’s been a while since people looked at the official process. The intention here is merely to ensure everyone is on the same page for the purposes of the activities that follow.]

    Now that we’ve reviewed performance management at a high level, let’s dive into what is currently happening with the performance management of virtual teams.

    I know that you have some fairly extensive material at your organization around how to manage performance. This is fantastic. And we’re going to focus mainly on how things change in a virtual context.

    When measuring progress, how do you as a manager make sure that you are comfortable not seeing your team physically at their desks? This is the biggest challenge for remote managers.

    2.2 Share current performance management practices for virtual teams

    30 Minutes

    1. Brainstorm and list current high-level performance management practices connected to each building block. Record in your workbook.
    2. Discuss current challenges connected to implementing the building blocks with virtual employees.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Current state of virtual performance management defined

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Communicate the “why”: Cascade organizational goals

    This image depicts the Cascade of Why- organizational goals. Organizational Mission; Organizational Values; Organizational Goals; Department Goals; Team Goals; Individual Goals

    Speaker’s Notes:

    When assisting your employees with their goals, think about the organization’s overall mission and goals to help you determine team and individual goals.

    • Organizational goals: Employee goals should align with organizational goals. Goals may cascade down through the organization.
    • Department or team goals: Create a clear strategy based on high-level goals for the year so employees can link short-term goals to the larger picture.
    • Individual goals: Employees should draw on their individual development plan to help set performance goals.

    Sometimes it’s difficult to get employees thinking about goals and they need assistance from managers. It’s also important to be clear on team goals to help guide employees in setting individual ones.

    The basic idea is to show people how their individual day-to-day work contributes to the overall success of the organization. It gives them a sense of purpose and a rationale, which translates to motivation. And also helps them problem solve with more autonomy.

    You’re giving people a sense of the importance of their own contribution.

    How to set clear expectations for job performance

    Ensure employees have a clear understanding of what’s expected for their role:

    1. Review their metrics so they understand how they’re being evaluated.
    2. Outline daily, weekly, monthly, and quarterly goals.
    3. If needed, help them plan when and how each part of their job should be done and what to prioritize.
    4. Ask them to come to you early if they experience a roadblock so that you can help rather than having them flounder on their own.
    5. Document instances where employees aren’t meeting role or performance expectations.

    Speaker’s Notes:

    Tailor performance goals to address any root causes of poor performance.

    For example:

    • If personal factors are getting in the way, work with the employee (and HR if necessary) to create a strategy to address any impediments to performing in the role.

    Tips for managing performance remotely

    • Reflect on one key question: What needs to happen for my direct reports to continue their work while working remotely?
    • Manage for results – not employee visibility at the office.
    • Use metrics to measure performance. If you don’t have any, define tasks and deliverables as clearly as possible and conduct regular check-ins.
    • Work with the employee to set goals and metrics to measure progress.

    Focus on results: Be flexible about how and when work gets done, as long as team members are hitting their targets.

    • For example, if they have childcare duties from 3 to 5pm during school closures and want to work later in the evening to make up the time, that’s fine – as long as the work gets done.
    • Set clear expectations about which work must be done during normal work hours (e.g. attend team meetings, client calls) and which can be done at other hours.
    • Team members must arrange with you any nonstandard working hours before they start using an altered schedule. It is your responsibility to keep track of hours and any alternate arrangements.
    • Don’t make team members feel constantly monitored (i.e. “Where were you from 10 to 11am?”); trust them until you have reason not to.

    Encourage your team members to unplug: If they’re sending you emails late at night and they haven’t made an alternate work hours agreement with you, encourage them to take time away from work.

    • It’s harder to unplug when working at home, and everyone needs a break to stay productive.

    Avoid micromanagement with holistic performance measures

    Quality

    How well tasks are accomplished

    Behavior

    Related to specific employee actions, skills, or attitudes

    Quantity

    How much work gets done

    Holistic measures demonstrate all the components required for optimal performance. This is the biggest driver in having comfort as a manager of a remote team and avoiding micromanagement. Typically these are set at the organizational level. You may need to adjust for individual roles, etc.

    Speaker's Notes:

    Metrics come in different types. One way to ensure your metrics capture the full picture is to use a mix of different kinds of metrics.

    Some metrics are quantitative: they describe quantifiable or numerical aspects of the goal. This includes timeliness. On the other hand, qualitative metrics have to do with the final outcome or product. And behavioral metrics have to do with employees' actions, skills, or attitudes. Using different kinds of metrics together helps you set holistic measures, which capture all the components of optimal performance toward your goal and prevent gaming the system.

    Let's take an example:

    A courier might have an objective to do a good job delivering packages. An example of a quantitative measure might be that the courier is required to deliver X number of packages per day on time. The accompanying metrics would be the number of packages delivered per day and the ratio of packages delivered on time vs. late.

    Can you see a problem if we use only these quantitative measures to evaluate the courier's performance?

    Wait to see if anyone volunteers an answer. Discuss suggestions.

    That's right, if the courier's only goal is to deliver more packages, they might start to rush, may ruin the packages, and may offer poor customer service. We can help to guard against this by implementing qualitative and behavioral measures as well. For example, a qualitative measure might be that the courier is required to deliver the packages in mint condition. And the metric would be the number of customer complaints about damaged packages or ratings on a satisfaction survey related to package condition.

    For the behavioral aspect, the courier might be required to provide customer-centric service with a positive attitude. The metrics could be ratings on customer satisfaction surveys related to the courier's demeanor or observations by the manager.

    Managing poor performance virtually: Look for key signs

    It’s crucial to acknowledge that an employee might have an “off week” or need time to balance work and life – things that can be addressed with performance management (PM) techniques. Managers should move into the process for performance improvement when:

    1. Performance fluctuates frequently or significantly.
    2. Performance has dropped for an extended period of time.
    3. Expectations are consistently not being met.

    Key signs to look for:

    • PM data/performance-related assessments
    • Continual absences
    • Decreased quality or quantity of output
    • Frequent excuses (e.g. repeated internet outages)
    • Lack of effort or follow-through
    • Missed deadlines
    • Poor communication or lack of responsiveness
    • Failure to improve

    Speaker’s notes:

    • Let’s talk more about identifying low performance.
    • Everybody has off days or weeks. And what if they are new to the role or new to working remotely? Their performance may be low because they need time to adjust. These sort of situations should be managed, but they don’t require moving into the process for performance improvement.
    • When managing employees who are remote or working in a hybrid situation, it is important to be alert to these signs and check in with your employees on a regular basis. Aim to identify and work with employees on addressing performance issues as they arise rather than waiting until it’s too late. Depending on your availability, the needs of the employee, and the complexity of their role, check-ins could occur daily, weekly, and/or monthly. As I mentioned, for remote employees, it’s often better to check-in more frequently but for a shorter period of time.
    • You want to be present in their work life and available to help them manage through roadblocks and stay on track, but try to avoid over-monitoring employees. Micromanaging can impact the manager-employee relationship and lead to the employee feeling that there is a lack of trust. Remember, the employee needs to be responsible for their own performance and improvement.
    • Check-ins should not just be about the work either. Take some time to check in personally. This is particularly important when managing remotely. It enables you to build a personal relationship with the employee and also keeps you aware if there are other personal issues at play that are impacting their work.
    • So, how do you know what does require performance improvement? There are three key things that you should look for that are clear signals that performance improvement is necessary:
      1. Their performance is fluctuating frequently or significantly.
      2. Their performance has dropped for an extended period of time.
      3. Expectations are consistently not being met.
    • What do you think are some key signs to look for that indicate a performance issue is occurring?

    Managing poor performance virtually: Conducting remote performance conversations

    Video calling

    Always use video calls instead of phone calls when possible so that you don’t lose physical cues and body language.

    Meeting invitations

    Adding HR/your leader to a meeting invite about performance may cause undue stress. Think through who needs to participate and whether they need to be included in the invite itself.

    Communication

    Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate the takeaways back to you.

    Focus on behavior

    Don’t assume the intent behind the behavior(s) being discussed. Instead, just focus on the behavior itself.

    Policies

    Be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure none are overlooked.

    Speaker’s notes:

    There are a few best practices you should follow when having performance conversations:

    • First, if you are in a different work environment than your employee, always use video calls instead of phone calls whenever possible so that you don’t miss out on physical cues and body language. If videoconferencing isn’t the norm, encourage them to turn on their video. Be empathic that it can feel awkward but explain the benefits, and you will both have an easier time communicating and understanding each other.
    • As I’ve mentioned, be considerate of the environment they are in. If they are in the office and you are working remotely, be sure to book a private meeting room for them to go to for the conversation. If they are working from home, be sure to check that they are prepared and able to focus on the conversation.
    • Next, carefully consider who you are adding to the meeting invite and whether it’s necessary for them to be there. Adding HR or your leader to a meeting invite may cause undue stress for the employee.
    • Consider the timing of the invite. Don’t send it out weeks in advance. When a performance problem exists, you’ll want to address it as soon as possible. A day or two of notice would be an ideal approach because it gives them a heads up but will not cause them extended stress or worrying.
    • Be considerate about the timing of the meeting and what else they may have scheduled. For example, a Friday afternoon before they are heading off on vacation or right before they are leading an important client call would not be appropriate timing.
    • As we just mentioned clear communication is critical. Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate takeaways back to you.
    • Focus on the behavior and don’t assume their intent. It can be tempting to say, “I know you didn’t mean to miss the deadline,” but you don’t know what they intended. Often people are not aware of the impact their behavior can have on others.
    • Lastly, be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure nothing is overlooked.

    2.3 Identify challenges of current practices and propose solutions

    30 Minutes

    1. Select one or two challenges from the previous activity.
    2. Identify one solution for each challenge that you can put into action with your own virtual team. Document in the workbook.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current performance management practices
    • Challenges surrounding performance management

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Effectively Manage Virtual Teams

    Optional Section

    Employee development in a virtual team setting

    There are three main development approaches for both colocated and virtual employees

    Formal Training; Relational Learning; Experimental Learning

    Speaker’s Notes:

    As we have seen, our virtual employees crave more meaningful interactions with their managers. In addition to performance conversations, managers should also be having regular discussions with their employees about their employee development plans. One key component of these discussions is career planning. Whether you are thinking shorter term – how to become better at their current role – or longer term – how to advance beyond their current role – discussions about employee development are a great way to engage employees. Employees are ultimately responsible for creating and executing their own development plans, but managers are responsible for making sure that employees have thought through these plans and helping employees identify opportunities for executing those plans.

    To help us think about our own employee development practices, identify challenges they pose when working with virtual employees, and create solutions to these challenges, it is useful to think about employee development opportunities according to three types:

    1. The first kind of development opportunity is formal training. Formal training is organized and has a clearly defined curriculum and desired outcome. It usually takes the form of a group training session (like this one) or training videos or materials that employees can watch individually and on their own time. These opportunities usually end with a test or assignment that can be used to evaluate the degree to which the participant achieved the desired learning outcomes.
    2. The second kind of development opportunity is relational learning. Perhaps the most common form of this type of learning is coaching or mentoring. By establishing a long-term work relationship, checking in with employees about their daily work and development goals, and sharing their own experiences and knowledge, mentors help employees reflect and draw out learning from everyday, on-the-job development activities. Other examples include a peer support group or communities of practice. In these group settings peers share best practices and work together to overcome challenges.
    3. The third kind of development opportunity is experiential learning. This kind of opportunity provides employees the chance to work on real work problems, and the output of the development work can directly benefit the organization. Most people learn best by doing. On-the-job experiences that are challenging or new can force people to use and develop new skills and knowledge based on what worked effectively and what failed. Examples of experiential learning are on-the-job learning for new hires, stretch assignments, or special projects that take the employee beyond their daily routine and allow them to try new activities and develop competencies that they would not have the chance to develop as part of their regular job.

    According to McLean & Company, organizations should use the “70-20-10” rule as a rough guideline when working with employees to create their development plans: 10% of the plan should be dedicated to formal training opportunities, 20% to relational learning, and 70% to experiential learning. Managers should work with employees to identify their performance and career goals, ensure that their development plans are aligned with these goals, and include an appropriate mixture of all three kinds of development opportunities.

    To help identify challenges and solutions, think about how virtual work arrangements will impact the employee’s ability to leverage each type of opportunity at our organization.

    Here are some examples that can help us start thinking about the kinds of challenges virtual employees on our team face:

    Career Planning

    • One challenge can be identifying a career path that is consistent with working virtually. If switching from a virtual arrangement to an onsite arrangement is not a viable option for an employee, some career paths may not feasibly be open to them (at least as the company is currently organized). For example, if an employee would eventually like to be promoted to a senior leadership role in their business function but all senior leaders are required to work onsite at corporate headquarters, the employee will need to consider whether such a move is possible for them. In some cases employees may be willing to do this, but in others they may not. The important thing is to have these conversations with virtual employees and avoid the assumption that all career paths can be done virtually, since that might not be the case

    Formal Training

    • This is probably the least problematic form of employee development for virtual employees. In many cases this kind of training is scheduled well in advance, so virtual employees may be able to join non-virtual employees in person for some group training. When this is not possible (due to distance, budget, or time zone), many forms of group training can be recorded and watched by virtual employees later. Training videos and training materials can also easily be shared with virtual employees using existing collaboration software.

    Relational Learning

    • One major challenge here is developing a mentoring relationship virtually. As we discussed in the module on performance management, developing relationships virtually can be challenging because people cannot rely upon the kind of informal and spontaneous interactions that occur when people are located in the same office. Mentors and mentees will have to put in more effort and planning to get to know each other and they will have to schedule frequent check-ins so that employees can reflect upon their progress and experience (with the help of their mentors) more often.
    • Time zones and technology may pose potential barriers for certain candidates to be mentors. In some cases, employees that are best qualified to be mentors may not be as comfortable with collaborative software as other mentors or their mentees. If there are large time zone differences, some people who would otherwise be interested in acting as a mentor may be dissuaded. Managers need to take this into consideration if they are connecting employees with mentors or if they are thinking of taking on the mentor role themselves.

    Experiential Learning

    • Virtual employees risk being overlooked for special projects due to the “out of sight, out of mind” bias: When special projects come up, the temptation is to look around the room and see who is the best fit. The problem is, however, that in some cases the highest performers or best fit may not physically be in the room. In these cases it is important for managers to take on an advocate role for their employees and remind other managers that they have good virtual employees on their team that should be included or contacted. It is also important for managers to keep their team informed about these opportunities as often as possible.
    • Sometimes certain projects or certain kinds of work just cannot be done virtually in a company for a variety of reasons. The experiential learning opportunities will not be open to virtual employees. If such opportunities are open to the majority of other workers in this role (potentially putting virtual employees’ career development at a disadvantage relative to their peers), managers should work with their virtual employees to identify alternative experiences. Managers may also want to consider advocating for more or for higher quality experiential learning opportunities at the organization.

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    Employee development basics

    • Career planning & performance improvement
    • Formal training
    • Relational learning
    • Experiential learning

    Speaker’s Notes:

    [Customize this slide according to your organization’s own policies and processes for employee development. Provide useful images that outline this on the slide, and in these notes describe the processes/policies that are in place. Note: In some cases policies or processes may not be designed with virtual employees or virtual teams in mind. That is okay for the purposes of this training module. In the following activities participants will discuss how they apply these policies and processes with their virtual teams. If your organization is interested in adapting its policies/processes to better support virtual workers, it may be useful to record those conversations to supplement existing policies later.]

    Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.

    2.4 Share current practices for developing employees on a virtual team

    30 Minutes

    1. Brainstorm and list current high-level employee development practices. Record in your workbook.
    2. Discuss current challenges connected to developing virtual employees. Record in your workbook.
    3. Identify one solution for each challenge that you can put into action with your own virtual team.
    4. Discuss as a group.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Current employee development practices
    • Challenges surrounding employee development

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Refine Action Plans

    2.5 Refine your action plan and commit to implementing it

    30 Minutes

    1. Review your action plans for consistency and overlap. Highlight any parts you may struggle to complete.
    2. Meeting with your group, summarize your plans to each other. Provide feedback and discuss each other’s action plans.
    3. Discuss how you can hold each other accountable.

    Download the Workbook: Equip Managers to Effectively Manage Virtual Teams

    Input

    • Action items from previous activities.

    Output

    • Action plan to move forward

    Materials

    • Workbook: Equip Managers to Effectively Manage Virtual Teams

    Participants

    • All managers with direct reports working virtually

    Summary of Accomplishment

    • We do not need to go out and learn a new set of manager responsibilities to better manage our virtual teams; rather, we have to “dial up” certain responsibilities we already have or adjust certain approaches that we already take.
    • It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and are clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves.
    • Virtual employees crave meaningful interactions with their managers and team. Managers must take charge in fostering an atmosphere of openness around wellbeing and establish effective performance management strategies. By being proactive with our virtual teams’ wellness and mindful of our performance management habits, we can take significant steps toward keeping these employees engaged and productive.
    • Effective management in virtual contexts requires being more deliberate than is typical in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    If you would like additional support, have our analysts guide you through an info-tech workshop or guided implementation.

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Speaker’s Notes:

    First, let’s take a moment to summarize the key things we have learned today:

    1. We do not need to go out and learn a new set of manager competencies to better manage our virtual teams; rather, we have to “dial up” certain competencies we already have or adjust certain approaches that we already take. In many cases we just need to be more aware of the challenges that virtual communication poses and be more planful in our approaches.
    2. It is important to set clear expectations. While managers are ultimately responsible for making sure expectations are set and clearly communicated, they are not the only ones with responsibilities. Employees and managers need to work together to overcome the challenges that virtual work involves. Making sure that teams have meaningful conversations about expectations, come to a shared understanding of them, and record them will create a firm foundation for all other interactions on the virtual team.
    3. Virtual employees crave meaningful interactions with their managers related to performance and employee development. By creating action plans for improving these kinds of interactions with our teams, we can take significant steps toward keeping these employees engaged and productive.
    4. Effective performance management and employee development in virtual contexts require more planfulness than is required in non-virtual contexts. By working as a group to identify challenges and propose solutions, we have helped each other create action plans that we can use going forward to continually improve our management practices.

    Is there anything that anyone has learned that is not on this list and that they would like to share with the group?

    Finally, were there any challenges identified today that were not addressed?

    [Note to facilitator: Take note of any challenges not addressed and commit to getting back to the participants with some suggested solutions.]

    Additional resources

    Manager Training: Lead Through Change

    Train managers to navigate the interpersonal challenges associated with change management and develop their communication and leadership skills. Upload this LMS module into your learning management system to enable online training.

    Manager Training: Build a Better Manager: Manage Your People

    Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers use in their day to day.

    Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Blueprint: Manage Poor Performance While Working From Home

    Assess and improve remote work performance with our ready-to-use tools.

    Works Cited

    April, Richard. “10 KPIs Every Sales Manager Should Measure in 2019.” HubSpot, 24 June 2019. Web.

    Banerjea, Peter. “5 Powerful Strategies for Managing a Remote Sales Team.” Badger - Maps for field sales, n.d. Web.

    Bibby, Adrianne. “5 Employers’ Awesome Quotes about Work Flexibility.” FlexJobs, 9 January 2017. Web.

    Brogie, Frank. “The 14 KPIs every field sales rep should strive to improve.” Repsly, 2018. Web.

    Dunn, Julie. “5 smart tips for leading field sales teams.” LevelEleven, March 2015. Web.

    Edinger, Scott. “How great sales leaders coach.” Forbes, 2013. Web.

    “Employee Outlook: Employee Views on Working Life.” CIPD, April 2016. Web.

    Hall, Becki. “The 5 biggest challenges facing remote workers (and how to solve them).” interact, 7 July 2017. Web.

    Hofstede, Geert. “National Cultural Dimensions.” Hofstede Insights, 2012. Web.

    “Inventory of U.S. Greenhouse Gas Emissions and Sinks: 1990-2014 (EPA 430-R-16-002).” Environmental Protection Agency (EPA), 15 April 2016.

    “Latest Telecommuting Statistics.” Global Workplace Analytics, June 2021. Web.

    Knight, Rebecca. “How to manage remote direct reports.” Harvard Business Review, 2015. Web.

    “Rewards and Recognition: 5 ways to show remote worker appreciation.” FurstPerson, 2019. Web.

    Palay, Jonathan. "How to build your sales management cadence." CommercialTribe, 22 March 2018. Web.

    “Sales Activity Management Matrix.” Asian Sales Guru, 2019. Web.

    Smith, Simone. “9 Things to Consider When Recognizing Remote Employees.” hppy, 2018. Web.

    “State of Remote Work 2017.” OWL Labs, 2021. Web.

    “State of the American Workplace.” Gallup, 2017. Web.

    “Telework Savings Potential.” Global Workplace Analytics, June 2021. Web.

    “The Future of Jobs Employment Trends.” World Economic Forum, 2016. Web.

    “The other COVID-19 crisis: Mental health.” Qualtrics, 14 April 2020. Web.

    Thompson, Dan. “The straightforward truth about effective sales leadership.” Sales Hacker, 2017. Web.

    Tsipursky, Gleb. “Remote Work Can Be Better for Innovation Than In-Person Meetings.” Scientific American, 14 Oct. 2021. Web.

    Walsh, Kim. “New sales manager? Follow this guide to crush your first quarter.” HubSpot, May 2019. Web.

    “What Leaders Need to Know about Remote Workers: Surprising Differences in Workplace Happiness and Relationships.” TINYpulse, 2016.

    Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015.

    Contributors

    Anonymous CAMH Employee

    Build Your Enterprise Application Implementation Playbook

    • Buy Link or Shortcode: {j2store}605|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation
    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • In addition, rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where each project lead tracks progress in their own way. This makes it difficult for leadership to identify what was successful – and what wasn’t.

    Our Advice

    Critical Insight

    An effective enterprise application implementation playbook is not just a list of steps, but a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Impact and Result

    Follow these steps to build your enterprise application playbook:

    • Define your sponsor, map out your stakeholders, and lay out the vision, goals and objectives for your project.
    • Detail the scope, metrics, and the team that will make it happen.
    • Outline the steps and processes that will carry you through the implementation.

    Build Your Enterprise Application Implementation Playbook Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Your Enterprise Application Implementation Playbook Deck - Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.

    • Build Your Enterprise Application Implementation Playbook – Phases 1-3

    2. Your Enterprise Application Implementation Playbook – The key output from leveraging this research is a completed implementation playbook.

    This is the main playbook that you build through the exercises defined in the blueprint.

    • Your Enterprise Application Implementation Playbook

    3. Your Enterprise Application Implementation Playbook - Timeline Tool – Supporting tool that captures the project timeline information, issue log, and follow-up dashboard.

    This tool provides input into the playbook around project timelines and planning.

    • Your Enterprise Application Implementation Playbook - Timeline Tool

    4. Light Project Change Request Form Template – This tool will help you record the requested change, allow assess the impact of the change and proceed the approval process.

    This provides input into the playbook around managing change requests

    • Light Project Change Request Form Template

    Infographic

    Workshop: Build Your Enterprise Application Implementation Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand the Project

    The Purpose

    Lay out the overall objectives, stakeholders, and governance structure for the project.

    Key Benefits Achieved

    Align everyone on the sponsor, key stakeholders, vision, and goals for your project

    Activities

    1.1 Select the project sponsor.

    1.2 Identify your stakeholders.

    1.3 Align on a project vision.

    1.4 List your guiding principles.

    1.5 Confirm your goals and objectives for the implementation project.

    1.6 Define the project governance structure.

    Outputs

    Project sponsor has been selected.

    Project stakeholders have been identified and mapped with their roles and responsibilities.

    Vision has been defined.

    Guiding principles have been defined.

    Articulated goals and objectives.

    Detailed governance structure.

    2 Set up for Success

    The Purpose

    Define the elements of the playbook that provide scope and boundaries for the implementation.

    Key Benefits Achieved

    Align the implementation team on the scope for the project and how the team should operate during the implementation.

    Activities

    2.1 Gather and review requirements, with an agreed to scope.

    2.2 Define metrics for your project.

    2.3 Define and document the risks that can impact the project.

    2.4 Establish team composition and identify the team.

    2.5 Detail your OCM structure, resources, roles, and responsibilities.

    2.6 Define requirements for training.

    2.7 Create a communications plan for stakeholder groups and delivery teams.

    Outputs

    Requirements for enterprise application implementation with an agreed-to scope.

    Metrics to help measure what success looks like for the implementation.

    Articulated list of possible risks during the implementation.

    The team responsible and accountable for implementation is identified.

    Details of your organization’s change management process.

    Outline of training required.

    An agreed-to plan for communication of project status.

    3 Document Your Plan

    The Purpose

    With the structure and boundaries in place, we can now lay out the details on the implementation plan.

    Key Benefits Achieved

    A high-level plan is in place, including next steps and a process on running retrospectives.

    Activities

    3.1 Define your implementation steps.

    3.2 Create templates to enable follow-up throughout the project.

    3.3 Decide on the tracking tools to help during your implementation.

    3.4 Define the follow-up processes.

    3.5 Define project progress communication.

    3.6 Create a Change request process.

    3.7 Define your retrospective process for continuous improvement.

    3.8 Prepare a closure document for sign-off.

    Outputs

    An agreed to high-level implementation plan.

    Follow-up templates to enable more effective follow-ups.

    Shortlist of tracking tools to leverage during the implementation.

    Defined processes to enable follow-up.

    Defined project progress communication.

    A process for managing change requests.

    A process and template for running retrospectives.

    A technique and template for closure and sign-off.

    Further reading

    Build Your Enterprise Application Implementation Playbook

    Your implementation doesn’t start with technology, but with an effective plan that the team can align on.

    Analyst Perspective

    Your implementation is not just about technology, but about careful planning, collaboration, and control.

    Recardo de Oliveira

    A successful enterprise application implementation requires more than great software; it requires a clear line of sight to the people, processes, metrics, and tools that can help make this happen.

    Additionally, every implementation is unique with its own set of challenges. Working through these challenges requires a tailored approach taking many factors into account. Building out your playbook for your implementation is an important initial step before diving head-first into technology.

    Regardless of whether you use an implementation partner, a playbook ensures that you don’t lose your enterprise application investment before you even get started!

    Ricardo de Oliveira

    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Given the increasing complexity of software implementations, you are continually challenged with staying above water with your current team.
    • Rapid changes in the business make maintaining project sponsors’ engagement challenging.
    • Project sprawl across the organization has created a situation where project leads track progress in their own way. This makes it difficult for leadership to identify what was successful (and what wasn’t).

    Common Obstacles

    • Your best process experts are the same people you need to keep the business running. The business cannot afford to have its best people pulled into the implementation for long periods of time.
    • Enterprise application implementations generate huge organizational changes and the adoption of the new systems and processes resulting from these projects are quite difficult.
    • People are generally resistant to change, especially large, transformational changes that will impact the day-to-day way of doing things.

    Info-Tech's Approach

    • Build your enterprise application implementation playbook. Follow these steps to build your enterprise application playbook:
      • Define your sponsor, map out your stakeholders, and lay out the vision, goals, and objectives for your project.
      • Detail the scope, metrics, and the team that will make it happen.
      • Detail the steps and processes that will carry you through the implementation

    Info-Tech Insight

    An effective enterprise application implementation playbook is not just a list of steps; it is a comprehensive view of what is necessary to support your implementation. This starts with a people-first approach. Start by asking about sponsors, stakeholders, and goals. Without asking these questions first, the implementation will be set up for failure, regardless of the technology, processes, and tools available.

    Enterprise Applications Lifescycle Advisory Services. Strategy, selection, implementation, optimization and operations.

    Insight summary

    Building an effective playbook starts with asking the right questions, not jumping straight into the technical details.

    • This blueprint provides the steps required to lay out an implementation playbook to align the team on what is necessary to support the implementation.
    • Build your Enterprise Application Implementation Playbook by:
      • Aligning and confirming project’s goals, stakeholders, governance and team.
      • Clearly defining what is in and out of scope for the project and the risks involved.
      • Building up a strong change management process.
      • Providing the tools and processes to keep track of the project.
      • Pulling it all together into an actionable playbook.

    Grapsh showing 39%

    Lack of planning is the reason that 39% of projects fail. Poor project planning can be disastrous: The consequences are usually high costs and time overruns.

    Graph showing 20%

    Almost 20% of IT projects can fail so badly that they can become a threat to a company’s existence. Lack of proper planning, poor communication, and poorly defined goals all contribute to the failure of projects.

    Graph showig 2.5%

    A PwC study of over 10,640 projects found that a tiny portion of companies – 2.5% – completed 100% of their projects successfully. These failures extract a heavy cost – failed IT projects alone cost the United States $50-$150B in lost revenue and productivity.

    Source: Forbes, 2020

    Planning and control are key to enterprise project success

    An estimated 70% of large-scale corporate projects fail largely due to a lack of change management infrastructure, proper oversight, and regular performance check-ins to track progress (McKinsey, 2015).

    Table showing that 88% of projects completed on time, 90% completed within budget and 92% meet original goals. 68% of projects have scope creep, 24% deemed failures and 46% experience budget lose when project fails

    “A survey published in HBR found that the average IT project overran its budget by 27%. Moreover, at least one in six IT projects turns into a ‘black swan’ with a cost overrun of 200% and a schedule overrun of 70%. Kmart’s massive $1.2B failed IT modernization project, for instance, was a big contributor to its bankruptcy.”

    Source: Forbes, 2020

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.
    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Executive Brief Case Study

    Chocolate manufacturer implementing a new ERP

    INDUSTRY

    Consumer Products

    SOURCE

    Carlton, 2021

    Challenge

    Not every ERP ends in success. This case study reviews the failure of Hershey, a 147-year-old confectioner, headquartered in Hershey Pennsylvania. The enterprise saw the implementation of an ERP platform as being central to its future growth.

    Solution

    Consequently, rather than approaching its business challenge on the basis of an iterative approach, it decided to execute a holistic plan, involving every operating center in the company. Subsequently, SAP was engaged to implement a $10 million systems upgrade; however, management problems emerged immediately.

    Results

    The impact of this decision was significant, and the company was unable to conduct business because virtually every process, policy, and operating mechanism was in flux simultaneously. The consequence was the loss of $150 million in revenue, a 19% reduction in share price, and the loss of 12% in international market share.

    Remember: Poor management can scupper implementation, even when you have selected the perfect system.

    A successful software implementation provides more than simply immediate business value…

    It can build competitive advantage.

    • When software projects fail, it can jeopardize an organization’s financial standing and reputation, and in some severe cases, it can bring the company down altogether.
    • Rarely do projects fail for a single reason, but by understanding the pitfalls, developing a risk mitigation plan, closely monitoring risks, and self-evaluating during critical milestones, you can increase the probability of delivering on time, on budget, and with the intended benefits.

    Benefits are not limited to just delivering on time. Some others include:

    • Building organizational delivery competence and overall agility.
    • The opportunity to start an inventory of best practices, eventually building them into a center of excellence.
    • Developing a competitive advantage by maximizing software value and continuously transforming the business.
    • An opportunity to develop a competent pool of staff capable of executing on projects and managing organizational change.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Your Enterprise Application Implementation Playbook – Timeline Tool

    Supporting template that captures the project timeline information, issue log, and follow-up dashboard.

    Info-Tech: Project Planning and Monitoring Tool.
    Light Project Change Request Form Template

    This tool will help you record the requested change, and allow you to assess the impact of the change and proceed with the approval process.

    Info-Tech: Light change request form template.

    Key deliverable:

    Your Enterprise Application Implementation Playbook

    Record the results from the exercises to define the steps for a successful implementation.

    Build your enterprise application implementation playbook.

    Info-Tech’s methodology for Your Enterprise Application Implementation Playbook

    Phase Steps

    1. Understand the Project

    1. Identify the project sponsor
    2. Define project stakeholders
    3. Review project vision and guiding principles
    4. Review project objectives
    5. Establish project governance

    2. Set up for success

    1. Review project scope
    2. Define project metrics
    3. Prepare for project risks
    4. Identify the project team
    5. Define your change management process

    3. Document your plan

    1. Develop a master project plan
    2. Define a follow-up plan
    3. Define the follow-up process
    4. Understand what’s next
    Phase Outcomes
    • Project sponsor has been selected
    • Project stakeholders have been identified and mapped with their roles and responsibilities.
    • Vision, guiding principles, goals objectives, and governance have been defined
    • Project scope has been confirmed
    • Project metrics to identify successful implementation has been defined
    • Risks have been assessed and articulated.
    • Identified project team
    • An agreed-to change management process
    • Project plan covering the overall implementation is in place, including next steps and retrospectives

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    What does a typical GI on this topic look like?

    The three phases of guided implementation.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889 Activities and deliverables for each module of the workshop. Module 1: understanding the project, Module 2: Set up for success, Modeule 3: Document your plan, and Post Workshop: Next steps and Wrap-up(offsite).

    Phase 1

    Understand the project

    3 phases, phase 1 is highlighted.

    This phase will walk you through the following activities:

    1.1 Identify the project sponsor

    1.2 Identify project stakeholders

    1.3 Review project vision and guiding principles

    1.4 Review project objectives

    1.5 Establish project governance

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 1.1

    Identify the project sponsor

    Activities

    1.1.1 Define the project sponsor's responsibilities

    1.1.2 Shortlist potential sponsors

    1.1.3 Select the project sponsor

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Selected sponsor.

    Sponsor commitment directly improves project success.

    Having the right sponsor significantly improves your chances of success across many different dimensions:

    1. On-time delivery
    2. Delivering within budget
    3. Delivered within an agreed-to scope
    4. Delivered with sufficient quality.

    Graph that shows Project success scores versus sponsor involvement in change communication. Shows increase for projects on time, projects on budget, within scope and overall quality.

    Source: Info-Tech, PPM Current State Scorecard Diagnostic

    Typical project sponsor responsibilities

    • Help define the business goals of their projects before they start.
    • Provide guidance and support to the project manager and the project team throughout the project management lifecycle.
    • Ensure that sufficient financial resources are available for their projects.
    • Resolve problems and issues that require authority beyond that of the project manager.
    • Ensure that the business objectives of their projects are achieved and communicated.

    For further discussion on sponsor responsibilities, use Info-Tech’s blueprint, Drive Business Value With a Right-Sized Project Gating Process

    Portrait of head with multiple layers representing the responsibilities of a sponsor. From top down: Define business goals, provide guidance, ensure human ad financial resources, resolve problems and issues.

    1.1.1 Define the project sponsor’s responsibilities

    0.5-1 hour

    1. Discuss the minimum requirements for a sponsor at your organization.
    2. As a group, brainstorm the criteria necessary for an individual to be a project sponsor:
      1. Is there a limit to the number of projects they can sponsor at one time?
      2. Is there a minimum number of hours they must be available to the project team?
      3. Do they have to be at a certain seniority level in the organization?
      4. What is their role at each stage of the project lifecycle?
    3. Document these criteria on a whiteboard.
    4. Record the sponsor’s responsibilities in section 1.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Requirements for a sponsor
    • Your responsibilities as a sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.1 Define the project sponsor’s responsibilities (Continued)

    Example

    Project sponsor responsibilities.

    1.1.2 Shortlist potential sponsors

    0.5-1 hour

    1. Based on the responsibilities defined in Exercise 1.1.1, produce a list of the potential sponsors.
    2. Record the sponsor’s shortlist in section 1.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Characteristics of a sponsor
    • Your list of candidates

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.2 Shortlist potential sponsors (Continued)

    Example

    Shortlist of potential sponsors. 6 names listed with checkmarks on criteria ranking.

    Don’t forget, the project team is there to support the sponsor

    Given the burden of the sponsor role, the project team is committed to doing their best to facilitate a successful outcome.

    Project Success: Follow best practices, escalate issues, stay focused, communicate, adapt to change.

    • Follow the framework set out by the governance group at the organization to drive efficiency on the project.
    • Ensure stakeholders with proper authority are notified of issues that occur during the project.
    • Stay focused on the project tasks to drive quality on the deliverables and avoid rework after the project.
    • Communicate within the project team to drive coordination of tasks, complete deliverables, and avoid resource waste.
    • Changes are more common than not; the team must be prepared to adjust plans and stay agile to adapt to changes for the project.

    Seek the key characteristics of a sponsor

    Man walking up stairs denoting characteristics of a good sponsor. First step: Leader, second step: Strong Communicator, third step: knowledgeable, fourth step: problem solver, fifth step: delegator, final step: dedicated.

    1.1.3 Select the project sponsor

    0.5-1 hour

    1. Review the characteristics and the list of potential candidates.
    2. Assess availability, suitability, and desire of the selected sponsor.
    3. Record the selected sponsor in section 1.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • List of candidates
    • Characteristics of a sponsor
    • Your selected sponsor

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.1.3 Select the project sponsor (Continued)

    Example

    Name of example sponsor with their key traits listed.

    Step 1.2

    Identify the project stakeholders

    Activities

    1.2.1 Identify your stakeholders

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Stakeholders’ management plan

    How to find the right stakeholders

    Start with the obvious candidates, but keep an open mind.

    How to find stakeholders

    • Talk to your stakeholders and ask who else you should be talking to, to discover additional stakeholders and ensure you don’t miss anyone.
    • Less obvious stakeholders can be found by conducting various types of trace analysis, i.e. following various paths flowing from your initiative through to the path’s logical conclusion.

    Create a stakeholder network map for your application implementation

    Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

    Stakeholder network map showing direction of professional influence as well as bidirectional, informal influence relationships.

    Info-Tech Insight

    Your stakeholder map defines the influence landscape your enterprise application operates in. It is every bit as important as the teams who enhance, support, and operate your applications directly.

    Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have substantial informal relationships with your stakeholders.

    Understand how to navigate the complex web of stakeholders

    Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.

    Graph showing influence vs. interest, divided into 4 quadrants. Low influence and intersest is labeled: Monitor, low influence and high interest is labeled: Keep informed, High influence and low interest is labeled: Keep satisfied, and high influence and high interest is labeled: Involve closely

    Large-scale projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.

    Map the organization’s stakeholders

    List of various stakeholder titles. As well as a graph showing the influence vs involvement of each stakeholder title. Influence and interest is divided into 4 quadrants: Monitor, Keep informed, keep satisfied, and involve closely.

    1.2.1 Identify your stakeholders

    1-2 hours

    1. As a group, identify all the project stakeholders. A stakeholder may be an individual such as the CEO or CFO, or it may be a group such as front-line employees.
    2. Map each stakeholder on the quadrant based on their expected influence and involvement in the project
    3. Identify stakeholders and add them to the list.
    4. Record the stakeholders list in section 1.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Download Your Enterprise Application Implementation Playbook

      Input

      Output

      • Types of stakeholders
      • Your stakeholders initial list

      Materials

      Participants

      • Whiteboard/flip charts
      • Your Enterprise Application Implementation Playbook
      • Project team
      • Operations
      • SMEs
      • Team lead and facilitators
      • IT leaders

    1.2.1 Identify your stakeholders(Continued)

    Example

    Table with rows of stakeholders: Customer, End Users, IT, Vendor and other listed. Columns provide: description, examples, value and involvement level of each stakeholder.

    Step 1.3

    Review project vision and guiding principles

    Activities

    1.3.1 Align on a project vision

    1.3.2 List your guiding principles

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Project vision and guiding principles

    Vision and guiding principles

    GUIDING PRINCIPLES

    Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.

    Creating Guiding Principles

    Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.

    EXAMPLES
    • [Organization] is implementing an ERP system to streamline processes and reduce redundancies, saving time and money.
    • [Organization] is implementing an ERP to integrate disparate systems and rationalize the application portfolio.
    • [Organization] is aiming at taking advantage of industry best practices and strives to minimize the level of customization required in solution.

    Questions to Ask

    1. What is a strong statement that will help guide decision making throughout the life of the ERP project?
    2. What are your overarching requirements for business processes?
    3. What do you ultimately want to achieve?
    4. What is a statement that will ensure all stakeholders are on the same page for the project?

    1.3.1 Align on a project vision

    1-2 hours

    1. As a group, discuss whether you want to create a separate project vision statement or restate your corporate vision and/or goals.
      1. A project vision statement will provide project-guiding principles, encompass the project objectives, and give a rationale for the project.
      2. Using the corporate vision/goals will remind the business and IT that the project is to implement an enterprise application that supports and enhances the organizational objectives.
    2. Record the project vision in section 1.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Project vision statement defined during strategy building
    • Your project vision

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.1 Align on a project vision (Continued)

    Example

    Project Vision

    We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real-time data-driven decisions, increased employee productivity, and IT investment protection.

    Guiding principles examples

    The guiding principles will help guide your decision-making process. These can be adjusted to align with your internal language.

    • Support business agility: A flexible and adaptable integrated business system providing a seamless user experience.
    • Use best practices: Do not recreate or replicate what we have today; focus on modernization. Exercise customization governance by focusing on those customizations that are strategically differentiating.
    • Automate: Take manual work out where we can, empowering staff and improving productivity through automation and process efficiencies.
    • Stay focused: Focus on scope around core business capabilities. Maintain scope control. Prioritize demand in line with the strategy.
    • Strive for "one source of truth": Unify data model and integrate processes where possible. Assess integration needs carefully.

    1.3.2 List your guiding principles

    1-2 hours

    1. Start with the guiding principles defined during the strategy building.
    2. Review each of the sample guiding principles provided and ask the following questions:
      1. Do we agree with the statement?
      2. Is this statement framed in the language we use internally? Does everyone agree on the meaning of the statement?
      3. Will this statement help guide our decision-making process?
    3. Record the guiding principles in section 1.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Guiding principles defined during strategy building
    • Your guiding principles

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.3.2 List your guiding principles (Continued)

    Example

    Guiding principals: Support business agility, use best practices, automate, stay focused, strive for `one source truth`.

    Step 1.4

    Review project objectives

    Activities

    1.4.1 Confirm your goals and objectives for the implementation project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The objectives of the implementation project

    Review the elements of the project charter

    Leverage completed deliverables to get project managers started down the path of success.

    Deliverables of project chaters for PMs. Project purpose, scope, logistics and sign-off.

    1.4.1 List your guiding principles

    1-2 hours

    1. Articulate the high-level objectives of the project. (What are the goals of the project?)
    2. Elicit the business benefits the sponsor is committed to achieving. (What are the business benefits of the project?)
    3. Record Project goals and objectives in section 1.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your BizDevOps objectives and metrics
    • Understanding of various collaboration methods, such as Scrum, Kanban, and Scrumban
    • Your chosen collaboration method

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.4.1 Confirm your goals and objectives for the implementation project (Continued)

    Example:

    Project Objectives: End-user visibility, New business development, employee experience. Business Benefits for each objective listed.

    Step 1.5

    Establish project governance

    Activities

    1.5.1 Define the project governance structure

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Approach to build an effective project governance

    1.5.1 List your guiding principles

    0.5-1 hour

    1. Identify the IT governance structure in place today and document the high-level function of each body (councils, steering committees, review boards, centers of excellence, etc.).
    2. Identify and document the existing enterprise applications governance structure, roles, and responsibilities (if any exist).
    3. Identify gaps and document the desired enterprise applications governance structure, roles, and responsibilities.
    4. Record the project governance structure in section 1.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • IT governance structure
    • Your project governance structure

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Governance is NOT management

    Three levels of governance: Team Level, Steering Committee Level, and Executive Governance Level.

    Info-Tech Insight

    You won’t get engagement unless there is a sense of accountability. Do not leave this vague. Accountability needs to be assigned to specific individuals in your organization to ensure the system development achieves what was intended by your organization and not what your system integrator (SI) intended.

    Who is accountable?

    Too many assumptions are made that the SI is accountable for all implementation activities and deliverables – this is simply untrue. All activities can be better planned for, and misunderstandings can be avoided, with a clear line of sight on roles and responsibilities and the documentation that will support these assumptions.

    Discuss, define, and document roles and responsibilities:
    • For each role (e.g. executive sponsor, delivery manager, test lead, conversion lead), clearly articulate the responsibilities of the role, who is accountable for fulfillment, and whether it’s a client role, SI role, or both.
    • Articulate the purpose of each deliverable clearly, define which individual or team has responsibility for it, and document who is expected to contribute.
    • Empower the team by granting them the authority to make decisions. Ease their reluctance to think outside the box for fear of stakeholder or user backlash.
    • The implementation cannot and will not be transformative if the wrong people are involved or if the right people have not been given the tools required to succeed in their role.

    1.5.2 List your guiding principles

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation. Inventory the competencies required for an enterprise implementation team. Map your internal resources to each competency as applicable.
    2. Select your internal implementation team. Determine who needs to be involved closely with the implementation. Key stakeholders should also be considered as members of your implementation team.
    3. Identify the number of external consultants/support required for implementation. Consider your in-house skills, timeline, integration environment complexity, and cost constraints as you make your resourcing plan.
    4. Record governance team roles and responsibilities in 1.9 section of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Available resources (internal, external, contract)
    • Your governance structure roles and responsibilities

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    1.5.2 Define governance team roles and responsibilities (Continued)

    Example

    Governance team roles and their responsibilities.

    Phase 2

    Set up for success

    3 phases, phase 2 is highlighted.

    This phase will walk you through the following activities:

    2.1. Review project scope

    2.2. Define project metrics

    2.3. Prepare for project risks

    2.4. Identify the project team

    2.5. Define your change management process

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 2.1

    Review project scope

    Activities

    2.1.1 Gather and review requirements

    2.1.2 Confirm your scope for implementation

    2.1.3 Formulate a scope statement

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project scope

    Requirements are key to defining scope

    Project scope management includes the processes required to ensure that the project includes all and only the work required to complete the project successfully. Therefore, managing project scope is about defining and controlling what is and is not included in the project.

    PMBOK defines requirements as “conditions or capabilities that are to be met by the project or present in the product, service, or result to satisfy an agreement or other formally imposed specification.” Detailed requirements should be gathered and elicited in order to provide the basis for defining the project scope.

    70% of projects fail due to poor requirements, organizations using poor practices spent 62% more, 4th highest correlation to high IT performance is requirements gathering.

    Well-executed requirements gathering results in:

    • Consistent approach from project to project, resulting in more predictable outcomes.
    • Solutions that meet the business need on the surface and under the hood.
    • Reduce risk for fast-tracked projects by establishing a right-sized approach.
    • Requirements team that can drive process improvement and improved execution.
    • Confidence when exploring solution alternatives.

    Poorly executed requirements gathering results in:

    • IT receiving the blame for any project shortcomings or failures.
    • Business needs getting lost in the translation between the initial request and final output.
    • Inadequate solutions or cost overruns and dissatisfaction with IT.
    • IT losing its credibility as stakeholders do not see the value and work around the process.
    • Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget.
    • Inconsistent project execution, leading to inconsistent outcomes.

    Strong stakeholder satisfaction with requirements results in higher satisfaction in other areas

    High stakeholder satisfaction with requirements results in higher satisfaction in other areas.

    Note: “High satisfaction” was classified as a score greater or equal to eight, and “low satisfaction” was every organization that scored below eight on the same questions.

    2.1.1 Gather and review requirements

    1-2 hours

    1. Once existing documentation has been gathered, evaluate the effectiveness of the documentation and decide whether you need additional information to proceed to current-state mapping.
    2. The initiative team should avoid spending too much time on the discovery phase, as the goal of discovery is to obtain enough information to produce a level-one current-state map.
    3. Consider reviewing capabilities, business processes, current applications, integration, and data migration.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration
    • Your requirements, capabilities, business processes, current applications, integration, and/or data migration revisited

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.1 Requirements list

    Example

    Requirements with description, category and priority.

    2.1.2 Confirm your scope for implementation

    1-2 hours

    1. Based on the requirements, write down features of the product or services, as well as dependencies with other interfaces.
    2. Write down exclusions to guard against scope creep.
    3. Validate the scope by asking these questions:
      1. Will this scope provide a common understanding for all stakeholders, including those outside of IT, as to what the project will accomplish and what it excludes?
      2. Should any detail be added to prevent scope creep later?
    4. Record the project scope in section 2.1 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook

    Input

    Output

    • What’s in scope
    • What’s out of scope
    • What needs to integrate
    • Your scope areas

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.2 Scope detail

    Example

    Example of scope detail. Table with scope levels: In scope, out of scope and existing scope. Each scope level has details about it listed.

    Distill your requirements into a scope statement

    Requirements are about the what and the how.
    Scope specifies the features of the product or service – what is in and what is out
    Table showing Requirement document vs. Scope statement. It lists the audience, content, inputs and outputs for each.

    The Build Your Enterprise Application Implementation Playbook 2.2 Project Scope Statement includes:

    • Scope description (features, how it interfaces with other solution components, dependencies).
    • Exclusions (what is not part of scope).
    • Deliverables (product outputs, documentation).
    • Acceptance criteria (what metrics must be satisfied for the deliverable to be accepted).
    • Final sign-off (owner).
    • Project exclusions (scope item, details).

    The scope statement should communicate the breadth of the project

    To assist in forming your scope statement, answer the following questions:
    • What are the major coverage points?
    • Who will be using the systems?
    • How will different users interact with the systems?
    • What are the objectives that need to be addressed?
    • Where do we start?
    • Where do we draw the line?

    2.1.3 Formulate a scope statement

    1-2 hours

    1. Lay out the scope description (features, how it interfaces with other solution components, dependencies).
    2. Record the exclusions (what is not part of scope).
    3. Fill out the scope statement.
    4. Record the scope statement in section 2.2 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your scope areas
    • Your scope statement

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Scope statement template
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.1.3 Scope statement

    Example

    Examples of scope statements showing the following: Product or service in scope, project deliverables and acceptance criteria, and project exclusions.

    Step 2.2

    Review project scope

    Activities

    2.2.1 Define metrics for your project

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    The project metrics

    Building leading indicators

    Lagging KPIs are relatively simple to identify, whereas leading KPIs can be more elusive.

    For example, take the lagging KPI “Customer Satisfaction.” How do you turn that into a leading KPI? One method is to look at sources of customer complaints. In a retail sales system, backordered items will negatively impact customer satisfaction. As a leading indicator, track the number of orders with backordered lines and the percentage of the total order that was backordered.

    Performance Metrics

    Use leading and lagging metrics, as well as benchmarks, to track the progress of your system.

    Leading KPIs: Input-oriented measures:

    • Number of active users in the system.
    • Time-to-completion for processes that previously experienced efficiency pain points.

    Lagging KPIs: Output-oriented measures:

    • Faster production times.
    • Increased customer satisfaction scores

    Benchmarks: A standard to measure performance against:

    • Number of days to ramp up new users.

    Info-Tech Insight

    Leading indicators make the news; lagging indicators report on the news. Focusing on leading indicators allows you to address challenges before they become large problems with only expensive solutions.

    2.2.1 Define metrics for your project

    1-2 hours

    1. Examine outputs from any feedback mechanisms you have (satisfaction surveys, emails, existing SLAs, burndown charts, resourcing costs, licensing costs per sprint, etc.).
    2. Look at historical trends and figures when available. However, be careful of frequent anomalies, as these may indicate a root cause that needs to be addressed.
    3. Explore the definition of specific metrics across different functional teams to ensure consistency of measurement and reporting.
    4. Record the Project Metrics in section 2.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Outputs of any feedback mechanism
    • Historical trends
    • Your project tracking metrics

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.2.1 Metrics

    In addition to delivery metrics and system performance metrics, equip the business with process-based metrics to continuously prove the value of the enterprise software. Review the examples below as a starting point.

    Table showing metrics and desciption. Metrics listed are: Percent of requirements complete, issues found, issues resolved, and percent of processess complete.

    Step 2.3

    Prepare for project risks

    Activities

    2.3.1 Build a risk event menu

    2.3.2 Determine contextual risks

    2.3.3 Determine process risks

    2.3.4 Determine business risks

    2.3.5 Determine change risks

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your product canvas and product vision statement

    All risks are not created equal

    Project Risk consists of: Contextual risk, process risk, change risk and business risk.

    For more information on Info-Tech’s Four-Pillar Risk Framework, please see Right-Size Your Project Risk Investment.

    Info-Tech’s Four-Pillar Risk Framework

    Unusual risks should be detected by finding out how each project is different from the norm. Use this framework to start this process by confronting the risks that are more easily anticipated.

    2.3.1 Build a risk event menu

    0.5-1 hour

    1. Build and maintain an active menu of potential risk events across the four risk categories.
    2. Record the risk event menu in section 2.4 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Risk events
    • Your risk events menu

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.1 Risk event menu

    Example

    Risk event menu example. A table with: Contextual Risk, process risk, business risk, change risk events with examples for each.

    2.3.2 Determine contextual risks

    0.5-1 hour

    1. Contextual risk factors are those that operate within the context of your department, organization, and/or community.
    2. Fill out contextual risks.
    3. Record the contextual risks in section 2.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your contextual risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.2 Contextual risks

    Example

    two tables for Contextual risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.3 Determine process risks

    0.5-1 hour

    1. Process risks are those that involve project sponsorship, project management, business and functional requirements, work assignment, communication, and/or visibility.
    2. Fill out process risks.
    3. Record the process risks in section 2.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your process risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.3 Process risks

    Example

    two tables for Process risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.4 Determine business risks

    0.5-1 hour

    1. Business risks are those that affect the bottom line of the organization. They usually have implications on revenue, costs, and/or image.
    2. Fill out business risks.
    3. Record the business risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.4 Business risks

    Example

    two tables for Business risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    2.3.5 Determine change risks

    0.5-1 hour

    1. Change risks are those that result from imposing changes on the people and customers of the organization and their daily routines.
    2. Fill change risks.
    3. Record the change risks in section 2.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your risk events menu
    • Your list of people involved in risk management
    • Your business risks

    Materials

    Participants

    • Project Risk Management Workbook
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.3.5 Change risks

    Example

    two tables for Change risks. Table 1: Risk identification with event name, risk cause, impact and risk owner. Table 2: shows probability of risk, impact, rating, recommended action, and any mitigations.

    Step 2.4

    Identify the project team

    Activities

    2.4.1 Establish team composition

    2.4.2 Identify the team

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to get your project team ready

    Understand the unique external resource considerations for the implementation

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    The most common project resourcing structures for enterprise projects are:

    1. Management consultant
    2. Vendor consultant
    3. System integrator

    When contemplating a resourcing structure, consider:

    • Availability of in-house implementation competencies and resources.
    • Timeline and cost constraints.
    • Integration environment complexity.

    CONSIDER THE FOLLOWING

    Internal Vs. External Roles and Responsibilities

    Clearly delineate between internal and external team responsibilities and accountabilities and communicate this to your technology partner upfront.

    Internal Vs. External Accountabilities

    Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.

    Partner Implementation Methodologies

    Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner’s implementation methodology; however, you know what will work for your organization.

    Info-Tech Insight

    Selecting a partner is not just about capabilities, it’s about compatibility! Ensure you select a partner that has a culture compatible with your own.

    2.4.1 Establish team composition

    0.5-1 hour

    1. Assess the skills necessary for an enterprise implementation.
    2. Select your internal implementation team.
    3. Identify the number of external consultants/support required for implementation.
    4. Document the roles and responsibilities, accountabilities, and other expectations as they relate to each step of the implementation.
    5. Record the team composition in section 2.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • List of project team skills
    • Your team composition
    • Your business risks

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.1 Team composition

    Example

    Team composition: Role of each team member, and their skills.

    2.4.2 Identify the team

    0.5-1 hour

    1. Identify a candidate for each role and determine their responsibility in the project and their expected time commitment.
    2. The project will require a cross-functional team within IT and business units. Make sure the responsibilities are clearly communicated to the selected project sponsor.
    3. Create a RACI matrix for the project.
    4. Record the team list in section 2.10 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your team composition
    • Your team with responsibilities and commitment

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.4.2 Team list

    Example

    Team list: Role of each team member, candidate, responsibilities, and their commitment in hours per week.

    RACI example

    RACI example. Responsibilities and team member roles that are tasked with each responsibility.

    Step 2.5

    Define your change management process

    Activities

    2.5.1 Define OCM structure and resources

    2.5.2 Define OCM team’s roles and responsibilities

    2.5.3 Define requirements for training

    2.5.4 Create a communications plan for stakeholder groups, and delivery teams

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    A structure and procedures for an effective organizational change management

    Define your change management process to improve quality and adoption

    Organizational change management is the practice through which the PMO can improve user adoption rates and maximize project benefits.

    Correlation of change management effectiveness with meeting results.

    “It’s one thing to provide a new technology tool to your end users.

    It’s quite another to get them to use the tool, and still different for them to use the new tool proficiently.

    When your end users fully use a new technology and make it part of their daily work habits, they have ‘adopted’ the new tool.”

    – “End-User Adoption and Change Management Process” (2022)

    Large projects require organizational change management

    Organizational change management (OCM) governs the introduction of new business processes and technologies to ensure stakeholder adoption. The purpose of OCM is to prepare the business to accept the change.

    OCM is a separate body of knowledge. However, as a practice, it is inseparable from project management.

    In IT, project planning tends to fixate on technology, and it underestimates the behavioral and cultural factors that inhibit user adoption. Whether change is project-specific or continuous, it’s more important to instill the desire to change than to apply specific tools and techniques.

    Accountability for instilling this desire should start with the project sponsor. The project manager should support this with effective stakeholder and communication management plans.

    16% of projects with poor change management met or exceeded objectives. 71% of projects with excellent change management finish on or ahead of schedule. 67% of organizations include project change management in their initiatives.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    Your application implementation will be best served by centralizing OCM

    A centralized approach to OCM is most effective, and the PMO is already a centralized project office and is already accountable for project outcomes.

    What’s more, in organizations where accountabilities for OCM are not explicitly defined, the PMO will likely already be assumed to be the default change leader by the wider organization.

    It makes sense for the PMO to accept this accountability – in the short term at least – and claim the benefits that will come from coordinating and consistently driving successful project outcomes.

    In the long term, OCM leadership will help the PMO become a strategic partner with the executive layer and the business side.

    Short-term gains made by the PMO can be used to spark dialogues with those who authorize project spending and have the implicit fiduciary obligation to drive project benefits.

    Ultimately, it’s their job to explicitly transfer that obligation along with the commensurate resourcing and authority for OCM activities.

    Organizational resistance to change is cited as the #1 challenge to project success that PMOs face. Companies with mature PMOs that effectively manage change meet expectations 90% of the time.

    For further discussion on organizational change, use Info-Tech’s blueprint, Master Organizational Change Management Practices

    2.5.1 Define OCM structure and resources

    0.5-1 hour

    1. Assess the roles and resources that might be needed to help support these OCM efforts.
    2. Record the OCM structure in section 2.11 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your OCM structure and resources

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.1 OCM structure and resources

    Example

    OCM structure example. Table showing OCM activity and resources available to support.

    2.5.2 Define OCM team’s roles and responsibilities

    0.5-1 hour

    1. Assess the tasks required for the team.
    2. Determine roles and responsibilities.
    3. Record the results in the RACI matrix in section 2.13 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your communications timeline
    • Your OCM structure and resources
    • Your OCM plan and RACI matrix

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    OCM team’s roles and responsibilities

    Example

    Responsibilities for OCM team members.

    2.5.3 Define requirements for training

    0.5-1 hour

    1. Analyze HR requirements to ensure efficient use of HR and project stakeholder time.
    2. Outline appropriate HR and training activities.
    3. Define training content and make key logistical decisions concerning training delivery for staff and users.
    4. Record training requirements in section 2.14 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM Plan and RACI matrix
    • Your HR training needs

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    2.5.3 Training requirements

    Example

    Training requirements example: Project milestones, milestone time frame, hr/training activities, activity timing, and notes.

    Project communication plans must address creation, flow, deposition, and security of project information

    A good communication management plan is like the oil that keeps moving parts going. Ensuring smooth information flow is a fundamental aspect of project management.

    Project communication management is more than keeping track of stakeholder requirements. A communication management plan must address timely and appropriate creation, flow, and deposition of information about the project – as well as the security of the information.

    Create:

    • In addition to standardized status reporting elements discussed for level 1 projects, level 2 and 3 projects may require additional information to be disseminated among key stakeholders and the PMO.

    Flow:

    • The plan must address the methods of communication. Distributed project teams require more careful planning, as they pose additional communication challenges.

    Deposit:

    • As the volume of information continues to grow exponentially, retrieving information becomes a challenge. The plan for depositing project information must be consistent with your organization’s content management policies.

    Security:

    • Preventing unauthorized access and information leaks is important for projectsthat are intended to provide the organization with a competitive edge or for projects that deal with confidential data.
    45% of organizations had established mature communications and engagement processes.

    2.5.4 Create a communications timeline

    0.5-1 hour

    1. Base your change communications on your organization’s cultural appetite for change in general.
    2. Document communications plan requirements.
    3. Create a high-level communications timeline.
    4. Tailor a communications strategy for each stakeholder group.
    5. Record the communications timeline in section 2.12 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your OCM structure and resources
    • Your project objectives
    • Your project scope
    • Your stakeholders’ management plan
    • Your communications timeline

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example of communications timeline

    Project sponsors are the most compelling storytellers to communicate the change

    Example of project communications timeline. Planning, requirements, design, development, QA, deployment, warranty, and benefits/closure.

    Info-Tech Insight

    Communication with stakeholders and sponsors is not a single event, but a continual process throughout the lifecycle of the project implementation – and beyond!

    Phase 3

    Document your plan

    3 phases, phase 3 is highlighted.

    This phase will walk you through the following activities:

    3.1 Develop a master project plan

    3.2. Define a follow-up plan

    3.3. Define the follow-up process

    3.4. Understand what’s next

    This phase involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Step 3.1

    Develop a master project plan

    Activities

    3.1.1 Define your implementation steps

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your resourcing and master plans

    Resources Vs. Demand

    Organizations rarely have sufficient internal staffing to resource an enterprise software implementation project entirely on their own. Consider the options for closing the gap in internal resource availability.

    Project demand: Data classification, cloud strategy, application rationalization, recovery planning etc. must be weighted against the organizations internal staffing resources.

    Competing priorities

    Example

    Table for competing priorities: List of projects, their timeline, priority notes, and their implications.

    3.1.1 Define your implementation steps

    0.5-1 hour

    1. Write each phase of the project on a separate sticky note and add it to the whiteboard. Determine what steps make up each phase. Write each step of the phase on a separate sticky note and add it to the whiteboard.
    2. Determine what tasks make up each step. Write each task of the step on a separate sticky note and add it to the whiteboard.
    3. Record the tasks in the Your Enterprise Application Implementation Playbook – Timeline tool. This tool has an example of a typical list of tasks, to help you start your master plan. Use the timeline for project planning and progress tracking.
    4. Record your project’s basic data and work schedule.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Project's work breakdown structure
    • Your project master plan

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Implementation plan – basic data

    Record your project name, project manager, and stakeholders from previous exercises.

    Example project information form: Project name, estimated start date, estimated end date, project manager, stakeholders, and time off of project.

    Implementation plan – work schedule

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    Use this template to keep track of all project tasks, dates, owners, dependencies, etc.

    “Actual Start Date” and “Actual Completion Date” columns must be updated to be reflected in the Gantt chart.

    This information will also be captured as the source for session 3.2.1 dashboards.

    Step 3.2

    Define a follow up plan

    Activities

    3.2.1 Create templates to enable follow-up throughout the project

    3.2.2 Decide on the tracking tools to help during your implementation

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create the processes and define the tools to track progress

    Leveraging dashboards

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    For further information on monitoring the project, use Info-Tech’s blueprint, Governance and Management of Enterprise Software Implementation

    Build a dashboard that reflects the leading metrics you have identified. Call out requirements that represent key milestones in the implementation.

    3.2.1 Create templates to enable follow-up throughout the project

    0.5-1 hour

    1. Create status report, dashboards/charts, budget control, risk/issues/gaps templates, and change request forms.
    2. Build a dashboard that reflects the leading metrics you have identified.
    3. Call out requirements that represent key milestones in the implementation.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your projects master plan
    • Your project follow-up kit

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Dashboards

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress

    Based on the inputs in session 3.1.1 Define Your Implementation Steps, once the “Actual Start Date” and “Actual Completion Date” columns have been updated, this dashboard will present the project status and progress.

    This executive overview of the project's progress is meant to be used during the status meeting.

    Select the right tools

    Use SoftwareReviews to explore product features, vendor experience, and capability satisfaction.

    SoftwareReviews, Requirements Management, 2023

    SoftwareReviews, Project Management, 2023

    SoftwareReviews, Business Intelligence & Analytics, 2023

    3.2.2 Decide on the tracking tools to help during your implementation

    0.5-1 hour

    1. Based on the standards within your organization, select the appropriate project tracking tools to help you track the implementation project.
    2. If you do not have any tools or wish to change them, please see leverage Info-Tech’s SoftwareReviews to help you in making your decision.
    3. Consider tooling across a number of different categories:
      1. Requirements Management
      2. Project Management
      3. Reporting and Analytics
    4. Record the project tracking tools in section 3.3 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up kit
    • Your project follow-up kit tools

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Example: project tools

    Table listing project tools by type, use, and products available.

    Step 3.3

    Define a follow-up process

    Activities

    3.3.1 Define project progress communication

    3.3.2 Create a change request process

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Steps to create your follow-up process

    Project status updates should occur throughout the implementation

    Project status updates can be both formal and informal. Formal status updates provide a standardized means of disseminating information on project progress. It is the lifeblood of project management: Accurate and up-to-date status reporting enables your project manager to ensure that your project can continue to use the resources needed.

    Informal status updates are done over coffee with key stakeholders to address their concerns and discuss key outcomes they want to see. Informal status updates help to build a more personal relationship.

    Ask for feedback during the status update meetings. Use the meeting as an opportunity to align values, goals, and incentives.

    Codify the following considerations:

    • Minimum requirement for a formal status update:
      • Frequency of reporting, as required by the project portfolio
      • Parties to be consulted and informed
      • Recording, producing, and archiving meeting minutes, both formal and informal
    • Procedure for follow-up on feedback generated from status updates:
      • Filing change requests
      • Keeping the change requester/relevant stakeholders in the loop

    3.3.1 Define project progress communication

    0.5-1 hour

    1. Provide a standardized means of disseminating information on project progress.
    2. Create an accurate and up-to-date status report to help keep team engaged and leadership supporting the project.
    3. Record the project progress communication in section 3.5 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project follow-up process
    • Your project progress communication

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Project progress communication

    Example

    Example table of project progress communication. Audience, purpose, delivery/format, communicator, delivery date, and status/notes.

    Manage project scope changes

    1. Change in project scope is unpredictable and almost inevitable regardless of project size. If changes are not properly managed, the project runs the risk of scope creep and loss of progress. Therefore, changes need to be monitored and controlled.
    2. Scope change can be initiated voluntarily by the project sponsor or other stakeholders, or it could be a mandatory reaction to changing project process.
    3. Scope change may also take place due to internal factors such as a stakeholder requiring more extensive insights or external factors such as changing market conditions.
    4. Scope changes have the potential to affect project outcomes either positively or negatively, depending on how the change is managed and implemented. The project manager should take care to maintain focus on the project’s ultimate objectives; consideration needs to be given as to what to do and what to give up.
    5. If changes arise, project managers should ensure that adequate resources and actions are provided so the project can be completed on time and on budget.
    • The project manager needs to use both hard and soft skills: analytical skills for evaluating and quantifying the impact of potential changes and communication skills for communicating and negotiating with stakeholders.
    • Build trust and credibility by taking an evidence-based approach when presenting changes. This gives you room to respectfully push back on certain changes.
    • Assess changes before crossing them off the list, but don’t be afraid to say no. Greater care must be taken when there is very limited budgetary freedom or when scope changes will interfere with the critical path.
    • All change requests must be received by the project manager first so they can make sure that IT project resources are not approached with multiple ad hoc change requests.

    Document your process to manage project change requests

    1 Initial assessment

    Using the scope statement as the reference point:

    • Why do we need the change?
    • Is the change necessary?
    • What is the business value that the change brings to the project?

    Recommend alternative solutions that are easier to implement while consulting the requester.

    2 Minor change

    If the change has been classified as minor, the project manager and the project team can tackle it directly, since it doesn’t affect project budget or schedule in a significant way. Ensure that the change is documented.

    3 conduct an in-depth assessment

    The project manager should bring major changes to the attention of the project sponsor and carry out a detailed assessment of the change and its impact.

    Additional time and resources are required to do the in-depth assessment because the impact on the project can be complex and affect requirements, resources, budget, and schedule.

    4 Obtain approval from the governing body

    Present the results to the governing body. Since a major change significantly affects the project baseline beyond the authorized contingency, it is the responsibility of the governing body to either approve the change with allocation of additional resources or reject the change and maintain course.

    Flow chart to document your process to manage project change requests.

    For further discussion on change requests, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind

    3.3.2 Create a change request process

    0.5-1 hour

    1. Identify any existing processes that you have for addressing changes for projects.
    2. Discuss whether or not the current change request process will suit the project at hand.
    3. Define the agreed-to change request process that fits your organization’s culture.
    4. For a change request template, you can leverage, refer to section 3.6 of Info-Tech’s Your Enterprise Application Implementation Playbook.
    5. Make any changes to the template as necessary.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project scope
    • Your change request

    Materials

    Participants

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    3.3.2 Create a change request process (Continued)

    Example of a change request process form.

    Step 3.4

    Understand what's next

    Activities

    3.4.1 Run a “lessons learned” session for continuous improvement

    3.4.2 Prepare a closure document for sign-off

    3.4.3 Document optimization and future release opportunities

    This step involves the following participants:

    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Outcomes of this step

    Lessons learned throughout the project-guiding

    Good project planning is key to smooth project closing

    Begin with the end in mind. Without a clear scope statement and criteria for acceptance, it’s anyone’s guess when or how a project will end.

    During the closing process, the project manager should use planning and execution documents, such as the project charter and the scope statement, to assess project completeness and obtain sign-off based on the acceptance criteria.

    Project completion criteria should be clearly defined. For example, the project is defined as finished when costs are in, vendor receipts are received, financials are reviewed and approved, etc.

    However, there are other steps to be taken after completing the project deliverables. These activities include:

    • Transferring project knowledge and operations to support
    • Completing user training
    • Obtaining business sign-off and acceptance
    • Releasing resources
    • Conducting post-mortem meeting
    • Archiving project assets

    The project manager needs to complete all project management processes, including:

    • Risk management (close out risk assessment and action plan)
    • Quality management (test the final deliverables against acceptance criteria)
    • Stakeholder management (decision log, close out issues, plan and assign owners for resolutions of open issues)
    • Project team management (performance evaluation for team members as well as the project manager)

    3.4.1 Define the process for lessons learned

    0.5-1 hour

    1. Determine the reporting frequency for lessons learned.
    2. Consider attributing lessons learned to project phases.
    3. Coordinate lessons learned check-ins with project milestones to review and reflect.
    4. At each reporting session, the project team should identify challenges and successes informally.
    5. The PM and the PMO should transform the reports from each team member into formalized lessons.
    6. Record lessons learned for each project in section 3.7 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project's lessons learned

    Materials

    Participants

    • Project Lessons Learned Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Lessons learned

    Example

    Form: Project successes, notes, areas of imporvement, impact, solution.

    Watch for these potential problems with project closure

    Don’t leave the door open for stakeholder dissatisfaction. Properly close out your projects.

    Potential problems with project closure.

    For further information on project closure issues, use Info-Tech’s blueprint, Get Started With Project Management Excellence.

    3.4.2 Prepare a closure document for sign-off

    0.5-1 hour

    1. Create a realistic closure and transition process that gains sign-off from the sponsor.
    2. Prepare a project closure checklist.
    3. Transfer accountability to operations, release project resources, and avoid disrupting other projects that are trying to get started.
    4. Record the project closure document in section 3.8 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your project's closure checklist

    Materials

    Participants

    • Project closure checklist Template
    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Closure checklist

    Project closure checklist. project management checklist, deliverables, goals, benefits, outstanding action items and issues, handover of technical documents, knowledge transfer, sign-off.

    For further information on closure procedures, use Info-Tech’s blueprint, Begin Your Projects With the End in Mind.

    3.4.3 Document optimization and future release opportunities

    0.5-1 hour

    Consider the future opportunities for improvement post-release:

    1. Product and vendor satisfaction opportunities
    2. Capability and feature optimization opportunities
    3. Process optimization opportunities
    4. Integration optimization opportunities
    5. Data optimization opportunities
    6. Cost-saving opportunities
    7. Record optimization and future release opportunities in section 3.9 of Info-Tech’s Your Enterprise Application Implementation Playbook.

    Download

    Your Enterprise Application Implementation Playbook.

    Input

    Output

    • Your project objectives
    • Your project scope
    • Your optimization opportunities list

    Materials

    Participants

    • Whiteboard/flip charts
    • Your Enterprise Application Implementation Playbook.
    • Project team
    • Operations
    • SMEs
    • Team lead and facilitators
    • IT leaders

    Optimization opportunities

    Example

    Optimization types and opportunities.

    Related Info-Tech Research

    Build upon your foundations

    Build an ERP Strategy and Roadmap

    • A business-led, top-management-supported initiative partnered with IT has the greatest chance of success. This blueprint provides business and IT the methodology for getting the right level of detail for the business processes that the ERP supports thus avoiding getting lost in the details.

    Governance and Management of Enterprise Software Implementation

    • Implementing enterprise software is hard. You need a framework that will greatly improve your chance of success. Traditional Waterfall project implementations have a demonstrated a low success rate for on-time, on-budget delivery.

    Select and Implement a Human Resource Information System

    • Your organization is in the midst of a selection and implementation process for a human resource information system (HRIS), and there is a need to disambiguate the market and arrive at a shortlist of vendors.

    Select and Implement an ERP Solution

    • Selecting and implementing an ERP is one of the most expensive and time-consuming technology transformations an organization can undertake. ERP projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized.

    Right-Size Your Project Risk Investment

    • Avoid the all-or-nothing mindset; even modest investments in risk will provide a return. Learn from and record current and historical risk events so lessons learned can easily be embedded into future projects. Assign someone to own the risk topic and make it their job to keep a relevant menu of risks.

    Related Info-Tech Research

    Build upon your foundations

    Drive Business Value With a Right-Sized Project Gating Process

    • Many organizations have implemented gating as part of their project management process. So, what separates those who are successful from those who are not? For starters, successful gating requires that each gate is treated as an essential audit. That means there need to be clear roles and responsibilities in the framework.

    Master Organizational Change Management Practices

    • Organizational change management (OCM) is often an Achilles’ heel for IT departments and business units, putting projects and programs at risk – especially large, complex, transformational projects.

    Get Started With Project Management Excellence

    • Lack of proper scoping at the beginning of the project leads to constant rescoping, rescheduling, and budget overruns.

    ERP Requirements Picklist Tool

    • Use this tool to collect ERP requirements in alignment with the major functional areas of ERP. Review the existing set of ERP requirements as a starting point to compiling your organization's requirements.

    Begin Your Projects With the End in Mind

    • Stakeholders are dissatisfied with IT’s inability to meet or even provide consistent, accurate estimates. The business’ trust in IT erodes every time a project is late, lost, or unable to start.

    Get Started With IT Project Portfolio Management

    • Most companies are struggling to get their project work done. This is due in part to the fact that many prescribed remedies are confusing, disruptive, costly, or ineffective.

    Bibliography

    7 Shocking Project Management Statistics and Lessons We Should Learn.” TeamGantt, Jan. 2017.

    Akrong, Godwin Banafo, et al. "Overcoming the Challenges of Enterprise Resource Planning (ERP): A Systematic Review Approach." IJEIS vol.18, no.1 2022: pp.1-41.

    Andriole, S. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Andriole, Steve. “Why No One Can Manage Projects, Especially Technology Projects.” Forbes, 1 Dec. 2020.

    Beeson, K. “ERP Implementation Plan (ERP Implementation Process Guide).” ERP Focus, 8 Aug. 2022.

    Biel, Justin. “60 Critical ERP Statistics: 2022 Market Trends, Data and Analysis.” Oracle Netsuite, 12 July 2022.

    Bloch, Michael, et al. “Delivering Large-Scale IT Projects on Time, on Budget, and on Value.” McKinsey & Company, 2012.

    Buverud, Heidi. ERP System Implementation: How Top Managers' Involvement in a Change Project Matters. 2019. Norwegian School of Economics, Ph.D. thesis.

    Carlton, R. “Four ERP Implementation Case Studies You Can Learn From.” ERP Focus, 15 July 2015.

    Gopinath, S. Project Management in the Emerging World of Disruption. PMI India Research and Academic Conference 2019. Kozhikode Publishers.

    Grabis, J. “On-Premise or Cloud Enterprise Application Deployment: Fit-Gap Perspective.” Enterprise Information Systems. Edited by Filipe, J., Śmiałek, M., Brodsky, A., Hammoudi, S. ICEIS, 2019.

    Harrin, E. The Definitive Guide to Project Sponsors. RGPM, 13 Dec. 2022.

    Jacobs-Long, Ann. “EPMO’s Can Make A Difference In Your Organization.” 9 May 2012.

    Kotadia, C. “Challenges Involved in Adapting and Implementing an Enterprise Resource Planning (ERP) Systems.” International Journal of Research and Review vol. 7 no. 12 December 2020: 538-548.

    Panorama Consulting Group. "2018 ERP Report." Panorama Consulting Group, 2018. Accessed 12 Oct. 2021.

    Panorama Consulting Group. "2021 ERP Report." Panorama Consulting Group, 2021. Accessed 12 Oct. 2021.

    PM Solutions. (2014). The State of the PMO 2014.

    PMI. Pulse of the Profession. 2017.

    Podeswa, H. “The Business Case for Agile Business Analysis.” Requirements Engineering Magazine, 21 Feb. 2017.

    Project Delivery Performance in Australia. AIPM and KPMG, 2020.

    Prosci. (2020). Prosci 2020 Benchmarking Data from 2007, 2009, 2011, 2013, 2015, 2017, 2019.

    Swartz, M. “End User Adoption and Change Management Process.” Swartz Consulting LLC, 11 July 2022.

    Trammell, H. “28 Important Project Management KPIs (& How To Track Them).” ClearPoint Strategy, 2022.

    “What are Business Requirements?" Requirements.com, 18 Oct. 2018.

    “What Is the Role of a Project Sponsor?” Six Sigma Daily, 18 May 2022.

    “When Will You Think Differently About Programme Delivery?” 4th Global Portfolio and Programme Management Survey. PricewaterhouseCoopers, Sept. 2014.

    COVID-19 Work Status Tracking Guide

    • Buy Link or Shortcode: {j2store}594|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Keeping track of the multiple and frequently changing work arrangements on your team.
    • Ensuring you have a fast and easy way to keep an up-to-date record of where and how employees are working.

    Our Advice

    Critical Insight

    • During these critical times, keeping track of employees’ work status doesn’t have to be complicated – the right tool is one that does the job.
    • Keeping track of your employees is a health and safety issue – deployed well, it is an aid in keeping the business running and an additional communication channel, not a sign of lack of trust.

    Impact and Result

    • An Excel spreadsheet is all you need to ensure you have a way to record work arrangements that can change by the day.
    • An easy-to-use tool means minimal administrative overhead to ensuring you have this critical information at hand.

    COVID-19 Work Status Tracking Guide Research & Tools

    Start here – read the Work Status Tracking Guide

    Read our recommendations and use the accompanying tool to quickly get a handle on your team’s work arrangements.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • COVID-19 Work Status Tracking Guide Storyboard
    • COVID-19 Work Status Tracking Tool
    [infographic]

    Build an IT Employee Engagement Program

    • Buy Link or Shortcode: {j2store}544|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $5,734 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • IT’s performance and stakeholder satisfaction with IT services hinge on IT’s ability to attract and retain top talent and to motivate teams to go above and beyond.
    • With the growing IT job market, turnover is a serious threat to IT’s ability to deliver seamless value and continuously drive innovation.
    • Engagement initiatives are often seen as being HR’s responsibility; however, IT leadership needs to take accountability for the retention and productivity of their employees in order to drive business value.

    Our Advice

    Critical Insight

    • Engagement is a two-way street. Initiatives must address a known need and be actively sought by employees – not handed down from management.
    • Engagement initiatives are useless unless they target the right issues. It can be tempting to focus on the latest perks and gadgets and ignore difficult issues. Use a systematic approach to uncover and tackle the real problems.
    • It’s time for IT leadership to step up. IT leaders have a much bigger impact on IT staff engagement than HR ever can. Leverage this power to lead your team to peak performance.

    Impact and Result

    • Info-Tech engagement diagnostics and accompanying tools will help you perform a deep dive into the root causes of disengagement on your team.
    • The guidance that accompanies Info-Tech’s tools will help you avoid common engagement program pitfalls and empower IT leaders to take charge of their own team’s engagement.

    Build an IT Employee Engagement Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to discover why engagement is critical to IT performance, review Info-Tech’s methodology, and understand how our tools will help you construct an effective employee engagement program.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Measure employee engagement

    Use Info-Tech's Pulse or Full Engagement Surveys to measure employee engagement.

    • Improve Employee Engagement to Drive IT Performance – Phase 1: Measure Employee Engagement
    • Engagement Strategy Record
    • Engagement Communication Template

    2. Analyze results and ideate solutions

    Understand the drivers of engagement that are important for your team, and involve your staff in brainstorming engagement initiatives.

    • Improve Employee Engagement to Drive IT Performance – Phase 2: Analyze Results and Ideate Solutions
    • Engagement Survey Results Interpretation Guide
    • Full Engagement Survey Focus Group Facilitation Guide
    • Pulse Engagement Survey Focus Group Facilitation Guide
    • Focus Group Facilitation Guide Driver Definitions
    • One-on-One Manager Meeting Worksheet

    3. Select and implement engagement initiatives

    Select engagement initiatives for maximal impact, create an action plan, and establish open and ongoing communication about engagement with your team.

    • Improve Employee Engagement to Drive IT Performance – Phase 3: Select and Implement Engagement Initiatives
    • Summary of Interdepartmental Engagement Initiatives
    • Engagement Progress One-Pager
    [infographic]

    Workshop: Build an IT Employee Engagement Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 (Preparation) Run Engagement Survey

    The Purpose

    Select and run your engagement survey prior to the workshop.

    Key Benefits Achieved

    Receive an in-depth report on your team’s engagement drivers to form the basis of your engagement strategy.

    Activities

    1.1 Select engagement survey.

    1.2 Identify engagement program goals and metrics.

    1.3 Run engagement survey.

    Outputs

    Full or Pulse engagement survey report

    Engagement survey results interpretation guide

    2 Explore Engagement

    The Purpose

    To understand the current state of engagement and prepare to discuss the drivers behind it with your staff.

    Key Benefits Achieved

    Empower your leadership team to take charge of their own teams’ engagement.

    Activities

    2.1 Review engagement survey results.

    2.2 Finalize focus group agendas.

    2.3 Train managers.

    Outputs

    Customized focus group agendas

    3 Hold Focus Groups

    The Purpose

    Establish an open dialogue with your staff to understand what would improve their engagement.

    Key Benefits Achieved

    Employee-generated initiatives have the greatest chance at success.

    Activities

    3.1 Identify priority drivers.

    3.2 Identify engagement KPIs.

    3.3 Brainstorm engagement initiatives.

    3.4 Vote on initiatives within teams.

    Outputs

    Summary of focus groups results

    Identified engagement initiatives

    Identified engagement initiatives

    4 Select and Plan Initiatives

    The Purpose

    Learn the characteristics of successful engagement initiatives and build execution plans for each.

    Key Benefits Achieved

    Choose initiatives with the greatest impact on your team’s engagement, and ensure you have the necessary resources for success.

    Activities

    4.1 Select engagement initiatives with IT leadership.

    4.2 Create initiative project plans.

    4.3 Present project plans.

    4.4 Define implementation checkpoints.

    4.5 Develop communications plan.

    4.6 Define strategy for ongoing engagement monitoring.

    Outputs

    Engagement project plans

    Implementation and communication checkpoints

    Further surveys planned (optional)

    5 Additional Leadership Training

    The Purpose

    Select training modules that best address your team’s needs from Info-Tech’s modular leadership training program.

    Key Benefits Achieved

    Arm your IT leadership team with the key skills of effective leadership, tailored to their existing experience level.

    Activities

    5.1 Adopting an Integrated Leadership Mindset

    5.2 Optimizing Talent Leadership Practices

    5.3 Driving Diversity & Inclusion

    5.4 Fortifying Internal Stakeholder Relations

    5.5 Engaging Executives and the Board

    5.6 Crafting Your Leadership Brand

    5.7 Crafting and Delivering Compelling Presentations

    5.8 Communication & Difficult Conversations

    5.9 Conflict Management

    5.10 Performance Management

    5.11 Feedback & Coaching

    5.12 Creating a Culture of Personal Accountability

    Outputs

    Develop the skills to lead resourcefully in times of uncertainty

    Apply leadership behaviors across enterprise initiatives to deploy and develop talent successfully

    Develop diversity and inclusion practices that turn the IT function and leaders into transformative champions of inclusion

    Identify elements of effective partnering to maximize the impact of internal interactions

    Understand the major obstacles to CEO and board relevance and uncover the keys to elevating your internal executive profile

    Develop a leadership brand statement that demonstrates leadership competency and is aligned with the brand, mission, vision, and goals of the organization

    Identify the components of effective presentations and hone your presentation skills

    Gain the skills to confront and drive solutions from difficult situations

    Develop strategies to engage in conflict constructively and reach a resolution that benefits the team or organization

    Learn to identify the root causes of low performance and develop the skills to guide employees through the process of improvement

    Adopt a behavior-focused coaching model to help managers sustain and apply effective coaching principles

    Understand how and when to encourage autonomy and how to empower employees to take success into their own hands

    IT Organizational Design

    • Buy Link or Shortcode: {j2store}32|cart{/j2store}
    • Related Products: {j2store}32|crosssells{/j2store}
    • member rating overall impact: 9.1/10
    • member rating average dollars saved: $83,392
    • member rating average days saved: 21
    • Parent Category Name: People and Resources
    • Parent Category Link: /people-and-resources

    The challenge

    • IT can ensure full business alignment through an organizational redesign.
    • Finding the best approach for your company is difficult due to many frameworks and competing priorities.
    • External competitive influences and technological trends exacerbate this.

    Our advice

    Insight

    • Your structure is the critical enabler of your strategic direction. Structure dictates how people work together and how they can fill in their roles to create the desired business value. 
    • Constant change is killing for an organization. You need to adapt, but you need a stable baseline and make sure the change is in line with the overall strategy and company context.
    • A redesign is only successful if it really happens. Shifting people into new positions is not enough to implement a redesign. 

    Impact and results 

    • Define your redesign principles. They will act as a manifesto to your change. It also provides for a checklist, ensuring that the structure does not deviate from the business strategy.
    • Visualize the new design with a customized operating model for your company. It must demonstrate how IT creates value and supports the business value creation chains.
    • Define the future-state roles, functions, and responsibilities to enable your IT department to support the business effectively.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief explains to you the challenges associated with the organizational redesign. We'll show you our methodology and the ways we can help you in completing this.

    Define your organizational design principles and select your operating model

    The design principles will govern your organizational redesign; Align the principles with your business strategy.

    • Redesign Your IT Organizational Structure – Phase 1: Craft Organizational Design Principles and Select an IT Operating Model (ppt)
    • Organizational Design Communications Deck (ppt)

    Customize the selected IT operating model to your company

    Your operating model must account for the company's nuances and culture.

    • Redesign Your IT Organizational Structure – Phase 2: Customize the IT Operating Model (ppt)
    • Operating Models and Capability Definition List (ppt)

    Design the target-state of your IT organizational structure

    Go from an operating model to the structure fit for your company.

    • Redesign Your IT Organizational Structure – Phase 3: Architect the Target-State IT Organizational Structure (ppt)
    • Organizational Design Capability RACI Chart (xls)
    • Work Unit Reference Structures (Visio)
    • Work Unit Reference Structures (pdf)

    Communicate the benefits of the new structure

    Change does not come easy. People will be anxious. Craft your communications to address critical concerns and obtain buy-in from the organization. If the reorganization will be painful, be up-front on that, and limit the time in which people are uncertain.

    • Redesign Your IT Organizational Structure – Phase 4: Communicate the Benefits of the New Organizational Structure (ppt)

     

    Combine Security Risk Management Components Into One Program

    • Buy Link or Shortcode: {j2store}376|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $37,798 Average $ Saved
    • member rating average days saved: 32 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance
    • Companies are aware of the need to discuss and assess risk, but many struggle to do so in a systematic and repeatable way.
    • Rarely are security risks analyzed in a consistent manner, let alone in a systematic and repeatable method to determine project risk as well as overall organizational risk exposure.

    Our Advice

    Critical Insight

    • The best security programs are built upon defensible risk management. With an appropriate risk management program in place, you can ensure that security decisions are made strategically instead of based on frameworks and gut feelings. This will optimize any security planning and budgeting.
    • All risks can be quantified. Security, compliance, legal, or other risks can be quantified using our methodology.

    Impact and Result

    • Develop a security risk management program to create a standardized methodology for assessing and managing the risk that information systems face.
    • Build a risk governance structure that makes it clear how security risks can be escalated within the organization and who makes the final decision on certain risks.
    • Use Info-Tech’s risk assessment methodology to quantifiably evaluate the threat severity for any new or existing project or initiative.
    • Tie together all aspects of your risk management program, including your information security risk tolerance level, threat and risk assessments, and mitigation effectiveness models.

    Combine Security Risk Management Components Into One Program Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop and implement a security risk management program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Establish the risk environment

    Lay down the foundations for security risk management, including roles and responsibilities and a defined risk tolerance level.

    • Combine Security Risk Management Components Into One Program – Phase 1: Establish the Risk Environment
    • Security Risk Governance Responsibilities and RACI Template
    • Risk Tolerance Determination Tool
    • Risk Weighting Determination Tool

    2. Conduct threat and risk assessments

    Define frequency and impact rankings then assess the risk of your project.

    • Combine Security Risk Management Components Into One Program – Phase 2: Conduct Threat and Risk Assessments
    • Threat and Risk Assessment Process Template
    • Threat and Risk Assessment Tool

    3. Build the security risk register

    Catalog an inventory of individual risks to create an overall risk profile.

    • Combine Security Risk Management Components Into One Program – Phase 3: Build the Security Risk Register
    • Security Risk Register Tool

    4. Communicate the risk management program

    Communicate the risk-based conclusions and leverage these in security decision making.

    • Combine Security Risk Management Components Into One Program – Phase 4: Communicate the Risk Management Program
    • Security Risk Management Presentation Template
    • Security Risk Management Summary Template
    [infographic]

    Workshop: Combine Security Risk Management Components Into One Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Risk Environment

    The Purpose

    Build the foundation needed for a security risk management program.

    Define roles and responsibilities of the risk executive.

    Define an information security risk tolerance level.

    Key Benefits Achieved

    Clearly defined roles and responsibilities.

    Defined risk tolerance level.

    Activities

    1.1 Define the security executive function RACI chart.

    1.2 Assess business context for security risk management.

    1.3 Standardize risk terminology assumptions.

    1.4 Conduct preliminary evaluation of risk scenarios to determine your risk tolerance level.

    1.5 Decide on a custom risk factor weighting.

    1.6 Finalize the risk tolerance level.

    1.7 Begin threat and risk assessment.

    Outputs

    Defined risk executive functions

    Risk governance RACI chart

    Defined quantified risk tolerance and risk factor weightings

    2 Conduct Threat and Risk Assessments

    The Purpose

    Determine when and how to conduct threat and risk assessments (TRAs).

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Developed process for how to conduct threat and risk assessments.

    Deep risk analysis for one or two IT projects/initiatives.

    Activities

    2.1 Determine when to initiate a risk assessment.

    2.2 Review appropriate data classification scheme.

    2.3 Identify system elements and perform data discovery.

    2.4 Map data types to the elements.

    2.5 Identify STRIDE threats and assess risk factors.

    2.6 Determine risk actions taking place and assign countermeasures.

    2.7 Calculate mitigated risk severity based on actions.

    2.8 If necessary, revisit risk tolerance.

    2.9 Document threat and risk assessment methodology.

    Outputs

    Define scope of system elements and data within assessment

    Mapping of data to different system elements

    Threat identification and associated risk severity

    Defined risk actions to take place in threat and risk assessment process

    3 Continue to Conduct Threat and Risk Assessments

    The Purpose

    Complete one or two TRAs, as time permits during the workshop.

    Key Benefits Achieved

    Deep risk analysis for one or two IT projects/initiatives, as time permits.

    Activities

    3.1 Continue threat and risk assessment activities.

    3.2 As time permits, one to two threat and risk assessment activities will be performed as part of the workshop.

    3.3 Review risk assessment results and compare to risk tolerance level.

    Outputs

    One to two threat and risk assessment activities performed

    Validation of the risk tolerance level

    4 Establish a Risk Register and Communicate Risk

    The Purpose

    Collect, analyze, and aggregate all individual risks into the security risk register.

    Plan for the future of risk management.

    Key Benefits Achieved

    Established risk register to provide overview of the organizational aggregate risk profile.

    Ability to communicate risk to other stakeholders as needed.

    Activities

    4.1 Begin building a risk register.

    4.2 Identify individual risks and threats that exist in the organization.

    4.3 Decide risk responses, depending on the risk level as it relates to the risk tolerance.

    4.4 If necessary, revisit risk tolerance.

    4.5 Identify which stakeholders sign off on each risk.

    4.6 Plan for the future of risk management.

    4.7 Determine how to present risk to senior management.

    Outputs

    Risk register, with an inventory of risks and a macro view of the organization’s risk

    Defined risk-based initiatives to complete

    Plan for securing and managing the risk register

    Create an Architecture for AI

    • Buy Link or Shortcode: {j2store}344|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $604,999 Average $ Saved
    • member rating average days saved: 49 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    This research is designed to help organizations who are facing these challenges:

    • Deliver on the AI promise within the organization.
    • Prioritize the demand for AI projects and govern the projects to prevent overloading resources.
    • Have sufficient data management capability.
    • Have clear metrics in place to measure progress and for decision making.

    AI requires a high level of maturity in all data management capabilities, and the greatest challenge the CIO or CDO faces is to mature these capabilities sufficiently to ensure AI success.

    Our Advice

    Critical Insight

    • Build your target state architecture from predefined best-practice building blocks.
    • Not all business use cases require AI to increase business capabilities.
    • Not all organizations are ready to embark on the AI journey.
    • Knowing the AI pattern that you will use will simplify architecture considerations.

    Impact and Result

    • This blueprint will assist organizations with the assessment, planning, building, and rollout of their AI initiatives.
      • Do not embark on an AI project with an immature data management practice. Embark on initiatives to fix problems before they cripple your AI projects.
      • Using architecture building blocks will speed up the architecture decision phase.
    • The success rate of AI initiatives is tightly coupled with data management capabilities and a sound architecture.

    Create an Architecture for AI Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand why you need an underlying architecture for AI, review Info-Tech's methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess business use cases for AI readiness

    Define business use cases where AI may bring value. Evaluate each use case to determine the company’s AI maturity in people, tools, and operations for delivering the correct data, model development, model deployment, and the management of models in the operational areas.

    • Create an Architecture for AI – Phase 1: Assess Business Use Cases for AI Readiness
    • AI Architecture Assessment and Project Planning Tool
    • AI Architecture Assessment and Project Planning Tool – Sample

    2. Design your target state

    Develop a target state architecture to allow the organization to effectively deliver in the promise of AI using architecture building blocks.

    • Create an Architecture for AI – Phase 2: Design Your Target State
    • AI Architecture Templates

    3. Define the AI architecture roadmap

    Compare current state with the target state to define architecture plateaus and build a delivery roadmap.

    • Create an Architecture for AI – Phase 3: Define the AI Architecture Roadmap
    [infographic]

    Workshop: Create an Architecture for AI

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Answer “Where To?”

    The Purpose

    Define business use cases where AI may add value and assess use case readiness.

    Key Benefits Achieved

    Know upfront if all required data resources are available in the required velocity, veracity, and variety to service the use case.

    Activities

    1.1 Review the business vision.

    1.2 Identify and classify business use cases.

    1.3 Assess company readiness for each use case.

    1.4 Review architectural principles and download and install Archi.

    Outputs

    List of identified AI use cases

    Assessment of each use case

    Data sources needed for each use case

    Archi installed

    2 Define the Required Architecture Building Blocks

    The Purpose

    Define architecture building blocks that can be used across use cases and data pipeline.

    Key Benefits Achieved

    The architectural building blocks ensure reuse of resources and form the foundation of a stepwise rollout.

    Activities

    2.1 ArchiMate modelling language overview.

    2.2 Architecture building block overview

    2.3 Identify architecture building blocks by use case.

    2.4 Define the target state architecture.

    Outputs

    A set of building blocks created in Archi

    Defined target state architecture using architecture building blocks

    3 Assess the Current State Architecture

    The Purpose

    Assess your current state architecture in the areas identified by the target state.

    Key Benefits Achieved

    Only evaluating the current state architecture that will influence your AI implementation.

    Activities

    3.1 Identify the current state capabilities as required by the target state.

    3.2 Assess your current state architecture.

    3.3 Define a roadmap and design implementation plateaus.

    Outputs

    Current state architecture documented in Archi

    Assessed current state using assessment tool

    A roadmap defined using plateaus as milestones

    4 Bridge the Gap and Create the Roadmap

    The Purpose

    Assess your current state against the target state and create a plan to bridge the gaps.

    Key Benefits Achieved

    Develop a roadmap that will deliver immediate results and ensure long-term durability.

    Activities

    4.1 Assess the gaps between current- and target-state capabilities.

    4.2 Brainstorm initiatives to address the gaps in capabilities

    4.3 Define architecture delivery plateaus.

    4.4 Define a roadmap with milestones.

    4.5 Sponsor check-in.

    Outputs

    Current to target state gap assessment

    Architecture roadmap divided into plateaus