Develop a Plan to Pilot Enterprise Service Management

  • Buy Link or Shortcode: {j2store}279|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Service Management
  • Parent Category Link: /service-management
  • Many business groups in the organization are siloed and have disjointed services that lead to a less than ideal customer experience.
  • Service management is too often process-driven and is implemented without a holistic view of customer value.
  • Businesses get caught up in the legacy of their old systems and find it difficult to move with the evolving market.

Our Advice

Critical Insight

  • Customer experience is the new battleground. Parity between products is creating the need to differentiate via customer experience.
  • Don’t forget your employees! Enterprise service management (ESM) is also about delivering exceptional experiences to your employees so they can deliver exceptional services to your customers.
  • ESM is not driven by tools and processes. Rather, ESM is about pushing exceptional services to customers by pulling from organizational capabilities.

Impact and Result

  • Understand ESM concepts and how they can improve customer service.
  • Use Info-Tech’s advice and tools to perform an assessment of your organization’s state for ESM, identify the gaps, and create an action plan to move towards an ESM pilot.
  • Increase business and customer satisfaction by delivering services more efficiently.

Develop a Plan to Pilot Enterprise Service Management Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should move towards ESM, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand ESM and get buy-in

Understand the concepts of ESM, determine the scope of the ESM program, and get buy-in.

  • Develop a Plan to Pilot Enterprise Service Management – Phase 1: Understand ESM and Get Buy-in
  • Enterprise Service Management Executive Buy-in Presentation Template
  • Enterprise Service Management General Communications Presentation Template

2. Assess the current state for ESM

Determine the current state for ESM and identify the gaps.

  • Develop a Plan to Pilot Enterprise Service Management – Phase 2: Assess the Current State for ESM
  • Enterprise Service Management Assessment Tool
  • Enterprise Service Management Assessment Tool Action Plan Guide
  • Enterprise Service Management Action Plan Tool

3. Identify ESM pilot and finalize action plan

Create customer journey maps, identify an ESM pilot, and finalize the action plan for the pilot.

  • Develop a Plan to Pilot Enterprise Service Management – Phase 3: Identify ESM Pilot and Finalize Action Plan
  • Enterprise Service Management Customer Journey Map Template
[infographic]

Workshop: Develop a Plan to Pilot Enterprise Service Management

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Understand ESM and Get Buy-In

The Purpose

Understand what ESM is and how it can improve customer service.

Determine the scope of your ESM initiative and identify who the stakeholders are for this program.

Key Benefits Achieved

Understanding of ESM concepts.

Understanding of the scope and stakeholders for your ESM initiative.

Plan for getting buy-in for the ESM program.

Activities

1.1 Understand the concepts and benefits of ESM.

1.2 Determine the scope of your ESM program.

1.3 Identify your stakeholders.

1.4 Develop an executive buy-in presentation.

1.5 Develop a general communications presentation.

Outputs

Executive buy-in presentation

General communications presentation

2 Assess the Current State for ESM

The Purpose

Assess your current state with respect to culture, governance, skills, and tools.

Identify your strengths and weaknesses from the ESM assessment scores.

Key Benefits Achieved

Understanding of your organization’s current enablers and constraints for ESM.

Determination and analysis of data needed to identify strengths or weaknesses in culture, governance, skills, and tools.

Activities

2.1 Understand your organization’s mission and vision.

2.2 Assess your organization’s culture, governance, skills, and tools.

2.3 Identify the gaps and determine the necessary foundational action items.

Outputs

ESM assessment score

Foundational action items

3 Define Services and Create Custom Journey Maps

The Purpose

Define and choose the top services at the organization.

Create customer journey maps for the chosen services.

Key Benefits Achieved

List of prioritized services.

Customer journey maps for the prioritized services.

Activities

3.1 Make a list of your services.

3.2 Prioritize your services.

3.3 Build customer journey maps.

Outputs

List of services

Customer journey maps

Prepare Your Organization to Successfully Embrace the “New Normal”

  • Buy Link or Shortcode: {j2store}422|cart{/j2store}
  • member rating overall impact: 9.3/10 Overall Impact
  • member rating average dollars saved: $61,749 Average $ Saved
  • member rating average days saved: 2 Average Days Saved
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • The COVID-19 pandemic is creating significant challenges across every sector, but even the deepest crisis will eventually pass. However, many of the changes it has brought to how organizations function are here to stay.
  • As an IT leader, it can be challenging to envision what this future state will look like and how to position IT as a trusted partner to the business to help steer the ship as the crisis abates.

Our Advice

Critical Insight

  • Organizations need to cast their gaze into the “New Normal” and determine an appropriate strategy to stabilize their operations, mitigate ongoing challenges, and seize new opportunities that will be presented in a post-COVID-19 world.
  • IT needs to understand the key trends and permanent changes that will exist following the crisis and develop a proactive roadmap for rapidly adapting their technology stack, processes, and resourcing to adjust to the new normal.

Impact and Result

  • Info-Tech recommends a three-step approach for adapting to the new normal: begin by surveying crucial changes that will occur as a result of the COVID-19 pandemic, assess their relevance to your organization’s unique situation, and create an initiatives roadmap to support the new normal.
  • This mini-blueprint will examine five key themes: changing paradigms for remote work, new product delivery models, more self-service options for customers, greater decentralization and agility for organizational decision making, and a renewed emphasis on security architecture.

Prepare Your Organization to Successfully Embrace the “New Normal” Research & Tools

Read the Research

Understand the five key trends that will persist after the pandemic has passed and create a roadmap of initiatives to help your organization adapt to the "New Normal."

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Prepare Your Organization to Successfully Embrace the “New Normal” Storyboard
[infographic]

Secure IT-OT Convergence

  • Buy Link or Shortcode: {j2store}382|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $10,499 Average $ Saved
  • member rating average days saved: 19 Average Days Saved
  • Parent Category Name: Security Processes & Operations
  • Parent Category Link: /security-processes-and-operations

IT and OT are both very different complex systems. However, significant benefits have driven OT to be converged to IT. This results in IT security leaders, OT leaders and their teams' facing challenges in:

  • Governing and managing IT and OT security and accountabilities.
  • Converging security architecture and controls between IT and OT environments.
  • Compliance with regulations and standards.
  • Metrics for OT security effectiveness and efficiency.

Our Advice

Critical Insight

  • Returning to isolated OT is not beneficial for the organization, therefore IT and OT need to learn to collaborate starting with communication to build trust and to overcome differences between IT and OT. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and metrics for OT security.
  • Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.
  • OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT-OT based on negotiation and this needs top-down support.

Impact and Result

Info-Tech’s approach in preparing for IT/OT convergence in the planning phase is coordination and collaboration of IT and OT to

  • initiate communication to define roles and responsibilities.
  • establish governance and build cross-functional team.
  • identify convergence components and compliance obligations.
  • assess readiness.

Secure IT/OT Convergence Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Secure IT/OT Convergence Storyboard – A step-by-step document that walks you through how to secure IT-OT convergence.

Info-Tech provides a three-phase framework of secure IT/OT convergence, namely Plan, Enhance, and Monitor & Optimize. The essential steps in Plan are to:

  • Initiate communication to define roles and responsibilities.
  • Establish governance and build a cross-functional team.
  • Identify convergence components and compliance obligations.
  • Assess readiness.
    • Secure IT/OT Convergence Storyboard

    2. Secure IT/OT Convergence Requirements Gathering Tool – A tool to map organizational goals to secure IT-OT goals.

    This tool serves as a repository for information about the organization, compliance, and other factors that will influence your IT/OT convergence.

    • Secure IT/OT Convergence Requirements Gathering Tool

    3. Secure IT/OT Convergence RACI Chart Tool – A tool to identify and understand the owners of various IT/OT convergence across the organization.

    A critical step in secure IT/OT convergence is populating a RACI (Responsible, Accountable, Consulted, and Informed) chart. The chart assists you in organizing roles for carrying out convergence steps and ensures that there are definite roles that different individuals in the organization must have. Complete this tool to assign tasks to suitable roles.

    • Secure IT/OT Convergence RACI Chart Tool
    [infographic]

    Further reading

    Secure IT/OT Convergence

    Create a holistic IT/OT security culture.

    Analyst Perspective

    Are you ready for secure IT/OT convergence?

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

    In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

    A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

    Photo of Ida Siahaan, Research Director, Security and Privacy Practice, Info-Tech Research Group. Ida Siahaan
    Research Director, Security and Privacy Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    IT and OT are both very different complex systems. However, significant benefits have driven OT to converge with IT. This results in IT security leaders, OT leaders, and their teams facing challenges with:

    • Governing and managing IT and OT security and accountabilities.
    • Converging security architecture and controls between IT and OT environments.
    • Compliance with regulations and standards.
    • Metrics for OT security effectiveness and efficiency.
    Common Obstacles
    • IT/OT network segmentation and remote access issues, as most OT incidents indicate that the attackers gained access through the IT network, followed by infiltration into OT networks.
    • OT proprietary devices and unsecure protocols use outdated systems which may be insecure by design.
    • Different requirements of OT and IT security – i.e. IT (confidentiality, integrity, and availability) vs. OT (safety, reliability, and availability).
    Info-Tech’s Approach

    Info-Tech’s approach in preparing for IT/OT convergence (i.e. the Plan phase) is coordination and collaboration of IT and OT to:

    • Initiate communication to define roles and responsibilities.
    • Establish governance and build a cross-functional team.
    • Identify convergence components and compliance obligations.
    • Assess readiness.

    Info-Tech Insight

    Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

    Consequences of unsecure IT/OT convergence

    OT systems were built with no or little security design

    90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

    Bar graph comparing three years, 2019-2021, of four different OT security incidents: 'Ransomeware', 'Insider breaches', 'Phishing', and 'Malware'.
    (Source: Fortinet, 2021.)
    Lack of visibility

    86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

    The need for secure IT/OT convergence

    Important Industrial Control System (ICS) cyber incidents

    2000
    Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.
    2012
    Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.
    2014
    Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.
    2017
    Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.
    2022
    Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
    Timeline of Important Industrial Control System (ICS) cyber incidents.
    1903
    Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”
    2010
    Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).
    2013
    Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers
    2016
    Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.
    2021
    Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

    (Source: US Department of Energy, 2018.


    ”Significant Cyber Incidents,” CSIS, 2022


    MIT Technology Review, 2022.)

    Info-Tech Insight

    Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

    Case Study

    Horizon Power
    Logo for Horizon Power.
    INDUSTRY
    Utilities
    SOURCE
    Interview

    Horizon Power is the regional power provider in Western Australia and stands out as a leader not only in the innovative delivery of sustainable power, but also in digital transformation. Horizon Power is quite mature in distributed energy resource management; moving away from centralized generation to decentralized, community-led generation, which reflects in its maturity in converging IT and OT.

    Horizon Power’s IT/OT convergence journey started over six years ago when advanced metering infrastructure (AMI) was installed across its entire service area – an area covering more than one quarter of the Australian continent.

    In these early days of the journey, the focus was on leveraging matured IT approaches such as adoption of cloud services to the OT environment, rather than converging the two. Many years later, Horizon Power has enabled OT data to be more accessible to derive business benefits such as customer usage data using data analytics with the objective of improving the collection and management of the OT data to improve business performance and decision making.

    The IT/OT convergence meets legislation such as the Australian Energy Sector Cyber Security Framework (AESCSF), which has impacts on the architectural layer of cybersecurity that support delivery of the site services.

    Results

    The lessons learned in converging IT and OT from Horizon Power were:

    • Start with forming relationships to build trust and overcome any divide between IT and OT.
    • Collaborate with IT and OT teams to successfully implement solutions, such as vulnerability management and discovery tools for OT assets.
    • Switch the focus from confidentiality and integrity to availability in solutions evaluation
    • Develop training and awareness programs for all levels of the organization.
    • Actively encourage visible sponsorship across management by providing regular updates and consistent messaging.
    • Monitor cybersecurity metrics such as vulnerabilities, mean time to treat vulnerabilities, and intrusion attempts.
    • Manage third-party vendors using a platform which not only performs external monitoring but provides third-party vendors with visibility or potential threats in their organization.

    The Secure IT/OT Convergence Framework

    IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating onto the IT ecosystem, to improve access via the internet and to leverage other standard IT capabilities. However, IT and OT are historically very different, and without careful calculation, simply connecting the two systems will result in a problem. Therefore, IT and OT need to learn to live together starting with communication to build trust and to overcome differences between IT and OT.
    Convergence Elements
    • Process convergence
    • Software and data convergence
    • Network and infrastructure convergence
    Target Groups
    • OT leader and teams
    • IT leader and teams
    • Security leader and teams
    Security Components
    • Governance and compliance
    • Security strategy
    • Risk management
    • Security policies
    • IR, DR, BCP
    • Security awareness and training
    • Security architecture and controls

    Plan

    • Initiate communication
    • Define roles and responsibilities
    • Establish governance and build a cross-functional team
    • Identify convergence elements and compliance obligations
    • Assess readiness

    Governance

    Compliance

    Enhance

    • Update security strategy for IT/OT convergence
    • Update risk-management framework for IT/OT convergence
    • Update security policies and procedures for IT/OT convergence
    • Update incident response, disaster recovery, and business continuity plan for IT/OT convergence

    Security strategy

    Risk management

    Security policies and procedures

    IR, DR, and BCP

    Monitor &
    Optimize

    • Implement awareness, induction, and cross-training program
    • Design and deploy converging security architecture and controls
    • Establish and monitor IT/OT security metrics on effectiveness and efficiency
    • Red-team followed by blue-team activity for cross-functional team building

    Awareness and cross-training

    Architecture and controls

    Phases
    Color-coded phases with arrows looping back up from the bottom to top phase.
    • Plan
    • Enhance
    • Monitor & Optimize
    Plan Outcomes
    • Mapping business goals to IT/OT security goals
    • RACI chart for priorities and accountabilities
    • Compliance obligations register
    • Readiness checklist
    Enhance Outcomes
    • Security strategy for IT/OT convergence
    • Risk management framework
    • Security policies & procedures
    • IR, DR, BCP
    Monitor & Optimize Outcomes
    • Security awareness and training
    • Security architecture and controls
    Plan Benefits
    • Improved flexibility and less divided IT/OT
    • Improved compliance
    Enhance Benefits
    • Increased strategic common goals
    • Increased efficiency and versatility
    Monitor & Optimize Benefits
    • Enhanced security
    • Reduced costs

    Plan

    Initiate communication

    To initiate communication between the IT and OT teams, it is important to understand how the two groups are different and to build trust to find a holistic approach which overcomes those differences.
    IT OT
    Remote Access Well-defined access control Usually single-level access control
    Interfaces Human Machine, equipment
    Software ERP, CRM, HRIS, payroll SCADA, DCS
    Hardware Servers, switches, PCs PLC, HMI, sensors, motors
    Networks Ethernet Fieldbus
    Focus Reporting, communication Up-time, precision, safety
    Change management Frequent updates and patches Infrequent updates and patches
    Security Confidentiality, integrity, availability Safety, reliability, availability
    Time requirement Normally not time critical Real time

    Info-Tech Insight

    OT interfaces with the physical world while IT system concerns more on cyber world. Thus, the two systems have different properties. The challenge is how to create strategic collaboration between IT and OT based on negotiation, and this needs top-down support.

    Identifying organization goals is the first step in aligning your secure IT/OT convergence with your organization’s vision.

    • Security leaders need to understand the direction the organization is headed in.
    • Wise security investments depend on aligning your security initiatives to the organization.
    • Secure IT/OT convergence should contribute to your organization’s objectives by supporting operational performance and ensuring brand protection and shareholder value.

    Map organizational goals to IT/OT security goals

    Input: Corporate, IT, and OT strategies

    Output: Your goals for the security strategy

    Materials: Secure IT/OT Convergence Requirements Gathering Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

    1. As a group, brainstorm organization goals.
      1. Review relevant corporate, IT, and OT strategies.
    2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
    3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

    Download the Secure IT/OT Convergence Requirements Gathering Tool

    Record organizational goals

    Sample of the definitions table with columns numbered 1-4.

    Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

    1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    2. For each of your organizational goals, identify IT alignment goals.
    3. For each of your organizational goals, identify OT alignment goals.
    4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

    Establish scope and boundaries

    It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
    This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

    This also includes what is not in scope. For some outsourced services or locations, you may not be responsible for their security. In some business departments, you may not have control of security processes. Ensure that it is made explicit at the outset what will be included and what will be excluded from security considerations.

    Physical Scope and Boundaries

    • How many offices and locations does your organization have?
    • Which locations/offices will be covered by your information security management system (ISMS)?
    • How sensitive is the data residing at each location?
    • You may have many physical locations, and it is not necessary to list each one. Rather, list exceptional cases that are specifically in or out of scope.

    IT Systems Scope and Boundaries

    • There may be hundreds of applications that are run and maintained in your organization. Some of these may be legacy applications. Do you need to secure all your programs or only a select few?
    • Is the system owned or outsourced?
    • Where are you accountable for security?
    • How sensitive is the data that each system handles?

    Organizational Scope and Boundaries

    • Will your ISMS cover all departments within your organization? For example, do certain departments (e.g. operations) not need any security coverage?
    • Do you have the ability to make security decisions for each department?
    • Who are the key stakeholders/data owners for each department?

    OT Systems Scope and Boundaries

    • There may be hundreds of OT systems that are run and maintained in your organization. Do you need to secure all OT or a select subset?
    • Is the system owned or outsourced?
    • Where are you accountable for safety and security?
    • What reliability requirements does each system handle?

    Record scope and boundaries

    Sample Scope and Boundaries table. Refer to the Secure IT/OT Convergence Framework when filling in the following elements:
    • Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    • For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

    Plan

    Define roles and responsibilities

    Input: List of relevant stakeholders

    Output: Roles and responsibilities for the secure IT/OT convergence program

    Materials: Secure IT/OT Convergence RACI Chart Tool

    Participants: Executive leadership, OT leader, IT leader, Security leader

    There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

    • Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
    • Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
    • Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
    • Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

    Download the Secure IT/OT Convergence RACI Chart Tool

    Define RACI Chart

    Sample RACI chart with only the 'Plan' section enlarged.

    Define responsible, accountable, consulted, and informed (RACI) stakeholders.
    1. Customize the "work units" to best reflect your operation with applicable stakeholders.
    2. Customize the "action“ rows as required.
    Info-Tech Insight

    The roles and responsibilities should be clearly defined. For example, IT network should be responsible for the communication and configuration of all access points and devices from the remote client to the control system DMZ, and controls engineering should be responsible from the control system DMZ to the control system.

    Plan

    Establish governance and build cross-functional team

    To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

    The maturity ladder with levels 'Fully Converged', 'Collaborative Partners', 'Trusted Resources', 'Affiliated Entities', and 'Siloed' at the bottom. Each level has four maturity indicators listed.

    Info-Tech Insight

    To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

    Centralized security governance model example

    Example of a centralized security governance model.

    Plan

    Identify convergence elements and compliance obligations

    To switch the focus from confidentiality and integrity to safety and availability for OT system, it is important to have a common language such as the Purdue model for technical communication.
    • A lot of OT compliance standards are technically focused and do not address governance and management, e.g. IT standards like the NIST Cybersecurity Framework. For example, OT system modeling with Purdue model will help IT teams to understand assets, networking, and controls. This understanding is needed to know the possible security solutions and where these solutions could be embedded to the OT system with respect to safety, reliability, and availability.
    • However, deployment of technical solutions or patches to OT system may nullify warranty, so arrangements should be made to manage this with the vendor or manufacturer prior to modification.
    • Finally, OT modernizations such as smart grid together with the advent of IIoT where data flow is becoming less hierarchical have encouraged the birth of a hybrid Purdue model, which maintains segmentation with flexibility for communications.

    Level 5: Enterprise Network

    Level 4: Site Business

    Level 3.5: DMZ
    Example: Patch Management Server, Application Server, Remote Access Server

    Level 3: Site Operations
    Example: SCADA Server, Engineering Workstation, Historian

    Level 2: Area Supervisory Control
    Example: SCADA Client, HMI

    Level 1: Basic Control
    Example: Batch Controls, Discrete Controls, Continuous Process Controls, Safety Controls, e.g. PLCs, RTUs

    Level 0: Process
    Example: Sensors, Actuators, Field Devices

    (Source: “Purdue Enterprise Reference Architecture (PERA) Model,” ISA-99.)

    Identify compliance obligations

    To manage compliance obligations, it is important to use a platform which not only performs internal and external monitoring, but also provides third-party vendors with visibility on potential threats in their organization.
    Example table of compliance obligations standards. Example tables of compliance obligations regulations and guidelines.

    Source:
    ENISA, 2013
    DHS, 2009.

    • OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive.
    • OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties.
    • It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

    IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

    International series of standards for asset owners, system integrators, and product manufacturers.
    Diagram of the international series of standards for asset owners.
    (Source: Cooksley, 2021)
    • IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer.
    • In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction.
    • For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level.
    • For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

    Record your compliance obligations

    Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool.
    1. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include:
      1. Laws
      2. Government regulations
      3. Industry standards
      4. Contractual agreements
      Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements.
    2. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool.
    3. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.
    Table of mandatory and voluntary security compliance obligations.

    Plan

    Assess readiness

    Readiness checklist for secure IT/OT convergence

    People

    • Define roles and responsibilities on interaction based on skill sets and the degree of support and alignment.
    • Adopt well-established security governance practices for cross-functional teams.
    • Analyze and develop skills required by implementing awareness, induction, and cross-training program.

    Process

    • Conduct a maturity assessment of key processes and highlight interdependencies.
    • Redesign cybersecurity processes for your secure IT/OT convergence program.
    • Develop a baseline and periodically review on risks, security policies and procedures, incident response, disaster recovery, and business continuity plan.

    Technology

    • Conduct a maturity assessment and identify convergence elements and compliance obligations.
    • Develop a roadmap and deploy converging security architecture and controls step by step, working with trusted technology partners.
    • Monitor security metrics on effectiveness and efficiency and conduct continuous testing by red-team and blue-team activities.

    (Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

    Enhance

    Update security strategy

    To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

    Cycle for updating security strategy: 'Architecture design', 'Procurement', 'Installation', 'Maintenance', 'Decommissioning'.
    (Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)
    • OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning.
    • Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle.
    • Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

    Enhance

    Update risk management framework

    The need for asset and threat taxonomy

    • One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year.
    • Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help.
    • Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.
    Risk management framework.
    (Source: ENISA, 2018.)

    Enhance

    Update security policies and procedures

    • Policy is the link between people, process, and technology for any size of organization. Small organizations may think that having formal policies in place is not necessary for their operations, but compliance is applicable to all organizations, and vulnerabilities affect organizations of all sizes as well. Small organizations partnering with clients or other organizations are sometimes viewed as ideal proxies for attackers.
    • Updating security policies to align with the OT system so that there is a uniform approach to securing both IT and OT environments has several benefits. For example, enhancing the overall security posture as issues are pre-emptively avoided, being better prepared for auditing and compliance requirements, and improving governance especially when OT governance is weak.
    • In updating security policies, it is important to redefine the policy framework to include the OT framework and to prioritize the development of security policies. For example, entities that own or manage US and Canadian electric power grids must comply with North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) standards, specifically CIP-003 for Policy and Governance. This can be achieved by understanding the current state of policies and by right-sizing the policy suite based on a policy hierarchy.
    The White House released an Executive Order on Improving the Nation’s Cybersecurity (EO 14028) in 2021 that establishes new requirements on the scope of protection and security policy such that it must include both IT and OT.

    Policy hierarchy example

    This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

    Example policy hierarchy with four levels, from top-down: 'Governance', 'Process-based policies', 'Prescriptive/ technical (for IT including OT elements)', 'Prescriptive/ technical (for users)'.

    Enhance

    Update IR, DR, and BCP

    A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

    1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
      E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
    2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
      E.g. full authority, shared authority. (Software Engineering Institute, 2003)
    3. Update IR plan, DR plan, and BCP for IT/OT convergence.
      E.g. incorporate zero trust principles for converge network
    4. Testing updated IR plan, DR plan, and BCP.

    Optimize

    Implement awareness, induction, and cross-training

    To develop training and awareness programs for all levels of the organization, it is important to understand the common challenges in IT security that also affect secure IT/OT convergence and how to overcome those challenges.

    Alert Fatigue

    Too many false alarms, too many events to process, and an evolving threat landscape that wastes analysts’ valuable time on mundane tasks such as evidence collection. Meanwhile, only limited time is given for decision and conclusion, which results in fear of missing an incident and alert fatigue.

    Skill Shortages

    Obtaining and retaining cybersecurity-skilled talent is challenging. Organizations need to invest in the people, but not all organizations will be able to invest sufficiently to have their own dedicated security team.

    Lack of Insight

    To report progress, clear metrics are needed. However, cybersecurity still falls short in this area, as the system itself is complex, and much work is siloed. Furthermore, lessons learned are not yet distilled into insights yet for improving future accuracy.

    Lack of Visibility

    Ensuring complete visibility of the threat landscape, risks, and assets requires system integration and consistent workflow across the organization, and the convergence of OT, IoT, and IT enhances this challenge (e.g. machines cannot be scanned during operational uptime).
    (Source: Security Intelligence, 2020.)
    “Cybersecurity staff are feeling burnout and stressed to the extent that many are considering leaving their jobs.” (Danny Palmer, ZDNET News, 2022)

    Awareness may not correspond to readiness

    • An issue with IT/OT convergence training and awareness happens when awareness exists, but the personnel are trained only for IT security and are not trained for OT-specific security. For example, some organizations still use generic topics such as not opening email attachments, when the personnel do not even operate using email nor in a web browsing environment. (“Assessing Operational Readiness,” Dragos, 2022)
    • Meanwhile, as is the case with IT, OT security training topics are broad, such as OT threat intelligence, OT-specific incident response, and tabletop exercises.
    • Hence, it requires the creation of a training program development plan that considers the various audiences and topics and maps them accordingly.
    • Moreover, roles are also evolving due to convergence and modernization. These new roles require an integrative skill set. For example, the grid security & ops team might consist of an IT security specialist, SCADA technician/engineer, and OT/IIOT security specialist where OT/IIOT security specialist is a new role. (Grid Modernization: Optimize Opportunities and Minimize Risks,” Info-Tech)
    • In conclusion, it is important to approach talent development with an open mind. The ability to learn and flexibility in the face of change are important attributes, and technical skill sets can be improved with certifications and training.
    “One area regularly observed by Dragos is a weakness in overall cyber readiness and training tailored specific to the OT environment.” (“Assessing Operational Technology,” Dragos, 2022.)

    Certifications

    What are the options?
    • One of issues in certification is the complexity on relevancy in topics with respect to roles and levels.
    • An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications.

    Specific cybersecurity certification of ICS/SCADA
    Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course.

    Other relevant certification schemes
    Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP).

    Safety Certifications
    Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

    Order of certifications with 'Orientation' at the top, 'Scope', then 'Support'.(Source: ENISA, 2015.)

    Optimize

    Design and deploy converging security architecture and controls

    • IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it.
    • The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle.
    • In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege.
    • Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone”
    • This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.
    Diagram for the deployments of converging security architecture.(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

    Off-the-shelf solutions

    Getting the right recipe: What criteria to consider?

    Image of a shopping cart with the four headlines on the right listed in order from top to bottom.
    Icon of an eye crossed out. Visibility and Asset Management

    Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths.

    Icon of gears. Threat Detection, Mitigation, and Response (+ Hunting)

    Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics.

    Icon of a check and pen. Risk Assessment and Vulnerability Management

    Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management.

    Icon of a wallet. Usability, Architecture, Cost

    The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

    Optimize

    Establish and monitor IT/OT security metrics for effectiveness and efficiency

    Role of security metrics in a cybersecurity program (EPRI, 2017.)
    • Requirements for secure IT/OT are derived from mandatory or voluntary compliance, e.g. NERC CIP, NIST SP 800-53.
    • Frameworks for secure IT/OT are used to build and implement security, e.g. NIST CSF, AESCSF.
    • Maturity of secure IT/OT is used to measure the state of security, e.g. C2M2, CMMC.
    • Security metrics have the role of measuring effectiveness and efficiency.

    Icon of a person ascending stairs.
    Safety

    OT interfaces with the physical world. Thus, metrics based on risks related with life, health, and safety are crucial. These metrics motivate personnel by making clear why they should care about security. (EPRI, 2017.)

    Icon of a person ascending stairs.
    Business Performance

    The impact of security on the business can be measured in various metrics such as operational metrics, service level agreements (SLAs), and financial metrics. (BMC, 2022.)

    Icon of a person ascending stairs.
    Technology Performance

    Early detection will lead to faster remediation and less damage. Therefore, metrics such as maximum tolerable downtime (MTD) and mean time to recovery (MTR) indicate system reliability. (Dark Reading, 2022)

    Icon of a person ascending stairs.
    Security Culture

    The metrics for the overall quality of security culture with indicators such as compliance and audit, vulnerability management, and training and awareness.

    Further information

    Related Info-Tech Research

    Sample of 'Build an Information Security Strategy'.

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations.

    This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

    Sample of 'Preparing for Technology Convergence in Manufacturing'.

    Preparing for Technology Convergence in Manufacturing

    Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication.

    Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

    Sample of 'Implement a Security Governance and Management Program'.

    Implement a Security Governance and Management Program

    Your security governance and management program needs to be aligned with business goals to be effective.

    This approach also helps provide a starting point to develop a realistic governance and management program.

    This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

    Bibliography

    Assante, Michael J. and Robert M. Lee. “The Industrial Control System Cyber Kill Chain.” SANS Institute, 2015.

    “Certification of Cyber Security Skills of ICS/SCADA Professionals.” European Union Agency for Cybersecurity (ENISA), 2015. Web.

    Cooksley, Mark. “The IEC 62443 Series of Standards: A Product Manufacturer‘s Perspective.” YouTube, uploaded by Plainly Explained, 27 Apr. 2021. Accessed 26 Aug. 2022.

    “Cyber Security Metrics for the Electric Sector: Volume 3.” Electric Power Research Institute (EPRI), 2017.

    “Cybersecurity and Physical Security Convergence.” Cybersecurity and Infrastructure Security Agency (CISA). Accessed 19 May 2022.

    “Cybersecurity in Operational Technology: 7 Insights You Need to Know,” Ponemon, 2019. Web.

    “Developing an Operational Technology and Information Technology Incident Response Plan.” Public Safety Canada, 2020. Accessed 6 Sep. 2022.

    Gilsinn, Jim. “Assessing Operational Technology (OT) Cybersecurity Maturity.” Dragos, 2021. Accessed 02 Sep. 2022.

    “Good Practices for Security of Internet of Things.” European Union Agency for Cybersecurity (ENISA), 2018. Web.

    Greenfield, David. “Is the Purdue Model Still Relevant?” AutomationWorld. Accessed 1 Sep. 2022

    Hemsley, Kevin E., and Dr. Robert E. Fisher. “History of Industrial Control System Cyber Incidents.” US Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.

    “ICS Security Related Working Groups, Standards and Initiatives.” European Union Agency for Cybersecurity (ENISA), 2013.

    Killcrece, Georgia, et al. “Organizational Models for Computer Security Incident Response Teams (CSIRTs).” Software Engineering Institute, CMU, 2003.

    Liebig, Edward. “Security Culture: An OT Survival Story.” Dark Reading, 30 Aug. 2022. Accessed 29 Aug. 2022.

    Bibliography

    O'Neill, Patrick. “Russia Hacked an American Satellite Company One Hour Before the Ukraine Invasion.” MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.

    Palmer, Danny. “Your Cybersecurity Staff Are Burned Out – And Many Have Thought About Quitting.” Zdnet, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Pathak, Parag. “What Is Threat Management? Common Challenges and Best Practices.” SecurityIntelligence, 23 Jan. 2020. Web.

    Raza, Muhammad. “Introduction To IT Metrics & KPIs.” BMC, 5 May 2022. Accessed 12 Sep. 2022.

    “Recommended Practice: Developing an Industrial Control Systems Cybersecurity Incident Response Capability.” Department of Homeland Security (DHS), Oct. 2009. Web.

    Sharma, Ax. “Sigma Rules Explained: When and How to Use Them to Log Events.” CSO Online, 16 Jun. 2018. Accessed 15 Aug. 2022.

    “Significant Cyber Incidents.” Center for Strategic and International Studies (CSIS). Accessed 1 Sep. 2022.

    Tom, Steven, et al. “Recommended Practice for Patch Management of Control Systems.” Department of Homeland Security (DHS), 2008. Web.

    “2021 ICS/OT Cybersecurity Year In Review.” Dragos, 2022. Accessed 6 Sep. 2022.

    “2021 State of Operational Technology and Cybersecurity Report,” Fortinet, 2021. Web.

    Zetter, Kim. “Pre-Stuxnet, Post-Stuxnet: Everything Has Changed, Nothing Has Changed.” Black Hat USA, 08 Aug. 2022. Accessed 19 Aug. 2022.

    Research Contributors and Experts

    Photo of Jeff Campbell, Manager, Technology Shared Services, Horizon Power, AU. Jeff Campbell
    Manager, Technology Shared Services
    Horizon Power, AU

    Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors.

    Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability.

    As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

    Christopher Harrington
    Chief Technology Officer (CTO)
    Carolinas Telco Federal Credit Union

    Frank DePaola
    Vice President, Chief Information Security Officer (CISO)
    Enpro

    Kwasi Boakye-Boateng
    Cybersecurity Researcher
    Canadian Institute for Cybersecurity

    Stabilize Infrastructure & Operations During Work-From-Anywhere

    • Buy Link or Shortcode: {j2store}309|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    Work-from-anywhere isn’t going anywhere. IT Infrastructure & Operations needs to:

    • Rebuild trust in the stability of IT infrastructure and operations.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but how the company is working now and will be working tomorrow.
    • Revisit the basics. Don’t focus on becoming an innovator until you have improved network access, app access, file access, and collaboration tools.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by directly empowering end users at home and in the office.

    Impact and Result

    Build a work-from-anywhere strategy that resonates with the business.

    • Strengthen the foundations of collaboration tools, app access, file access, network access, and endpoint standards.
    • Explore opportunities to strengthen IT operations.
    • Proactively help the business through employee experience monitoring and facilities optimization.

    Stabilize Infrastructure & Operations During Work-From-Anywhere Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a strategy for improving how well IT infrastructure and operations support work-from-anywhere, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Stabilize IT infrastructure

    Ensure your fundamentals are solid.

    2. Update IT operations

    Revisit your practices to ensure you can effectively operate in work-from-anywhere.

    3. Optimize IT infrastructure & operations

    Offer additional value to the business by proactively addressing these items.

    • Roadmap Tool

    Infographic

    Workshop: Stabilize Infrastructure & Operations During Work-From-Anywhere

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Stabilize IT Infrastructure

    The Purpose

    Strengthen the foundations of IT infrastructure.

    Key Benefits Achieved

    Improved end-user experience

    Stabilized environment

    Activities

    1.1 Review work-from-anywhere framework and identify capability gaps.

    1.2 Review diagnostic results to identify satisfaction gaps.

    1.3 Record improvement opportunities for foundational capabilities: collaboration, network, file access, app access.

    1.4 Identify deliverables and opportunities to provide value for each.

    Outputs

    Projects and initiatives to stabilize IT infrastructure

    Deliverables and opportunities to provide value for foundational capabilities

    2 Update IT Operations and Optimize

    The Purpose

    Update IT operational practices to support work-from-anywhere more effectively.

    Key Benefits Achieved

    Improved IT operations

    Activities

    2.1 Identify IT infrastructure and operational capability gaps.

    2.2 Record improvement opportunities for DRP & BCP.

    2.3 Record improvement opportunities for endpoint and systems management practices.

    2.4 Record improvement opportunities for IT operational practices.

    2.5 Explore office space optimization and employee experience monitoring.

    Outputs

    Projects and initiatives to update IT operations to better support work-from-anywhere

    Longer-term strategic initiatives

    Deliverables and opportunities to provide value for each capability

    Build a Security Metrics Program to Drive Maturity

    • Buy Link or Shortcode: {j2store}266|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $22,947 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Many security leaders put off adding metrics to their program because they don't know where to start or how to assess what is worth measuring.
    • Sometimes, this uncertainty causes the belief that their security programs are not mature enough for metrics to be worthwhile.
    • Because metrics can become very technical and precise,it's easy to think that they're inherently complicated (not true).

    Our Advice

    Critical Insight

    • The best metrics are tied to goals.
    • Tying your metrics to goals ensures that you are collecting metrics for a specific purpose rather than just to watch the numbers change.

    Impact and Result

    • A metric, really, is just a measure of success against a given goal. Gradually, programs will achieve their goals and set new more specific goals, and with them come more-specific metrics.
    • It is not necessary to jump into highly technical metrics right away. A lot can be gained from metrics that track behaviors.
    • A metrics program can be very simple and still effectively demonstrate the value of security to the organization. The key is to link your metrics to the goals or objectives the security team is pursuing, even if they are simple implementation plans (e.g. percentage of departments that have received security training course).

    Build a Security Metrics Program to Drive Maturity Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build a security metrics program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Link security metrics to goals to boost maturity

    Develop goals and KPIs to measure your progress.

    • Build a Security Metrics Program to Drive Maturity – Phase 1: Link Security Metrics to Goals to Boost Maturity
    • Security Metrics Determination and Tracking Tool
    • KPI Development Worksheets

    2. Adapt your reporting strategy for various metric types

    Learn how to present different types of metrics.

    • Build a Security Metrics Program to Drive Maturity – Phase 2: Adapt Your Reporting Strategy for Various Metric Types
    • Security Metrics KPX Dashboard
    • Board-Level Security Metrics Presentation Template
    [infographic]

    Workshop: Build a Security Metrics Program to Drive Maturity

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Current State, Initiatives, and Goals

    The Purpose

    Create a prioritized list of goals to improve the security program’s current state.

    Key Benefits Achieved

    Insight into the current program and the direct it needs to head in.

    Activities

    1.1 Discuss current state and existing approach to metrics.

    1.2 Review contract metrics already in place (or available).

    1.3 Determine security areas that should be measured.

    1.4 Determine what stakeholders are involved.

    1.5 Review current initiatives to address those risks (security strategy, if in place).

    1.6 Begin developing SMART goals for your initiative roadmap.

    Outputs

    Gap analysis results

    SMART goals

    2 KPI Development

    The Purpose

    Develop unique KPIs to measure progress against your security goals.

    Key Benefits Achieved

    Learn how to develop KPIs

    Prioritized list of security goals

    Activities

    2.1 Continue SMART goal development.

    2.2 Sort goals into types.

    2.3 Rephrase goals as KPIs and list associated metric(s).

    2.4 Continue KPI development.

    Outputs

    KPI Evolution Worksheet

    3 Metrics Prioritization

    The Purpose

    Determine which metrics will be included in the initial program launch.

    Key Benefits Achieved

    A set of realistic and manageable goals-based metrics.

    Activities

    3.1 Lay out prioritization criteria.

    3.2 Determine priority metrics (implementation).

    3.3 Determine priority metrics (improvement & organizational trend).

    Outputs

    Prioritized metrics

    Tool for tracking and presentation

    4 Metrics Reporting

    The Purpose

    Strategize presentation based around metric type to indicate organization’s risk posture.

    Key Benefits Achieved

    Develop versatile reporting techniques

    Activities

    4.1 Review metric types and discuss reporting strategies for each.

    4.2 Develop a story about risk.

    4.3 Discuss the use of KPXs and how to scale for less mature programs.

    Outputs

    Key Performance Index Tool and presentation materials

    Further reading

    Build a Security Metrics Program to Drive Maturity

    Good metrics come from good goals.

    ANALYST PERSPECTIVE

    Metrics are a maturity driver.

    "Metrics programs tend to fall into two groups: non-existent and unhelpful.

    The reason so many security professionals struggle to develop a meaningful metrics program is because they are unsure of what to measure or why.

    The truth is, for metrics to be useful, they need to be tied to something you care about – a state you are trying to achieve. In other words, some kind of goal. Used this way, metrics act as the scoreboard, letting you know if you’re making progress towards your goals, and thus, boosting your overall maturity."

    Logan Rohde, Research Analyst, Security Practice Info-Tech Research Group

    Executive summary

    Situation

    • Many security leaders put off adding metrics to their program because they don't know where to start or how to assess what is worth measuring.

    Complication

    • Sometimes, this uncertainty causes the belief that their security programs are not mature enough for metrics to be worthwhile.
    • Because metrics can become very technical and precise, it's easy to think they're inherently complicated (not true).

    Resolution

    • A metric, really, is just a measure of success against a given goal. Gradually, programs will achieve their goals and set new, more specific goals, and with them comes more specific metrics.
    • It is not necessary to jump into highly technical metrics right away. A lot can be gained from metrics that track behaviors.
    • A metrics program can be very simple and still effectively demonstrate the value of security to the organization. The key is to link your metrics to the goals or objectives the security team is pursuing, even if they are simple implementation plans (e.g. percentage of departments that have received security training).

    Info-Tech Insight

    1. Metrics lead to maturity, not vice versa
      • Tracking metrics helps you assess progress and regress in your security program. This helps you quantify the maturity gains you’ve made and continue to make informed strategic decisions.
    2. The best metrics are tied to goals
      • Tying your metrics to goals ensures that you are collecting metrics for a specific purpose rather than just to watch the numbers change.

    Our understanding of the problem

    This Research is Designed For:

    • CISO

    This Research Will Help You:

    • Understand the value of metrics.
    • Right-size a metrics program based on your organization’s maturity and risk profile.
    • Tie metrics to goals to create meaningful KPIs.
    • Develop strategies to effectively communicate the right metrics to stakeholders.

    This Research Will Also Assist:

    • CIO
    • Security Manager
    • Business Professionals

    This Research Will Help Them:

    • Become informed on the metrics that matter to them.
    • Understand that investment in security is an investment in the business.
    • Feel confident in the progress of the organization’s security strategy.

    Info-Tech’s framework integrates several best practices to create a best-of-breed security framework

    Information Security Framework

    Governance

    • Context and Leadership
      • Information Security Charter
      • Information Security Organizational Structure
      • Culture and Awareness
    • Evaluation and Direction
      • Security Risk Management
      • Security Policies
      • Security Strategy and Communication
    • Compliance, Audit, and Review
      • Security Compliance Management
      • External Security Audit
      • Internal Security Audit
      • Management Review of Security

    Management

    • Prevention
      • Identity Security
        • Identity and Access Management
      • Data Security
        • Hardware Asset Management
        • Data Security & Privacy
      • Infrastructure Security
        • Network Security
        • Endpoint Security
        • Malicious Code
        • Application Security
        • Vulnerability Management
        • Cryptography Management
        • Physical Security
        • Cloud Security
      • HR Security
        • HR Security
      • Change and Support
        • Configuration and Change Management
        • Vendor Management
    • Detection
      • Security Threat Detection
      • Log and Event Management
    • Response and Recovery
      • Security Incident Management
      • Information Security in BCM
      • Security eDiscovery and Forensics
      • Backup and Recovery
    • Measurement
      • Metrics Program
      • Continuous Improvement

    Metrics help to improve security-business alignment

    While business leaders are now taking a greater interest in cybersecurity, alignment between the two groups still has room for improvement.

    Key statistics show that just...

    5% of public companies feel very confident that they are properly secured against a cyberattack.

    41% of boards take on cybersecurity directly rather than allocating it to another body (e.g. audit committee).

    19% of private companies do not discuss cybersecurity with the board.

    (ISACA, 2018)

    Info-Tech Insight

    Metrics help to level the playing field

    Poor alignment between security and the business often stems from difficulties with explaining how security objectives support business goals, which is ultimately a communication problem.

    However, metrics help to facilitate these conversations, as long as the metrics are expressed in practical, relatable terms.

    Security metrics benefit the business

    Executives get just as much out of management metrics as the people running them.

    1. Metrics assuage executives’ fears
      • Metrics help executives (and security leaders) feel more at ease with where the company is security-wise. Metrics help identify areas for improvement and gaps in the organization’s security posture that can be filled. A good metrics program will help identify deficiencies in most areas, even outside the security program, helping to identify what work needs to be done to reduce risk and increase the security posture of the organization.
    2. Metrics answer executives’ questions
      • Numbers either help ease confusion or signify other areas for improvement. Offering quantifiable evidence, in a language that the business can understand, offers better understanding and insight into the information security program. Metrics also help educate on types of threats, staff needed for security, and budget needs to decrease risk based on management’s threat tolerance. Metrics help make an organization more transparent, prepared, and knowledgeable.
    3. Metrics help to continually prove security’s worth
      • Traditionally, the security team has had to fight for a seat at the executive table, with little to no way to communicate with the business. However, the new trend is that the security team is now being invited before they have even asked to join. This trend allows the security team to better communicate on the organization’s security posture, describe threats and vulnerabilities, present a “plan of action,” and get a pulse on the organization’s risk tolerance.

    Common myths make security metrics seem challenging

    Security professionals have the perception that metrics programs are difficult to create. However, this attitude usually stems from one of the following myths. In reality, security metrics are much simpler than they seem at first, and they usually help resolve existing challenges rather than create new ones.

    Myth Truth
    1 There are certain metrics that are important to all organizations, based on maturity, industry, etc. Metrics are indications of change; for a metric to be useful it needs to be tied to a goal, which helps you understand the change you're seeing as either a positive or a negative. Industry and maturity have little bearing here.
    2 Metrics are only worthwhile once a certain maturity level is reached Metrics are a tool to help an organization along the maturity scale. Metrics help organizations measure progress of their goals by helping them see which tactics are and are not working.
    3 Security metrics should focus on specific, technical details (e.g. of systems) Metrics are usually a means of demonstrating, objectively, the state of a security program. That is, they are a means of communicating something. For this reason, it is better that metrics be phrased in easily digestible, non-technical terms (even if they are informed by technical security statistics).

    Tie your metrics to goals to make them worthwhile

    SMART metrics are really SMART goals.

    Specific

    Measurable

    Achievable

    Realistic

    Timebound

    Achievable: What is an achievable metric?

    When we say that a metric is “achievable,” we imply that it is tied to a goal of some kind – the thing we want to achieve.

    How do we set a goal?

    1. Determine what outcome you are trying to achieve.
      • This can be small or large (e.g. I want to determine what existing systems can provide metrics, or I want a 90% pass rate on our monthly phishing tests).
    2. Decide what indicates that you’ve achieved your goal.
      • At what point would you be satisfied with the progress made on the initiative(s) you’re working on? What conditions would indicate victory for you and allow you to move on to another goal?
    3. Develop a key performance indicator (KPI) to measure progress towards that goal.
      • Now that you’ve defined what you’re trying to achieve, find a way to indicate progress in relative or relational terms (e.g. percentage change from last quarter, percentage of implementation completed, ratio of programs in place to those still needing implementation).

    Info-Tech’s security metrics methodology is repeatable and iterative to help boost maturity

    Security Metric Lifecycle

    Start:

    Review current state and decide on priorities.

    Set a SMART goal for improvement.

    Develop an appropriate KPI.

    Use KPI to monitor program improvement.

    Present metrics to the board.

    Revise metrics if necessary.

    Metrics go hand in hand with your security strategy

    A security strategy is ultimately a large goal-setting exercise. You begin by determining your current maturity and how mature you need to be across all areas of information security, i.e. completing a gap analysis.

    As such, linking your metrics program to your security strategy is a great way to get your metrics program up and running – but it’s not the only way.

    Check out the following Info-Tech resource to get started today:

    Build an Information Security Strategy

    The value of security metrics goes beyond simply increasing security

    This blueprint applies to you whether you need to develop a metrics program from scratch or optimize and update your current strategy.

    Value of engaging in security metrics:

    • Increased visibility into your operations.
    • Improved accountability.
    • Better communication with executives as a result of having hard evidence of security performance.
    • Improved security posture through better understanding of what is working and what isn’t within the security program.

    Value of Info-Tech’s security metrics blueprint:

    • Doesn’t overwhelm you and allows you to focus on determining the metrics you need to worry about now without pressuring you to do it all at once.
    • Helps you develop a growth plan as your organization and metrics program mature, so you continue to optimize.
    • Creates effective communication. Prepares you to present the metrics that truly matter to executives rather than confusing them with unnecessary data. Pay attention to metric accuracy and reproducibility. No management wants inconsistent reporting.

    Impact

    Short term: Streamline your program. Based on your organization’s specific requirements and risk profile, figure out which metrics are best for now while also planning for future metrics as your organization matures.

    Long term: Once the program is in place, improvements will come with increased visibility into operations. Investments in security will be encouraged when more evidence is available to executives, contributing to overall improved security posture. Potential opportunities for eventual cost savings also exist as there is more informed security spending and fewer incidents.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked-off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Link Security Metrics to Goals to Boost Maturity – Project Overview

    1. Link Security Metrics to Goals to Boost Maturity 2. Adapt Your Reporting Strategy for Various Metric Types
    Best-Practice Toolkit

    1.1 Review current state and set your goals

    1.2 Develop KPIs and prioritize your goals

    1.3 Implement and monitor the KPI to track goal progress

    2.1 Review best practices for presenting metrics

    2.2 Strategize your presentation based on metric type

    2.3 Tailor presentation to your audience

    2.4 Use your metrics to create a story about risk

    2.5 Revise your metrics

    Guided Implementations
    • Call 1: Setting Goals
    • Call 2: KPI Development
    • Call 1: Best Practices and Reporting Strategy
    • Call 2: Build a Dashboard and Presentation Deck
    Onsite Workshop Module 1: Current State, Initiatives, Goals, and KPIs Module 2: Metrics Reporting

    Phase 1 Outcome:

    • KPI development and populated metrics tracking tool.

    Phase 2 Outcome:

    • Reporting strategy with dashboard and presentation deck.

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
    Activities

    Current State, Initiatives, and Goals

    • Discuss current state and existing approach to metrics.
    • Review contract metrics already in place (or available).
    • Determine security areas that should be measured.
    • Determine which stakeholders are involved.
    • Review current initiatives to address those risks (security strategy, if in place).
    • Begin developing SMART goals for your initiative roadmap.

    KPI Development

    • Continue SMART goal development.
    • Sort goals into types.
    • Rephrase goals as KPIs and list associated metric(s).
    • Continue KPI development.

    Metrics Prioritization

    • Lay out prioritization criteria.
    • Determine priority metrics (implementation).
    • Determine priority metrics (improvement & organizational trend).

    Metrics Reporting

    • Review metric types and discuss reporting strategies for each.
    • Develop a story about risk.
    • Discuss the use of KPXs and how to scale for less mature programs.

    Offsite Finalization

    • Review and finalization of documents drafted during workshop.
    Deliverables
    1. Gap analysis results
    1. Completed KPI development templates
    1. Prioritized metrics and tool for tracking and presentation.
    1. Key Performance Index tool and presentation materials.
    1. Finalization of completed deliverables

    Phase 1

    Link Security Metrics to Goals to Boost Maturity


    Phase 1

    1.1 Review current state and set your goals

    1.2 Develop KPIs and prioritize your goals

    1.3 Implement and monitor KPIs

    This phase will walk you through the following activities:

    • Current state assessment
    • Setting SMART goals
    • KPI development
    • Goals prioritization
    • KPI implementation

    This phase involves the following participants:

    • Security Team

    Outcomes of this phase

    • Goals-based KPIs
    • Security Metrics Determination and Tracking Tool

    Phase 1 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Link Security Metrics to Goals to Boost Maturity

    Proposed Time to Completion: 2-4 weeks

    Step 1.1: Setting Goals

    Start with an analyst kick-off call:

    • Determine current and target maturity for various security programs.
    • Develop SMART Goals.

    Then complete these activities…

    • CMMI Assessment

    Step 1.2 – 1.3: KPI Development

    Review findings with analyst:

    • Prioritize goals
    • Develop KPIs to track progress on goals
    • Track associated metrics

    Then complete these activities…

    • KPI Development

    With these tools & templates:

    • KPI Development Worksheet
    • Security Metrics Determination and Tracking Tool

    Phase 1 Results & Insights:

    • Basic Metrics program

    1.1 Review current state and set your goals

    120 minutes

    Let’s put the security program under the microscope.

    Before program improvement can take place, it is necessary to look at where things are at presently (in terms of maturity) and where we need to get them to.

    In other words, we need to perform a security program gap analysis.

    Info-Tech Best Practice

    The most thorough way of performing this gap analysis is by completing Info-Tech’s Build an Information Security Strategy blueprint, as it will provide you with a prioritized list of initiatives to boost your security program maturity.

    Completing an abbreviated gap analysis...

    • Security Areas
    • Network Security
    • Endpoint Security
    • Vulnerability Management
    • Identity Access Management
    • Incident Management
    • Training & Awareness
    • Compliance, Audit, & Review
    • Risk Management
    • Business Alignment & Governance
    • Data Security
    1. Using the CMMI scale on the next slide, assess your maturity level across the security areas to the left, giving your program a score from 1-5. Record your assessment on a whiteboard.
    2. Zone in on your areas of greatest concern and choose 3 to 5 areas to prioritize for improvement.
    3. Set a SMART goal for improvement, using the criteria on goals slides.

    Use the CMMI scale to contextualize your current maturity

    Use the Capability Maturity Model Integration (CMMI) scale below to help you understand your current level of maturity across the various areas of your security program.

    1. Initial
      • Incident can be managed. Outcomes are unpredictable due to lack of a standard operating procedure.
    2. Repeatable
      • Process in place, but not formally implemented or consistently applied. Outcomes improve but still lack predictability.
    3. Defined
      • Process is formalized and consistently applied. Outcomes become more predictable, due to consistent handling procedure.
    4. Managed
      • Process shows signs of maturity and can be tracked via metrics. Moving towards a predictive approach to incident management.
    5. Optimizing
      • Process reaches a fully reliable level, though improvements still possible. Regularity allows for process to be automated.

    (Adapted from the “CMMI Institute Maturity Model”)

    Base your goals around the five types of metrics

    Choose goals that make sense – even if they seem simple.

    The most effective metrics programs are personalized to reflect the goals of the security team and the business they work for. Using goals-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.

    Info-Tech Best Practice

    Before setting a SMART goal, take a moment to consider your maturity for each security area, and which metric type you need to collect first, before moving to more ambitious goals.

    Security Areas

    • Network Security
    • Endpoint Security
    • Vulnerability Management
    • Identity Access Management
    • Incident Management
    • Training & Awareness
    • Compliance, Audit & Review
    • Risk Management
    • Business Alignment & Governance
    • Data Security
    Metric Type Description
    Initial Probe Determines what can be known (i.e. what sources for metrics exist?).
    Baseline Testing Establishes organization’s normal state based on current metrics.
    Implementation Focuses on setting up a series of related processes to increase organizational security (i.e. roll out MFA).
    Improvement Sets a target to be met and then maintained based on organizational risk tolerance.
    Organizational Trends Culls together several metrics to track (sometimes predict) how various trends affect the organization’s overall security. Usually focuses on large-scale issues (e.g. likelihood of a data breach).

    Set SMART goals for your security program

    Specific

    Measurable

    Achievable

    Realistic

    Timebound

    Now that you have determined which security areas you’d like to improve, decide on a goal that meets the SMART criteria.

    Examples of possible goals for various maturity levels:

    1. Perform initial probe to determine number of systems capable of providing metrics by the end of the week.
    2. Take baseline measurements each month for three months to determine organization’s baseline state.
    3. Implement a vulnerability management program to improve baseline state by the end of the quarter.
    4. Improve deployment of critical patches by applying 90% of them within the set window by the end of the year.
    5. Demonstrate how vulnerability management affects broad organizational trends at quarterly report to senior leadership.

    Compare the bolded text in these examples with the metric types on the previous slide

    Record and assess your goals in the Security Metrics Determination and Tracking Tool

    1.1 Security Metrics Determination and Tracking Tool

    Use tab “2. Identify Security Goals” to document and assess your goals.

    To increase visibility into the cost, effort, and value of any given goal, assess them using the following criteria:

    • Initial Cost
    • Ongoing Cost
    • Initial Staffing
    • Ongoing Staffing
    • Alignment w/Business
    • Benefit

    Use the calculated Cost/Effort Rating, Benefit Rating, and Difference Score later in this project to help with goal prioritization.

    Info-Tech Best Practice

    If you have already completed a security strategy with Info-Tech resources, this work may likely have already been done. Consult your Information Security Program Gap Analysis Tool from the Build an Information Security Strategy research.

    1.2 Develop KPIs and prioritize your goals

    There are two paths to success.

    At this time, it is necessary to evaluate the priorities of your security program.

    Option 1: Progress to KPI Development

    • If you would like practice developing KPIs for multiple goals to get used to the process, move to KPI development and then assess which goals you can pursue now based on resources available, saving the rest for later.

    Option 2: Progress to Prioritization of Goals

    • If you are already comfortable with KPI development and do not wish to create extras for later use, then prioritize your goals first and then develop KPIs for them.

    Phase 1 Schematic

    • Gap Analysis
    • Set SMART Goals (You are here.)
      • Develop KPIs
    • Prioritize Goals
    • Implement KPI & Monitor
    • Phase 2

    Develop a key performance indicator (KPI)

    Find out if you’re meeting your goals.

    Terms like “key performance indicator” may make this development practice seem more complicated than it really is. A KPI is just a single metric used to measure success towards a goal. In relational terms (i.e. as a percentage, ratio, etc.) to give it context (e.g. % of improvement over last quarter).

    KPI development is about answering the question: what would indicate that I have achieved my goal?

    To develop a KPI follow these steps:

    1. Review the case study on the following slides to get a sense of how KPIs can start simple and general and get more specific and complex over time.
    2. Using the example to the right, sort your SMART goals from step 1.1 into the various metric types, then determine what success would look like for you. What outcome are you trying to achieve? How will you know when you’ve achieved it?
    3. Fill out the KPI Development Worksheets to create sample KPIs for each of the SMART goals you have created. Ensure that you complete the accompanying KPI Checklist.

    KPIs differ from goal to goal, but their forms follow certain trends

    Metric Type KPI Form
    Initial Probe Progress of probe (e.g. % of systems checked to see if they can supply metrics).
    Baseline Testing What current data shows (e.g. % of systems needing attention).
    Implementation Progress of the implementation (e.g. % of complete vulnerability management program implementation).
    Improvement The threshold or target to be achieved and maintained (e.g. % of incidents responded to within target window).
    Organizational Trends The interplay of several KPIs and how they affect the organization’s risk posture (e.g. assessing the likelihood for a data breach).

    Explore the five metric types

    1. Initial Probe

    Focused on determining how many sources for metrics exist.

    • Question: What am I capable of knowing?
    • Goal: To determine what level of insight we have into our security processes.
    • Possible KPI: % of systems for which metrics are available.
    • Decision: Do we have sufficient resources available to collect metrics?

    2. Baseline Testing

    Focused on gaining initial insights about the state of your security program (what are the measurements?).

    • Question: Does this data suggest areas for improvement?
    • Goal: To create a roadmap for improvement.
    • Possible KPI: % of systems that provide useful metrics to measure improvement.
    • Decision: Is it necessary to acquire tools to increase, enhance, or streamline the metrics-gathering process?

    Info-Tech Insight

    Don't lose hope if you lack resources to move beyond these initial steps. Even if you are struggling to pull data, you can still draw meaningful metrics. The percent or ratio of processes or systems you lack insight into can be very valuable, as it provides a basis to initiate a risk-based discussion with management about the organization's security blind spots.

    Explore the five metric types (cont’d)

    3. Program Implementation

    Focused on developing a basic program to establish basic maturity (e.g. implement an awareness and training program).

    • Question: What needs to be implemented to establish basic maturity?
    • Goal: To begin closing the gap between current and desired maturity.
    • Possible KPI: % of implementation completed.
    • Decision: Have we achieved a formalized and repeatable process?

    4. Improvement

    Focused on attaining operational targets to lower organizational risk.

    • Question: What other related activities could help to support this goal (e.g. regular training sessions)?
    • Goal: To have metrics operate above or below a certain threshold (e.g. lower phishing-test click rate to an average of 10% across the organization)
    • Possible KPI: Phishing click rate %
    • Decision: What other metrics should be tracked to provide insight into KPI fluctuations?

    Info-Tech Insight

    Don't overthink your KPI. In many cases it will simply be your goal rephrased to express a percentage or ratio. In others, like the example above, it makes sense for them to be identical.

    5. Organizational Impact

    Focused on studying several related KPIs (Key Performance Index, or KPX) in an attempt to predict risks.

    • Question: What risks does the organization need to address?
    • Goal: To provide high-level summaries of several metrics that suggest emerging or declining risks.
    • Possible KPI: Likelihood of a given risk (based on the trends of the KPX).
    • Decision: Accept the risk, transfer the risk, mitigate the risk?

    Case study: Healthcare example

    Let’s take a look at KPI development in action.

    Meet Maria, the new CISO at a large hospital that desperately needs security program improvements. Maria’s first move was to learn the true state of the organization’s security. She quickly learned that there was no metrics program in place and that her staff were unaware what, if any, sources were available to pull security metrics from.

    After completing her initial probe into available metrics and then investigating the baseline readings, she determined that her areas of greatest concern were around vulnerability and access management. But she also decided it was time to get a security training and awareness program up and running to help mitigate risks in other areas she can’t deal with right away.

    See examples of Maria’s KPI development on the next four slides...

    Info-Tech Insight

    There is very little variation in the kinds of goals people have around initial probes and baseline testing. Metrics in these areas are virtually always about determining what data sources are available to you and what that data actually shows. The real decisions start in determining what you want to do based on the measures you’re seeing.

    Metric development example: Vulnerability Management

    See examples of Maria’s KPI development on the next four slides...

    Implementation

    Goal: Implement vulnerability management program

    KPI: % increase of insight into existing vulnerabilities

    Associated Metric: # of vulnerability detection methods

    Improvement

    Goal: Improve deployment time for patches

    KPI: % of critical patches fully deployed within target window

    • Associated Metric 1: # of critical vulnerabilities not patched
    • Associated Metric 2: # of patches delayed due to lack of staff
    • Associated Metric X

    Metric development example: Identity Access Management

    Implementation

    Goal: Implement MFA for privileged accounts

    KPI: % of privileged accounts with MFA applied

    Associated Metric: # of privileged accounts

    Improvement

    Goal: Remove all unnecessary privileged accounts

    KPI: % of accounts with unnecessary privileges

    • Associated Metric 1: # of privileged accounts
    • Associated Metric 2: # of necessary privileged accounts
    • Associated Metric X

    Metric development example: Training and Awareness

    Implementation

    Goal: Implement training and awareness program

    KPI: % of organization trained

    Associated Metric: # of departments trained

    Improvement

    Goal: Improve time to report phishing

    KPI: % of phishing cases reported within target window

    • Associated Metric 1: # of phishing tests
    • Associated Metric 2: # of training sessions
    • Associated Metric X

    Metric development example: Key Performance Index

    Organizational Trends

    Goal: Predict Data Breach Likelihood

    • KPX 1: Insider Threat Potential
      • % of phishing cases reported within target window
        • Associated Metrics:
          • # of phishing tests
          • # of training sessions
      • % of critical patches fully deployed within target window
        • Associated Metrics:
          • # of critical vulnerabilities not patched
          • # of patches delayed due to lack of staff
      • % of accounts with unnecessary privileges
        • Associated Metrics:
          • # of privileged accounts
          • # of necessary privileged accounts
    • KPX 2: Data Leakage Issues
      • % of incidents related to unsecured databases
        • Associated Metrics:
          • # of unsecured databases
          • # of business-critical databases
      • % of misclassified data
        • Associated Metrics:
          • # of misclassified data reports
          • # of DLP false positives
      • % of incidents involving data-handling procedure violations.
        • Associated Metrics:
          • # of data processes with SOP
          • # of data processes without SOP
    • KPX 3: Endpoint Vulnerability Issues
      • % of unpatched critical systems
        • Associated Metrics:
          • # of unpatched systems
          • # of missed patches
      • % of incidents related to IoT
        • Associated Metrics:
          • # of IoT devices
          • # of IoT unsecure devices
      • % of incidents related to BYOD
        • Associated Metrics:
          • # of end users doing BYOD
          • # of BYOD incidents

    Develop Goals-Based KPIs

    1.2 120 minutes

    Materials

    • Info-Tech KPI Development Worksheets

    Participants

    • Security Team

    Output

    • List of KPIs for immediate and future use (can be used to populate Info-Tech’s KPI Development Tool).

    It’s your turn.

    Follow the example of the CISO in the previous slides and try developing KPIs for the SMART goals set in step 1.1.

    • To begin, decide if you are starting with implementation or improvement metrics.
    • Enter your goal in the space provided on the left-hand side and work towards the right, assigning a KPI to track progress towards your goal.
    • Use the associated metrics boxes to record what raw data will inform or influence your KPI.
      • Associated metrics are connected to the KPI box with a segmented line. This is because these associated metrics are not absolutely necessary to track progress towards your goal.
      • However, if a KPI starts trending in the wrong direction, these associated metrics would be used to determine where the problem has occurred.
    • If desired, bundle together several related KPIs to create a key performance index (KPX), which is used to forecast the likelihood of certain risks that would have a major business impact (e.g. potential for insider threat, or risk for a data breach).

    Record KPIs and assign them to goals in the Security Metrics Determination and Tracking Tool

    1.2 Security Metrics Determination and Tracking Tool

    Document KPI metadata in the tool and optionally assign them to a goal.

    Tab “3. Identify Goal KPIs” allows you to record each KPI and its accompanying metadata:

    • Source
    • Owner
    • Audience
    • KPI Target
    • Effort to Collect
    • Frequency of Collection
    • Comments

    Optionally, each KPI can be mapped to goals defined on tab “2. Identify Security Goals.”

    Info-Tech Best Practice

    Ensure your metadata is comprehensive, complete, and realistic. A different employee should be able to use only the information outlined in the metadata to continue collecting measurements for the program.

    Complete Info-Tech’s KPI Development Worksheets

    1.2 KPI Development Worksheet

    Use these worksheets to model the maturation of your metrics program.

    Follow the examples contained in this slide deck and practice creating KPIs for:

    • Implementation metrics
    • Improvement metrics
    • Organizational trends metrics

    As well as drafting associated metrics to inform the KPIs you create.

    Info-Tech Best Practice

    Keep your metrics program manageable. This exercise may produce more goals, metrics, and KPIs than you deal with all at once. But that doesn’t mean you can’t save some for future use.

    Build an effort map to prioritize your SMART goals

    1.2 120 minutes

    Materials

    • Whiteboard
    • Sticky notes
    • Laptop

    Participants

    • Security team
    • Other stakeholders

    Output

    • Prioritized list of SMART goals

    An effort map visualizes a cost and benefit analysis. It is a quadrant output that visually shows how your SMART goals were assessed. Use the calculated Cost/Effort Rating and Benefit Rating values from tab “2. Identify Security Goals” of the Security Metrics Determination and Tracking Tool to aid this exercise.

    Steps:

    1. Establish the axes and colors for your effort map:
      1. X-axis (horizontal) - Security benefit
      2. Y-axis (vertical) - Overall cost/effort
      3. Sticky color - Business alignment
    2. Create sticky notes for each SMART goal and place them onto the effort map based on your determined axes.
      • Goal # Example Security Goal - Benefit (1-12) - Cost (1-12)

    The image shows a matric with four quadrants. The X-axis is labelled Low Benefit on the left side and High benefit on the right side. The Y-axis is labelled Low cost at the top and High cost at the bottom. The top left quadrant is labelled Could Dos, the top right quadrant is labelled Must Dos, the lower left quadrant is labelled May Not Dos, and the lower right quadrant is Should Dos. On the right, there are three post-it style notes, the blue one labelled High Alignment, the yellow labelled Medium Alignment, and the pink labelled Low Alignment.

    1.3 Implement and monitor the KPI to track goal progress

    Let’s put your KPI into action!

    Now that you’ve developed KPIs to monitor progress on your goals, it’s time to use them to drive security program maturation by following these steps:

    1. Review the KPI Development Worksheets (completed in step 1.2) for your prioritized list of goals. Be sure that you are able to track all of the associated metrics you have identified.
    2. Track the KPI and associated metrics using Info-Tech’s KPI Development Tool (see following slide).
    3. Update the data as necessary according to your SMART criteria of your goal.

    A Word on Key Risk Indicators...

    The term key risk indicator (KRI) gets used in a few different ways. However, in most cases, KRIs are closely associated with KPIs.

    1. KPIs and KRIs are the same thing
      • A KPI, at its core, is really a measure of risk. Sometimes it is more effective to emphasize that risk rather than performance (i.e. the data shows you’re not meeting your goal).
    2. KRI is KPI going the wrong way
      • After achieving the desired threshold for an improvement goal, our new goal is usually to maintain such a state. When this balance is upset, it indicates that settled risk has once again become active.
    3. KRI as a predictor of emerging risks
      • When organizations reach a highly mature state, they often start assessing how events external to the organization can affect the optimal performance of the organization. They monitor such events or trends and try to predict when the organization is likely to face additional risks.

    Track KPIs in the Security Metrics Determination and Tracking Tool

    1.3 Security Metrics Determination and Tracking Tool

    Once a metric has been measured, you have the option of entering that data into tab “4. Track Metrics” of the Tool.

    Tracking metric data in Info-Tech's tool provides the following data visualizations:

    • Sparklines at the end of each row (on tab “4. Track Metrics”) for a quick sense of metric performance.
    • A metrics dashboard (on tab “5. Graphs”) with three graph options in two color variations for each metric tracked in the tool, and an overall metric program health gauge.

    Info-Tech Best Practice

    Be diligent about measuring and tracking your metrics. Record any potential measurement biases or comments on measurement values to ensure you have a comprehensive record for future use. In the tool, this can be done by adding a comment to a cell with a metric measurement.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.

    Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.

    In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.

    Logan Rohde

    Research Analyst – Security, Risk & Compliance Info-Tech Research Group

    Ian Mulholland

    Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group

    Call 1-888-670-8889 for more information.

    Phase 2

    Adapt Your Reporting Strategy for Various Metric Types


    Phase 2

    2.1 Review best practices for presenting metrics

    2.2 Strategize your presentation based on metric type

    2.3 Tailor your presentation to your audience

    2.4 Use your metrics to create a story about risk

    2.5 Revise Metrics

    This phase will walk you through the following activities:

    • Develop reporting strategy
    • Use metrics to create a story about risk
    • Metrics revision

    This phase involves the following participants:

    • Security Team

    Outcomes of this phase

    • Metrics Dashboard
    • Metrics Presentation Deck

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Adapt Your Reporting Strategy for Various Metric Types

    Proposed Time to Completion: 2-4 weeks

    Step 2.1 – 2.3: Best Practices and Reporting Strategy

    Start with an analyst kick-off call:

    • Do’s and Don’ts of reporting metrics.
    • Strategize presentation based on metric type.

    Then complete these activities…

    • Strategy development for 3-5 metrics

    Step 2.4 – 2.5: Build a Dashboard and Presentation Deck

    Review findings with analyst:

    • Review strategies for reporting.
    • Compile a Key Performance Index.
    • Revise metrics.

    Then complete these activities…

    • Dashboard creation
    • Presentation development

    With these tools & templates:

    • Security Metrics Determination and Tracking Tool Template
    • Security Metrics KPX Dashboard Tool

    Phase 2 Results & Insights:

    • Completed reporting strategy with presentable dashboard

    2.1 Review best practices for presenting metrics

    Avoid technical details (i.e. raw data) by focusing on the KPI.

    • KPIs add context to understand the behavior and associated risks.

    Put things in terms of risk; it's the language you both understand.

    • This usually means explaining what will happen if not addressed and what you recommend.
    • There are always three options:
      • Address it completely
      • Address it partially
      • Do not address it (i.e. accept the risk)

    Explain why you’re monitoring metrics in terms of the goals you’re hoping to achieve.

    • This sets you up well to explain what you've been doing and why it's important for you to meet your goals.

    Choose between KPI or KRI as the presentation format.

    • Base your decision on whether you are trying to emphasize current success or risk.

    Match presentation with the audience.

    • Board presentations will be short; middle-management ones may be a bit longer.
    • Maximize your results by focusing on the minimum possible information to make sure you sufficiently get your point across.
    • With the board, plan on showing no more than three slides.

    Read between the lines.

    • It can be difficult to get time with the board, so you may find yourself in a trial and error position, so pay attention to cues or suggestions that indicate the board is interested in something.
    • If you can, make an ally to get the inside scoop on what the board cares about.

    Read the news if you’re stuck for content.

    • Board members are likely to have awareness (and interest) in large-scale risks like data breaches and ransomware.

    Present your metrics as a story.

    • Summarize how the security program looks to you and why the metrics lead you to see it this way.

    2.2 Strategize your presentation based on metric type (1 of 5)

    Metric Type: Initial Probe

    Scenario: Implementing your first metrics program.

    • All metrics programs start with determining what measurements you are capable of taking.

    Decisions: Do you have sufficient insight into the program? (i.e. do you need to acquire additional tools to collect metrics?)

    Strategy: If there are no barriers to this (e.g. budget), then focus your presentation on the fact that you are addressing the risk of not knowing what your organization's baseline state is and what potential issues exist but are unknown. This is likely the first phase of an improvement plan, so sketching the overall plan is a good idea too.

    • If budget is an issue, explain the risks associated with not knowing and what you would need to make it happen.

    Possible KPIs:

    • % of project complete.
    • % of systems that provide worthwhile metrics.

    Strategize your presentation based on metric type (2 of 5)

    Metric Type: Baseline Testing

    Scenario: You've taken the metrics to determine what your organization’s normal state is and you're now looking towards addressing your gaps or problem areas.

    Decisions: What needs to be prioritized first and why? Are additional resources required to make this happen?

    Strategy: Explain your impression of the organization's normal state and what you plan to do about it. In other words, what goals are you prioritizing and why? Be sure to note any challenges that may occur along the way (e.g. staffing).

    • If the board doesn't like to open their pocketbook, your best play is to explain what stands to happen (or is happening) if risks are not addressed.

    Possible KPIs:

    • % of goals complete.
    • % of metrics indicating urgent attention needed.

    Strategize your presentation based on metric type (3 of 5)

    Metric Type: Implementation

    Scenario: You are now implementing solutions to address your security priorities.

    Decisions: What, to you, would establish the basis of a program?

    Strategy: Focus on what you're doing to implement a certain security need, why, and what still needs to be done when you’re finished.

    • Example: To establish a training and awareness program, a good first step is to actually hold training sessions with each department. A single lecture is simple but something to build from. A good next step would be to hold regular training sessions or implement monthly phishing tests.

    Possible KPIs:

    • % of implementation complete (e.g. % of departments trained).

    Strategize your presentation based on metric type (4 of 5)

    Metric Type: Improvement

    Scenario: Now that a basic program has been established, you are looking to develop its maturity to boost overall performance (i.e. setting a new development goal).

    Decisions: What is a reasonable target, given the organization's risk tolerance and current state?

    Strategy: Explain that you're now working to tighten up the security program. Note that although things are improving, risk will always remain, so we need to keep it within a threshold that’s proportionate with our risk tolerance.

    • Example: Lower phishing-test click rate to 10% or less. Phishing will always be a risk, and just one slip up can have a huge effect on business (i.e. lost money).

    Possible KPIs:

    • % of staff passing the phishing test.
    • % of employees reporting phishing attempts within time window.

    Strategize your presentation based on metric type (5 of 5)

    Metric Type: Organizational Trends

    Scenario: You've reached a mature state and now how several KPIs being tracked. You begin to look at several KPIs together (i.e. a KPX) to assess the organization's exposure for certain broad risk trends.

    Decisions: Which KPIs can be used together to look at broader risks?

    Strategy: Focus on the overall likelihood of a certain risk and why you've chosen to assess it with your chosen KPIs. Spend some time discussing what factors affect the movement of these KPIs, demonstrating how smaller behaviors create a ripple effect that affects the organization’s exposure to large-scale risks.

    Possible KPX: Insider Threat Risk

    • % of phishing test failures.
    • % of critical patches missed.
    • % of accounts with unnecessary privileges.

    Change your strategy to address security challenges

    Even challenges can elicit useful metrics.

    Not every security program is capable of progressing smoothly through the various metric types. In some cases, it is impossible to move towards goals and metrics for implementation, improvement, or organizational trends because the security program lacks resources.

    Info-Tech Insight

    When your business is suffering from a lack of resources, acquiring these resources automatically becomes the goal that your metrics should be addressing. To do this, focus on what risks are being created because something is missing.

    When your security program is lacking a critical resource, such as staff or technology, your metrics should focus on what security processes are suffering due to this lack. In other words, what critical activities are not getting done?

    KPI Examples:

    • % of critical patches not deployed due to lack of staff.
    • % of budget shortfall to acquire vulnerability scanner.
    • % of systems with unknown risk due to lack of vulnerability scanner.

    2.3 Tailor presentation to your audience

    Metrics come in three forms...

    1. Raw Data

    • Taken from logs or reports, provides values but not context.
    • Useful for those with technical understanding of the organization’s security program.

    2. Management-Level

    • Raw data that has been contextualized and indicates performance of something (i.e. a KPI).
    • Useful for those with familiarity with the overall state of the security program but do not have a hands-on role.

    3. Board-Level

    • KPI with additional context indicating overall effect on the organization.
    • Useful for those removed from the security program but who need to understand the relationship between security, business goals, and cyber risk.

    For a metric to be useful it must...

    1. Be understood by the audience it’s being presented to.
      • Using the criteria on the left, choose which metric form is most appropriate.
    2. Indicate whether or not a certain target or goal is being met.
      • Don’t expect metrics to speak for themselves; explain what the indications and implications are.
    3. Drive some kind of behavioral or strategic change if that target or goal is not being met.
      • Metrics should either affirm that things are where you want them to be or compel you to take action to make an improvement. If not, it is not a worthwhile metric.

    As a general rule, security metrics should become decreasingly technical and increasingly behavior-based as they are presented up the organizational hierarchy.

    "The higher you travel up the corporate chain, the more challenging it becomes to create meaningful security metrics. Security metrics are intimately tied to their underlying technologies, but the last thing the CEO cares about is technical details." – Ben Rothke, Senior Information Security Specialist, Tapad.

    Plan for reporting success

    The future of your security program may depend on this presentation; make it count.

    Reporting metrics is not just another presentation. Rather, it is an opportunity to demonstrate and explain the value of security.

    It is also a chance to correct any misconceptions about what security does or how it works.

    Use the tips on the right to help make your presentation as relatable as possible.

    Info-Tech Insight

    There is a difference between data manipulation and strategic presentation: the goal is not to bend the truth, but to present it in a way that allows you to show the board what they need to see and to explain it in terms familiar to them.

    General Tips for a Successful Presentation

    Avoid jargon; speak in practical terms

    • The board won’t receive your message if they can’t understand you.
    • Explain things as simply as you can; they only need to know enough to make decisions about addressing cyber risk.

    Address compliance

    • Boards are often interested in compliance, so be prepared to talk about it, but clarify that it doesn't equal security.
    • Instead, use compliance as a bridge to discussing areas of the security program that need attention.

    Have solid answers

    • Try to avoid answering questions with the answer, “It depends.”
      • Depends on what?
      • Why?
      • What do you recommend?
    • The board is relying on you for guidance, so be prepared to clarify what the board is asking (you may have to read between the lines to do this).
    • Also address the pain points of board members and have answers to their questions about how to resolve them.

    2.4 Use your metrics to create a story about risk

    Become the narrator of your organization’s security program.

    Security is about managing risk. This is also its primary value to the organization. As such, risk should be the theme of the story you tell.

    "Build a cohesive story that people can understand . . . Raw metrics are valuable from an operations standpoint, but at the executive level, it's about a cohesive story that helps executives understand the value of the security program and keeps the company moving forward. "– Adam Ely, CSO and Co-Founder, Bluebox Security, qtd. by Tenable, 2016

    How to Develop Your Own Story...

    1. Review your security program goals and the metrics you’re using to track progress towards them. Then, decide which metrics best tell this story (i.e. what you’re doing and why).
      • Less is more when presenting metrics, so be realistic about how much your audience can digest in one sitting.
      • Three metrics is usually a safe number; choose the ones that are most representative of your goals.
    2. Explain why you chose the goals you did (i.e. what risks were you addressing?). Then, make an honest assessment of how the security program is doing as far as meeting those goals:
      • What’s going well?
      • What still needs improvement?
      • What about your metrics suggests this?
    3. Address how risks have changed and explain your new recommended course of action.
      • What risks were present when you started?
      • What risks remain despite your progress?
      • How do these risks affect the business operation and what can security do to help?

    Story arc for security metrics

    The following model encapsulates the basic trajectory of all story development.

    Use this model to help you put together your story about risk.

    Introduction: Overall assessment of security program.

    Initial Incident: Determination of the problems and associated risks.

    Rising Action: Creation of goals and metrics to measure progress.

    Climax: Major development indicated by metrics.

    Falling Action: New insights gained about organization’s risks.

    Resolution: Recommendations based on observations.

    Info-Tech Best Practice

    Follow this model to ensure that your metrics presentation follows a coherent storyline that explains how you assessed the problem, why you chose to address it the way you did, what you learned in doing so, and finally what should be done next to boost the security program’s maturity.

    Use a nesting-doll approach when presenting metrics

    Move from high-level to low-level to support your claims

    1. Avoid the temptation to emphasize technical details when presenting metrics. The importance of a metric should be clear from just its name.
    2. This does not mean that technical details should be disregarded entirely. Your digestible, high-level metrics should be a snapshot of what’s taking place on the security ground floor.
    3. With this in mind, we should think of our metrics like a nesting doll, with each metrics level being supported by the one beneath it.

    ...How do you know that?

    Board-Level KPI

    Mgmt.-Level KPI

    Raw Data

    Think of your lower-level metrics as evidence to back up the story you are telling.

    When you’re asked how you arrived at a given conclusion, you know it’s time to go down a level and to explain those results.

    Think of this like showing your work.

    Info-Tech Insight

    This approach is built into the KPX reporting format, but can be used for all metric types by drawing from your associated metrics and goals already achieved.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics Determination and Tracking Tool

    Choose the dashboard tool that makes the most sense for you.

    Info-Tech provides two options for metric dashboards to meet the varying needs of our members.

    If you’re just starting out, you’ll likely be inclined towards the dashboard within the Security Metrics Determination and Tracking Tool (seen here).

    The image shows a screenshot of the Security Metrics Determination and Tracking Tool.

    But if you’ve already got several KPIs to report on, you may prefer the Security Metrics KPX Dashboard Tool, featured on the following slides.

    Info-Tech Best Practice

    Not all graphs will be needed in all cases. When presenting, consider taking screenshots of the most relevant data and displaying them in Info-Tech’s Board-Level Security Metrics Presentation Template.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image shows a screenshot of the Definitions section of the Security Metrics KPX Dashboard

    1. Start by customizing the definitions on tab 1 to match your organization’s understanding of high, medium, and low risk across the three impact areas (functional, informational, and recoverability).
    2. Next, enter up to 5 business goals that your security program supports.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image shows a screenshot of tab 2 of the Security Metrics KPX Dashboard.

    1. On tab 2, enter the large-scale risk you are tracking
    2. Proceed by naming each of your KPXs after three broad risks that – to you – contribute to the large-scale risk.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image is the same screenshot from the previous section, of tab 2 of the Security Metrics KPX Dashboard.

    1. Then, add up to five KPIs aimed at managing more granular risks that contribute to the broad risk.
    2. Assess the frequency and impact associated with these more granular risks to determine how likely it is to contribute to the broad risk the KPX is tracking.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image is the same screenshot of tab 2 of the Security Metrics KPX Dashboard.

    1. Repeat as necessary for the other KPXs on tab 2.
    2. Repeat steps 3-7 for up to two more large-scale risks and associated KPXs on tabs 3 and 4.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image shows a chart titled Business Alignment, with sample Business Goals and KPXs filled in.

    1. If desired, complete the Business Alignment evaluation (located to the right of KPX 2 on tabs 2-4) to demonstrate how well security is supporting business goals.

    "An important key to remember is to be consistent and stick to one framework once you've chosen it. As you meet with the same audiences repeatedly, having the same framework for reference will ensure that your communications become smoother over time." – Caroline Wong, Chief Strategy Officer, Cobalt.io

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image shows a screenshot of the dashboard on tab 5 of the Security Metrics KPX Dashboard.

    1. Use the dashboard on tab 5 to help you present your security metrics to senior leadership.

    Use one of Info-Tech’s dashboards to present your metrics

    2.4 Security Metrics KPX Dashboard

    Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.

    The image shows the same screenshot of Tab 2 of the Security Metrics KPX Dashboard that was shown in previous sections.

    Best Practice:

    This tool helps you convert your KPIs into the language of risk by assessing frequency and severity, which helps to make the risk relatable for senior leadership. However, it is still useful to track fluctuations in terms of percentage. To do this, track changes in the frequency, severity, and trend scores from quarter to quarter.

    Customize Info-Tech’s Security Metrics Presentation Template

    2.4 Board-Level Security Metrics Presentation Template

    Use the Board-Level Security Metrics Presentation Template deck to help structure and deliver your metrics presentation to the board.

    To make the dashboard slide, simply copy and paste the charts from the dashboard tool and arrange the images as needed.

    Adapt the status report and business alignment slides to reflect the story about risk that you are telling.

    2.5 Revise your metrics

    What's next?

    Now that you’ve made it through your metrics presentation, it’s important to reassess your goals with feedback from your audience in mind. Use the following workflow.

    The image shows a flowchart titled Metrics-Revision Workflow. The flowchart begins with the question Have you completed your goal? and then works through multiple potential answers.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.

    Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.

    In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.

    Logan Rohde

    Research Analyst – Security, Risk & Compliance Info-Tech Research Group

    Ian Mulholland

    Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group

    Call 1-888-670-8889 for more information.

    Insight breakdown

    Metrics lead to maturity, not vice versa.

    • Tracking metrics helps you assess progress and regress in your security program, which helps you quantify the maturity gains you’ve made.

    Don't lose hope if you lack resources to move beyond baseline testing.

    • Even if you are struggling to pull data, you can still draw meaningful metrics. The percent or ratio of processes or systems you lack insight into can be very valuable, as it provides a basis to initiate a risk-based discussion with management about the organization's security blind spots.

    The best metrics are tied to goals.

    • Tying your metrics to goals ensures that you are collecting metrics for a specific purpose rather than just to watch the numbers change.

    Summary of accomplishment

    Knowledge Gained

    • Current maturity assessment of security areas
    • Setting SMART goals
    • Metric types
    • KPI development
    • Goals prioritization
    • Reporting and revision strategies

    Processes Optimized

    • Metrics development
    • Metrics collection
    • Metrics reporting

    Deliverables Completed

    • KPI Development Worksheet
    • Security Metrics Determination and Tracking Tool
    • Security Metrics KPX Dashboard Tool
    • Board-Level Security Metrics Presentation Template

    Research contributors and experts

    Mike Creaney, Senior Security Engineer at Federal Home Loan Bank of Chicago

    Peter Chestna, Director, Enterprise Head of Application Security at BMO Financial Group

    Zane Lackey, Co-Founder / Chief Security Officer at Signal Sciences

    Ben Rothke, Senior Information Security Specialist at Tapad

    Caroline Wong, Chief Strategy Officer at Cobalt.io

    2 anonymous contributors

    Related Info-Tech research

    Build an Information Security Strategy

    Tailor best practices to effectively manage information security.

    Implement a Security Governance and Management Program

    Align security and business objectives to get the greatest benefit from both.

    Bibliography

    Capability Maturity Model Integration (CMMI). ISACA. Carnegie Mellon University.

    Ely, Adam. “Choose Security Metrics That Tell a Story.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.

    https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf

    ISACA. “Board Director Concerns about Cyber and Technology Risk.” CSX. 11 Sep. 2018. Web.

    Rothke, Ben. “CEOs Require Security Metrics with a High-Level Focus.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.

    https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf

    Wong, Caroline. Security Metrics: A Beginner’s Guide. McGraw Hill: New York, 2012.

    Develop a COVID-19 Pandemic Response Plan

    • Buy Link or Shortcode: {j2store}420|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • IT departments are being asked to rapidly ramp up work-from-home capabilities and other business process workarounds.
    • Crisis managers are experiencing a pandemic more severe than what they’ve managed in the past.
    • Organizations are scrambling to determine how they can keep their businesses running through this pandemic.

    Our Advice

    Critical Insight

    • Obstacles to working from home go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needs to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Resist the temptation to bypass IT processes – your future-self will thank you for tracking all those assets about to go out the door.

    Impact and Result

    • Start with crisis management fundamentals – identify crisis management roles and exercise appropriate crisis communication.
    • Prioritize business processes and work-from-home requirements. Not everyone can be set up on day one.
    • Don’t over-complicate your work-from-home deployment plan. A simple spreadsheet (see the Work-from-Home Requirements Tool) to track requirements can be very effective.

    Develop a COVID-19 Pandemic Response Plan Research & Tools

    Start here

    Stay up to date on COVID-19 and the resources available to you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Develop a COVID-19 Pandemic Response Plan Storyboard

    1. Manage the pandemic crisis

    Identify key roles and immediate steps to manage this crisis.

    • Pandemic Response Plan Example

    2. Create IT’s plan to support the pandemic response plan

    Plan the deployment of a work-from-home initiative.

    • Work-From-Home Requirements Tool
    [infographic]

    Agile Readiness Assessment Survey

    • Buy Link or Shortcode: {j2store}160|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s realities are driving organizations to digitize faster and become more Agile.
    • Agile transformations are difficult and frequently fail for a variety of reasons.
    • To achieve the benefits of Agile, organizations need to be ready for the significant changes that Agile demands.
    • Challenges to your Agile transformation can come from a variety of sources.

    Our Advice

    Critical Insight

    • Use Info-Tech’s CLAIM+G model to examine potential roadblocks to Agile on six different organizational dimensions.
    • Use survey results to identify and address the issues that are most likely to derail your Agile transformation.

    Impact and Result

    • Better understand where and how your organization needs to change to support your Agile transformation.
    • Focus your attention on your organization’s biggest roadblocks to Agile.
    • Improve your organization’s chances of a successful Agile transformation.

    Agile Readiness Assessment Survey Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Agile Readiness Assessment Deck – A guide to help your organization survey its Agile readiness.

    Read this deck to see how an Agile Readiness Assessment can help your organization understand its readiness for Agile transformation. The storyboard guides you through how to collect, consolidate, and examine survey responses and create an actionable list of improvements to make your organization more Agile ready.

    • Agile Readiness Assessment Storyboard

    2. Survey Templates (Excel or MS Forms, available in English and French) – Use these templates to create and distribute the survey broadly within your organization.

    The Agile Readiness Assessment template is available in either Excel or Microsoft Forms (both English and French versions are available). Download the Excel templates here or use the links in the above deck to access the online versions of the survey.

    • Agile Readiness Survey – English
    • Agile Readiness Survey – French

    3. Agile Readiness Assessment Consolidated Results Tool – Use this tool to consolidate and analyze survey responses.

    The Agile Readiness Assessment Consolidated Results Tool allows you to consolidate survey responses by team/role and produces your heatmap for analysis.

    • Agile Readiness Assessment Consolidated Results Tool
    [infographic]

    Further reading

    Agile Readiness Assessment

    Understand how ready your organization is for an Agile transformation.

    Info-Tech Research Group Inc. is a global leader in providing IT research and advice. Info-Tech’s products and services combine actionable insight and relevant advice with ready-to-use tools and templates that cover the full spectrum of IT concerns.

    Analyst Perspective

    Use the wisdom of crowds to understand how ready you are for Agile transformation.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group

    Agile transformations can be difficult and complex to implement. That’s because they require fundamental changes in the way an organization thinks and behaves (and many organizations are not ready for these changes).

    Use Info-Tech’s Agile Readiness Assessment to broadly survey the organization’s readiness for Agile along six dimensions:

    • Culture
    • Learning
    • Automation
    • Integrated teams
    • Metrics
    • Governance

    The survey results will help you to examine and address those areas that are most likely to hinder your move to Agile.

    Alex Ciraco
    Principal Research Director, Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Your organization wants to shorten delivery time and improve quality by adopting Agile practices.
    • Your organization has not yet used Agile successfully.
    • You know that Agile transformations are complex and difficult to implement.
    • You want to maximize your Agile transformation’s chances of success.

    Common Obstacles

    • Risks to your Agile transformation can come from a variety of sources, including:
      • Organizational culture
      • Learning practices
      • Use of automation
      • Ability to create integrated teams
      • Use of metrics
      • Governance practices

    Info-Tech’s Approach

    • Use Info-Tech’s Agile Readiness Assessment to broadly survey your organization’s readiness for Agile.
    • Examine the consolidated results of this survey to identify challenges that are most likely to hinder Agile success.
    • Discuss and address these challenges to increase your chances of success.

    Info-Tech Insight

    By first understanding the numerous challenges to Agile transformations and then broadly surveying your organization to identify and address the challenges that are at play, you are more likely to have a successful Agile transformation.

    Info-Tech’s methodology

    1. Distribute Survey 2. Consolidate Survey Results 3. Examine Results and Problem Solve
    Phase Steps

    1.1 Identify the teams/roles you will survey.

    1.2 Configure the survey to reflect your teams/roles.

    1.3 Distribute the Agile Readiness Assessment Survey broadly in the organization.

    2.1 Collect survey responses from all participants.

    2.2 Consolidate the results using the template provided.

    3.1 Examine the consolidated results (both OVERALL and DETAILED Heatmaps)

    3.2 Identify key challenge areas (those which are most “red”) and discuss these challenges with participants

    3.3 Brainstorm, select and refine potential solutions to these challenges

    Phase Outcomes An appreciation for the numerous challenges associated with Agile transformations Identified challenges to Agile within your organization (both team-specific and organization-wide challenges) An actionable list of solutions/actions to address your organization’s Agile challenges.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

    Agile Readiness Assessment Survey

    Survey the organization to understand your readiness for an Agile transformation on six dimensions.

    Sample of the Agile Readiness Assessment Survey blueprint deliverable.

    Agile Readiness Assessment Consolidated Results

    Examine your readiness for Agile and identify team-specific and organization-wide challenges.

    Sample of the Agile Readiness Assessment Consolidated Results blueprint deliverable.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 6 to 8 calls over the course of 1 to 2 months.

    What does a typical GI on this topic look like?

      Phase 1: Distribute Survey

    • Call #1: Scope requirements, objectives, and your specific challenges (identify potential participants).
    • Call #2: First call with participants (introduce Phase 1 and assign survey for completion).
    • Call #3: Gather survey responses (prep for Phase 2 calls).
    • Phase 2: Consolidate Survey Results

    • Call #4: Consolidate all survey responses using the template.
    • Call #5: Conduct initial review of consolidated results (prep for Phase 3 calls).
    • Phase 3: Examine Results and Problem Solve

    • Call #6: Present consolidated results to participants and agree on most pressing challenges.
    • Call #7: Brainstorm, identify, and refine potential solutions to most pressing challenges.
    • Call #8: Conduct closing and communication call.

    Phase 1 — Phase 1 of 3, 'Distribute Survey'.

    Customize and distribute the survey

    Decide which teams/roles will participate in the survey.

    Decide which format and language(s) you will use for your Agile Readiness Assessment Survey.

    Configure the survey templates to reflect your selected teams/roles.

    Distribute the survey for participants to complete.

    • 1.1 The Agile Readiness Assessment Survey will help you to identify both team-specific and organization-wide challenges to your Agile transformation. It is best to distribute the survey broadly across the organization and include several teams and roles. Identify and make note of the teams/roles that will be participating in the survey.
    • 1.2 Select which format of survey you will be using (Excel or online), along with the language(s) you will use (links to the survey templates can be found in the table below). Then configure the survey templates to reflect your list of teams/roles from Step 1.1.
    • Format Language Download Survey Template
      Excel English Agile Readiness Assessment Excel Survey Template – EN and FR
      Excel French
      Online English Agile Readiness Assessment Online Survey Template – EN
      Online French Agile Readiness Assessment Online Survey Template – FR

    • 1.3 Distribute your Agile Readiness Assessment Survey broadly in the organization. Give all participants a deadline date for completion of the survey.

    Phase 2 — Phase 2 of 3, 'Consolidate Results'.

    Consolidate Survey Results

    Collect and consolidate all survey responses using the template provided.

    Review the OVERALL and DETAILED Heatmaps generated by the template.

    • 2.1 Collect the survey responses from all participants. All responses completed using the online form will be anonymous (for responses returned using the Excel form, assign each a unique identifier so that anonymity of responses is maintained).
    • 2.2 Consolidate the survey responses using the template below. Follow the instructions in the template to incorporate all survey responses.
    • Download the Agile Readiness Assessment Consolidated Results Tool

      Sample of the Agile Readiness Assessment Consolidated Results Tool, ranking maturity scores in 'Culture', 'Learning', 'Automation', 'Integrated Teams', 'Metrics', and 'Governance'.

    Phase 3 — Phase 3 of 3, 'Examine Results'.

    Examine Survey Results and Problem Solve

    Review the consolidated survey results as a team.

    Identify the challenges that need the most attention.

    Brainstorm potential solutions. Decide which are most promising and create a plan to implement them.

    • 3.1 Examine the consolidated results (both OVERALL and DETAILED Heatmaps) and look at both team-specific and organization-wide challenge areas.
    • 3.2 Identify which challenge areas need the most attention (typically those that are most red in the heatmap) and discuss these challenges with survey participants.
    • 3.3 As a team, brainstorm potential solutions to these challenges. Select from and refine the solutions that are most promising, then create a plan to implement them.

    3.1 Exercise: Collaborative Problem Solving — Phase 3 of 3, 'Examine Results'.

    60 Mins

    Input: Consolidated survey results

    Output: List of actions to address your most pressing challenges along with a timeline to implement them

    Materials: Agile Readiness Assessment Consolidated Results Tool, Whiteboard and markers

    Participants: Survey participants, Other interested parties

    This exercise will create a plan for addressing your most pressing Agile-related challenges.

    • As a team, agree on which survey challenges are most important to address (typically the most red in the heatmap).
    • Brainstorm potential solutions/actions to address these challenges.
    • Assign solutions/actions to individuals and set a timeline for completion.
    Challenge Proposed Solution Owner Timeline
    Enrichment
    lack of a CoE
    Establish a service-oriented Agile Center of Excellence (CoE) staffed with experienced Agile practitioners who can directly help new-to-Agile teams be successful. Bill W. 6 Months
    Tool Chain
    (lack of Agile tools)
    Select a standard Agile work management tool (e.g. Jira, Rally, ADO) that will be used by all Agile teams. Cindy K. 2 Months

    Related Info-Tech Research

    Sample of an Info-Tech blueprint. Modernize Your SDLC
    • Strategically adopt today’s SDLC good practices to streamline value delivery.
    Sample of an Info-Tech blueprint. Implement Agile Practices That Work
    • Guide your organization through its Agile transformation journey.
    Sample of an Info-Tech blueprint. Implement DevOps Practices That Work
    • Streamline business value delivery through the strategic adoption of DevOps practices.
    Sample of an Info-Tech blueprint. Mentoring for Agile Teams
    • Leverage an experience Agile Mentor to give your in-flight Agile project a helping hand.

    Research Contributors and Experts

    • Columbus Brown, Senior Principal – Practice Lead – Business Alignment, Daugherty Business Solutions
    • Saeed Khan, Founder, Transformation Labs
    • Brenda Peshak, Product Owner/Scrum Master/Program Manager, John Deere/Source Allies/Widget Industries LLC
    • Vincent Mirabelli, Principal, Global Project Synergy Group
    • Len O'Neill, Sr. Vice President and Chief Information Officer, The Suddath Companies
    • Shameka A. Jones, MPM, CSM, Lead Business Management Consultant, Mainspring Business Group, LLC
    • Ryland Leyton, Lead Business Analyst, Aptos Retail
    • Ashish Nangia, Lead Business System Analyst, Ashley Furniture Industries
    • Barbara Carkenord, CBAP, IIBA-AAC, PMI-PBA, PMP, SAFe POPM, President, Carkenord Consulting
    • Danelkis Serra, CBAP, Chapter Operations Manager, Regions & Chapters, IIBA (International Institute of Business Analysis)
    • Lorrie Staples-Ellis, CyberSecurity Integration Strategist, Wealth Management, Truist Bank
    • Ginger Sundberg, Independent Consultant
    • Kham Raven, Project Manager, Fraud Strategy & Execution, Truist Bank
    • Sarah Vollett, PMP, Business Analyst, Operations, College of Physicians and Surgeons of British Columbia
    • Nicole J Coyle, ICP-ACC, CEAC, SPC4, SASM, POPM, CSM, ECM, CCMP, CAPM, Team Agile Coach and Team Facilitator, HCQIS Foundational Components
    • Joe Glower, IT Director, Jet Support Services, Inc. (JSSI)
    • Harsh Daharwal, Senior Director, Application Delivery, J.R. Simplot
    • Hans Eckman, Principal Research Director, Info-Tech Research Group
    • Valence Howden, Principal Research Director, Info-Tech Research Group

    Modernize Data Architecture for Measurable Business Results

    • Buy Link or Shortcode: {j2store}387|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Data architecture projects have often failed in the past, causing businesses today to view the launch of a new project as a costly initiative with unclear business value.
    • New technologies in big data and analytics are requiring organizations to modernize their data architecture, but most organizations have failed to spend the time and effort refining the appropriate data models and blueprints that enable them to do so.
    • As the benefits for data architecture are often diffused across an organization’s information management practice, it can be difficult for the business to understand the value and necessity of data architecture.

    Our Advice

    Critical Insight

    • At the heart of tomorrow’s insights-driven enterprises is a modern data environment anchored in fit-for-purpose data architectures.
    • The role of traditional data architecture is transcending beyond organizational boundaries and its focus is shifting from “keeping the lights on” (i.e. operational data and BI) to providing game-changing insights gleaned from untapped big data.

    Impact and Result

    • Perform a diagnostic assessment of your present day architecture and identify the capabilities of your future “to be” environment to position your organization to capitalize on new opportunities in the data space.
    • Use Info-Tech’s program diagnostic assessment and guidance for developing a strategic roadmap to support your team in building a fit-for purpose data architecture practice.
    • Create a data delivery architecture that harmonizes traditional and modern architectural opportunities.

    Modernize Data Architecture for Measurable Business Results Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your data architecture, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop a data architecture vision

    Plan your data architecture project and align it with the business and its strategic vision.

    • Modernize Data Architecture for Measurable Business Results – Phase 1: Develop a Data Architecture Vision
    • Modernize Data Architecture Project Charter
    • Data Architecture Strategic Planning Workbook

    2. Assess data architecture capabilities

    Evaluate the current and target capabilities of your data architecture, using the accompanying diagnostic assessment to identify performance gaps and build a fit-for-purpose practice.

    • Modernize Data Architecture for Measurable Business Results – Phase 2: Assess Data Architecture Capabilities
    • Data Architecture Assessment and Roadmap Tool
    • Initiative Definition Tool

    3. Develop a data architecture roadmap

    Translate your planned initiatives into a sequenced roadmap.

    • Modernize Data Architecture for Measurable Business Results – Phase 3: Develop a Data Architecture Roadmap
    • Modernize Data Architecture Roadmap Presentation Template
    [infographic]

    Workshop: Modernize Data Architecture for Measurable Business Results

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop a Data Architecture (DA) Vision

    The Purpose

    Discuss key business drivers and strategies.

    Identify data strategies.

    Develop a data architecture vision.

    Assess data architecture practice capabilities. 

    Key Benefits Achieved

    A data architecture vision aligned with the business.

    A completed assessment of the organization’s current data architecture practice capabilities.

    Identification of "to be" data architecture practice capabilities.

    Identification of key gaps. 

    Activities

    1.1 Explain approach and value proposition

    1.2 Discuss business vision and key drivers

    1.3 Discover business pain points and needs

    1.4 Determine data strategies

    1.5 Assess DA practice capabilities

    Outputs

    Data strategies

    Data architecture vision

    Current and target capabilities for the modernized DA practice

    2 Assess DA Core Capabilities (Part 1)

    The Purpose

    Assess the enterprise data model (EDM).

    Assess current and target data warehouse, BI/analytics, and big data architectures.

    Key Benefits Achieved

    A completed assessment of the organization’s current EDM, data warehouse, BI and analytics, and big data architectures.

    Identification of "to be" capabilities for the organization’s EDM, data warehouse, BI and analytics, and big data architectures.

    Identification of key gaps.

    Activities

    2.1 Present an overarching DA capability model

    2.2 Assess current and target EDM capabilities

    2.3 Assess current/target data warehouse, BI/analytics, and big data architectures

    2.4 Identify gaps and high level strategies

    Outputs

    Target capabilities for EDM

    Target capabilities for data warehouse architecture, BI architecture, and big data architecture

    3 Assess DA Core Capabilities (Part 2)

    The Purpose

    Assess EDM.

    Assess current/target MDM, metadata, data integration, and content architectures.

    Assess dynamic data models.

    Key Benefits Achieved

    A completed assessment of the organization’s current MDM, metadata, data integration, and content architectures.

    Identification of “to be” capabilities for the organization’s MDM, metadata, data integration, and content architectures.

    Identification of key gaps.

    Activities

    3.1 Present an overarching DA capability model

    3.2 Assess current and target MDM, metadata, data integration, and content architectures

    3.3 Assess data lineage and data delivery model

    3.4 Identify gaps and high level strategies

    Outputs

    Target capabilities for MDM architecture, metadata architecture, data integration architecture, and document & content architecture

    Target capabilities for data lineage/delivery

    4 Analyze Gaps and Formulate Strategies

    The Purpose

    Map performance gaps and document key initiatives from the diagnostic assessment.

    Identify additional gaps and action items.

    Formulate strategies and initiatives to address priority gaps. 

    Key Benefits Achieved

    Prioritized gap analysis.

    Improvement initiatives and related strategies.

    Activities

    4.1 Map performance gaps to business vision, pain points, and needs

    4.2 Identify additional gaps

    4.3 Consolidate/rationalize/prioritize gaps

    4.4 Formulate strategies and actions to address gaps

    Outputs

    Prioritized gaps

    Data architecture modernization strategies

    5 Develop a Data Architecture Roadmap

    The Purpose

    Plot initiatives and strategies on a strategic roadmap.

    Key Benefits Achieved

    A roadmap with prioritized and sequenced initiatives.

    Milestone plan.

    Executive report. 

    Activities

    5.1 Transform strategies into a plan of action

    5.2 Plot actions on a prioritized roadmap

    5.3 Identify and discuss next milestone plan

    5.4 Compile an executive report

    Outputs

    Data architecture modernization roadmap

    Data architecture assessment and roadmap report (from analyst team)

    Build IT Capabilities to Enable Digital Marketing Success

    • Buy Link or Shortcode: {j2store}553|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Misalignment: Even if IT builds the capabilities to pursue digital channels, the channels will underperform in realizing organizational goals if the channels and the goals are misaligned.
    • Ineffective analytics: Failure to integrate and analyze new data will undermine organizational success in influencer and sentiment identification.
    • Missed opportunity: If IT does not develop the capabilities to support these channels, then lead generation, brand promotion, and engagement opportunities will be lost.
    • Lack of control: Marketing is developing and depending on internal power users and agencies. This practice can isolate IT from digital marketing technology decision making.

    Our Advice

    Critical Insight

    • Identify and understand the digital marketing channels that can benefit your organization.
    • Get stakeholder buy-in to facilitate collaboration between IT and product marketing groups to identify necessary IT capabilities.
    • Build IT capability by purchasing software, outsourcing, and training or hiring individuals with necessary skillsets.
    • Become transformational: use IT capabilities to support analytics that identify new customer segments, key influencers, and other invaluable insights.
    • Time is of the essence! It is easier to begin strengthening the relationship between marketing and IT today then it will be at any point in the future.
    • Being transformational means more than just enabling the channels marketing wants to pursue; IT must assist in identifying new segments and digital marketing opportunities, such as enabling influencer management.

    Impact and Result

    • IT is involved in decision making and has a complete understanding of the digital channels the organization is going to migrate to or phase out if unused.
    • IT has the necessary capabilities to support and enable success in all relevant digital channel management technologies.
    • IT is a key player in ensuring that all relevant data from new digital channels is managed and analyzed in order to maintain a 360 degree view of customers and feed real-time campaigns.
    • This enables the organization to not only target existing segments effectively, but also to identify and pursue new opportunities not presented before.
    • These opportunities include: identifying new segments among social networks, identifying key influencers as a new target, identifying proactive service and marketing opportunities from the public social cloud, and conducting new competitive analyses on the public social cloud.

    Build IT Capabilities to Enable Digital Marketing Success Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the case for building IT capabilities

    Identify the symptoms of inadequate IT support of digital marketing to diagnose the problems in your organization.

    • Storyboard: Build IT Capabilities to Enable Digital Marketing Success

    2. Identify digital marketing opportunities to understand the need for action in your organization

    Identify the untapped digital marketing value in your organization to understand where your organization needs to improve.

    • Digital Marketing Capability Builder Tool

    3. Mobilize for action: get stakeholder buy-in

    Develop a plan for communicating with stakeholders to ensure buy-in to the digital marketing capability building project.

    • Digital Marketing Communication Deck

    4. Identify the product/segment-specific digital marketing landscape to identify required IT capabilities

    Assess how well each digital channel reaches target segments. Identify the capabilities that must be built to enable digital channels.

    5. Create a roadmap for building capabilities to enable digital marketing

    Assess the people, processes, and technologies required to build required capabilities and determine the best fit with your organization.

    [infographic]

    Workshop: Build IT Capabilities to Enable Digital Marketing Success

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Digital Marketing Opportunities

    The Purpose

    Determine the fit of each digital channel with your organizational goals.

    Determine the fit of digital channels with your organizational structure and business model.

    Compare the fit of digital channels with your organization’s current levels of use to:Identify missed opportunities your organization should capitalize on.Identify digital channels that your organization is wasting resources on.

    Identify missed opportunities your organization should capitalize on.

    Identify digital channels that your organization is wasting resources on.

    Key Benefits Achieved

    IT department achieves consensus around which opportunities need to be pursued.

    Understanding that continuing to pursue excellent-fit digital channels that your organization is currently active on is a priority.

    Identification of the channels that stopping activity on could free up resources for.

    Activities

    1.1 Define and prioritize organizational goals.

    1.2 Assess digital channel fit with goals and organizational characteristics.

    1.3 Identify missed opportunities and wasted resources in your digital channel mix.

    1.4 Brainstorm creative ways to pursue untapped digital channels.

    Outputs

    Prioritized list of organizational goals.

    Assigned level of fit to digital channels.

    List of digital channels that represent missed opportunities or wasted resources.

    List of brainstormed ideas for pursuing digital channels.

    2 Identify Your Product-Specific Digital Marketing Landscape

    The Purpose

    Identify the digital channels that will be used for specific products and segments.

    Identify the IT capabilities that must be built to enable digital channels.

    Prioritize the list of IT capabilities.

    Key Benefits Achieved

    IT and marketing achieve consensus around which digital channels will be pursued for specific product-segment pairings.

    Identification of the capabilities that IT must build.

    Activities

    2.1 Assess digital channel fit with specific products.

    2.2 Identify the digital usage patterns of target segments.

    2.3 Decide precisely which digital channels you will use to sell specific products to specific segments.

    2.4 Identify and prioritize the IT capabilities that need to be built to succeed on each digital channel.

    Outputs

    Documented channel fit with products.

    Documented channel usage by target segments.

    Listed digital channels that will be used for each product-segment pairing.

    Listed and prioritized capabilities that must be built to enable success on necessary digital channels.

    3 Enable Digital Marketing Capabilities and Leverage Analytics

    The Purpose

    Identification of the best possible way to build IT capabilities for all channels.

    Creation of a plan for leveraging transformational analytics to supercharge your digital marketing strategy.

    Key Benefits Achieved

    IT understanding of the costs and benefits of capability building options (people, process, and technology).

    Information about how specific technology vendors could fit with your organization.

    IT identification of opportunities to leverage transformational analytics in your organization.

    Activities

    3.1 Identify the gaps in your IT capabilities.

    3.2 Evaluate options for building capabilities.

    3.3 Identify opportunities for transformational analytics.

    Outputs

    A list of IT capability gaps.

    An action plan for capability building.

    A plan for leveraging transformational analytics.

    Cost-Optimize Your Security Budget

    • Buy Link or Shortcode: {j2store}250|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $2,078 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • The security budget has been slashed and the team needs to do more with less.
    • Mitigating risk is still the top priority, only now we need to reassess effectiveness and efficiency to ensure we are getting the greatest level of protection for the least amount of money.

    Our Advice

    Critical Insight

    A cost-optimized security budget is one that has the greatest impact on risk for the least amount of money spent.

    Impact and Result

    • Focus on business needs and related risks. Review the risk-reduction efficacy of your people, processes, and technology and justify what can be cut and what must stay.
    • Info-Tech will guide you through this process, and by the end of this blueprint you will have a cost-optimized security budget and an executive presentation to explain your revised spending.

    Cost-Optimize Your Security Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should cost-optimize your security budget, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Cost-optimize your technology and managed services

    This phase will help you assess the efficacy of your current technology and service providers.

    • Threat and Risk Assessment Tool
    • In-House vs. Outsourcing Decision-Making Tool

    2. Cost-optimize your staffing

    This phase will help you assess if layoffs are necessary.

    • Security Employee Layoff Selection Tool

    3. Cost-optimize your security strategy

    This phase will help you revise the pending process-based initiatives in your security strategy.

    • Security Cost Optimization Workbook
    • Security Cost Optimization Executive Presentation
    [infographic]

    Build a Reporting and Analytics Strategy

    • Buy Link or Shortcode: {j2store}128|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $49,748 Average $ Saved
    • member rating average days saved: 28 Average Days Saved
    • Parent Category Name: Business Intelligence Strategy
    • Parent Category Link: /business-intelligence-strategy
    • In respect to business intelligence (BI) matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and analytics strategy and is not a quick solution or a guarantee for long-term success.

    Our Advice

    Critical Insight

    • The BI strategy drives data warehouse and integration strategies and the data needed to support business decisions.
    • The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Impact and Result

    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • BI & analytics informs data warehouse and integration layers for required content, latency, and quality.

    Build a Reporting and Analytics Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create or refresh the BI Strategy and review Info-Tech’s approach to developing a BI strategy that meets business needs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the business context and BI landscape

    Lay the foundation for the BI strategy by detailing key business information and analyzing current BI usage.

    • Build a Reporting and Analytics Strategy – Phase 1: Understand the Business Context and BI Landscape
    • BI Strategy and Roadmap Template
    • BI End-User Satisfaction Survey Framework

    2. Evaluate the current BI practice

    Assess the maturity level of the current BI practice and envision a future state.

    • Build a Reporting and Analytics Strategy – Phase 2: Evaluate the Current BI Practice
    • BI Practice Assessment Tool

    3. Create a BI roadmap for continuous improvement

    Create BI-focused initiatives to build an improvement roadmap.

    • Build a Reporting and Analytics Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement
    • BI Initiatives and Roadmap Tool
    • BI Strategy and Roadmap Executive Presentation Template
    [infographic]

    Workshop: Build a Reporting and Analytics Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish Business Vision and Understand the Current BI Landscape

    The Purpose

    Document overall business vision, mission, and key objectives; assemble project team.

    Collect in-depth information around current BI usage and BI user perception.

    Create requirements gathering principles and gather requirements for a BI platform.

    Key Benefits Achieved

    Increased IT–business alignment by using the business context as the project starting point

    Identified project sponsor and project team

    Detailed understanding of trends in BI usage and BI perception of consumers

    Refreshed requirements for a BI solution

    Activities

    1.1 Gather key business information (overall mission, goals, objectives, drivers).

    1.2 Establish a high-level ROI.

    1.3 Identify ideal candidates for carrying out a BI project.

    1.4 Undertake BI usage analyses, BI user perception survey, and a BI artifact inventory.

    1.5 Develop requirements gathering principles and approaches.

    1.6 Gather and organize BI requirements

    Outputs

    Articulated business context that will guide BI strategy development

    ROI for refreshing the BI strategy

    BI project team

    Comprehensive summary of current BI usage that has quantitative and qualitative perspectives

    BI requirements are confirmed

    2 Evaluate Current BI Maturity and Identify the BI Patterns for the Future State

    The Purpose

    Define current maturity level of BI practice.

    Envision the future state of your BI practice and identify desired BI patterns.

    Key Benefits Achieved

    Know the correct migration method for Exchange Online.

    Prepare user profiles for the rest of the Office 365 implementation.

    Activities

    2.1 Perform BI SWOT analyses.

    2.2 Assess current state of the BI practice and review results.

    2.3 Create guiding principles for the future BI practice.

    2.4 Identify desired BI patterns and the associated BI functionalities/requirements.

    2.5 Define the future state of the BI practice.

    2.6 Establish the critical success factors for the future BI, identify potential risks, and create a mitigation plan.

    Outputs

    Exchange migration strategy

    Current state of BI practice is documented from multiple perspectives

    Guiding principles for future BI practice are established, along with the desired BI patterns linked to functional requirements

    Future BI practice is defined

    Critical success factors, potential risks, and a risk mitigation plan are defined

    3 Build Improvement Initiatives and Create a BI Development Roadmap

    The Purpose

    Build overall BI improvement initiatives and create a BI improvement roadmap.

    Identify supplementary initiatives for enhancing your BI program.

    Key Benefits Achieved

    Defined roadmap composed of robust improvement initiatives

    Activities

    3.1 Create BI improvement initiatives based on outputs from phase 1 and 2 activities. Build an improvement roadmap.

    3.2 Build an improvement roadmap.

    3.3 Create an Excel governance policy.

    3.4 Create a plan for a BI ambassador network.

    Outputs

    Comprehensive BI initiatives placed on an improvement roadmap

    Excel governance policy is created

    Internal BI ambassadors are identified

    Further reading

    Build a Reporting and Analytics Strategy

    Deliver actionable business insights by creating a business-aligned reporting and analytics strategy.

    Terminology

    As the reporting and analytics space matured over the last decade, software suppliers used different terminology to differentiate their products from others’. This caused a great deal of confusion within the business communities.

    Following are two definitions of the term Business Intelligence:

    Business intelligence (BI) leverages software and services to transform data into actionable insights that inform an organization’s strategic and tactical business decisions. BI tools access and analyze data sets and present analytical findings in reports, summaries, dashboards, graphs, charts, and maps to provide users with detailed intelligence about the state of the business.

    The term business intelligence often also refers to a range of tools that provide quick, easy-to-digest access to insights about an organization's current state, based on available data.

    CIO Magazine

    Business intelligence (BI) comprises the strategies and technologies used by enterprises for the data analysis of business information. BI technologies provide historical, current, and predictive views of business operations.

    Common functions of business intelligence technologies include reporting, online analytical processing, analytics, data mining, process mining, complex event processing, business performance management, benchmarking, text mining, predictive analytics, and prescriptive analytics.

    Wikipedia

    This blueprint will use the terms “BI,” “BI and Analytics,” and “Reporting and Analytics” interchangeably in different contexts, but always in compliance to the above definitions.

    ANALYST PERSPECTIVE

    A fresh analytics & reporting strategy enables new BI opportunities.

    We need data to inform the business of past and current performance and to support strategic decisions. But we can also drown in a flood of data. Without a clear strategy for business intelligence, a promising new solution will produce only noise.

    BI and Analytics teams must provide the right quantitative and qualitative insights for the business to base their decisions on.

    Your Business Intelligence and Analytics strategy must support the organization’s strategy. Your strategy for BI & Analytics provides direction and requirements for data warehousing and data integration, and further paves the way for predictive analytics, big data analytics, market/industry intelligence, and social network analytics.

    Dirk Coetsee,

    Director, Data and Analytics Info-Tech Research Group

    Our understanding of the problem

    This Research is Designed For:

    • A CIO or Business Unit (BU) Leader looking to improve reporting and analytics, reduce time to information, and embrace fact-based decision making with analytics, reporting, and business intelligence (BI).
    • Application Directors experiencing poor results from an initial BI tool deployment who are looking to improve the outcome.

    This Research Will Also Assist:

    • Project Managers and Business Analysts assigned to a BI project team to collect and analyze requirements.
    • Business units that have their own BI platforms and would like to partner with IT to take their BI to an enterprise level.

    This Research Will Help You:

    • Align your reporting and analytics strategy with the business’ strategic objectives before you rebuild or buy your Business Intelligence platform.
    • Identify reporting and analytics objectives to inform the data warehouse and integration requirements gathering process.
    • Avoid common pitfalls that derail BI and analytic deployments and lower their adoption.
    • Identify Business Intelligence gaps prior to deployment and incorporate remedies within your plans.

    This Research Will Help Them:

    • Recruit the right resources for the program.
    • Align BI with corporate vision, mission, goals, and strategic direction.
    • Understand the needs of business partners.
    • Assess BI maturity and plan for target state.
    • Develop a BI strategy and roadmap.
    • Track the success of the BI initiative.

    Executive summary

    Situation:

    BI drives a new reality. Uber is the world’s largest taxi company and they own no vehicles; Alibaba is the world’s most valuable retailer and they have no inventory; Airbnb is the world’s largest accommodation provider and they own no real estate. How did they disrupt their markets and get past business entry barriers? A deep understanding of their market through impeccable business intelligence!

    Complication:

    • In respect to BI matureness, you can’t expect the whole organization to be at the same place at the same time. Your BI strategy needs to recognize this and should strive to align rather than dictate.
    • Technology is just one aspect of your BI and Analytics strategy and is not a quick solution or a guarantee for long term success.

    Resolution:

    • Drive strategy development by establishing the business context upfront in order to align business intelligence providers with the most important needs of their BI consumers and the strategic priorities of the organization.
    • Revamp or create a BI strategy to update your BI program to make it fit for purpose.
    • Understand your existing BI baggage – e.g. your existing BI program, the artifacts generated from the program, and the users it supports. Those will inform the creation of the strategy and roadmap.
    • Assess current BI maturity and determine your future state BI maturity.
    • BI needs governance to ensure consistent planning, communication, and execution of the BI strategy.
    • Create a network of BI ambassadors across the organization to promote BI.
    • Plan for the future to ensure that required data will be available when the organization needs it.

    Info-Tech Insight

    1. Put the “B” back in BI. Don’t have IT doing BI for IT’s sake; ensure the voice and needs of the business are the primary drivers of your strategy.
    2. The BI strategy drives data warehouse and integration strategies and the data needs to support business decisions.
    3. Go beyond the platform. The solution to better BI often lies in improving the BI practice, not acquiring the latest and greatest tool.

    Metrics to track BI & Analytical program progress

    Goals for BI:

    • Understand business context and needs. Identify business processes that can leverage BI.
    • Define the Reporting & Analytics Roadmap. Develop data initiatives, and create a strategy and roadmap for Business Intelligence.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking the BI Program

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Your Enterprise BI and Analytics Strategy is driven by your organization’s Vision and Corporate Strategy

    Formulating an Enterprise Reporting and Analytics Strategy requires the business vision and strategies to first be substantiated. Any optimization to the Data Warehouse, Integration and Source layer is in turn driven by the Enterprise Reporting and Analytics Strategy

    Flow chart showing 'Business Vision Strategies'

    The current state of your Integration and Warehouse platforms determine what data can be utilized for BI and Analytics

    Where we are, and how we got here

    How we got here

    • In the beginning was BI 1.0. Business intelligence began as an IT-driven centralized solution that was highly governed. Business users were typically the consumers of reports and dashboards created by IT, an analytics-trained minority, upon request.
    • In the last five to ten years, we have seen a fundamental shift in the business intelligence and analytics market, moving away from such large-scale, centralized IT-driven solutions focused on basic reporting and administration, towards more advanced user-friendly data discovery and visualization platforms. This has come to be known as BI 2.0.
    • Many incumbent market leaders were disrupted by the demand for more user-friendly business intelligence solutions, allowing “pure-play” BI software vendors to carve out a niche and rapidly expand into more enterprise environments.
    • BI-on-the-cloud has established itself as a solid alternative to in-house implementation and operation.

    Where we are now

    • BI 3.0 has arrived. This involves the democratization of data and analytics and a predominantly app-centric approach to BI, identifiable by an anywhere, anytime, and device-or-platform-independent collaborative methodology. Social workgroups and self-guided content creation, delivery, analysis, and management is prominent.
    • Where the need for reporting and dashboards remains, we’re seeing data discovery platforms fulfilling the needs of non-technical business users by providing easy-to-use interactive solutions to increase adoption across enterprises.
    • With more end users demanding access to data and the tools to extract business insights, IT is looking to meet these needs while continuing to maintain governance and administration over a much larger base of users. The race for governed data discovery is heated and will be a market differentiator.
    • The next kid on the block is Artificial Intelligence that put further demands on data quality and availability.

    RICOH Canada used this methodology to develop their BI strategy in consultation with their business stakeholders

    CASE STUDY

    Industry: Manufacturing and Retail

    Source: RICOH

    Ricoh Canada transforms the way people work with breakthrough technologies that help businesses innovate and grow. Its focus has always been to envision what the future will look like so that it can help its customers prepare for success. Ricoh empowers digital workplaces with a broad portfolio of services, solutions, and technologies – helping customers remove obstacles to sustained growth by optimizing the flow of information and automating antiquated processes to increase workplace productivity. In their commitment towards a customer-centric approach, Ricoh Canada recognized that BI and analytics can be used to inform business leaders in making strategic decisions.

    Enterprise BI and analytics Initiative

    Ricoh Canada enrolled in the ITRG Reporting & Analytics strategy workshop with the aim to create a BI strategy that will allow the business to harvest it strengths and build for the future. The workshop acted as a forum for the different business units to communicate, share ideas, and hear from each other what their pains are and what should be done to provide a full customer 360 view.

    Results

    “This workshop allowed us to collectively identify the various stakeholders and their unique requirements. This is a key factor in the development of an effective BI Analytics tool.” David Farrar

    The Customer 360 Initiative included the following components

    The Customer 360 Initiative includes the components shown in the image

    Improve BI Adoption Rates

    Graph showing Product Adoption Rates

    Sisense

    Reasons for low BI adoption

    • Employees that never used BI tools are slow to adopt new technology.
    • Lack of trust in data leads to lack of trust in the insights.
    • Complex data structures deter usage due to long learning curves and contained nuances.
    • Difficult to translate business requirements into tool linguistics due to lack of training or technical ineptness.
    • Business has not taken ownership of data, which affects access to data.

    How to foster BI adoption

    • Senior management proclaim data as a strategic asset and involved in the promotion of BI
    • Role Requirement that any business decision should be backed up by analytics
    • Communication of internal BI use case studies and successes
    • Exceptional data lineage to act as proof for the numbers
    • A Business Data glossary with clearly defined business terms. Use the Business Data Glossary in conjunction with data lineage and semantic layers to ensure that businesses are clearly defined and traced to sources.
    • Training in business to take ownership of data from inception to analytics.

    Why bother with analytics?

    In today’s ever-changing and global environment, organizations of every size need to effectively leverage their data assets to facilitate three key business drivers: customer intimacy, product/service innovation, and operational excellence. Plus, they need to manage their operational risk efficiently.

    Investing in a comprehensive business intelligence strategy allows for a multidimensional view of your organization’s data assets that can be operationalized to create a competitive edge:

    Historical Data

    Without a BI strategy, creating meaningful reports for business users that highlight trends in past performance and draw relationships between different data sources becomes a more complex task. Also, the ever growing need to identify and assess risks in new ways is driving many companies to BI.

    Data Democracy

    The core purpose of BI is to provide the right data, to the right users, at the right time, and in a format that is easily consumable and actionable. In developing a BI strategy, remember the driver for managed cross-functional access to data assets and features such as interactive dashboards, mobile BI, and self-service BI.

    Predictive and Big Data Analytics

    As the volume, variety, and velocity of data increases rapidly, businesses will need a strategy to outline how they plan to consume the new data in a manner that does not overwhelm their current capabilities and aligns with their desired future state. This same strategy further provides a foundation upon which organizations can transition from ad hoc reporting to using data assets in a codified BI platform for decision support.

    Business intelligence serves as the layer that translates data, information, and organizational knowledge into insights

    As executive decision making shifts to more fact-based, data-driven thinking, there is an urgent need for data assets to be organized and presented in a manner that enables immediate action.

    Typically, business decisions are based on a mix of intuition, opinion, emotion, organizational culture, and data. Though business users may be aware of its potential value in driving operational change, data is often viewed as inaccessible.

    Business intelligence bridges the gap between an organization’s data assets and consumable information that facilitates insight generation and informed decision making.

    Most organizations realize that they need a BI strategy; it’s no longer a nice-to-have, it’s a must-have.

    – Albert Hui, Principal, Data Economist

    A triangle grapg depicting the layers of business itelligence

    Business intelligence and business analytics: what is the difference and should you care

    Ask 100 people and you will get 100 answers. We like the prevailing view that BI looks at today and backward for improving who we are, while BA is forward-looking to support change decisions.

    The image depicts a chart flowing from Time Past to Future. Business Intelligence joins with Business Analytics over the Present
    • Business intelligence is concerned with looking at present and historical data.
    • Use this data to create reports/dashboards to inform a wide variety of information consumers of the past and current state of affairs.
    • Almost all organizations, regardless of size and maturity, use some level of BI even if it’s just very basic reporting.
    • Business analytics, on the other hand, is a forward-facing use of data, concerned with the present to the future.
    • Analytics uses data to both describe the present, and more importantly, predict the future, enabling strategic business decisions.
    • Although adoption is rapidly increasing, many organizations still do not utilize any advanced analytics in their environment.

    However, establishing a strong business intelligence program is a necessary precursor to an organization’s development of its business analytics capabilities.

    Organizations that successfully grow their BI capabilities are reaping the rewards

    Evidence is piling up: if planned well, BI contributes to the organization’s bottom line.

    It’s expected that there will be nearly 45 billion connected devices and a 42% increase in data volume each year posing a high business opportunity for the BI market (BERoE, 2020).

    The global business intelligence market size to grow from US$23.1 billion in 2020 to US$33.3 billion by 2025, at a compound annual growth rate (CAGR) of 7.6% (Global News Wire, 2020)

    In the coming years, 69% of companies plan on increasing their cloud business intelligence usage (BARC Research and Eckerson Group Study, 2017).

    Call to Action

    Small organizations of up to 100 employees had the highest rate of business intelligence penetration last year (Forbes, 2018).

    Graph depicting business value from 0 months to more than 24 months

    Source: IBM Business Value, 2015

    For the New England Patriots, establishing a greater level of customer intimacy was driven by a tactical analytics initiative

    CASE STUDY

    Industry: Professional Sports

    Source Target Marketing

    Problem

    Despite continued success as a franchise with a loyal fan base, the New England Patriots experienced one of their lowest season ticket renewal rates in over a decade for the 2009 season. Given the numerous email addresses that potential and current season-ticket holders used to engage with the organization, it was difficult for Kraft Sports Group to define how to effectively reach customers.

    Turning to a Tactical Analytics Approach

    Kraft Sports Group turned to the customer data that it had been collecting since 2007 and chose to leverage analytics in order to glean insight into season ticket holder behavior. By monitoring and reporting on customer activity online and in attendance at games, Kraft Sports Group was able to establish that customer engagement improved when communication from the organization was specifically tailored to customer preferences and historical behavior.

    Results

    By operationalizing their data assets with the help of analytics, the Patriots were able to achieve a record 97% renewal rate for the 2010 season. KSG was able to take their customer engagement to the next level and proactively look for signs of attrition in season-ticket renewals.

    We're very analytically focused and I consider us to be the voice of the customer within the organization… Ultimately, we should know when renewal might not happen and be able to market and communicate to change that behavior.

    – Jessica Gelman,

    VP Customer Marketing and Strategy, Kraft Sports Group

    A large percentage of all BI projects fail to meet the organization’s needs; avoid falling victim to common pitfalls

    Tool Usage Pitfalls

    • Business units are overwhelmed with the amount and type of data presented.
    • Poor data quality erodes trust, resulting in a decline in usage.
    • Analysis performed for the sake of analysis and doesn’t focus on obtaining relevant business-driven insights.

    Selection Pitfalls

    • Inadequate requirements gathering.
    • No business involvement in the selection process.
    • User experience is not considered.
    • Focus is on license fees and not total cost.

    Implementation Pitfalls

    • Absence of upfront planning
    • Lack of change management to facilitate adoption of the new platform
    • No quick wins that establish the value of the project early on
    • Inadequate initial or ongoing training

    Strategic Pitfalls

    • Poor alignment of BI goals with organization goals
    • Absence of CSFs/KPIs that can measure the qualitative and quantitative success of the project
    • No executive support during or after the project

    BI pitfalls are lurking around every corner, but a comprehensive strategy drafted upfront can help your organization overcome these obstacles. Info-Tech’s approach to BI has involvement from the business units built right into the process from the start and it equips IT to interact with key stakeholders early and often.

    Only 62% of Big Data and AI projects in 2019 provided measurable results.

    Source: NewVantage Partners LLC

    Business and IT have different priorities for a BI tool

    Business executives look for:

    • Ease of use
    • Speed and agility
    • Clear and concise information
    • Sustainability

    IT professionals are concerned about:

    • Solid security
    • Access controls on data
    • Compliance with regulations
    • Ease of integration

    Info-Tech Insight

    Combining these priorities will lead to better tool selection and more synergy.

    Elizabeth Mazenko

    The top-down BI Opportunity Analysis is a tool for senior executives to discover where Business Intelligence can provide value

    The image is of a top-down BI Opportunity Analysis.

    Example: Uncover BI opportunities with an opportunity analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams (2016)

    Bridge the gap between business drivers and business intelligence features with a three-tiered framework

    Info-Tech’s approach to formulating a fit-for-purpose BI strategy is focused on making the link between factors that are the most important to the business users and the ways that BI providers can enable those consumers.

    Drivers to Establish Competitive Advantage

    • Operational Excellence
    • Client Intimacy
    • Innovation

    BI and Analytics Spectrum

    • Strategic Analytics
    • Tactical Analytics
    • Operational Analytics

    Info-Tech’s BI Patterns

    • Delivery
    • User Experience
    • Deep Analytics
    • Supporting

    This is the content for Layout H3 Tag

    Though business intelligence is primarily thought of as enabling executives, a comprehensive BI strategy involves a spectrum of analytics that can provide data-driven insight to all levels of an organization.

    Recommended

    Strategic Analytics

    • Typically focused on predictive modeling
    • Leverages data integrated from multiple sources (structured through unstructured)
    • Assists in identifying trends that may shift organizational focus and direction
    • Sample objectives:
      • Drive market share growth
      • Identify new markets, products, services, locations, and acquisitions
      • Build wider and deeper customer relationships earning more wallet share and keeping more customers

    Tactical Analytics

    • Often considered Response Analytics and used to react to situations that arise, or opportunities at a department level.
    • Sample objectives:
      • Staff productivity or cost analysis
      • Heuristics/algorithms for better risk management
      • Product bundling and packaging
      • Customer satisfaction response techniques

    Operational Analytics

    • Analytics that drive business process improvement whether internal, with external partners, or customers.
    • Sample objectives:
      • Process step elimination
      • Best opportunities for automation

    Business Intelligence Terminology

    Styles of BI New age BI New age data Functional Analytics Tools
    Reporting Agile BI Social Media data Performance management analytics Scorecarding dashboarding
    Ad hoc query SaaS BI Unstructured data Financial analytics Query & reporting
    Parameterized queries Pervasive BI Mobile data Supply chain analytics Statistics & data mining
    OLAP Cognitive Business Big data Customer analytics OLAP cubes
    Advanced analytics Self service analytics Sensor data Operations analytics ETL
    Cognitive business techniques Real-time Analytics Machine data HR Analytics Master data management
    Scorecards & dashboards Mobile Reporting & Analytics “fill in the blanks” analytics Data Governance

    Williams (2016)

    "BI can be confusing and overwhelming…"

    – Dirk Coetsee,

    Research Director,

    Info-Tech Research Group

    Business intelligence lies in the Information Dimensions layer of Info-Tech’s Data Management Framework

    The interactions between the information dimensions and overlying data management enablers such as data governance, data architecture, and data quality underscore the importance of building a robust process surrounding the other data practices in order to fully leverage your BI platform.

    Within this framework BI and analytics are grouped as one lens through which data assets at the business information level can be viewed.

    The image is the Information Dimensions layer of Info-Tech’s Data Management Framework

    Use Info-Tech’s three-phase approach to a Reporting & Analytics strategy and roadmap development

    Project Insight

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to effectively enable business decision making. Develop a reporting and analytics strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current reporting and analytical capabilities.

    Phase 1: Understand the Business Context and BI Landscape Phase 2: Evaluate Your Current BI Practice Phase 3: Create a BI Roadmap for Continuous Improvement
    1.1 Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    2.1 Assess Your Current BI Maturity
    • BI Practice Assessment
    • Summary of Current State
    3.1 Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • RACI
    • BI Strategy and Roadmap
    1.2 Assess Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    2.2 Envision BI Future State
    • BI Style Requirements
    • BI Practice Assessment
    3.2 Plan for Continuous Improvement
    • Excel/Access Governance Policy
    • BI Ambassador Network Draft
    1.3 Develop BI Solution Requirements
    • Requirements Gathering Principles
    • Overall BI Requirements

    Stand on the shoulders of Information Management giants

    As part of our research process, we leveraged the frameworks of COBIT5, Mike 2.0, and DAMA DMBOK2. Contextualizing business intelligence within these frameworks clarifies its importance and role and ensures that our assessment tool is focused on key priority areas.

    The DMBOK2 Data Management framework by the Data Asset Management Association (DAMA) provided a starting point for our classification of the components in our IM framework.

    Mike 2.0 is a data management framework that helped guide the development of our framework through its core solutions and composite solutions.

    The Cobit 5 framework and its business enablers were used as a starting point for assessing the performance capabilities of the different components of information management, including business intelligence.

    Info-Tech has a series of deliverables to facilitate the evolution of your BI strategy

    BI Strategy Roadmap Template

    BI Practice Assessment Tool

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Executive Presentation Template

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit Guided Implementation Workshop Consulting
    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Build a Reporting and Analytics Strategy – Project Overview

    1. Understand the Business Context and BI Landscape 2. Evaluate the Current BI Practice 3. Create a BI Roadmap for Continuous Improvement
    Best-Practice Toolkit

    1.1 Document overall business vision, mission, industry drivers, and key objectives; assemble a project team

    1.2 Collect in-depth information around current BI usage and BI user perception

    1.3 Create requirements gathering principles and gather requirements for a BI platform

    2.1 Define current maturity level of BI practice

    2.2 Envision the future state of your BI practice and identify desired BI patterns

    3.1 Build overall BI improvement initiatives and create a BI improvement roadmap

    3.2 Identify supplementary initiatives for enhancing your BI program

    Guided Implementations
    • Discuss Info-Tech’s approach for using business information to drive BI strategy formation
    • Review business context and discuss approaches for conducting BI usage and user analyses
    • Discuss strategies for BI requirements gathering
    • Discuss BI maturity model
    • Review practice capability gaps and discuss potential BI patterns for future state
    • Discuss initiative building
    • Review completed roadmap and next steps
    Onsite Workshop Module 1:

    Establish Business Vision and Understand the Current BI Landscape

    Module 2:

    Evaluate Current BI Maturity Identify the BI Patterns for the Future State

    Module 3:

    Build Improvement Initiatives and Create a BI Development Roadmap

    Phase 1 Outcome:
    • Business context
    • Project team
    • BI usage information, user perception, and new BI requirements
    Phase 2 Outcome:
    • Current and future state assessment
    • Identified BI patterns
    Phase 3 Outcome:
    • BI improvement strategy and initiative roadmap

    Workshop overview

    Contact your account representative or email Workshops@InfoTech.com for more information.

    Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
    Activities

    Understand Business Context and Structure the Project

    1.1 Make the case for a BI strategy refresh.

    1.2 Understand business context.

    1.3 Determine high-level ROI.

    1.4 Structure the BI strategy refresh project.

    Understand Existing BI and Revisit Requirements

    2.1 Understand the usage of your existing BI.

    2.2 Gather perception of the current BI users.

    2.3 Document existing information artifacts.

    2.4 Develop a requirements gathering framework.

    2.5 Gather requirements.

    Revisit Requirements and Current Practice Assessment

    3.1 Gather requirements.

    3.2 Determine BI Maturity Level.

    3.3 Perform a SWOT for your existing BI program.

    3.4 Develop a current state summary.

    Roadmap Develop and Plan for Continuous Improvements

    5.1 Develop BI strategy.

    5.2 Develop a roadmap for the strategy.

    5.3 Plan for continuous improvement opportunities.

    5.4 Develop a re-strategy plan.

    Deliverables
    1. Business and BI Vision, Goals, Key Drivers
    2. Business Case Presentation
    3. High-Level ROI
    4. Project RACI
    1. BI Perception Survey
    2. BI Requirements Gathering Framework
    3. BI User Stories and Requirements
    1. BI User Stories and Requirements
    2. BI SWOT for your Current BI Program
    3. BI Maturity Level
    4. Current State Summary
    1. BI Strategy
    2. Roadmap accompanying the strategy with timeline
    3. A plan for improving BI
    4. Strategy plan

    Phase 2

    Understand the Business Context and BI Landscape

    Build a Reporting and Analytics Strategy

    Phase 1 overview

    Detailed Overview

    Step 1: Establish the business context in terms of business vision, mission, objectives, industry drivers, and business processes that can leverage Business Intelligence

    Step 2: Understand your BI Landscape

    Step 3: Understand business needs

    Outcomes

    • Clearly articulated high-level mission, vision, and key drivers from the business, as well as objectives related to business intelligence.
    • In-depth documentation regarding your organization’s BI usage, user perception, and outputs.
    • Consolidated list of requirements, existing and desired, that will direct the deployment of your BI solution.

    Benefits

    • Align business context and drivers with IT plans for BI and Analytics improvement.
    • Understand your current BI ecosystem’s performance.

    Understand your business context and BI landscape

    Phase 1 Overarching Insight

    The closer you align your new BI platform to real business interests, the stronger the buy-in, realized value, and groundswell of enthusiastic adoption will be. Get this phase right to realize a high ROI on your investment in the people, processes, and technology that will be your next generation BI platform.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Track these metrics to measure your progress through Phase 1

    Goals for Phase 1:

    • Understand the business context. Determine if BI can be used to improve business outcomes by identifying benefits, costs, opportunities, and gaps.
    • Understand your existing BI. Plan your next generation BI based on a solid understanding of your existing BI.
    • Identify business needs. Determine the business processes that can leverage BI and Analytics.

    Info-Tech’s Suggested Metrics for Tracking Phase 1 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Monetary ROI
    • Quality of the ROI
    • # of user cases, benefits, and costs quantified
    Derive the number of the use cases, benefits, and costs in the scoping. Ask business SMEs to verify the quality. High-quality ROI studies are created for at least three use cases
    Response Rate of the BI Perception Survey Sourced from your survey delivery system Aim for 40% response rate
    # of BI Reworks Sourced from your project management system Reduction of 10% in BI reworks

    Intangible Metrics:

    1. Executives’ understanding of the BI program and what BI can do for the organization.
    2. Improved trust between IT and the business by re-opening the dialogue.
    3. Closer alignment with the organization strategy and business plan leading to higher value delivered.
    4. Increased business engagement and input into the Analytics strategy.

    Use advisory support to accelerate your completion of Phase 1 activities

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 1: Understand the Business Context and BI Landscape

    Proposed Time to Completion: 2-4 weeks

    Step 1.0: Assemble Your Project Team

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s viewpoint and definitions of business intelligence.
    • Discuss the project sponsorship, ideal team members and compositions.

    Then complete these activities…

    • Identify a project sponsor and the project team members.

    Step 1.1: Understand Your Business Context

    Start with an analyst kick-off call:

    • Discuss Info-Tech’s approach to BI strategy development around using business information as the key driver.

    Then complete these activities…

    • Detail the business context (vision, mission, goals, objectives, etc.).
    • Establish business–IT alignment for your BI strategy by detailing the business context.

    Step 1.2: Establish the Current BI Landscape

    Review findings with analyst:

    • Review the business context outputs from Step 1.1 activities.
    • Review Info-Tech’s approach for documenting your current BI landscape.
    • Review the findings of your BI landscape.

    Then complete these activities…

    • Gather information on current BI usage and perform a BI artifact inventory.
    • Construct and conduct a user perception survey.

    With these tools & templates:

    BI Strategy and Roadmap Template

    Step 1.0

    Assemble the Project Team

    Select a BI project sponsor

    Info-Tech recommends you select a senior executive with close ties to BI be the sponsor for this project (e.g. CDO, CFO or CMO). To maximize the chance of success, Info-Tech recommends you start with the CDO, CMO, CFO, or a business unit (BU) leader who represents strategic enterprise portfolios.

    Initial Sponsor

    CFO or Chief Risk Officer (CRO)

    • The CFO is responsible for key business metrics and cost control. BI is on the CFO’s radar as it can be used for both cost optimization and elimination of low-value activity costs.
    • The CRO is tasked with the need to identify, address, and when possible, exploit risk for business security and benefit.
    • Both of these roles are good initial sponsors but aren’t ideal for the long term.

    CDO or a Business Unit (BU) Leader

    • The CDO (Chief Data Officer) is responsible for enterprise-wide governance and utilization of information as an asset via data processing, analysis, data mining, information trading, and other means, and is the ideal sponsor.
    • BU leaders who represent a growth engine for a company look for ways to mine BI to help set direction.

    Ultimate Sponsor

    CEO

    • As a the primary driver of enterprise-wide strategy, the CEO is the ideal evangelist and project sponsor for your BI strategy.
    • Establishing a CEO–CIO partnership helps elevate IT to the level of a strategic partner, as opposed to the traditional view that IT’s only job is to “keep the lights on.”
    • An endorsement from the CEO may make other C-level executives more inclined to work with IT and have their business unit be the starting point for growing a BI program organically.

    "In the energy sector, achieving production KPIs are the key to financial success. The CFO is motivated to work with IT to create BI applications that drive higher revenue, identify operational bottlenecks, and maintain gross margin."

    – Yogi Schulz, Partner, Corvelle Consulting

    Select a BI project team

    Create a project team with the right skills, experience, and perspectives to develop a comprehensive strategy aligned to business needs.

    You may need to involve external experts as well as individuals within the organization who have the needed skills.

    A detailed understanding of what to look for in potential candidates is essential before moving forward with your BI project.

    Leverage several of Info-Tech’s Job Description Templates to aid in the process of selecting the right people to involve in constructing your BI strategy.

    Roles to Consider

    Business Stakeholders

    Business Intelligence Specialist

    Business Analyst

    Data Mining Specialist

    Data Warehouse Architect

    Enterprise Data Architect

    Data Steward

    "In developing the ideal BI team, your key person to have is a strong data architect, but you also need buy-in from the highest levels of the organization. Buy-in from different levels of the organization are indicators of success more than anything else."

    – Rob Anderson, Database Administrator and BI Manager, IT Research and Advisory Firm

    Create a RACI matrix to clearly define the roles and responsibilities for the parties involved

    A common project management pitfall for any endeavour is unclear definition of responsibilities amongst the individuals involved.

    As a business intelligence project requires a significant amount of back and forth between business and IT – bridged by the BI Steering Committee – clear guidelines at the project outset with a RACI chart provide a basic framework for assigning tasks and lines of communication for the later stages.

    Responsible Accountable Consulted Informed

    Obtaining Buy-in Project Charter Requirements Design Development Program Creation
    BI Steering Committee A C I I I C
    Project Sponsor - C I I I C
    Project Manager - R A I I C
    VP of BI R I I I I A
    CIO A I I I I R
    Business Analyst I I R C C C
    Solution Architect - - C A C C
    Data Architect - - C A C C
    BI Developer - - C C R C
    Data Steward - - C R C C
    Business SME C C C C C C

    Note: This RACI is an example of how role expectations would be broken down across the different steps of the project. Develop your own RACI based on project scope and participants.

    STEP 1.1

    Understand Your Business Context and Structure the Project

    Establish business–IT alignment for your BI strategy by detailing the business context

    Step Objectives

    • Engage the business units to find out where users need BI enablement.
    • Ideate preliminary points for improvement that will further business goals and calculate their value.

    Step Activities

    1.1.1 Craft the vision and mission statements for the Analytics program using the vision, mission, and strategies of your organization as basis.

    1.1.2 Articulate program goals and objectives

    1.1.3 Determine business differentiators and key drivers

    1.1.4 Brainstorm BI-specific constraints and improvement objectives

    Outcomes

    • Clearly articulated business context that will provide a starting point for formulating a BI strategy
    • High-level improvement objectives and ROI for the overall project
    • Vision, mission, and objectives of the analytics program

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    • Project Manager
    • Project Team
    • Relevant Business Stakeholders and Subject Matter Experts

    Transform the way the business makes decisions

    Your BI strategy should enable the business to make fast, effective, and comprehensive decisions.

    Fast Effective Comprehensive
    Reduce time spent on decision-making by designing a BI strategy around information needs of key decision makers. Make the right data available to key decision makers. Make strategic high-value, impactful decisions as well as operational decisions.

    "We can improve BI environments in several ways. First, we can improve the speed with which we create BI objects by insisting that the environments are designed with flexibility and adaptability in mind. Second, we can produce higher quality deliverables by ensuring that IT collaborate with the business on every deliverable. Finally, we can reduce the costs of BI by giving access to the environment to knowledgeable business users and encouraging a self-service function."

    – Claudia Imhoff, Founder, Boulder BI Brain Trust, Intelligent Solutions Inc.

    Assess needs of various stakeholders using personas

    User groups/user personas

    Different users have different consumption and usage patterns. Categorize users into user groups and visualize the usage patterns. The user groups are the connection between the BI capabilities and the users.

    User groups Mindset Usage Pattern Requirements
    Front-line workers Get my job done; perform my job quickly. Reports (standard reports, prompted reports, etc.) Examples:
    • Report bursting
    • Prompted reports
    Analysts I have some ideas; I need data to validate and support my ideas. Dashboards, self-service BI, forecasting/budgeting, collaboration Examples:
    • Self-service datasets
    • Data mashup capability
    Management I need a big-picture view and yet I need to play around with the data to find trends to drive my business. Dashboards, scorecards, mobile BI, forecasting/budgeting Examples:
    • Multi-tab dashboards
    • Scorecard capability
    Data scientists I need to combine existing data, as well as external or new, unexplored data sources and types to find nuggets in the data. Data mashup, connections to data sources Examples:
    • Connectivity to big data
    • Social media analyses

    The pains of inadequate BI are felt across the entire organization – and land squarely on the shoulders of the CIO

    Organization:

    • Insufficient information to make decisions.
    • Unable to measure internal performance.
    • Losses incurred from bad decisions or delayed decisions.
    • Canned reports fail to uncover key insights.
    • Multiple versions of information exist in silos.

    IT Department

    • End users are completely dependent on IT for reports.
    • Ad hoc BI requests take time away from core duties.
    • Spreadsheet-driven BI is overly manual.
    • Business losing trust in IT.

    CIO

    • Under great pressure and has a strong desire to improve BI.
    • Ad hoc BI requests are consuming IT resources and funds.
    • My organization finds value in using data and having decision support to make informed decisions.

    The overarching question that needs to be continually asked to create an effective BI strategy is:

    How do I create an environment that makes information accessible and consumable to users, and facilitates a collaborative dialogue between the business and IT?

    Pre-requisites for success

    Prerequisite #1: Secure Executive Sponsorship

    Sponsorship of BI that is outside of IT and at the highest levels of the organization is essential to the success of your BI strategy. Without it, there is a high chance that your BI program will fail. Note that it may not be an epic fail, but it is a subtle drying out in many cases.

    Prerequisite #2: Understand Business Context

    Providing the right tools for business decision making doesn’t need to be a guessing game if the business context is laid as the project foundation and the most pressing decisions serve as starting points. And business is engaged in formulating and executing the strategy.

    Prerequisite #3: Deliver insights that lead to action

    Start with understanding the business processes and where analytics can improve outcomes. “Think business backwards, not data forward.” (McKinsey)

    11 reasons BI projects fail

    Lack of Executive support

    Old Technology

    Lack of business support

    Too many KPIs

    No methodology for gathering requirements

    Overly long project timeframes

    Bad user experience

    Lack of user adoption

    Bad data

    Lack of proper human resources

    No upfront definition of true ROI

    Mico Yuk, 2019

    Make it clear to the business that IT is committed to building and supporting a BI platform that is intimately tied to enabling changing business objectives.

    Leverage Info-Tech’s BI Strategy and Roadmap Template to accelerate BI planning

    How to accelerate BI planning using the template

    1. Prepopulated text that you can use for your strategy formulation:
    2. Prepopulated text that can be used for your strategy formulation
    3. Sample bullet points that you can pick and choose from:
    4. Sample bullet points to pick and choose from

    Document the BI program planning in Info-Tech’s

    BI Strategy and Roadmap Template.

    Activity: Describe your organization’s vision and mission

    1.1.1

    30-40 minutes

    Compelling vision and mission statements will help guide your internal members toward your company’s target state. These will drive your business intelligence strategy.

    1. Your vision clearly represents where your organization aspires to be in the future and aligns the entire organization. Write down a future-looking, inspirational, and realizable vision in one concise statement. Consider:
    • “Five years from now, our business will be _______.”
    • What do we want to do tomorrow? For whom? What is the benefit?
  • Your mission tells why your organization currently exists and clearly expresses how it will achieve your vision for the future. Write down a mission statement in one clear and concise paragraph consisting of, at most, five sentences. Consider:
    • Why does the business exist? What problems does it solve? Who are its customers?
    • How does the business accomplish strategic tasks or reach its target?
  • Reconvene stakeholders to share ideas and develop one concise vision statement and mission statement. Focus on clarity and message over wording.
  • Input

    • Business vision and mission statements

    Output

    • Alignment and understanding on business vision

    Materials

    Participants

    • BI project lead
    • Executive business stakeholders

    Info-Tech Insight

    Adjust your statements until you feel that you can elicit a firm understanding of both your vision and mission in three minutes or less.

    Formulating an Enterprise BI and Analytics Strategy: Top-down BI Opportunity analysis

    Top-down BI Opportunity analysis

    Example of deriving BI opportunities using BI Opportunity Analysis

    Industry Drivers Private label Rising input prices Retail consolidation
    Company strategies Win at supply chain execution Win at customer service Expand gross margins
    Value disciplines Strategic cost management Operational excellence Customer service
    Core processes Purchasing Inbound logistics Sales, service & distribution
    Enterprise management: Planning, budgeting, control, process improvement, HR
    BI Opportunities Customer service analysis Cost and financial analysis Demand management

    Williams 2016

    Get your organization buzzing about BI – leverage Info-Tech’s Executive Brief as an internal marketing tool

    Two key tasks of a project sponsor are to:

    1. Evangelize the realizable benefits of investing in a business intelligence strategy.
    2. Help to shift the corporate culture to one that places emphasis on data-driven insight.

    Arm your project sponsor with our Executive Brief for this blueprint as a quick way to convey the value of this project to potential stakeholders.

    Bolster this presentation by adding use cases and metrics that are most relevant to your organization.

    Develop a business framework

    Identifying organizational goals and how data can support those goals is key to creating a successful BI & Analytical strategy. Rounding out the business model with technology drivers, environmental factors (as described in previous steps), and internal barriers and enablers creates a holistic view of Business Intelligence within the context of the organization as a whole.

    Through business engagement and contribution, the following holistic model can be created to understand the needs of the business.

    business framework holistic model

    Activity: Describe the Industry Drivers and Organization strategy to mitigate the risk

    1.1.2

    30-45 minutes

    Industry drivers are external influencers that has an effect on a business such as economic conditions, competitor actions, trade relations, climate etc. These drivers can differ significantly by industry and even organizations within the same industry.

    1. List the industry drivers that influences your organization:
    • Public sentiment in regards to energy source
    • Rising cost of raw materials due to increase demand
  • List the company strategies, goals, objectives to counteract the external influencers:
    • Change production process to become more energy efficient
    • Win at customer service
  • Identify the value disciplines :
    • Strategic cost management
    • Operational Excellence
  • List the core process that implements the value disciplines :
    • Purchasing
    • Sales
  • Identify the BI Opportunities:
    • Cost and financial analysis
    • Customer service analysis

    Input

    • Industry drivers

    Output

    • BI Opportunities that business can leverage

    Materials

    • Industry driver section in the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive business stakeholders

    Understand BI and analytics drivers and organizational objectives

    Environmental Factors Organizational Goals Business Needs Technology Drivers
    Definition External considerations are factors taking place outside the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. Organizational drivers can be thought of as business-level metrics. These are tangible benefits the business can measure, such as customer retention, operation excellence, and/or financial performance. A requirement that specifies the behavior and the functions of a system. Technology drivers are technological changes that have created the need for a new BI solution. Many organizations turn to technology systems to help them obtain a competitive edge.
    Examples
    • Economy and politics
    • Laws and regulations
    • Competitive influencers
    • Time to market
    • Quality
    • Delivery reliability
    • Audit tracking
    • Authorization levels
    • Business rules
    • Deployment in the cloud
    • Integration
    • Reporting capabilities

    Activity: Discuss BI/Analytics drivers and organizational objectives

    1.1.3

    30-45 minutes

    1. Use the industry drivers and business goals identified in activity 1.1.2 as a starting point.
    2. Understand how the company runs today and what the organization’s future will look like. Try to identify the purpose for becoming an integrated organization. Use a whiteboard and markers to capture key findings.
    3. Take into account External Considerations, Organizational Drivers, Technology Drivers, and Key Functional Requirements.
    External Considerations Organizational Drivers Technology Considerations Functional Requirements
    • Funding Constraints
    • Regulations
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Information Availability
    • Integration Between Systems
    • Secure Data

    Identify challenges and barriers to the BI project

    There are several factors that may stifle the success of a BI implementation. Scan the current environment to identify internal barriers and challenges to identify potential challenges so you can meet them head-on.

    Common Internal Barriers

    Management Support
    Organizational Culture
    Organizational Structure
    IT Readiness
    Definition The degree of management understanding and acceptance towards BI solutions. The collective shared values and beliefs. The functional relationships between people and departments in an organization. The degree to which the organization’s people and processes are prepared for a new BI solution.
    Questions
    • Is a BI project recognized as a top priority?
    • Will management commit time to the project?
    • Are employees resistant to change?
    • Is the organization highly individualized?
    • Is the organization centralized?
    • Is the organization highly formalized?
    • Is there strong technical expertise?
    • Is there strong infrastructure?
    Impact
    • Funding
    • Resources
    • Knowledge sharing
    • User acceptance
    • Flow of knowledge
    • Poor implementation
    • Reliance on consultants

    Activity: Discuss BI/Analytics challenges and pain points

    1.1.4

    30-45 minutes

    1. Identify challenges with the process identified in step 1.1.2.
    2. Brainstorm potential barriers to successful BI implementation and adoption. Use a whiteboard and marker to capture key findings.
    3. Consider Functional Gaps, Technical Gaps, Process Gaps, and Barriers to BI Success.
    Functional Gaps Technical Gaps Process Gaps Barriers to Success
    • No online purchase order requisition
    • Inconsistent reporting – data quality concerns
    • Duplication of data
    • Lack of system integration
    • Cultural mindset
    • Resistance to change
    • Lack of training
    • Funding

    Activity: Discuss opportunities and benefits

    1.1.5

    30-45 minutes

    1. Identify opportunities and benefits from an integrated system.
    2. Brainstorm potential enablers for successful BI implementation and adoption. Use a whiteboard and markers to capture key findings.
    3. Consider Business Benefits, IT Benefits, Organizational Benefits, and Enablers of BI success.
    Business Benefits IT Benefits Organizational Benefits Enablers of Success
    • Business-IT alignment
    • Compliance
    • Scalability
    • Operational Efficiency
    • Data Accuracy
    • Data Quality
    • Better Reporting
    • Change management
    • Training
    • Alignment to strategic objectives

    Your organization’s framework for Business Intelligence Strategy

    Blank organization framework for Business Intelligence Strategy

    Example: Business Framework for Data & Analytics Strategy

    The following diagram represents [Client]’s business model for BI and data. This holistic view of [Client]’s current environment serves as the basis for the generation of the business-aligned Data & Analytics Strategy.

    The image is an example of Business Framework for Data & Analytics Strategy.

    Info-Tech recommends balancing a top-down approach with bottom up for building your BI strateg

    Taking a top-down approach will ensure senior management’s involvement and support throughout the project. This ensures that the most critical decisions are supported by the right data/information, aligning the entire organization with the BI strategy. Furthermore, the gains from BI will be much more significant and visible to the rest of the organization.

    Two charts showing the top-down and bottom-up approach.

    Far too often, organizations taking a bottom-up approach to BI will fail to generate sufficient buy-in and awareness from senior management. Not only does a lack of senior involvement result in lower adoption from the tactical and operational levels, but more importantly, it also means that the strategic decision makers aren’t taking advantage of BI.

    Estimate the ROI of your BI and analytics strategy to secure executive support

    The value of creating a new strategy – or revamping an existing one – needs to be conveyed effectively to a high-level stakeholder, ideally a C-level executive. That executive buy-in is more likely to be acquired when effort has been made to determine the return on investment for the overall initiative.

    1. Business Impacts
      New revenue
      Cost savings
      Time to market
      Internal Benefits
      Productivity gain
      Process optimization
      Investment
      People – employees’ time, external resources
      Data – cost for new datasets
      Technology – cost for new technologies
    2. QuantifyCan you put a number or a percentage to the impacts and benefits? QuantifyCan you estimate the investments you need to put in?
    3. TranslateTranslate the quantities into dollar value
    4. The image depicts an equation for ROI estimate

    Example

    One percent increase in revenue; three more employees $225,000/yr, $150,000/yr 50%

    Activity: Establish a high-level ROI as part of an overall use case for developing a fit-for-purpose BI strategy

    1.1.6

    1.5 hours

    Communicating an ROI that is impactful and reasonable is essential for locking in executive-level support for any initiative. Use this activity as an initial touchpoint to bring business and IT perspectives as part of building a robust business case for developing your BI strategy.

    1. Revisit the business context detailed in the previous sections of this phase. Use priority objectives to identify use case(s), ideally where there are easily defined revenue generators/cost reductions (e.g. streamlining the process of mailing physical marketing materials to customers).
    2. Assign research tasks around establishing concrete numbers and dollar values.
    • Have a subject matter expert weigh in to validate your figures.
    • When calculating ROI, consider how you might leverage BI to create opportunities for upsell, cross-sell, or increased customer retention.
  • Reconvene the stakeholder group and discuss your findings.
    • This is the point where expectation management is important. Separate the need-to-haves from the nice-to-haves.

    Emphasize that ROI is not fully realized after the first implementation, but comes as the platform is built upon iteratively and in an integrated fashion to mature capabilities over time.

    Input

    • Vision statement
    • Mission statement

    Output

    • Business differentiators and key drivers

    Materials

    • Benefit Cost Analysis section of the BI Strategy and Roadmap Template

    Participants

    • BI project lead
    • Executive IT & business stakeholders

    An effective BI strategy positions business intelligence in the larger data lifecycle

    In an effort to keep users satisfied, many organizations rush into implementing a BI platform and generating reports for their business users. BI is, first and foremost, a presentation layer; there are several stages in the data lifecycle where the data that BI visualizes can be compromised.

    Without paying the appropriate amount of attention to the underlying data architecture and application integration, even the most sophisticated BI platforms will fall short of providing business users with a holistic view of company information.

    Example

    In moving away from single application-level reporting, a strategy around data integration practices and technology is necessary before the resultant data can be passed to the BI platform for additional analyses and visualization.

    BI doesn’t exist in a vacuum – develop an awareness of other key data management practices

    As business intelligence is primarily a presentation layer that allows business users to visualize data and turn information into actionable decisions, there are a number of data management practices that precede BI in the flow of data.

    Data Warehousing

    The data warehouse structures source data in a manner that is more operationally focused. The Reporting & Analytics Strategy must inform the warehouse strategy on data needs and building a data warehouse to meet those needs.

    Data Integration, MDM & RDM

    The data warehouse is built from different sources that must be integrated and normalized to enable Business Intelligence. The Info-Tech integration and MDM blueprints will guide with their implementation.

    Data Quality

    A major roadblock to building an effective BI solution is a lack of accurate, timely, consistent, and relevant data. Use Info-Tech’s blueprint to refine your approach to data quality management.

    Data quality, poor integration/P2P integration, poor data architecture are the primary barriers to truly leveraging BI, and a lot of companies haven’t gotten better in these areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Building consensus around data definitions across business units is a critical step in carrying out a BI strategy

    Business intelligence is heavily reliant on the ability of an organization to mesh data from different sources together and create a holistic and accurate source of truth for users.

    Useful analytics cannot be conducted if your business units define key business terms differently.

    Example

    Finance may label customers as those who have transactional records with the organization, but Marketing includes leads who have not yet had any transactions as customers. Neglecting to note these seemingly small discrepancies in data definition will undermine efforts to combine data assets from traditionally siloed functional units.

    In the stages prior to implementing any kind of BI platform, a top priority should be establishing common definitions for key business terms (customers, products, accounts, prospects, contacts, product groups, etc.).

    As a preliminary step, document different definitions for the same business terms so that business users are aware of these differences before attempting to combine data to create custom reports.

    Self-Assessment

    Do you have common definitions of business terms?

    • If not, identify common business terms.
    • At the very least, document different definitions of the same business terms so the corporate can compare and contrast them.

    STEP 1.2

    Assess the Current BI Landscape

    Establish an in-depth understanding of your current BI landscape

    Step Objectives

    • Inventory and assess the state of your current BI landscape
    • Document the artifacts of your BI environment

    Step Activities

    1.2.1 Analyze the usage levels of your current BI programs/platform

    1.2.2 Perform a survey to gather user perception of your current BI environment

    1.2.3 Take an inventory of your current BI artifacts

    Outcomes

    • Summarize the qualitative and quantitative performance of your existing BI environment
    • Understand the outputs coming from your BI sources

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Understand your current BI landscape before you rationalize

    Relying too heavily on technology as the sole way to solve BI problems results in a more complex environment that will ultimately frustrate business users. Take the time to thoroughly assess the current state of your business intelligence landscape using a qualitative (user perception) and quantitative (usage statistics) approach. The insights and gaps identified in this step will serve as building blocks for strategy and roadmap development in later phases.

    Phase 1

    Current State Summary of BI Landscape

    1.2.1 1.2.2 1.2.3 1.2.4
    Usage Insights Perception Insights BI Inventory Insights Requirements Insights

    PHASE 2

    Strategy and Roadmap Formulation

    Gather usage insights to pinpoint the hot spots for BI usage amongst your users

    Usage data reflects the consumption patterns of end users. By reviewing usage data, you can identify aspects of your BI program that are popular and those that are underutilized. It may present some opportunities for trimming some of the underutilized content.

    Benefits of analyzing usage data:

    • Usage is a proxy for popularity and usability of the BI artifacts. The popular content should be kept and improved in your next generation BI.
    • Usage information provides insight on what, when, where, and how much users are consuming BI artifacts.
    • Unlike methods such as user interviews and focus groups, usage information is fact based and is not subject to peer pressure or “toning down.”

    Sample Sources of Usage Data:

    1. Usage reports from your BI platform Many BI platforms have out-of-the-box usage reports that log and summarize usage data. This is your ideal source for usage data.
    2. Administrator console in your BI platformBI platforms usually have an administrator console that allows BI administrators to configure settings and to monitor activities that include usage. You may obtain some usage data in the console. Note that the usage data is usually real-time in nature, and you may not have access to a historical view of the BI usage.

    Info-Tech Insight

    Don’t forget some of the power users. They may perform analytics by accessing datasets directly or with the help of a query tool (even straight SQL statements). Their usage information is important. The next generation BI should provide consumption options for them.

    Accelerate the process of gathering user feedback with Info-Tech’s Application Portfolio Assessment (APA)

    In an environment where multiple BI tools are being used, discovering what works for users and what doesn’t is an important first step to rationalizing the BI landscape.

    Info-Tech’s Application Portfolio Assessment allows you to create a custom survey based on your current applications, generate a custom report that will help you visualize user satisfaction levels, and pinpoint areas for improvement.

    Activity: Review and analyze usage data

    1.2.1

    2 hours

    This activity helps you to locate usage data in your existing environment. It also helps you to review and analyze usage data to come up with a few findings.

    1. Get to the usage source. You may obtain usage data from one of the below options. Usage reports are your ideal choice, followed by some alternative options:
    2. a. Administrator console – limited to real-time or daily usage data. You may need to track usage data over for several days to identify patterns.

      b. Info-Tech’s Application Portfolio Assessment (APA).

      c. Other – be creative. Some may use an IT usage monitoring system or web analytics to track time users spent on the BI portal.

    3. Develop categories for classifying the different sources of usage data in your current BI environment. Use the following table as starting point for creating these groups:

    This is the content for Layout H4 Tag

    By Frequency Real Time Daily Weekly Yearly
    By Presentation Format Report Dashboard Alert Scorecard
    By Delivery Web portal Excel PDF Mobile application

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Activity: Review and analyze usage (cont.)

    1.2.1

    2 hours

    3. Sort your collection of BI artifacts by usage. Discuss some of the reasons why some content is popular whereas some has no usage at all.

    Popular BI Artifacts – Discuss improvements, opportunities and new artifacts

    Unpopular BI Artifacts – Discuss retirement, improvements, and realigning information needs

    4. Summarize your findings in the Usage Insights section of the BI Strategy and Roadmap Template.

    INPUT

    • Usage reports
    • Usage statistics

    OUTPUT

    • Insights pertaining to usage patterns

    Materials

    • Usage Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM

    Gather perception to understand the existing BI users

    In 1.2.1, we gathered the statistics for BI usage; it’s the hard data telling who uses what. However, it does not tell you the rationale, or the why, behind the usage. Gathering user perception and having conversations with your BI consumers is the key to bridging the gap.

    User Perception Survey

    Helps you to:

    1. Get general insights on user perception
    2. Narrow down to selected areas

    User Interviews

    Perception can be gathered by user interviews and surveys. Conducting user interviews takes time so it is a good practice to get some primary insights via survey before doing in-depth interviews in selected areas.

    – Shari Lava, Associate Vice-President, IT Research and Advisory Firm

    Define problem statements to create proof-of-concept initiatives

    Info-Tech’s Four Column Model of Data Flow

    Find a data-related problem or opportunity

    Ask open-ended discovery questions about stakeholder fears, hopes, and frustrations to identify a data-related problem that is clear, contained, and fixable. This is then to be written as a problem/opportunity statement.

    1. Fear: What is the number one risk you need to alleviate?
    2. Hope: What is the number one opportunity you wish to realize?
    3. Frustration: What is the number one annoying pet peeve you wish to scratch?
    4. Next, gather information to support a problem/opportunity statement:

    5. What are your challenges in performing the activity or process today?
    6. What does amazing look like if we solve this perfectly?
    7. What other business activities/processes will be impacted/improved if we solve this?
    8. What compliance/regulatory/policy concerns do we need to consider in any solution?
    9. What measures of success/change should we use to prove value of the effort (KPIs/ROI)?
    10. What are the steps in the process/activity?
    11. What are the applications/systems used at each step and from step to step?
    12. What data elements are created, used, and/or transformed at each step?

    Leverage Info-Tech’s BI survey framework to initiate a 360° perception survey

    Info-Tech has developed a BI survey framework to help existing BI practices gather user perception via survey. The framework is built upon best practices developed by McLean & Company.

    1. Communicate the survey
    2. Create a survey
    3. Conduct the survey
    4. Collect and clean survey data
    5. Analyze survey data
    6. Conduct follow-up interviews
    7. Identify and prioritize improvement initiatives

    The survey takes a comprehensive approach by examining your existing BI practices through the following lenses:

    360° Perception

    Demographics Who are the users? From which department?
    Usage How is the current BI being used?
    People Web portal
    Process How good is your BI team from a user perspective?
    Data How good is the BI data in terms of quality and usability?
    Technology How good are your existing BI/reporting tools?
    Textual Feedback The sky’s the limit. Tell us your comments and ideas via open-ended questions.

    Use Info-Tech’s BI End-User Satisfaction Survey Framework to develop a comprehensive BI survey tailored to your organization.

    Activity: Develop a plan to gather user perception of your current BI program

    1.2.2

    2 hours

    This activity helps you to plan for a BI perception survey and subsequent interviews.

    1. Proper communication while conducting surveys helps to boost response rate. The project team should have a meeting with business executives to decide:
    • The survey goals
    • Which areas to cover
    • Which trends and hypotheses you want to confirm
    • Which pre-, during, and post-survey communications should be sent out
  • Have the project team create the first draft of the survey for subsequent review by select business stakeholders. Several iterations may be needed before finalizing.
  • In planning for the conclusion of the survey, the project team should engage a data analyst to:
    1. Organize the data in a useful format
    2. Clean up the survey data when there are gaps
    3. Summarize the data into a presentable/distributable format

    Collectively, the project team and the BI consuming departments should review the presentation and discuss these items:

    Misalignment

    Opportunities

    Inefficiencies

    Trends

    Need detailed interviews?

    INPUT

    • Usage information and analyses

    OUTPUT

    • User-perception survey

    Materials

    • Perception Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • BI Administrator
    • PM
    • Business SMEs

    Create a comprehensive inventory of your BI artifacts

    Taking an inventory of your BI artifacts allows you to understand what deliverables have been developed over the years. Inventory taking should go beyond the BI content. You may want to include additional information products such as Excel spreadsheets, reports that are coming out of an Access database, and reports that are generated from front-end applications (e.g. Salesforce).

    1. Existing Reports from BI platform

    2. If you are currently using a BI platform, you have some BI artifacts (reports, scorecards, dashboards) that are developed within the platform itself.

    • BI Usage Reports (refer to step 2.1) – if you are getting a comprehensive BI usage reports for all your BI artifacts, there is your inventory report too.
    • BI Inventory Reports – Your BI platform may provide out-of-the-box inventory reports. You can use them as your inventory.
    • If the above options are not feasible, you may need to manually create the BI inventory. You may build that from some of your existing BI documentations to save time.
  • Excel and Access

    • Work with the business units to identify if Excel and Access are used to generate reports.
  • Application Reports

    • Data applications such as Salesforce, CRM, and ERP often provide reports as an out-of-the-box feature.
    • Those reports only include data within their respective applications. However, this may present opportunities for integrating application data with additional data sources.

    Activity: Inventory your BI artifacts

    1.2.3

    2+ hours

    This activity helps you to inventory your BI information artifacts and other related information artifacts.

    1. Define the scope of your inventory. Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpret your Inventory

    Duplicated reports/ dashboards Similar reports/ dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data Classify artifacts by BI Type

    INPUT

    • Current BI artifacts and documents
    • BI Type classification

    OUTPUT

    • Summary of BI artifacts

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    Project sponsor

    1.2.4

    2+ hours

    This activity helps you to inventory your BI by report type.

    1. Classify BI artifacts by type. Use the BI Type tool to classify Work with the project sponsor and CIO to define which sources should be captured in the inventory process. Consider: BI inventory, Excel spreadsheets, Access reports, and application reporting.
    2. Define the depth of your inventory. Work with the project sponsor and CIO to define the level of granularity. In some settings, the artifact name and a short description may be sufficient. In other cases, you may need to document users and business logic of the artifacts.
    3. Review the inventory results. Discuss findings and opportunities around the following areas:

    Interpretation of your Inventory

    Duplicated reports/dashboards Similar reports/dashboards that may be able to merge Excel and Access reports that are using undocumented, unconventional business logics Application reports that need to be enhanced by additional data

    INPUT

    • The BI Type as used by different business units
    • Business BI requirements

    OUTPUT

    • Summary of BI type usage across the organization

    Materials

    • BI Inventory Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Data analyst
    • PM
    • Project sponsor

    STEP 1.3

    Undergo BI Requirements Gathering

    Perform requirements gathering for revamping your BI environment

    Step Objectives

    • Create principles that will direct effective requirements gathering
    • Create a list of existing and desired BI requirements

    Step Activities

    1.3.1 Create requirements gathering principles

    1.3.2 Gather appropriate requirements

    1.3.3 Organize and consolidate the outputs of requirements gathering activities

    Outcomes

    • Requirements gathering principles that are flexible and repeatable
    • List of BI requirements

    Research Support

    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Business Users

    Don’t let your new BI platform become a victim of poor requirements gathering

    The challenges in requirements management often have underlying causes; find and eliminate the root causes rather than focusing on the symptoms.

    Root Causes of Poor Requirements Gathering:

    • Requirements gathering procedures exist but aren’t followed.
    • There isn't enough time allocated to the requirements gathering phase.
    • There isn't enough involvement or investment secured from business partners.
    • There is no senior leadership involvement or mandate to fix requirements gathering.
    • There are inadequate efforts put towards obtaining and enforcing sign off.

    Outcomes of Poor Requirements Gathering:

    • Rework due to poor requirements leads to costly overruns.
    • Final deliverables are of poor quality and are implemented late.
    • Predicted gains from deployed applications are not realized.
    • There are low feature utilization rates by end users.
    • Teams are frustrated within IT and the business.

    Info-Tech Insight

    Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been, and continues to be, the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle to clear when it is time to optimize the requirements gathering process.

    Define the attributes of a good requirement to help shape your requirements gathering principles

    A good requirement has the following attributes:

    Verifiable It is stated in a way that can be tested.
    Unambiguous It is free of subjective terms and can only be interpreted in one way.
    Complete It contains all relevant information.
    Consistent It does not conflict with other requirements.
    Achievable It is possible to accomplish given the budgetary and technological constraints.
    Traceable It can be tracked from inception to testing.
    Unitary It addresses only one thing and cannot be deconstructed into multiple requirements.
    Accurate It is based on proven facts and correct information.

    Other Considerations

    Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).

    Info-Tech Insight

    Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need.

    Activity: Define requirements gathering principles

    1.3.1

    1 hour

    1. Invite representatives from the project management office, project management team, and BA team, as well as some key business stakeholders.
    2. Use the sample categories and principles in the table below as starting points for creating your own requirements gathering principles.
    3. Document the requirements gathering principles in the BI Strategy and Roadmap Template.
    4. Communicate the requirements gathering principles to the affected BI stakeholders.

    Sample Principles to Start With

    Effectiveness Face-to-face interviews are preferred over phone interviews.
    Alignment Clarify any misalignments, even the tiniest ones.
    Validation Rephrase requirements at the end to validate requirements.
    Ideation Use drawings and charts to explain ideas.
    Demonstration Make use of Joint Application Development (JAD) sessions.

    INPUT

    • Existing requirement principles (if any)

    OUTPUT

    • Requirements gathering principles that can be revisited and reused

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA Team
    • PM
    • Business stakeholders
    • PMO

    Info-Tech Insight

    Turn requirements gathering principles into house rules. The house rules should be available in every single requirements gathering session and the participants should revisit them when there are disagreements, confusion, or silence.

    Right-size your approach to BI requirements management

    Info-Tech suggests four requirements management approaches based on project complexity and business significance. BI projects usually require the Strategic Approach in requirements management.

    Requirements Management Process Explanations

    Approach Definition Recommended Strategy
    Strategic Approach High business significance and high project complexity merits a significant investment of time and resources in requirements gathering. Treat the requirements gathering phase as a project within a project. A large amount of time should be dedicated to elicitation, business process mapping, and solution design.
    Fundamental Approach High business significance and low project complexity merits a heavy emphasis on the elicitation phase to ensure that the project bases are covered and business value is realized. Look to achieve quick wins and try to survey a broad cross-section of stakeholders during elicitation and validation. The elicitation phase should be highly iterative. Do not over-complicate the analysis and validation of a straightforward project.
    Calculated Approach Low business significance and high project complexity merits a heavy emphasis on the analysis and validation phases to ensure that the solution meets the needs of users. Allocate a significant amount of time to business process modeling, requirements categorization, prioritization, and solution modeling.
    Elementary Approach Low business significance and low project complexity does not merit a high amount of rigor for requirements gathering. Do not rush or skip steps, but aim to be efficient. Focus on basic elicitation techniques (e.g. unstructured interviews, open-ended surveys) and consider capturing requirements as user stories. Focus on efficiency to prevent project delays and avoid squandering resources.

    Vary the modes used in eliciting requirements from your user base

    Requirements Gathering Modes

    Info-Tech has identified four effective requirements gathering modes. During the requirements gathering process, you may need to switch between the four gathering modes to establish a thorough understanding of the information needs.

    Dream Mode

    • Mentality: Let users’ imaginations go wild. The sky’s the limit.
    • How it works: Ask users to dream up the ideal future state and ask how analytics can support those dreams.
    • Limitations: Not all dreams can be fulfilled. A variety of constraints (budget, personnel, technical skills) may prevent the dreams from becoming reality.

    Pain Mode

    • Mentality: Users are currently experiencing pains related to information needs.
    • How it works: Vent the pains. Allow end users to share their information pains, ask them how their pains can be relieved, then convert those pains to requirements.
    • Limitations: Users are limited by the current situation and aren’t looking to innovate.

    Decode Mode

    • Mentality: Read the hidden messages from users. Speculate as to what the users really want.
    • How it works: Decode the underlying messages. Be innovative to develop hypotheses and then validate with the users.
    • Limitations: Speculations and hypothesis could be invalid. They may direct the users into some pre-determined directions.

    Profile Mode

    • Mentality: “I think you may want XYZ because you fall into that profile.”
    • How it works: The information user may fall into some existing user group profile or their information needs may be similar to some existing users.
    • Limitations: This mode doesn’t address very specific needs.

    Supplement BI requirements with user stories and prototyping to ensure BI is fit for purpose

    BI is a continually evolving program. BI artifacts that were developed in the past may not be relevant to the business anymore due to changes in the business and information usage. Revamping your BI program entails revisiting some of the BI requirements and/or gathering new BI requirements.

    Three-Step Process for Gathering Requirements

    Requirements User Stories Rapid Prototyping
    Gather requirements. Most importantly, understand the business needs and wants. Leverage user stories to organize and make sense of the requirements. Use a prototype to confirm requirements and show the initial draft to end users.

    Pain Mode: “I can’t access and manipulate data on my own...”

    Decode Mode: Dig deeper: could this hint at a self-service use case?

    Dream Mode: E.g. a sandbox area where I can play around with clean, integrated, well-represented data.

    Profile Mode: E.g. another marketing analyst is currently using something similar.

    ExampleMary has a spreadmart that keeps track of all campaigns. Maintaining and executing that spreadmart is time consuming.

    Mary is asking for a mash-up data set that she can pivot on her own…

    Upon reviewing the data and the prototype, Mary decided to use a heat map and included two more data points – tenure and lifetime value.

    Identify which BI styles best meet user requirements

    A spectrum of Business Intelligence solutions styles are available. Use Info-Tech’s BI Styles Tool to assess which business stakeholder will be best served by which style.

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as on-line analytical processing): Flexible tool-based, user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics. 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods and historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future. 5 3 5

    Activity: Gather BI requirements

    1.3.2

    2-6 hours

    Using the approaches discussed on previous slides, start a dialogue with business users to confirm existing requirements and develop new ones.

    1. Invite business stakeholders to a requirements gathering session.
    2. For existing BI artifacts – Invite existing users of those artifacts.

      For new BI development – Invite stakeholders at the executive level to understand the business operation and their needs and wants. This is especially important if their department is new to BI.

    3. Discuss the business requirements. Systematically switch between the four requirements gathering modes to get a holistic view of the requirements.
    4. Once requirements are gathered, organize them to tell a story. A story usually has these components:
    The Setting The Characters The Venues The Activities The Future
    Example Customers are asking for a bundle discount. CMO and the marketing analysts want to… …the information should be available in the portal, mobile, and Excel. …information is then used in the bi-weekly pricing meeting to discuss… …bundle information should contain historical data in a graphical format to help executives.

    INPUT

    • Existing documentations on BI artifacts

    OUTPUT

    • Preliminary, uncategorized list of BI requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA team
    • Business stakeholders
    • Business SMEs
    • BI developers

    Clarify consumer needs by categorizing BI requirements

    Requirements are too broad in some situations and too detailed in others. In the previous step we developed user stories to provide context. Now you need to define requirement categories and gather detailed requirements.

    Considerations for Requirement Categories

    Category Subcategory Sample Requirements
    Data Granularity Individual transaction
    Transformation Transform activation date to YYYY-MM format
    Selection Criteria Client type: consumer. Exclude SMB and business clients. US only. Recent three years
    Fields Required Consumer band, Region, Submarket…
    Functionality Filters Filters required on the dashboard: date range filter, region filter…
    Drill Down Path Drill down from a summary report to individual transactions
    Analysis Required Cross-tab, time series, pie chart
    Visual Requirements Mock-up See attached drawing
    Section The dashboard will be presented using three sections
    Conditional Formatting Below-average numbers are highlighted
    Security Mobile The dashboard needs to be accessed from mobile devices
    Role Regional managers will get a subset of the dashboard according to the region
    Users John, Mary, Tom, Bob, and Dave
    Export Dashboard data cannot be exported into PDF, text, or Excel formats
    Performance Speed A BI artifact must be loaded in three seconds
    Latency Two seconds response time when a filter is changed
    Capacity Be able to serve 50 concurrent users with the performance expected
    Control Governance Govern by the corporate BI standards
    Regulations Meet HIPPA requirements
    Compliance Meet ISO requirements

    Prioritize requirements to assist with solution modeling

    Prioritization ensures that the development team focuses on the right requirements.

    The MoSCoW Model of Prioritization

    Must Have Requirements that mustbe implemented for the solution to be considered successful.
    Should Have Requirements that are high priority and should be included in the solution if possible.
    Could Have Requirements that are desirable but not necessary and could be included if resources are available.
    Won't Have Requirements that won’t be in the next release but will be considered for the future releases.

    The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994.

    Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure that efforts are targeted towards the proper requirements and the plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.

    Activity: Finalize the list of BI requirements

    1.3.3

    1-4 hours

    Requirement Category Framework

    Category Subcategory
    Data Granularity
    Transformation
    Selection Criteria
    Fields Required
    Functionality Filters
    Drill Down Path
    Analysis Required
    Visual Requirements Mock-up
    Section
    Conditional Formatting
    Security Mobile
    Role
    Users
    Export
    Performance Speed
    Latency
    Capacity
    Control Governance
    Regulations
    Compliance

    Create requirement buckets and classify requirements.

    1. Define requirement categories according to the framework.
    2. Review the user story and requirements you collected in Step 1.3.2. Classify the requirements within requirement categories.
    3. Review the preliminary list of categorized requirements and look for gaps in this detailed view. You may need to gather additional requirements to fill the gaps.
    4. Prioritize the requirements according to the MoSCoW framework.
    5. Document your final list of requirements in the BI Strategy and Roadmap Template.

    INPUT

    • Existing requirements and new requirements from step 1.3.2

    OUTPUT

    • Prioritized and categorized requirements

    Materials

    • Requirements Insights section of the BI Strategy and Roadmap Template

    Participants

    • BA
    • Business stakeholders
    • PMO

    Translate your findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    As you progress through each phase, document findings and ideas as they arise. At phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translating findings and ideas into actions that will be integrated into the BI Strategy and Roadmap Template

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 1 findings, ideas, and action items

    1.3.4

    1-2 hours

    1. Reconvene as a group to review findings, ideas, and actions harvested in Phase 1. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 1

      Sample Phase 1 Findings Found two business objectives that are not supported by BI/analytics
      Some executives still think BI is reporting
      Some confusion around operational reporting and BI
      Data quality plays a big role in BI
      Many executives are not sure about the BI ROI or asking for one
    4. Select the top findings and document them in the “Other Phase 1 Findings” section of the BI Strategy and Roadmap Template. The findings will be used again in Phase 3.

    INPUT

    • Phase 1 activities
    • Business context (vision, mission, goals, etc.

    OUTPUT

    • Other Phase 1 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    1.1.1-1.1.5

    Establish the business context

    To begin the workshop, your project team will be taken through a series of activities to establish the overall business vision, mission, objectives, goals, and key drivers. This information will serve as the foundation for discerning how the revamped BI strategy needs to enable business users.

    1.2.1- 1.2.3

    Create a comprehensive documentation of your current BI environment

    Our analysts will take your project team through a series of activities that will facilitate an assessment of current BI usage and artifacts, and help you design an end-user interview survey to elicit context around BI usage patterns.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts

    1.3.1-1.3.3

    Establish new BI requirements

    Our analysts will guide your project team through frameworks for eliciting and organizing requirements from business users, and then use those frameworks in exercises to gather some actual requirements from business stakeholders.

    Phase 2

    Evaluate Your Current BI Practice

    Build a Reporting and Analytics Strategy

    Revisit project metrics to track phase progress

    Goals for Phase 2:

    • Assess your current BI practice. Determine the maturity of your current BI practice from different viewpoints.
    • Develop your BI target state. Plan your next generation BI with Info-Tech’s BI patterns and best practices.
    • Safeguard your target state. Avoid BI pitfalls by proactively monitoring BI risks.

    Info-Tech’s Suggested Metrics for Tracking Phase 2 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    # of groups participated in the current state assessment The number of groups joined the current assessment using Info-Tech’s BI Practice Assessment Tool Varies; the tool can accommodate up to five groups
    # of risks mitigated Derive from your risk register At least two to five risks will be identified and mitigated

    Intangible Metrics:

    • Prototyping approach allows the BI group to understand more about business requirements, and in the meantime, allows the business to understand how to partner with the BI group.
    • The BI group and the business have more confidence in the BI program as risks are monitored and mitigated on an ad hoc basis.

    Evaluate your current BI practice

    Phase 2 Overarching Insight

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment, and data management, data quality, and related data practices must be strong. Otherwise, the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 2 overview

    Detailed Overview

    Step 1: Assess Your Current BI Practice

    Step 2: Envision a Future State for Your BI Practice

    Outcomes

    • A comprehensive assessment of current BI practice maturity and capabilities.
    • Articulation of your future BI practice.
    • Improvement objectives and activities for developing your current BI program.

    Benefits

    • Identification of clear gaps in BI practice maturity.
    • A current state assessment that includes the perspectives of both BI providers and consumers to highlight alignment and/or discrepancies.
    • A future state is defined to provide a benchmark for your BI program.
    • Gaps between the future and current states are identified; recommendations for the gaps are defined.

    Phase 2 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 2: Evaluate Your Current BI Practice

    Proposed Time to Completion: 1-2 weeks

    Step 2.1: Assess Your Current BI Practice

    Start with an analyst kick-off call:

    • Detail the benefits of conducting multidimensional assessments that involve BI providers as well as consumers.
    • Review Info-Tech’s BI Maturity Model.

    Then complete these activities…

    • SWOT analyses
    • Identification of BI maturity level through a current state assessment

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Step 2.2: Envision a Future State for Your BI Practice

    Review findings with an analyst:

    • Discuss overall maturity gaps and patterns in BI perception amongst different units of your organization.
    • Discuss how to translate activity findings into robust initiatives, defining critical success factors for BI development and risk mitigation.

    Then complete these activities…

    • Identify your desired BI patterns and functionalities.
    • Complete a target state assessment for your BI practice.
    • Review capability practice gaps and phase-level metrics.

    With these tools & templates:

    BI Practice Assessment Tool

    BI Strategy and Roadmap Template

    Phase 2 Results & Insights:

    • A comprehensive assessment of the organization’s current BI practice capabilities and gaps
    • Visualization of BI perception from a variety of business users as well as IT
    • A list of tasks and initiatives for constructing a strategic BI improvement roadmap

    STEP 2.1

    Assess the Current State of Your BI Practice

    Assess your organization’s current BI capabilities

    Step Objectives

    • Understand the definitions and roles of each component of BI.
    • Contextualize BI components to your organization’s environment and current practices.

    Step Activities

    2.1.1 Perform multidimensional SWOT analyses

    2.1.2 Assess current BI and analytical capabilities, Document challenges, constraints, opportunities

    2.1.3 Review the results of your current state assessment

    Outcomes

    • Holistic perspective of current BI strengths and weaknesses according to BI users and providers
    • Current maturity in BI and related data management practices

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Gather multiple BI perspectives with comprehensive SWOT analyses

    SWOT analysis is an effective tool that helps establish a high-level context for where your practice stands, where it can improve, and the factors that will influence development.

    Strengths

    Best practices, what is working well

    Weaknesses

    Inefficiencies, errors, gaps, shortcomings

    Opportunities

    Review internal and external drivers

    Threats

    Market trends, disruptive forces

    While SWOT is not a new concept, you can add value to SWOT by:

    • Conducting a multi-dimensional SWOT to diversify perspectives – involve the existing BI team, BI management, business executives and other business users.
    • SWOT analyses traditionally provide a retrospective view of your environment. Add a future-looking element by creating improvement tasks/activities at the same time as you detail historical and current performance.

    Info-Tech Insight

    Consider a SWOT with two formats: a private SWOT worksheet and a public SWOT session. Participants will be providing suggestions anonymously while solicited suggestions will be discussed in the public SWOT session to further the discussion.

    Activity: Perform a SWOT analysis in groups to get a holistic view

    2.1.1

    1-2 hours

    This activity will take your project team through a holistic SWOT analysis to gather a variety of stakeholder perception of the current BI practice.

    1. Identify individuals to involve in the SWOT activity. Aim for a diverse pool of participants that are part of the BI practice in different capacities and roles. Solution architects, application managers, business analysts, and business functional unit leaders are a good starting point.
    2. Review the findings summary from Phase 1. You may opt to facilitate this activity with insights from the business context. Each group will be performing the SWOT individually.
    3. The group results will be collected and consolidated to pinpoint common ideas and opinions. Individual group results should be represented by a different color. The core program team will be reviewing the consolidated result as a group.
    4. Document the results of these SWOT activities in the appropriate section of the BI Strategy and Roadmap Template.

    SWOT

    Group 1 Provider Group E.g. The BI Team

    Group 2 Consumer Group E.g. Business End Users

    INPUT

    • IT and business stakeholder perception

    OUTPUT

    • Multi-faceted SWOT analyses
    • Potential BI improvement activities/objectives

    Materials

    • SWOT Analysis section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals in the enterprise (variable)

    Your organization’s BI maturity is determined by several factors and the degree of immersion into your enterprise

    BI Maturity Level

    A way to categorize your analytics maturity to understand where you are currently and what next steps would be best to increase your BI maturity.

    There are several factors used to determine BI maturity:

    Buy-in and Data Culture

    Determines if there is enterprise-wide buy-in for developing business intelligence and if a data-driven culture exists.

    Business–IT Alignment

    Examines if current BI and analytics operations are appropriately enabling the business objectives.

    Governance Structure

    Focuses on whether or not there is adequate governance in place to provide guidance and structure for BI activities.

    Organization Structure and Talent

    Pertains to how BI operations are distributed across the overall organizational structure and the capabilities of the individuals involved.

    Process

    Reviews analytics-related processes and policies and how they are created and enforced throughout the organization.

    Data

    Deals with analytical data in terms of the level of integration, data quality, and usability.

    Technology

    Explores the opportunities in building a fit-for-purpose analytics platform and consolidation opportunities.

    Evaluate Your Current BI Practice with the CMMI model

    To assess BI, Info-Tech uses the CMMI model for rating capabilities in each of the function areas on a scale of 1-5. (“0” and “0.5” values are used for non-existent or emerging capabilities.)

    The image shows an example of a CMMI model

    Use Info-Tech’s BI Maturity Model as a guide for identifying your current analytics competence

    Leverage a BI strategy to revamp your BI program to strive for a high analytics maturity level. In the future you should be doing more than just traditional BI. You will perform self-service BI, predictive analytics, and data science.

    Ad Hoc Developing Defined Managed Trend Setting
    Questions What’s wrong? What happened? What is happening? What happened, is happening, and will happen? What if? So what?
    Scope One business problem at a time One particular functional area Multiple functional areas Multiple functional areas in an integrated fashion Internal plus internet scale data
    Toolset Excel, Access, primitive query tools Reporting tools or BI BI BI, business analytics tools Plus predictive platforms, data science tools
    Delivery Model IT delivers ad hoc reports IT delivers BI reports IT delivers BI reports and some self-service BI Self-service BI and report creation at the business units Plus predictive models and data science projects
    Mindset Firefighting using data Manage using data Analyze using data; shared tooling Data is an asset, shared data Data driven
    BI Org. Structure Data analysts in IT BI BI program BI CoE Data Innovation CoE

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI current state

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analysis of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Conduct a current state assessment of your BI practice maturity

    2.1.2

    2-3 hours

    Use the BI Practice Assessment Tool to establish a baseline for your current BI capabilities and maturity.

    1. Navigate to Tab 2. Current State Assessment in the BI Practice Assessment Tool and complete the current state assessment together or in small groups. If running a series of assessments, do not star or scratch every time. Use the previous group’s results to start the conversation with the users.
    2. Info-Tech suggests the following groups participate in the completion of the assessment to holistically assess BI and to uncover misalignment:

      Providers Consumers
      CIO & BI Management BI Work Groups (developers, analysts, modelers) Business Unit #1 Business Unit #2 Business Unit #3
    3. For each assessment question, answer the current level of maturity in terms of:
      1. Initial/Ad hoc – the starting point for use of a new or undocumented repeat process
      2. Developing – the process is documented such that it is repeatable
      3. Defined – the process is defined/confirmed as a standard business process
      4. Managed and Measurable – the process is quantitatively managed in accordance with agreed-upon metrics.
      5. Optimized – the process includes process optimization/improvement.

    INPUT

    • Observations of current maturity

    OUTPUT

    • Comprehensive current state assessment

    Materials

    • BI Practice Assessment Tool
    • Current State Assessment section of the BI Strategy and Roadmap Template

    Participants

    • Selected individuals as suggested by the assessment tool

    Info-Tech Insight

    Discuss the rationale for your answers as a group. Document the comments and observations as they may be helpful in formulating the final strategy and roadmap.

    Activity: Review and analyze the results of the current state assessment

    2.1.3

    2-3 hours

    1. Navigate to Tab 3. Current State Results in the BI Practice Assessment Tool and review the findings:

    The tool provides a brief synopsis of your current BI state. Review the details of your maturity level and see where this description fits your organization and where there may be some discrepancies. Add additional comments to your current state summary in the BI Strategy and Roadmap Document.

    In addition to reviewing the attributes of your maturity level, consider the following:

    1. What are the knowns – The knowns confirm your understanding on the current landscape.
  • What are the unknowns – The unknowns show you the blind spots. They are very important to give you an alternative view of the your current state. The group should discuss those blind spots and determine what to do with them.
  • Activity: Review and analyze the results of the current state assessment (cont.)

    2.1.3

    2-3 hours

    2. Tab 3 will also visualize a breakdown of your maturity by BI practice dimension. Use this graphic as a preliminary method to identify where your organization is excelling and where it may need improvement.

    Better Practices

    Consider: What have you done in the areas where you perform well?

    Candidates for Improvement

    Consider: What can you do to improve these areas? What are potential barriers to improvement?

    STEP 2.2

    Envision a Future State for Your Organization’s BI Practice

    Detail the capabilities of your next generation BI practice

    Step Objectives

    • Create guiding principles that will shape your organization’s ideal BI program.
    • Pinpoint where your organization needs to improve across several BI practice dimensions.
    • Develop approaches to remedy current impediments to BI evolution.
    • Step Activities

      2.2.1 Define guiding principles for the future state

      2.2.2 Define the target state of your BI practice

      2.2.3 Confirm requirements for BI Styles by management group

      2.2.4 Analyze gaps in your BI practice and generate improvement activities and objectives

      2.2.5 Define the critical success factors for future BI

      2.2.6 Identify potential risks for your future state and create a mitigation plan

    Outcomes

    • Defined landscape for future BI capabilities, including desired BI functionalities.
    • Identification of crucial gaps and improvement points to include in a BI roadmap.
    • Updated BI Styles Usage sheet.

    Research Support

    • Info-Tech’s Data Management Framework
    • Info-Tech’s BI Practice Assessment Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Data Architect(s) or Enterprise Architect

    Project Team

    Define guiding principles to drive your future state envisioning

    Envisioning a BI future state is essentially architecting the future for your BI program. It is very similar to enterprise architecture (EA). Guiding principles are widely used in enterprise architecture. This best practice should also be used in BI envisioning.

    Benefits of Guiding Principles in a BI Context

    • BI planning involves a number of business units. Defining high-level future state principles helps to establish a common ground for those different business units.
    • Ensure the next generation BI aligns with the corporate enterprise architecture and data architecture principles.
    • Provide high-level guidance without depicting detailed solutioning by leaving room for innovation.

    Sample Principles for BI Future State

    1. BI should be fit for purpose. BI is a business technology that helps business users.
    2. Business–IT collaboration should be encouraged to ensure deliverables are relevant to the business.
    3. Focus on continuous improvement on data quality.
    4. Explore opportunities to onboard and integrate new datasets to create a holistic view of your data.
    5. Organize and present data in an easy-to-consume, easy-to-digest fashion.
    6. BI should be accessible to everything, as soon as they have a business case.
    7. Do not train just on using the platform. Train on the underlying data and business model as well.
    8. Develop a training platform where trainees can play around with the data without worrying about messing it up.

    Activity: Define future state guiding principles for your BI practice

    2.2.1

    1-2 hours

    Guiding principles are broad statements that are fundamental to how your organization will go about its activities. Use this as an opportunity to gather relevant stakeholders and solidify how your BI practice should perform moving forward.

    1. To ensure holistic and comprehensive future state principles, invite participants from the business, the data management team, and the enterprise architecture team. If you do not have an enterprise architecture practice, invite people that are involved in building the enterprise architecture. Five to ten people is ideal.
    2. BI Future State

      Awareness Buy-in Business-IT Alignment Governance Org. Structure; People Process; Policies; Standards Data Technology
    3. Once the group has some high-level ideas on what the future state looks like, brainstorm guiding principles that will facilitate the achievement of the future state (see above).
    4. Document the future state principles in the Future State Principles for BI section of the BI Strategy and Roadmap Template

    INPUT

    • Existing enterprise architecture guiding principles
    • High-level concept of future state BI

    OUTPUT

    • Guiding principles for prospective BI practice

    Materials

    • Future State Principles section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives
    • The EA group

    Leverage prototypes to facilitate a continuous dialogue with end users en route to creating the final deliverable

    At the end of the day, BI makes data and information available to the business communities. It has to be fit for purpose and relevant to the business. Prototypes are an effective way to ensure relevant deliverables are provided to the necessary users. Prototyping makes your future state a lot closer and a lot more business friendly.

    Simple Prototypes

    • Simple paper-based, whiteboard-based prototypes with same notes.
    • The most basic communication tool that facilitates the exchange of ideas.
    • Often used in Joint Application Development (JAD) sessions.
    • Improve business and IT collaboration.
    • Can be used to amend requirements documents.

    Discussion Possibilities

    • Initial ideation at the beginning
    • Align everyone on the same page
    • Explain complex ideas/layouts
    • Improve collaboration

    Elaborated Prototypes

    • Demonstrates the possibilities of BI in a risk-free environment.
    • Creates initial business value with your new BI platform.
    • Validates the benefits of BI to the organization.
    • Generates interest and support for BI from senior management.
    • Prepares BI team for the eventual enterprise-wide deployment.

    Discussion Possibilities

    • Validate and refine requirements
    • Fail fast, succeed fast
    • Acts as checkpoints
    • Proxy for the final working deliverable

    Leverage Info-Tech’s BI Practice Assessment Tool to define your BI target state and visualize capability gaps

    BI Practice Assessment Tool

    1. Assess Current State
    • Eight BI practice areas to assess maturity.
    • Based on CMMI maturity scale.
  • Visualize Current State Results
    • Determine your BI maturity level.
    • Identify areas with outstanding maturity.
    • Uncover areas with low maturity.
    • Visualize the presence of misalignments.
  • Target State
    • Tackle target state from two views: business and IT.
    • Calculate gaps between target and current state.
  • Visualize Target State and Gaps
    • A heat map diagram to compare the target state and the current state.
    • Show both current and target maturity levels.
    • Detailed charts to show results for each area.
    • Detailed list of recommendations.

    Purposes:

    • Assess your BI maturity.
    • Visualize maturity assessment to quickly spot misalignments, gaps, and opportunities.
    • Provide right-sized recommendations.

    Document essential findings in Info-Tech’s BI Strategy and Roadmap Template.

    Info-Tech Insight

    Assessing current and target states is only the beginning. The real value comes from the interpretation and analyses of the results. Use visualizations of multiple viewpoints and discuss the results in groups to come up with the most effective ideas for your strategy and roadmap.

    Activity: Define the target state for your BI practice

    2.2.2

    2 hours

    This exercise takes your team through establishing the future maturity of your BI practice across several dimensions.

    1. Envisioning of the future state will involve input from the business side as well as the IT department.
    2. The business and IT groups should get together separately and determine the target state maturity of each of the BI practice components:

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Define the target state for your BI practice (cont.)

    2.2.2

    2 hours

    2. The target state levels from the two groups will be averaged in the column “Target State Level.” The assessment tool will automatically calculate the gaps between future state value and the current state maturity determined in Step 2.1. Significant gaps in practice maturity will be highlighted in red; smaller or non-existent gaps will appear green.

    The image is a screenshot of Tab 4: Target State Evaluation of the BI Practice Assessment Tool with Gap highlighted.

    INPUT

    • Desired future practice capabilities

    OUTPUT

    • Target state assessment

    Materials

    • Tab 4 of the BI Practice Assessment Tool

    Participants

    • Business representatives
    • IT representatives

    Activity: Revisit the BI Style Analysis sheet to define new report and analytical requirements by C-Level

    2.2.3

    1-2 hours

    The information needs for each executive is unique to their requirements and management style. During this exercise you will determine the reporting and analytical needs for an executive in regards to content, presentation and cadence and then select the BI style that suite them best.

    1. To ensure a holistic and comprehensive need assessment, invite participants from the business and BI team. Discuss what data the executive currently use to base decisions on and explore how the different BI styles may assist. Sample reports or mock-ups can be used for this purpose.
    2. Document the type of report and required content using the BI Style Tool.
    3. The BI Style Tool will then guide the BI team in the type of reporting to develop and the level of Self-Service BI that is required. The tool can also be used for product selection.

    INPUT

    • Information requirements for C-Level Executives

    OUTPUT

    • BI style(s) that are appropriate for an executive’s needs

    Materials

    • BI Style Usage sheet from BI Strategy and Roadmap Template
    • Sample Reports

    Participants

    • Business representatives
    • BI representatives

    Visualization tools facilitate a more comprehensive understanding of gaps in your existing BI practice

    Having completed both current and target state assessments, the BI Practice Assessment Tool allows you to compare the results from multiple angles.

    At a higher level, you can look at your maturity level:

    At a detailed level, you can drill down to the dimensional level and item level.

    The image is a screenshots from Tab 4: Target State Evaluation of the BI Practice Assessment Tool

    At a detailed level, you can drill down to the dimensional level and item level.

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities

    2.2.4

    2 hours

    This interpretation exercise helps you to make sense of the BI practice assessment results to provide valuable inputs for subsequent strategy and roadmap formulation.

    1. IT management and the BI team should be involved in this exercise. Business SMEs should be consulted frequently to obtain clarifications on what their ideal future state entails.
    2. Begin this exercise by reviewing the heat map and identifying:

    • Areas with very large gaps
    • Areas with small gaps

    Areas with large gaps

    Consider: Is the target state feasible and achievable? What are ways we can improve incrementally in this area? What is the priority for addressing this gap?

    Areas with small/no gaps

    Consider: Can we learn from those areas? Are we setting the bar too low for our capabilities?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    2. Discuss the differences in the current and target state maturity level descriptions. Questions to ask include:

    • What are the prerequisites before we can begin to build the future state?
    • Is the organization ready for that future state? If not, how do we set expectations and vision for the future state?
    • Do we have the necessary competencies, time, and support to achieve our BI vision?

    INPUT

    • Current and target state visualizations

    OUTPUT

    • Gap analysis (Tab 5)

    Materials

    • Tab 5 of the BI Practice Assessment Tool
    • Future State Assessment Results section of the BI Strategy and Roadmap Template

    Participants

    • Business representatives
    • IT representatives

    Activity: Analyze gaps in BI practice capabilities and generate improvement objectives/activities (cont.)

    2.2.4

    2 hours

    3. Have the same group members reconvene and discuss the recommendations at the BI practice dimension level on Tab 5. of the BI Practice Assessment Tool. These recommendations can be used as improvement actions or translated into objectives for building your BI capabilities.

    Example

    The heat map displayed the largest gap between target state and current state in the technology dimension. The detailed drill-down chart will further illustrate which aspect(s) of the technology dimension is/are showing the most room for improvement in order to better direct your objective and initiative creation.

    The image is of an example and recommendations.

    Considerations:

    • What dimension parameters have the largest gaps? And why?
    • Is there a different set of expectations for the future state?

    Define critical success factors to direct your future state

    Critical success factors (CSFs) are the essential factors or elements required for ensuring the success of your BI program. They are used to inform organizations with things they should focus on to be successful.

    Common Provider (IT Department) CSFs

    • BI governance structure and organization is created.
    • Training is provided for the BI users and the BI team.
    • BI standards are in place.
    • BI artifacts rely on quality data.
    • Data is organized and presented in a usable fashion.
    • A hybrid BI delivery model is established.
    • BI on BI; a measuring plan has to be in place.

    Common Consumer (Business) CSFs

    • Measurable business results have been improved.
    • Business targets met/exceeded.
    • Growth plans accelerated.
    • World-class training to empower BI users.
    • Continuous promotion of a data-driven culture.
    • IT–business partnership is established.
    • Collaborative requirements gathering processes.
    • Different BI use cases are supported.

    …a data culture is essential to the success of analytics. Being involved in a lot of Bay Area start-ups has shown me that those entrepreneurs that are born with the data DNA, adopt the data culture and BI naturally. Other companies should learn from these start-ups and grow the data culture to ensure BI adoption.

    – Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP

    Activity: Define provider and consumer critical success factors for your future BI capabilities

    2.2.5

    2 hours

    Create critical success factors that are important to both BI providers and BI consumers.

    1. Divide relevant stakeholders into two groups:
    2. BI Provider (aka IT) BI Consumer (aka Business)
    3. Write two headings on the board: Objective and Critical Success Factors. Write down each of the objectives created in Phase 1.
    4. Divide the group into small teams and assign each team an objective. For each objective, ask the following question:
    5. What needs to be put in place to ensure that this objective is achieved?

      The answer to the question is your candidate CSF. Write CSFs on sticky notes and stick them by the relevant objective.

    6. Rationalize and consolidate CSFs. Evaluate the list of candidate CSFs to find the essential elements for achieving success.
    7. For each CSF, identify at least one key performance indicator that will serve as an appropriate metric for tracking achievement.

    As you evaluate candidate CSFs, you may uncover new objectives for achieving your future state BI.

    INPUT

    • Business objectives

    OUTPUT

    • A list of critical success factors mapped to business objectives

    Materials

    • Whiteboard and colored sticky notes
    • CSFs for the Future State section of the BI Strategy and Roadmap Template

    Participants

    • Business and IT representatives
    • CIO
    • Head of BI

    Round out your strategy for BI growth by evaluating risks and developing mitigation plans

    A risk matrix is a useful tool that allows you to track risks on two dimensions: probability and impact. Use this matrix to help organize and prioritize risk, as well as develop mitigation strategies and contingency plans appropriately.

    Example of a risk matrix using colour coding

    Info-Tech Insight

    Tackling risk mitigation is essentially purchasing insurance. You cannot insure everything – focus your investments on mitigating risks with a reasonably high impact and high probability.

    Be aware of some common barriers that arise in the process of implementing a BI strategy

    These are some of the most common BI risks based on Info-Tech’s research:

    Low Impact Medium Impact High Impact
    High Probability
    • Users revert back to Microsoft Excel to analyze data.
    • BI solution does not satisfy the business need.
    • BI tools become out of sync with new strategic direction.
    • Poor documentation creates confusion and reduces user adoption.
    • Fail to address data issues: quality, integration, definition.
    • Inadequate communication with stakeholders throughout the project.
    • Users find the BI tool interface too confusing.
    Medium Probability
    • Fail to define and monitor KPIs.
    • Poor training results in low user adoption.
    • Organization culture is resistant to the change.
    • Lack of support from the sponsors.
    • No governance over BI.
    • Poor training results in misinformed users.
    Low Probability
    • Business units independently invest in BI as silos.

    Activity: Identify potential risks for your future state and create a mitigation plan

    2.2.6

    1 hour

    As part of developing your improvement actions, use this activity to brainstorm some high-level plans for mitigating risks associated with those actions.

    Example:

    Users find the BI tool interface too confusing.

    1. Use the probability-impact matrix to identify risks systematically. Collectively vote on the probability and impact for each risk.
    2. Risk mitigation. Risk can be mitigated by three approaches:
    3. A. Reducing its probability

      B. Reducing its impact

      C. Reducing both

      Option A: Brainstorm ways to reduce risk probability

      E.g. The probability of the above risk may be reduced by user training. With training, the probability of confused end users will be reduced.

      Option B: Brainstorm ways to reduce risk impact

      E.g. The impact can be reduced by ensuring having two end users validate each other’s reports before making a major decision.

    4. Document your high-level mitigation strategies in the BI Strategy and Roadmap Template.

    INPUT

    • Step 2.2 outputs

    OUTPUT

    • High-level risk mitigation plans

    Materials

    • Risks and Mitigation section of the BI Strategy and Roadmap Template

    Participants

    • BI sponsor
    • CIO
    • Head of BI

    Translate your findings and ideas into actions that will be integrated into the BI strategy and roadmap

    As you progress through each phase, document findings and ideas as they arise. By phase end, hold a brainstorming session with the project team focused on documenting findings and ideas and substantiating them into improvement actions.

    Translated findings and ideas into actions that will be integrated into the BI strategy and roadmap.

    Ask yourself how BI or analytics can be used to address the gaps and explore opportunities uncovered in each phase. For example, in Phase 1, how do current BI capabilities impede the realization of the business vision?

    Document and prioritize Phase 2 findings, ideas, and action items

    2.2.7

    1-2 hours

    1. Reconvene as a group to review the findings, ideas, and actions harvested in Phase 2. Write the findings, ideas, and actions on sticky notes.
    2. Prioritize the sticky notes to yield those with high business value and low implementation effort. View some sample findings below:
    3. High Business Value, Low Effort High Business Value, High Effort
      Low Business Value, High Effort Low Business Value, High Effort

      Phase 2

      Sample Phase 2 Findings Found a gap between the business expectation and the existing BI content they are getting.
      Our current maturity level is “Level 2 – Operational.” Almost everyone thinks we should be at least “Level 3 – Tactical” with some level 4 elements.
      Found an error in a sales report. A quick fix is identified.
      The current BI program is not able to keep up with the demand.
    4. Select the top items and document the findings in the BI Strategy Roadmap Template. The findings will be used to build a Roadmap in Phase 3.

    INPUT

    • Phase 2 activities

    OUTPUT

    • Other Phase 2 Findings section of the BI Strategy and Roadmap Template

    Materials

    • Whiteboard
    • Sticky notes

    Participants

    • Project manger
    • Project team
    • Business stakeholders

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    2.1.1

    Determine your current BI maturity level

    The analyst will take your project team through Info-Tech’s BI Practice Assessment Tool, which collects perspectives from BI consumer and provider groups on multiple facets of your BI practice in order to establish a current maturity level.

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-Tech analysts

    2.2.1

    Define guiding principles for your target BI state

    Using enterprise architecture principles as a starting point, our analyst will facilitate exercises to help your team establish high-level standards for your future BI practice.

    2.2.2-2.2.3

    Establish your desired BI patterns and matching functionalities

    In developing your BI practice, your project team will have to decide what BI-specific capabilities are most important to your organization. Our analyst will take your team through several BI patterns that Info-Tech has identified and discuss how to bridge the gap between these patterns, linking them to specific functional requirements in a BI solution.

    2.2.4-2.2.5

    Analyze the gaps in your BI practice capabilities

    Our analyst will guide your project team through a number of visualizations and explanations produced by our assessment tool in order to pinpoint the problem areas and generate improvement ideas.

    Phase 3

    Create a BI Roadmap for Continuous Improvement

    Build a Reporting and Analytics Strategy

    Create a BI roadmap for continuous improvement

    Phase 3 Overarching Insight

    The benefit of creating a comprehensive and actionable roadmap is twofold: not only does it keep BI providers accountable and focused on creating incremental improvement, but a roadmap helps to build momentum around the overall project, provides a continuous delivery of success stories, and garners grassroots-level support throughout the organization for BI as a key strategic imperative.

    Understand the Business Context to Rationalize Your BI Landscape Evaluate Your Current BI Practice Create a BI Roadmap for Continuous Improvement
    Establish the Business Context
    • Business Vision, Goals, Key Drivers
    • Business Case Presentation
    • High-Level ROI
    Assess Your Current BI Maturity
    • SWOT Analysis
    • BI Practice Assessment
    • Summary of Current State
    Construct a BI Initiative Roadmap
    • BI Improvement Initiatives
    • BI Strategy and Roadmap
    Access Existing BI Environment
    • BI Perception Survey Framework
    • Usage Analyses
    • BI Report Inventory
    Envision BI Future State
    • BI Patterns
    • BI Practice Assessment
    • List of Functions
    Plan for Continuous Improvement
    • Excel Governance Policy
    • BI Ambassador Network Draft
    Undergo Requirements Gathering
    • Requirements Gathering Principles
    • Overall BI Requirements

    Phase 3 overview

    Detailed Overview

    Step 1: Establish Your BI Initiative Roadmap

    Step 2: Identify Opportunities to Enhance Your BI Practice

    Step 3: Create Analytics Strategy

    Step 4: Define CSF and metrics to monitor success of BI and analytics

    Outcomes

    • Consolidate business intelligence improvement objectives into robust initiatives.
    • Prioritize improvement initiatives by cost, effort, and urgency.
    • Create a one-year, two-year, or three-year timeline for completion of your BI improvement initiatives.
    • Identify supplementary programs that will facilitate the smooth execution of road-mapped initiatives.

    Benefits

    • Clear characterization of comprehensive initiatives with a detailed timeline to keep team members accountable.

    Revisit project metrics to track phase progress

    Goals for Phase 3:

    • Put everything together. Findings and observations from Phase 1 and 2 are rationalized in this phase to develop data initiatives and create a strategy and roadmap for BI.
    • Continuous improvements. Your BI program is evolving and improving over time. The program should allow you to have faster, better, and more comprehensive information.

    Info-Tech’s Suggested Metrics for Tracking Phase 3 Goals

    Practice Improvement Metrics Data Collection and Calculation Expected Improvement
    Program Level Metrics Efficiency
    • Time to information
    • Self-service penetration
    • Derive from the ticket management system
    • Derive from the BI platform
    • 10% reduction in time to information
    • Achieve 10-15% self-service penetration
    • Effectiveness
    • BI Usage
    • Data quality
    • Derive from the BI platform
    • Data quality perception
    • Majority of the users use BI on a daily basis
    • 15% increase in data quality perception
    Comprehensiveness
    • # of integrated datasets
    • # of strategic decisions made
    • Derive from the data integration platform
    • Decision-making perception
    • Onboard 2-3 new data domains per year
    • 20% increase in decision-making perception

    Learn more about the CIO Business Vision program.

    Intangible Metrics:

    Tap into the results of Info-Tech’s CIO Business Vision diagnostic to monitor the changes in business-user satisfaction as you implement the initiatives in your BI improvement roadmap.

    Phase 3 outline

    Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

    Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that helps you execute each phase of a project. They are included in most advisory memberships.

    Guided Implementation 3: Create a BI Roadmap for Continuous Improvement

    Proposed Time to Completion: 1-2 weeks

    Step 3.1: Construct a BI Improvement Initiative Roadmap

    Start with an analyst kick off call:

    • Review findings and insights from completion of activities pertaining to current and future state assessments
    • Discuss challenges around consolidating activities into initiatives

    Then complete these activities…

    • Collect improvement objectives/tasks from previous phases
    • Develop comprehensive improvement initiatives
    • Leverage value-effort matrix activities to prioritize these initiatives and place them along an improvement roadmap

    With these tools & templates:

    BI Initiatives and Roadmap Tool

    BI Strategy and Roadmap Template

    Step 3.2: Continuous Improvement Opportunities for BI

    Review findings with analyst:

    • Review completed BI improvement initiatives and roadmap
    • Discuss guidelines presenting a finalized improvement to the relevant committee or stakeholders
    • Discuss additional policies and programs that can serve to enhance your established BI improvement roadmap

    Then complete these activities…

    • Present BI improvement roadmap to relevant stakeholders
    • Develop Info-Tech’s recommended supplementary policies and programs for BI

    With these tools & templates:

    BI Strategy and Roadmap Executive Presentation Template

    Phase 3 Results & Insights:

    • Comprehensive initiatives with associated tasks/activities consolidated and prioritized in an improvement roadmap

    STEP 3.1

    Construct a BI Improvement Initiative Roadmap

    Build an improvement initiative roadmap to solidify your revamped BI strategy

    Step Objectives

    • Bring together activities and objectives for BI improvement to form initiatives
    • Develop a fit-for-purpose roadmap aligned with your BI strategy

    Step Activities

    3.1.1 Characterize individual improvement objectives and activities ideated in previous phases.

    3.1.2 Synthesize and detail overall BI improvement initiatives.

    3.1.3 Create a plan of action by placing initiatives on a roadmap.

    Outcomes

    • Detailed BI improvement initiatives, prioritized by value and effort
    • Defined roadmap for completion of tasks associated with each initiative and accountability

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool

    Proposed Participants in this Step

    Project Manager

    Project Team

    Create detailed BI strategy initiatives by bringing together the objectives listed in the previous phases

    When developing initiatives, all components of the initiative need to be considered, from its objectives and goals to its benefits, risks, costs, effort required, and relevant stakeholders.

    Use outputs from previous project steps as inputs to the initiative and roadmap building:

    The image shows the previous project steps as inputs to the initiative and roadmap building, with arrow pointing from one to the next.

    Determining the dependencies that exist between objectives will enable the creation of unique initiatives with associated to-do items or tasks.

    • Group objectives into similar buckets with dependencies
    • Select one overarching initiative
    • Adapt remaining objectives into tasks of the main initiative
    • Add any additional tasks

    Leverage Info-Tech’s BI Initiatives and Roadmap Tool to build a fit-for-purpose improvement roadmap

    BI Initiatives and Roadmap Tool

    Overview

    Use the BI Initiatives and Roadmap Tool to develop comprehensive improvement initiatives and add them to a BI strategy improvement roadmap.

    Recommended Participants

    • BI project team

    Tool Guideline

    Tab 1. Instructions Use this tab to get an understanding as to how the tool works.
    Tab 2. Inputs Use this tab to customize the inputs used in the tool.
    Tab 3. Activities Repository Use this tab to list and prioritize activities, to determine dependencies between them, and build comprehensive initiatives with them.
    Tab 4. Improvement Initiatives Use this tab to develop detailed improvement initiatives that will form the basis of the roadmap. Map these initiatives to activities from Tab 3.
    Tab 5. Improvement Roadmap Use this tab to create your BI strategy improvement roadmap, assigning timelines and accountability to initiatives and tasks, and to monitor your project performance over time.

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities

    3.1.1

  • 2 hours
    1. Have one person from the BI project team populate Tab 3. Activities Repository with the BI strategy activities that were compiled in Phases 1 and 2. Use drop-downs to indicate in which phase the objective was originally ideated.
    2. With BI project team executives, discuss and assign dependencies between activities in the Dependencies columns. A dependency exists if:
    • An activity requires consideration of another activity.
    • An activity requires the completion of another activity.
    • Two activities should be part of the same initiative.
    • Two activities are very similar in nature.
  • Then discuss and assign priorities to each activity in the Priority column using input from previous Phases. For example, if an activity was previously indicated as critical to the business, if a similar activity appears multiple times, or if an activity has several dependencies, it should be higher priority.
  • Inputs

    • BI improvement activities created in Phases 1 and 2

    Output

    • Activities with dependencies and priorities

    Materials

    • BI Initiatives and Roadmap Tool

    Participants

    • BI project team

    Activity: Consolidate BI activities into the tool and assign dependencies and priorities (cont’d.)

    3.1.1

    2 hours

    Screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities

    The image is of a screenshot of Tab 3. BI Activities Repository, with samples improvement activities, dependencies, statuses, and priorities.

    Revisit the outputs of your current state assessment and note which activities have already been completed in the “Status” column, to avoid duplication of your efforts.

    When classifying the status of items in your activity repository, distinguish between broader activities (potential initiatives) and granular activities (tasks).

    Activity: Customize project inputs and build out detailed improvement initiatives

    3.1.2

    1.5 hours

    1. Follow instructions on Tab 2. Inputs to customize inputs you would like to use for your project.
    2. Review the activities repository and select up to 12 overarching initiatives based on the activities with extreme or highest priority and your own considerations.
    • Rewording where necessary, transfer the names of your initiatives in the banners provided on Tab 4. Improvement Initiatives.
    • On Tab 3, indicate these activities as “Selected (initiatives)” in the Status column.
  • In Tab 4, develop detailed improvement initiatives by indicating the owner, taxonomy, start and end periods, cost and effort estimates, goal, benefit/value, and risks of each initiative.
  • Use drop-downs to list “Related activities,” which will become tasks under each initiative.
    • activities with dependency to the initiative
    • activities that lead to the same goal or benefit/value of the main initiative

    Screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives

    <p data-verified=The image is a screenshot of the Improvement Initiative template, to be used for developing comprehensive initiatives.">

    Inputs

    • Tab 3. Activities Repository

    Output

    • Unique and detailed improvement initiatives

    Materials

    • BI Initiatives and Roadmap Tool
    • BI Initiatives section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Visual representations of your initiative landscape can aid in prioritizing tasks and executing the roadmap

    Building a comprehensive BI program will be a gradual process involving a variety of stakeholders. Different initiatives in your roadmap will either be completed sequentially or in parallel to one another, given dependencies and available resources. The improvement roadmap should capture and represent this information.

    To determine the order in which main initiatives should be completed, exercises such as a value–effort map can be very useful.

    Example: Value–Effort Map for a BI Project

    Initiatives that are high value–low effort are found in the upper left quadrant and are bolded; These may be your four primary initiatives. In addition, initiative five is valuable to the business and critical to the project’s success, so it too is a priority despite requiring high effort. Note that you need to consider dependencies to prioritize these key initiatives.

    Value–Effort Map for a BI Project
    1. Data profiling techniques training
    2. Improve usage metrics
    3. Communication plan for BI
    4. Staff competency evaluation
    5. Formalize practice capabilities
    6. Competency improvement plan program
    7. Metadata architecture improvements
    8. EDW capability improvements
    9. Formalize oversight for data manipulation

    This exercise is best performed using a white board and sticky notes, and axes can be customized to fit your needs (E.g. cost, risk, time, etc.).

    Activity: Build an overall BI strategy improvement roadmap for the entire project

    3.1.3

    45 minutes

    The BI Strategy Improvement Roadmap (Tab 5 of the BI Initiatives and Roadmap Tool) has been populated with your primary initiatives and related tasks. Read the instructions provided at the top of Tab 5.

    1. Use drop-downs to assign a Start Period and End Period to each initiative (already known) and each task (determined here). As you do so, the roadmap will automatically fill itself in. This is where the value–effort map or other prioritization exercises may help.
    2. Assign Task Owners reporting Managers.
    3. Update the Status and Notes columns on an ongoing basis. Hold meetings with task owners and managers about blocked or overdue items.
    • Updating status should also be an ongoing maintenance requirement for Tab 3 in order to stay up to date on which activities have been selected as initiatives or tasks, are completed, or are not yet acted upon.

    Screenshot of the BI Improvement Roadmap (Gantt chart) showing an example initiative with tasks, and assigned timeframes, owners, and status updates.

    INPUTS

    • Tab 3. Activities Repository
    • Tab 4. Improvement Initiatives

    OUTPUT

    • BI roadmap

    Materials

    • BI Initiatives and Roadmap Tool
    • Roadmap section of the BI Strategy and Roadmap Template

    Participants

    • BI project team

    Obtain approval for your BI strategy roadmap by organizing and presenting project findings

    Use a proprietary presentation template

    Recommended Participants

    • Project sponsor
    • Relevant IT & business executives
    • CIO
    • BI project team

    Materials & Requirements

    Develop your proprietary presentation template with:

    • Results from Phases 1 and 2 and Step 3.1
    • Information from:
      • Info-Tech’s Build a Reporting and Analytics Strategy
    • Screen shots of outputs from the:
      • BI Practice Assessment Tool
      • BI Initiatives and Roadmap Tool

    Next Steps

    Following the approval of your roadmap, begin to plan the implementation of your first initiatives.

    Overall Guidelines

    • Invite recommended participants to an approval meeting.
    • Present your project’s findings with the goal of gaining key stakeholder support for implementing the roadmap.
    1. Set the scene using BI vision & objectives.
    2. Present the results and roadmap next.
    3. Dig deeper into specific issues by touching on the important components of this blueprint to generate a succinct and cohesive presentation.
  • Make the necessary changes and updates stemming from discussion notes during this meeting.
  • Submit a formal summary of findings and roadmap to your governing body for review and approval (e.g. BI steering committee, BI CoE).
  • Info-Tech Insight

    At this point, it is likely that you already have the support to implement a data quality improvement roadmap. This meeting is about the specifics and the ROI.

    Maximize support by articulating the value of the data quality improvement strategy for the organization’s greater information management capabilities. Emphasize the business requirements and objectives that will be enhanced as a result of tackling the recommended initiatives, and note any additional ramifications of not doing so.

    Leverage Info-Tech’s presentation template to present your BI strategy to the executives

    Use the BI Strategy and Roadmap Executive Presentation Template to present your most important findings and brilliant ideas to the business executives and ensure your BI program is endorsed. Business executives can also learn about how the BI strategy empowers them and how they can help in the BI journey.

    Important Messages to Convey

    • Executive summary of the presentation
    • Current challenges faced by the business
    • BI benefits and associated opportunities
    • SWOT analyses of the current BI
    • BI end-user satisfaction survey
    • BI vision, mission, and goals
    • BI initiatives that take you to the future state
    • (Updated) Analytical Strategy
    • Roadmap that depicts the timeline

    STEP 3.2

    Continuous Improvement Opportunities for BI

    Create supplementary policies and programs to augment your BI strategy

    Step Objectives

    • Develop a plan for encouraging users to continue to use Excel, but in a way that does not compromise overall BI effectiveness.
    • Take steps to establish a positive organizational culture around BI.

    Step Activities

    3.2.1 Construct a concrete policy to integrate Excel use with your new BI strategy.

    3.2.2 Map out the foundation for a BI Ambassador network.

    Outcomes

    • Business user understanding of where Excel manipulation should and should not occur
    • Foundation for recognizing exceptional BI users and encouraging development of enterprise-wide business intelligence

    Research Support

    • Info-Tech’s BI Initiatives and Roadmap Tool
    • Info-Tech’s BI Strategy and Roadmap Template

    Proposed Participants in this Step

    Project Manager

    Project Team

    Additional Business Users

    Establish Excel governance to better serve Excel users while making sure they comply with policies

    Excel is the number one BI tool

    • BI applications are developed to support information needs.
    • The reality is that you will never migrate all Excel users to BI. Some Excel users will continue to use it. The key is to support them while imposing governance.
    • The goal is to direct them to use the data in BI or in the data warehouse instead of extracting their own data from various source systems.

    The Tactic: Centralize data extraction and customize delivery

    • Excel users formerly extracted data directly from the production system, cleaned up the data, manipulated the data by including their own business logic, and presented the data in graphs and pivot tables.
    • With BI, the Excel users can still use Excel to look at the information. The only difference is that BI or data warehouse will be the data source of their Excel workbook.

    Top-Down Approach

    • An Excel policy should be created at the enterprise level to outline which Excel use cases are allowed, and which are not.
    • Excel use cases that involve extracting data from source systems and transforming that data using undisclosed business rules should be banned.
    • Excel should be a tool for manipulating, filtering, and presenting data, not a tool for extracting data and running business rules.

    Excel

    Bottom-Up Approach

    • Show empathy to your users. They just want information to get their work done.
    • A sub-optimal information landscape is the root cause, and they are the victims. Excel spreadmarts are the by-products.
    • Make the Excel users aware of the risks associated with Excel, train them in BI, and provide them with better information in the BI platform.

    Activity: Create an Excel governance policy

    3.2.1

    4 hours

    Construct a policy around Excel use to ensure that Excel documents are created and shared in a manner that does not compromise the integrity of your overall BI program.

    1. Review the information artifact list harvested from Step 2.1 and identify all existing Excel-related use cases.
    2. Categorize the Excel use cases into “allowed,” “not allowed,” and “not sure.” For each category define:
    3. Category To Do: Policy Context
      Allowed Discuss what makes these use cases ideal for BI. Document use cases, scenarios, examples, and reasons that allow Excel as an information artifact.
      Not Allowed Discuss why these cases should be avoided. Document forbidden use cases, scenarios, examples, and reasons that use Excel to generate information artifacts.
      Not Sure Discuss the confusions; clarify the gray area. Document clarifications and advise how end users can get help in those “gray area” cases.
    4. Document the findings in the BI Strategy and Roadmap Template in the Manage and Sustain BI Strategy section, or a proprietary template. You may also need to create a separate Excel policy to communicate the Dos and Don’ts.

    Inputs

    • Step 2.1 – A list of information artifacts

    Output

    • Excel-for-BI Use Policy

    Materials

    • BI Strategy Roadmap and Template, or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Build a network of ambassadors to promote BI and report to IT with end-user feedback and requests

    The Building of an Insider Network: The BI Ambassador Network

    BI ambassadors are influential individuals in the organization that may be proficient at using BI tools but are passionate about analytics. The network of ambassadors will be IT’s eyes, ears, and even mouth on the frontline with users. Ambassadors will promote BI, communicate any messages IT may have, and keep tabs on user satisfaction.

    Ideal candidate:

    • A good relationship with IT.
    • A large breadth of experience with BI, not just one dashboard.
    • Approachable and well-respected amongst peers.
    • Has a passion for driving organizational change using BI and continually looking for opportunities to innovate.

    Push

    • Key BI Messages
    • Best Practices
    • Training Materials

    Pull

    • Feedback
    • Complaints
    • Thoughts and New Ideas

    Motivate BI ambassadors with perks

    You need to motivate ambassadors to take on this additional responsibility. Make sure the BI ambassadors are recognized in their business units when they go above and beyond in promoting BI.

    Reward Approach Reward Type Description
    Privileges High Priority Requests Given their high usage and high visibility, ambassadors’ BI information requests should be given a higher priority.
    First Look at New BI Development Share the latest BI updates with ambassadors before introducing them to the organization. Ambassadors may even be excited to test out new functionality.
    Recognition Featured in Communications BI ambassadors’ use cases and testimonials can be featured in BI communications. Be sure to create a formal announcement introducing the ambassadors to the organization.
    BI Ambassador Certificate A certificate is a formal way to recognize their efforts. They can also publicly display the certificate in their workspace.
    Rewards Appointed by Senior Executives Have the initial request to be a BI ambassador come from a senior executive to flatter the ambassador and position the role as a reward or an opportunity for success.
    BI Ambassador Awards Award an outstanding BI ambassador for the year. The award should be given by the CEO in a major corporate event.

    Activity: Plan for a BI ambassador network

    3.2.2

    2 hours

    Identify individuals within your organization to act as ambassadors for BI and a bridge between IT and business users.

    1. Obtain a copy of your latest organizational chart. Review your most up-to-date organizational chart and identify key BI consumers across a variety of functional units. In selecting potential BI ambassadors, reflect on the following questions:
    • Does this individual have a good relationship with IT?
    • What is the depth of their experience with developing/consuming business intelligence?
    • Is this individual respected and influential amongst their respective business units?
    • Has this individual shown a passion for innovating within their role?
  • Create a mandate and collateral detailing the roles and responsibilities for the ambassador role, e.g.:
    • Promote BI to members of your group
    • Represent the “voice of the data consumers”
  • Approach the ambassador candidates and explain the responsibilities and perks of the role, with the goal of enlisting about 10-15 ambassadors
  • Inputs

    • An updated organizational chart
    • A list of BI users

    Output

    • Draft framework for BI ambassador network

    Materials

    • BI Strategy and Roadmap Template or proprietary document

    Participants

    • Business executives
    • CIO
    • Head of BI
    • BI team

    Keeping tabs on metadata is essential to creating a data democracy with BI

    A next generation BI not only provides a platform that mirrors business requirements, but also creates a flexible environment that empowers business users to explore data assets without having to go back and forth with IT to complete queries.

    Business users are generally not interested in the underlying architecture or the exact data lineages; they want access to the data that matters most for decision-making purposes.

    Metadata is data about data

    It comes in the form of structural metadata (information about the spaces that contain data) and descriptive metadata (information pertaining to the data elements themselves), in order to answer questions such as:

    • What is the intended purpose of this data?
    • How up-to-date is this information?
    • Who owns this data?
    • Where is this data coming from?
    • How have these data elements been transformed?

    By creating effective metadata, business users are able to make connections between and bring together data sources from multiple areas, creating the opportunity for holistic insight generation.

    Like BI, metadata lies in the Information Dimension layer of our data management framework.

    The metadata needs to be understood before building anything. You need to identify fundamentals of the data, who owns not only that data, but also its metadata. You need to understand where the consolidation is happening and who owns it. Metadata is the core driver and cost saver for building warehouses and requirements gathering.

    – Albert Hui, Principal, Data Economist

    Deliver timely, high quality, and affordable information to enable fast and effective business decisions

    In order to maximize your ROI on business intelligence, it needs to be treated less like a one-time endeavor and more like a practice to be continually improved upon.

    Though the BI strategy provides the overall direction, the BI operating model – which encompasses organization structure, processes, people, and application functionality – is the primary determinant of efficacy with respect to information delivery. The alterations made to the operating model occur in the short term to improve the final deliverables for business users.

    An optimal BI operating model satisfies three core requirements:

    Timeliness

    Effectiveness

  • Affordability
  • Bring tangible benefits of your revamped BI strategy to business users by critically assessing how your organization delivers business intelligence and identifying opportunities for increased operational efficiency.

    Assess and Optimize BI Operations

    Focus on delivering timely, quality, and affordable information to enable fast and effective business decisions

    Implement a fit-for-purpose BI and analytics solution to augment your next generation BI strategy

    Organizations new to business intelligence or with immature BI capabilities are under the impression that simply getting the latest-and-greatest tool will provide the insights business users are looking for.

    BI technology can only be as effective as the processes surrounding it and the people leveraging it. Organizations need to take the time to select and implement a BI suite that aligns with business goals and fosters end-user adoption.

    As an increasing number of companies turn to business intelligence technology, vendors are responding by providing BI and analytics platforms with more and more features.

    Our vendor landscape will simplify the process of selecting a BI and analytics solution by:

    Differentiating between the platforms and features vendors are offering.

    Detailing a robust framework for requirements gathering to pinpoint your organization’s needs.

    Developing a high-level plan for implementation.

    Select and Implement a Business Intelligence and Analytics Solution

    Find the diamond in your data-rough using the right BI & Analytics solution

    If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

    Book a workshop with our Info-tech analysts:

    • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
    • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
    • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

    The following are sample activities that will be conducted by Info-tech analysts with your team:

    3.1.1-3.1.3

    Construct a BI improvement initiative roadmap

    During these activities, your team will consolidate the list of BI initiatives generated from the assessments conducted in previous phases, assign timelines to each action, prioritize them using a value–effort matrix, and finally produce a roadmap for implementing your organization’s BI improvement strategy.

    3.2

    Identify continuous improvement opportunities for BI

    Our analyst team will work with your organization to ideate supplementary programs to support your BI strategy. Defining Excel use cases that are permitted and prohibited in conjunction with your BI strategy, as well as structuring an internal BI ambassador network, are a few extra initiatives that can enhance your BI improvement plans.

    Insight breakdown

    Your BI platform is not a one-and-done initiative.

    A BI program is not a static project that is created once and remains unchanged. Your strategy must be treated as a living platform to be revisited and revitalized in order to provide effective enablement of business decision making. Develop a BI strategy that propels your organization by building it on business goals and objectives, as well as comprehensive assessments that quantitatively and qualitatively evaluate your current BI capabilities.

    Put the “B” back in “BI.”

    The closer you align your new BI platform to real business interests, the stronger will be the buy-in, realized value, and groundswell of enthusiastic adoption. Ultimately, getting this phase right sets the stage to best realize a strong ROI for your investment in the people, processes, and technology that will be your next generation BI platform.

    Go beyond the platform.

    BI success is not based solely on the technology it runs on; technology cannot mask gaps in capabilities. You must be capable in your environment – data management, data quality, and related data practices must be strong, otherwise the usefulness of the intelligence suffers. The best BI solution does not only provide a technology platform, but also addresses the elements that surround the platform. Look beyond tools and holistically assess the maturity of your BI practice with input from both the BI consumer and provider perspectives.

    Appendix

    Detailed list of BI Types

    Style Description Strategic Importance (1-5) Popularity (1-5) Effort (1-5)
    Standards Preformatted reports Standard, preformatted information for backward-looking analysis. 5 5 1
    User-defined analyses Pre-staged information where “pick lists” enable business users to filter (select) the information they wish to analyze, such as sales for a selected region during a selected previous timeframe. 5 4 2
    Ad-hoc analyses Power users write their own queries to extract self-selected pre-staged information and then use the information to perform a user-created analysis. 5 4 3
    Scorecards and dashboards Predefined business performance metrics about performance variables that are important to the organization, presented in a tabular or graphical format that enables business users to see at a glance how the organization is performing. 4 4 3
    Multidimensional analysis (OLAP) Multidimensional analysis (also known as On-line analytical processing): Flexible tool-based user-defined analysis of business performance and the underlying drivers or root causes of that performance. 4 3 3
    Alerts Predefined analyses of key business performance variables, comparison to a performance standard or range, and communication to designated businesspeople when performance is outside the predefined performance standard or range. 4 3 3
    Advanced Analytics Application of long-established statistical and/or operations research methods to historical business information to look backward and characterize a relevant aspect of business performance, typically by using descriptive statistics 5 3 4
    Predictive Analytics Application of long-established statistical and/or operations research methods to historical business information to predict, model, or simulate future business and/or economic performance and potentially prescribe a favored course of action for the future 5 3 5

    Our BI strategy approach follows Info-Tech’s popular IT Strategy Framework

    A comprehensive BI strategy needs to be developed under the umbrella of an overall IT strategy. Specifically, creating a BI strategy is contributing to helping IT mature from a firefighter to a strategic partner that has close ties with business units.

    1. Determine mandate and scope 2. Assess drivers and constraints 3. Evaluate current state of IT 4. Develop a target state vision 5. Analyze gaps and define initiatives 6. Build a roadmap 8. Revamp 7. Execute
    Mandate Business drivers Holistic assessments Vision and mission Initiatives Business-driven priorities
    Scope External drivers Focus-area specific assessments Guiding principles Risks
    Project charter Opportunities to innovate Target state vision Execution schedule
    Implications Objectives and measures

    This BI strategy blueprint is rooted in our road-tested and proven IT strategy framework as a systematic method of tackling strategy development.

    Research contributors

    Internal Contributors

    • Andy Woyzbun, Executive Advisor
    • Natalia Nygren Modjeska, Director, Data & Analytics
    • Crystal Singh, Director, Data & Analytic
    • Andrea Malick, Director, Data & Analytics
    • Raj Parab, Director, Data & Analytics
    • Igor Ikonnikov, Director, Data & Analytics
    • Andy Neill, Practice Lead, Data & Analytics
    • Rob Anderson, Manager Sales Operations
    • Shari Lava, Associate Vice-President, Vendor Advisory Practice

    External Contributors

    • Albert Hui, Principal, DataEconomist
    • Cameran Hetrick, Senior Director of Data Science & Analytics, thredUP
    • David Farrar, Director – Marketing Planning & Operations, Ricoh Canada Inc
    • Emilie Harrington, Manager of Analytics Operations Development, Lowe’s
    • Sharon Blanton, VP and CIO, The College of New Jersey
    • Raul Vomisescu, Independent Consultant

    Research contributors and experts

    Albert Hui

    Consultant, Data Economist

    Albert Hui is a cofounder of Data Economist, a data-consulting firm based in Toronto, Canada. His current assignment is to redesign Scotiabank’s Asset Liability Management for its Basel III liquidity compliance using Big Data technology. Passionate about technology and problem solving, Albert is an entrepreneur and result-oriented IT technology leader with 18 years of experience in consulting and software industry. His area of focus is on data management, specializing in Big Data, business intelligence, and data warehousing. Beside his day job, he also contributes to the IT community by writing blogs and whitepapers, book editing, and speaking at technology conferences. His recent research and speaking engagement is on machine learning on Big Data.

    Albert holds an MBA from the University of Toronto and a master’s degree in Industrial Engineering. He has twin boys and enjoys camping and cycling with them in his spare time.

    Albert Hui Consultant, Data Economist

    Cameran Hetrick

    Senior Director of Analytics and Data Science, thredUP

    Cameran is the Senior Director of Analytics and Data Science at thredUP, a startup inspiring a new generation to think second hand first. There she helps drives top line growth through advanced and predictive analytics. Previously, she served as the Director of Data Science at VMware where she built and led the data team for End User Computing. Before moving to the tech industry, she spent five years at The Disneyland Resort setting ticket and hotel prices and building models to forecast attendance. Cameran holds an undergraduate degree in Economics/Mathematics from UC Santa Barbara and graduated with honors from UC Irvine's MBA program.

    Cameran Hetrick Senior Director of Analytics and Data Science, thredUP

    Bibliography

    Bange, Carsten and Wayne Eckerson. “BI and Data Management in the Cloud: Issues and Trends.” BARC and Eckerson Group, January 2017. Web.

    Business Intelligence: The Strategy Imperative for CIOs. Tech. Information Builders. 2007. Web. 1 Dec. 2015.

    COBIT 5: Enabling Information. Rolling Meadows, IL: ISACA, 2013. Web.

    Dag, Naslund, Emma Sikander, and Sofia Oberg. "Business Intelligence - a Maturity Model Covering Common Challenges." Lund University Publications. Lund University, 2014. Web. 23 Oct. 2015.

    “DAMA Guide to the Data Management Body of Knowledge (DAMA-DMBOK Guide).” First Edition. DAMA International. 2009. Digital. April 2014.

    Davenport, Thomas H. and Bean, Randy. “Big Data and AI Executive Survey 2019.” NewVantage Partners LLC. 2019. Web.

    "Debunking the Business of Analytics." Experian Data Quality. Sept. 2013. Web.

    Bibliography

    Drouin, Sue. "Value Chain." SAP Analytics. February 27, 2015.

    Farrar, David. “BI & Data analytics workshop feedback.” Ricoh Canada. Sept. 2019.

    Fletcher, Heather. "New England Patriots Use Analytics & Trigger Emails to Retain Season Ticket Holders." Target Marketing. 1 Dec. 2011. Web.

    Gonçalves, Alex. "Social Media Analytics Strategy - Using Data to Optimize Business Performance.” Apress. 2017.

    Imhoff, Claudia, and Colin White. "Self Service Business Intelligence: Empowering Users to Generate Insights." SAS Resource Page. The Data Warehouse Institute, 2011. Web.

    Khamassi, Ahmed. "Building An Analytical Roadmap : A Real Life Example." Wipro. 2014.

    Kuntz, Jerry, Pierre Haren, and Rebecca Shockley. IBM Insight 2015 Teleconference Series. Proc. of Analytics: The Upside of Disruption. IBM Institute for Business Value, 19 Oct. 2015. Web.

    Kwan, Anne , Maximillian Schroeck, Jon Kawamura. “Architecting and operating model, A platform for accelerating digital transformation.” Part of a Deliotte Series on Digital Industrial Transformation, 2019. Web.

    Bibliography

    Lebied, Mona. "11 Steps on Your BI Roadmap To Implement A Successful Business Intelligence Strategy." Business Intelligence. July 20, 2018. Web.

    Light, Rob. “Make Business Intelligence a Necessity: How to Drive User Adoption.” Sisense Blog. 30 July 2018.

    Mazenko, Elizabeth. “Avoid the Pitfalls: 3 Reasons 80% of BI Projects Fail.” BetterBuys. October 2015.

    Marr, Bernard. "Why Every Business Needs A Data And Analytics Strategy.” Bernard Marr & Co. 2019.

    Mohr, Niko and Hürtgen, Holger. “Achieving Business Impact with Data.” McKinsey. April 2018.

    MIT Sloan Management

    Quinn, Kevin R. "Worst Practices in Business Intelligence: Why BI Applications Succeed Where BI Tools Fail." (2007): 1-19. BeyeNetwork. Information Builders, 2007. Web. 1 Dec. 2015.

    Ringdal, Kristen. "Learning multilevel Analysis." European social Survey. 2019.

    Bibliography

    Schaefer, Dave, Ajay Chandramouly, Burt Carmak, and Kireeti Kesavamurthy. "Delivering Self-Service BI, Data Visualization, and Big Data Analytics." IT@Intel White Paper (2013): 1-11. June 2013. Web. 30 Nov. 2015.

    Schultz, Yogi. “About.” Corvelle Consulting. 2019.

    "The Current State of Analytics: Where Do We Go From Here?" SAS Resource Page. SAS & Bloomberg Businessweek, 2011. Web.

    "The Four Steps to Defining a Customer Analytics Strategy." CCG Analytics Solutions & Services. Nov 10,2017.

    Traore, Moulaye. "Without a strategic plan, your analytics initiatives are risky." Advisor. March 12, 2018. web.

    Wells, Dave. "Ten Mistakes to Avoid When Gathering BI Requirements." Engineering for Industry. The Data Warehouse Institute, 2008. Web.

    “What is a Business Intelligence Strategy and do you need one?” Hydra. Sept 2019. Web.

    Williams, Steve. “Business Intelligence Strategy and Big Data Analytics.” Morgan Kaufman. 2016.

    Wolpe, Toby. "Case Study: How One Firm Used BI Analytics to Track Staff Performance | ZDNet." ZDNet. 3 May 2013. Web.

    Yuk, Mico. “11 Reasons Why Most Business Intelligence Projects Fail.” Innovative enterprise Channels. May 2019.

    2022 Tech Trends

    • Buy Link or Shortcode: {j2store}94|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The post-pandemic workplace continues to shift and requires collaboration between remote workers and office workers.
    • Digital transformation has accelerated across every organization and CIOs must maneuver to keep pace.
    • Customer expectations have shifted, and spending habits are moving away from in-person activities to online.
    • IT must improve its maturity in key capabilities to maintain relevance in the organization.

    Our Advice

    Critical Insight

    • Improve the capabilities that matter. Focus on IT capabilities that are most relevant to competing in the digital economy and will enable the CEO's mission for growth.
    • Assess how external environment presents opportunities or threats to your organization using a scenarios approach, then chart a plan.

    Impact and Result

    • Use the data and analysis from Info-Tech's 2022 Tech Trends report to inform your digital strategic plan.
    • Discover the five trends shaping IT's path in 2022 and explore use cases for emerging technologies.
    • Hear directly from leading subject matter experts on each trend with featured episodes from our Tech Insights podcast.

    2022 Tech Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. 2022 Tech Trends Report – A deck that discusses five use cases that can improve on your organization’s ability to compete in the digital economy.

    The post-pandemic pace of change continues to accelerate as the economic rapidly becomes more digital. To keep pace with shifting consumer expectations, CIOs must help the CEO compete in the digital economy by focusing on five key capabilities: innovation, human resources management, data architecture, security strategy, and business process controls and internal audit. Raising maturity in these capabilities will help CIOs deliver on opportunities to streamline back-office processes and develop new lines of revenue.

    • 2022 Tech Trends Report

    Infographic

    Further reading

    2022 Tech Trends

    Enabling the digital economy

    Supporting the CEO for growth

    The post-pandemic pace of change

    The disruptions to the way we work caused by the pandemic haven’t bounced back to normal.

    As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 through to September 2021, collecting 475 responses. We asked some of the same questions as last year’s survey so we can compare results as well as new questions to explore new trends.

    How much do you expect your organization to change permanently compared to how it was operating before the pandemic?

    • 7% – No change. We'll keep doing business as we always have.
    • 33% – A bit of change. Some ways of working will shift long term
    • 47% – A lot of change. The way we work will be differ in many ways long term. But our business remains...
    • 13% – Transformative change. Our fundamental business will be different and we'll be working in new ways.

    This year, about half of IT professionals expect a lot of change to the way we work and 13% expect a transformative change with a fundamental shift in their business. Last year, the same percentage expected a lot of change and only 10% expected transformative change.

    30% more professionals expect transformative permanent change compared to one year ago.

    47% of professionals expect a lot of permanent change; this remains the same as last year. (Info-Tech Tech Trends 2022 Survey)

    The pandemic accelerated the speed of digital transformation

    With the massive disruption preventing people from gathering, businesses shifted to digital interactions with customers.

    A visualization of the growth of 'Global average share of customer interactions that are digital' from December 2019 to July 2020. In that time it went from 36% to 58% with an 'Acceleration of 3 years'.

    Companies also accelerated the pace of creating digital or digitally enhanced products and services.

    A visualization of the growth of 'Global average share of partially or fully digitized products and/or services' from December 2019 to July 2020. In that time it went from 35% to 55% with an 'Acceleration of 7 years'. (McKinsey, 2020)

    “The Digital Economy incorporates all economic activity reliant on or significantly enhanced by the use of digital inputs, including digital technologies, digital infrastructure, digital services and data.” (OECD Definition)

    IT must enable participation in the digital economy

    Consumer spending is tilting more digital.

    Consumers have cut back spending on sectors where purchases are mostly made offline. That spending has shifted to digital services and online purchases. New habits formed during the pandemic are likely to stick for many consumers, with a continued shift to online consumption for many sectors.

    Purchases on online platforms are projected to rise from 10% today to 33% by 2030.

    Estimated online share of consumption
    Recreation & culture 30%
    Restaurants & hotels 50%
    Transport 10%
    Communications 90%
    Education 50%
    Health 20%
    Housing & utilities 50%
    (HSBC, 2020)

    Changing customer expectations pose a risk.

    IT practitioners agree that customer expectations are changing. They expect this to be more likely to disrupt their business in the next 12 months than new competition, cybersecurity incidents, or government-enacted policy changes.

    Factors likely to disrupt business in next 12 months
    Government-enacted policy changes 22%
    Cybersecurity incidents 56%
    Regulatory changes 45%
    Established competitor wins 26%
    New player enters the market 23%
    Changing customer expectations 68%
    (Info-Tech Tech Trends 2022 Survey)

    This poses a challenge to IT departments below the “expand” level of maturity

    CIOs must climb the maturity ladder to help CEOs drive growth.

    Most IT departments rated their maturity in the “optimize” or “support” level on Info-Tech’s maturity ladder.

    CIOs at the “optimize” level can play a role in digital transformation by improving back-office processes but should aim for a higher mandate.

    CIOs achieving at the “expand” level can help directly improve revenues by improving customer-facing products and services, and those at the “transform” level can help fundamentally change the business to create revenue in new ways. CIOs can climb the maturity ladder by enabling new digital capabilities.

    Maturity is heading in the wrong direction.

    Only half of IT practitioners described their department’s maturity as “transform” compared to last year’s survey, and more than twice the number rated themselves as “struggle.”

    A colorful visualization of the IT 'Maturity Ladder' detailing levels of IT function within an organization. Percentages represent answers from IT practitioners to an Info-Tech survey about the maturity level of their company. Starting from the bottom: 13% answered 'Struggle', compared to 6% in 2020; 35% answered 'Support'; 37% answered 'Optimize'; 12% answered 'Expand'; and only 3% answered 'Transform', compared to 6% in 2020.

    48% rate their IT departments as low maturity.

    Improve maturity by focusing on key capabilities to compete in the digital economy

    Capabilities to unlock digital

    Innovation: Identify innovation opportunities and plan how to use technology innovation to create a competitive advantage or achieve improved operational effectiveness and efficiency.

    Human Resources Management: Provide a structured approach to ensure optimal planning, evaluation, and development of human resources.

    Data Architecture: Manage the business’ data stores, including technology, governance, and people that manage them. Establish guidelines for the effective use of data.

    Security Strategy: Define, operate, and monitor a system for information security management. Keep the impact and occurrence of information security incidents within risk appetite levels.

    Business Process Controls and Internal Audit: Manage business process controls such as self-assessments and independent assurance reviews to ensure information related to and used by business processes meets security and integrity requirements. (ISACA, 2020)

    A periodic table-esque arrangement of Info-Tech tools and templates titled 'IT Management and Governance Framework', subtitled 'A comprehensive and connected set of research to help you optimize and improve your core IT processes', and anchored by logos for Info-Tech and COBIT. Color-coded sections with highlighted tools or templates are: 'Strategy and Governance' with 'APO04 Innovation' highlighted; 'People and Resources' with 'APO07 Human Resources Management' highlighted; 'Security and Risk' with 'APO13 Security Strategy' and 'DSS06 MEA02 Business Process Controls and Internal Audit' highlighted; 'Data and BI' with 'ITRG07 Data Architecture' highlighted. Other sections are 'Financial Management', 'Service planning and architecture', 'Infrastructure and operations', 'Apps', and 'PPM and projects'.

    5 Tech Trends for 2022

    In this report, we explore five use cases for emerging technology that can improve on capabilities needed to compete in the digital economy. Use cases combine emerging technologies with new processes and strategic planning.

    DIGITAL ECONOMY

    TREND 01 | Human Resources Management

    HYBRID COLLABORATION
    Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

    TREND 02 | Security Strategy

    BATTLE AGAINST RANSOMWARE
    Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

    TREND 03 | Business Process Controls and Internal Audit

    CARBON METRICS IN ENERGY 4.0
    Use internet of things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

    TREND 04 | Data Architecture

    INTANGIBLE VALUE CREATION
    Provide governance around digital marketplace and manage implications of digital currency. Use blockchain technology to turn unique intellectual property into saleable digital products

    TREND 05 | Innovation

    AUTOMATION AS A SERVICE
    Automate business processes and access new sophisticated technology services through platform integration.

    Hybrid Collaboration

    TREND 01 | HUMAN RESOURCES MANAGEMENT

    Provide a digital employee experience that is flexible, contextual, and free from the friction of hybrid operating models.

    Emerging technologies:
    Intelligent conference rooms; intelligent workflows, platforms

    Introduction

    Hybrid work models enable productive, diverse, and inclusive talent ecosystems necessary for the digital economy.

    Hybrid work models have become the default post-pandemic work approach as most knowledge workers prefer the flexibility to choose whether to work remotely or come into the office. CIOs have an opportunity lead hybrid work by facilitating collaboration between employees mixed between meeting at the office and virtually.

    IT departments rose to the challenge to quickly facilitate an all-remote work scenario for their organizations at the outset of the pandemic. Now they must adapt again to facilitate the hybrid work model, which brings new friction to collaboration but also new opportunities to hire a talented, engaged, and diverse workforce.

    79% of organizations will have a mix of workers in the office and at home. (Info-Tech Tech Trends 2022 Survey)

    35% view role type as a determining factor in the feasibility of the hybrid work model.

    Return-to-the-office tensions

    Only 18% of employees want to return to the office full-time.

    But 70% of employers want people back in the office. (CNBC, April 2021)

    Signals

    IT delivers the systems needed to make the hybrid operating model a success.

    IT has an opportunity to lead by defining the hybrid operating model through technology that enables collaboration. To foster collaboration, companies plan to invest in the same sort of tools that helped them cope during the pandemic.

    As 79% of organizations envision a hybrid model going forward, investments into hybrid work tech stacks – including web conferencing tools, document collaboration tools, and team workspaces – are expected to continue into 2022.

    Plans for future investment in collaboration technologies

    Web Conferencing 41%
    Document Collaboration and Co-Authoring 39%
    Team Workspaces 38%
    Instant Messaging 37%
    Project and Task Management Tools 36%
    Office Meeting Room Solutions 35%
    Virtual Whiteboarding 30%
    Intranet Sites 21%
    Enterprise Social Networking 19%
    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    COVID-19

    Vaccination rates around the world are rising and allowing more offices to welcome back workers because the risk of COVID-19 transmission is reduced and jurisdictions are lifting restrictions limiting gatherings.

    Worker satisfaction

    Most workers don't want to go to the office full-time. In a Bloomberg poll (2021), almost half of millennial and Gen Z workers say they would quit their job if not given an option to work remotely.

    IT spending

    Companies are investing more into IT budgets to find ways to support a mix of remote work and in-office resources to cope with work disruption. This extra spending is offset in some cases by companies saving money from having employees work from home some portion of the time. (CIO Dive, 2021)

    Risks and Benefits

    Benefits

    Flexibility Employees able to choose between working from home and working in the office have more control over their work/life balance.
    Intelligence Platforms that track contextual work relationships can accelerate workflows through smart recommendations that connect people at the right time, in the right place.
    Talent Flexible work arrangements provide businesses with access to the best talent available around the world and employees with more career options as they work from a home office (The Official Microsoft Blog, 2021).

    Risks

    Uncertainty The pandemic lacks a clear finish line and local health regulations can still waver between strict control of movement and open movement. There are no clear assurances of what to expect for how we'll work in the near future.
    FOMO With some employees going back to the office while others remain at home, employee bases could be fractured along the lines of those seeing each other in person every day and those still connecting by videoconference.
    Complexity Workers may not know in advance whether they're meeting certain people in person or online, or a mix of the two. They'll have to use technology on the fly to try and collaborate across a mixed group of people in the office and people working remotely (McKinsey Quarterly, 2021).

    “We have to be careful what we automate. Do we want to automate waste? If a company is accustomed to having a ton of meetings and their mode in the new world is to move that online, what are you going to do? You're going to end up with a lot of fatigue and disenchantment…. You have to rethink your methods before you think about the automation part of it." (Vijay Sundaram, Chief Strategy Officer, Zoho)

    Photo of Vijay Sundaram, Chief strategy officer, Zoho.

    Listen to the Tech Insights podcast: Unique approach to hybrid collaboration

    Case Study: Zoho

    Situation

    Zoho Corp. is a cloud software firm based in Chennai, India. It develops a wide range of cloud software, including enterprise collaboration software and productivity tools. Over the past decade, Zoho has used flexible work models to grant remote work options to some employees.

    When the coronavirus pandemic hit, not only did the office have to shut down but also many employees had to relocate back with families in rural areas. The human costs of the pandemic experienced by staff required Zoho to respond by offering counseling services and material support to employees.

    Complication

    Zoho prides itself as an employee-centric company and views its culture as a community that's purpose goes beyond work. That sense of community was lost because of the disruption caused by the pandemic. Employees lost their social context and their work role models. Zoho had to find a way to recreate that without the central hub of the office or find a way to work with the limitations of it not being possible.

    Resolution

    To support employees in rural settings, Zoho sent out phones to provide redundant bandwidth. As lockdowns in India end, Zoho is taking a flexible approach and giving employees the option to come to the office. It's seeing more people come back each week, drawn by the strong community.

    Zoho supports the hybrid mix of workers by balancing synchronous and asynchronous collaboration. It holds meetings when absolutely necessary through tools like Zoho Meet but tries to keep more work context to asynchronous collaboration that allows people to complete tasks quickly and move on. Its applications are connected to a common platform that is designed to facilitate workflows between employees with context and intelligence. (Interview with Vijay Sundaram, Chief Strategy Officer, Zoho)

    “We tend to think of it on a continuum of synchronous to asynchronous work collaboration. It’s become the paramount norm for so many different reasons…the point is people are going to work at different times in different locations. So how do we enable experiences where everyone can participate?" (Jason Brommet, Head of Modern Work and Security Business Group at Microsoft)

    Photo of Jason Brommet, Head of Modern Work and Security Business Group at Microsoft.

    Listen to the Tech Insights podcast: Microsoft on the ‘paradox of hybrid work’

    Case Study: Microsoft

    Situation

    Before the pandemic, only 18% of Microsoft employees were working remotely. As of April 1, 2020, they were joined by the other 82% of non-essential workers at the company in working remotely.

    As with its own customers, Microsoft used its own software to enable this new work experience, including Microsoft Teams for web conferencing and instant messaging and Office 365 for document collaboration. Employees proved just as productive getting their work done from home as they were working in the office.

    Complication

    At Microsoft, the effects of firm-wide remote work changed the collaboration patterns of the company. Even though a portion of the company was working remotely before the pandemic, the effects of everyone working remotely were different. Employees collaborated in a more static and siloed way, focusing on scheduled meetings with existing relationships. Fewer connections were made with more disparate parts of the organization. There was also a decrease in synchronous communication and an increase in asynchronous communication.

    Resolution

    Microsoft is creating new tools to break down the silos in organizations that are grappling with hybrid work challenges. For example, Viva Insights is designed to inform workers about their collaboration habits with analytics. Microsoft wants to provide workers with insights on their collaborative networks and whether they are creating new connections or deepening existing connections. (Interview with Jason Brommet, Head of Modern Work and Security Business Group, Microsoft; Nature Human Behaviour, 2021)

    What's Next?

    Distributed collaboration space:

    International Workplace Group says that more companies are taking advantage of its full network deals on coworking spaces. Companies such as Standard Charter are looking to provide their workers with a happy compromise between working from home and making the commute all the way to the central office. The hub-and-spoke model gives employees the opportunity to work near home and looks to be part of the hybrid operating model mix for many companies. (Interview with Wayne Berger, CEO of IWG Canada & Latin America)

    Optimized hybrid meetings:

    Facilitating hybrid meetings between employees grouped in the office and remote workers will be a major pain point. New hybrid meeting solutions will provide cameras embedded with intelligence to put boardroom participants into independent video streams. They will also focus on making connecting to the same meeting from various locations as convenient as possible and capture clear and crisp audio from each speaker.

    Uncertainties

    Mix between office and remote work:

    It's clear we're not going to work the way we used to previously with central work hubs, but full-on remote work isn't the right path forward either. A new hybrid work model is emerging, and organizations are experimenting to find the right approach.

    Attrition:

    Between April and September 2021, 15 million US workers quit their jobs, setting a record pace. Employees seek a renewed sense of purpose in their work, and many won’t accept mandates to go back to the office. (McKinsey, 2021)

    Equal footing in meetings:

    What are the new best practices for conducting an effective meeting between employees in the office and those who are remote? Some companies ask each employee to connect via a laptop. Others are using conference rooms with tech to group in-office workers together and connect them with remote workers.

    Hybrid Collaboration Scenarios

    Organizations can plan their response to the hybrid work context by plotting their circumstances across two continuums: synchronous to asynchronous collaboration approach and remote work to central hub work model.

    A map of hybrid collaboration scenarios with two axes representing 'Work Context, From all remote work to gathering in a central hub' and 'Collaboration Style, From collaborating at the same time to collaborating at different times'. The axes split the map into quarters. 'Work Context' ranges from 'Remote Work' on the left to 'Central Hub' on the right. 'Collaboration Style' ranges from 'Synchronous' on top to 'Asynchronous' on bottom. The top left quarter, synchronous remote work, reads 'Virtual collective collaboration via videoconference and collaboration software, with some workers meeting in coworking spaces.' The top right quarter, synchronous central hub, reads 'In-person collective collaboration in the office.' The bottom left quarter, asynchronous remote work, reads 'Virtual group collaboration via project tracking tools and shared documents.' The bottom right quarter, asynchronous central hub, reads 'In-person group collaboration in coworking spaces and the main office.'

    Recommendations

    Rethink technology solutions. Don't expect your pre-pandemic videoconference rooms to suffice. And consider how to optimize your facilities and infrastructure for hot-desking scenarios.

    Optimize remote work. Shift from the collaboration approach you put together just to get by to the program you'll use to maximize flexibility.

    Enable effective collaboration. Enable knowledge sharing no matter where and when your employees work and choose the best collaboration software solutions for your scenario.

    Run better meetings. Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    89% of organizations invested in web conferencing technology to facilitate better collaboration, but only 43% invested in office meeting room solutions. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Battle Against Ransomware

    TREND 02 | SECURITY STRATEGY

    Prevent ransomware infections and create a response plan for a worst-case scenario. Collaborate with relevant external partners to access resources and mitigate risks.

    Emerging technologies:
    Open source intelligence; AI-powered threat detection

    “It has been a national crisis for some time…. For every [breach] that hits the news there are hundreds that never make it.” (Steve Orrin, Federal Chief Technology Officer, Intel)

    Photo of Steve Orrin, Federal Chief Technology Officer, Intel.

    Listen to the Tech Insights podcast: Ransomware crisis and AI in military

    Introduction

    Between 2019 and 2020, ransomware attacks rose by 62% worldwide and by 158% in North America. (PBS NewsHour, 2021)

    Security strategies are crucial for companies to control access to their digital assets and confidential data, providing it only to the right people at the right time. Now security strategies must adapt to a new caliber of threat in ransomware to avoid operational disruption and reputational damage.

    In 2021, ransomware attacks exploiting flaws in widely used software from vendors Kaseya, SolarWinds, and Microsoft affected many companies and saw record-breaking ransomware payments made to state-sponsored cybercriminal groups.

    After a ransomware attack caused Colonial Pipeline to shut down its pipeline operations across the US, the ransomware issue became a topic of federal attention with executives brought before Senate committees. A presidential task force to combat ransomware was formed.

    62% of IT professionals say they are more concerned about being a victim of ransomware than they were one year ago. (Info-Tech Tech Trends 2022 Survey)

    $70 million demanded by REvil gang in ransom to unlock firms affected by the Kaseya breach. (TechRadar, 2021)

    Signals

    Organizations are taking a multi-faceted approach to preparing for the event of a ransomware breach.

    The most popular methods to prepare for ransomware are to buy an insurance policy or create offline backups and redundant systems. Few are making an effort to be aware of free decryption tools, and only 2% admit to budgeting to pay ransoms.

    44% of IT professionals say they spent time and money specifically to prevent ransomware over the past year. (Info-Tech Tech Trends 2022 Survey)

    Approaches to prepare for ransomware

    Kept aware of free decryption tools available 9%
    Set aside budget to pay ransoms 2%
    Designed network to contain ransomware 24%
    Implemented technology to eradicate ransomware 36%
    Created a specific incident response plan for ransomware 26%
    Created offline backups and redundant systems 41%
    Purchased insurance covering cyberattacks 47%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    National security concerns

    Attacks on US infrastructure and government agencies have prompted the White House to treat ransomware as a matter of national security. The government stance is that Russia supports the attacks. The US is establishing new mechanisms to address the threat. Plans include new funding to support ransomware response, a mandate for organizations to report incidents, and requirements for organizations to consider the alternatives before paying a ransom. (Institute for Security and Technology, 2021)

    Advice from cybersecurity insurance providers

    Increases in ransom payouts have caused cybersecurity insurance providers to raise premiums and put in place more security requirements for policyholders to try and prevent ransomware infection. However, when clients are hit with ransomware, insurance providers advise to pay the ransom as it's usually the cheapest option. (ProPublica, 2019)

    Reputational damage

    Ransomware attacks also often include a data breach event with hackers exfiltrating the data before encrypting it. Admitting a breach to customers can seriously damage an organization's reputation as trustworthy. Organizations may also be obligated to pay for credit protection of their customers. (Interview with Frank Trovato, Research Director – Infrastructure, Info-Tech Research Group)

    Risks and Benefits

    Benefits

    Privacy Protecting personal data from theft improves people’s confidence that their privacy is being respected and they are not at risk of identity theft.
    Productivity Ransomware can lock out employees from critical work systems and stop them from being able to complete their tasks.
    Access Ransomware has prevented public access to transportation, healthcare, and any number of consumer services for days at a time. Ransomware prevention ensures public service continuity.

    Risks

    Expenses Investing in cybersecurity measures to protect against attacks is becoming more expensive, and recently cybersecurity insurance premiums have gone up in response to expensive ransoms.
    Friction More security requirements could create friction between IT priorities and business priorities in trying to get work done.
    Stability If ransomware attacks become worse or cybercriminals retaliate for not receiving payments, people could find their interactions with government services and commercial services are disrupted.

    Case Study: Victim to ransomware

    Situation

    In February 2020, a large organization found a ransomware note on an admin’s workstation. They had downloaded a local copy of the organization’s identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

    Complication

    Because private information of employees and customers was breached, the organization decided to voluntarily inform the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

    The organization decided not to pay the ransom because it didn’t need the data back, since it had a copy on an unaffected server.

    Resolution

    After a one-day news cycle for the breach, the story about the ransom was over. The organization also received praise for handling the situation well and quickly informing stakeholders.

    The breach motivated the organization to put more protections in place. It implemented a deny-by-default network and turned off remote desktop protocol and secure shell. It mandated multi-factor authentication and put in a new endpoint-detection and response system. (Interview with CIO of large enterprise)

    What's Next

    AI for cybersecurity:

    New endpoint protections using AI are being deployed to help defend against ransomware and other cybersecurity intrusions. The solutions focus on the prevention and detection of ransomware by learning about the expected behavior of an environment and then detecting anomalies that could be attack attempts. This type of approach can be applied to everything from reading the contents of an email to helping employees detect phishing attempts to lightweight endpoint protection deployed to an Internet of Things device to detect an unusual connection attempt.

    Unfortunately, AI is a tool available to both the cybersecurity industry and hackers. Examples of hackers tampering with cybersecurity AI to bypass it have already surfaced. (Forbes, 23 Sept. 2021)

    Uncertainties

    Government response:

    In the US, the Ransomware Task Force has made recommendations to the government but it's not clear whether all of them will be followed. Other countries such as Russia are reported to be at least tolerating ransomware operations if not supporting them directly with resources.

    Supply chain security:

    Sophisticated attacks using zero-day exploits in widely used software show that organizations simply can't account for every potential vulnerability.

    Arms escalation:

    The ransomware-as-a-service industry is doing good business and finding new ways to evade detection by cybersecurity vendors. New detection techniques involving AI are being introduced by vendors, but will it just be another step in the back-and-forth game of one-upmanship? (Interview with Frank Trovato)

    Battle Against Ransomware Scenarios

    Determine your organization’s threat profile for ransomware by plotting two variables: the investment made in cybersecurity and the sophistication level of attacks that you should be prepared to guard against.

    A map of Battle Against Ransomware scenarios with two axes representing 'Attack Sophistication, From off-the-shelf, ransomware-as-a-service kits to state-sponsored supply chain attacks' and 'Investment in Cybersecurity, From low, minimal investment to high investment for a multi-layer approach.'. The axes split the map into quarters. 'Attack Sophistication' ranges from 'Ransomware as a Service' on the left to 'State-Sponsored' on the right. 'Investment in Cybersecurity' ranges from 'High' on top to 'Low' on bottom. The top left quarter, highly invested ransomware as a service, reads 'Organization is protected from most ransomware attacks and isn’t directly targeted by state-sponsored attacks.' The top right quarter, highly invested state-sponsored, reads 'Organization is protected against most ransomware attacks but could be targeted by state-sponsored attacks if considered a high-value target.' The bottom left quarter, low investment ransomware as a service, reads 'Organization is exposed to most ransomware attacks and is vulnerable to hackers looking to make a quick buck by casting a wide net.' The bottom right quarter, low investment state-sponsored, reads 'Organization is exposed to most ransomware attacks and risks being swept up in a supply chain attack by being targeted or as collateral damage.'

    Recommendations

    Create a ransomware incident response plan. Assess your current security practices and identify gaps. Quantify your ransomware risk to prioritize investments and run tabletop planning exercises for ransomware attacks.

    Reduce your exposure to ransomware. Focus on securing the frontlines by improving phishing awareness among staff and deploying AI tools to help flag attacks. Use multi-factor authentication. Take a zero-trust approach and review your use of RDP, SSH, and VPN.

    Require security in contracts. Security must be built into vendor contracts. Government contracts are now doing this, elevating security to the same level as functionality and support features. This puts money incentives behind improving security. (Interview with Intel Federal CTO Steve Orrin)

    42% of IT practitioners feel employees must do much more to help defend against ransomware. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Carbon Metrics in Energy 4.0

    TREND 03 | BUSINESS PROCESS CONTROLS AND INTERNAL AUDIT

    Use Internet of Things (IoT) and auditable tracking to provide insight into business process implications for greenhouse gas emissions.

    Emerging technologies:
    IoT

    Introduction

    Making progress towards a carbon-neutral future.

    A landmark report published in 2021 by the United Nations Intergovernmental Panel on Climate Change underlines that human actions can still determine the future course of climate change. The report calls on governments, individuals, and organizations to stop putting new greenhouse gas emissions into the atmosphere no later than 2050, and to be at the halfway point to achieving that by 2030.

    With calls to action becoming more urgent, organizations are making plans to reduce the use of fossil fuels, move to renewable energy sources, and reduce consumption that causes more emissions downstream. As both voluntary and mandatory regulatory requirements task organizations with reducing emissions, they will first be challenged to accurately measure the size of their footprint.

    CIOs in organizations are well positioned to make conscious decisions to both influence how technology choices impact carbon emissions and implement effective tracking of emissions across the entire enterprise.

    Canada’s CIO strategy council is calling on organizations to sign a “sustainable IT pledge” to cut emissions from IT operations and supply chain and to measure and disclose emissions annually. (CIO Strategy Council, Sustainable IT Pledge)

    SCOPE 3 – Indirect Consumption

    • Goods and services
    • Fuel, travel, distribution
    • Waste, investments, leased assets, employee activity

    SCOPE 2 – Indirect Energy

    • Electricity
    • Heat and cooling

    SCOPE 1 – Direct

    • Facilities
    • Vehicles

    Signals

    Emissions tracking requires a larger scope.

    About two-thirds of organizations have a commitment to reduce greenhouse gas emissions. When asked about what tactics they use to reduce emissions, the most popular options affect either scope 1 emissions (retiring older IT equipment) or scope 2 emissions (using renewable energy sources). Fewer are using tactics that would measure scope 3 emissions such as using IoT to track or using software or AI.

    68% of organizations say they have a commitment to reduce greenhouse gas emissions. (Info-Tech Tech Trends 2022 Survey)

    Approaches to reducing carbon emissions

    Using "smart technologies" or IoT to help cut emissions 12%
    Creating incentive programs for staff to reduce emissions 10%
    Using software or AI to manage energy use 8%
    Using external DC or cloud on renewable energy 16%
    Committing to external emissions standards 15%
    Retiring/updating older IT equipment 33%
    Using renewable energy sources 41%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    Investor pressure

    The world’s largest asset manager, at $7 trillion in investments, says it will move away from investing in firms that are not aligned to the Paris Agreement. (The New York Times, 2020)

    Compliance tipping point

    International charity CDP has been collecting environmental disclosure from organizations since 2002. In 2020, more than 9,600 of the world’s largest companies – representing over 50% of global market value – took part. (CDP, 2021)

    International law

    In 2021, six countries have net-zero emissions policies in law, six have proposed legislations, and 20 have policy documents. (Energy & Climate Intelligence Unit, 2021)

    Employee satisfaction

    In 2019, thousands of workers walked out of offices of Amazon, Google, Twitter, and Microsoft to demand their employers do more to reduce carbon emissions. (NBC News, 2021)

    High influence factors for carbon reduction

    • 25% – New government laws or policies
    • 9% – External social pressures
    • 9% – Pressure from investors
    • 8% – International climate compliance efforts
    • 7% – Employee satisfaction

    (Info-Tech Tech Trends 2022 Survey)

    Risks and Benefits

    Benefits

    Trust Tracking carbon emissions creates transparency into an organization’s operations and demonstrates accountability to its carbon emissions reduction goals.
    Innovation As organizations become more proficient with carbon measurement and modeling, insights can be leveraged as a decision-making tool.
    Resilience Reducing energy usage shrinks your carbon footprint, increases operational efficiency, and decreases energy costs.

    Risks

    Regulatory Divergence Standardization of compliance enforcement around carbon emissions is a work in progress. Several different voluntary frameworks exist, and different governments are taking different approaches including taxation and cap-and-trade markets.
    Perceptions Company communications that speak to emissions reduction targets without providing proof can be accused of “greenwashing” or falsely trying to improve public perception.
    Financial Pain Institutional investments are requiring clear commitments and plans to reduce greenhouse gases. Some jurisdictions are now taxing carbon emissions.

    “When you can take technology and embed that into management change decisions that impact the environment, you can essentially guarantee that [greenhouse gas] offset. Companies that are looking to reduce their emissions can buy those offsets and it creates value for everybody.” (Wade Barnes, CEO and founder of Farmers Edge)

    Photo of Wade Barnes, CEO and founder of Farmers Edge.

    Listen to the Tech Insights podcast: The future of farming is digital

    Case Study

    Situation

    The Alberta Technology Innovation and Emissions Reduction Regulation is Alberta’s approach to reduce emissions from large industrial emitters. It prices GHG and provides a trading system.

    No-till farming and nitrogen management techniques sequester up to 0.3 metric tons of GHG per year.

    Complication

    Farmers Edge offers farmers a digital platform that includes IoT and a unified data warehouse. It can turn farm records into digital environmental assets, which are aggregated and sold to emitters.

    Real-time data from connected vehicles, connected sensors, and other various inputs can be verified by third-party auditors.

    Resolution

    Farmers Edge sold aggregated carbon offsets to Alberta power producer Capital Power to help it meet regulatory compliance.

    Farmers Edge is expanding its platform to include farmers in other provinces and in the US, providing them opportunity to earn revenue via its Smart Carbon program.

    The firm is working to meet standards outlined by the U.S. Department of Agriculture’s Natural Resources Conservation Service. (Interview with Wade Barnes, CEO, Farmers Edge)

    What's Next

    Global standards:

    The International Sustainability Standards Board (ISSB) has been formed by the International Financial Reporting Standards Foundation and will have its headquarters location announced in November at a United Nations conference. The body is already governing a set of global standards that have a roadmap for development through 2023 through open consultation. The standards are expected to bring together the multiple frameworks for sustainability standards and offer one global set of standards. (Business Council of Canada, 2021)

    CIOs take charge:

    The CIO is well positioned to take the lead role on corporate sustainability initiatives, including measuring and reducing an organization’s carbon footprint (or perhaps even monetizing carbon credits for an organization that is a negative emitter). CIOs can use their position as facilities managers and cross-functional process owners and mandate to reduce waste and inefficiency to take accountability for this important role. CIOs will expand their roles to deliver transparent and auditable reporting on environmental, social, and governance (ESG) goals for the enterprise.

    Uncertainties

    International resolve:

    Fighting the climate crisis will require governments and private sector collaboration from around the world to commit to creating new economic structures to discourage greenhouse gas emissions and incentivize long-term sustainable thinking. If some countries or private sector forces continue to prioritize short-term gains over sustainability, the U.N.’s goals won’t be achieved and the human costs as a result of climate change will become more profound.

    Cap-and-trade markets:

    Markets where carbon credits are sold to emitters are organized by various jurisdictions around the world and have different incentive structures. Some are created by governments and others are voluntary markets created by industry. This type of organization for these markets limits their size and makes it hard to scale the impact. Organizations looking to sell carbon credits at volume face the friction of having to navigate different compliance rules for each market they want to participate in.

    Carbon Metrics in Energy 4.0 Scenarios

    Determine your organization’s approach to measuring carbon dioxide and other greenhouse gas emissions by considering whether your organization is likely to be a high emitter or a carbon sink. Also consider your capability to measure and report on your carbon footprint.

    A map of Carbon Metrics in Energy 4.0 scenarios with two axes representing 'Quantification Capability, From not tracking any emissions whatsoever to tracking all emissions at every scope' and 'Greenhouse Gas Emissions, From mitigating more emissions than you create to emitting more than regulations allow'. The axes split the map into quarters. 'Quantification Capability' ranges from 'No Measures' on the left to 'All Emissions Measured' on the right. 'Greenhouse Gas Emissions' ranges from 'More Than Allowed' on top to 'Net-Negative' on bottom. The top left quarter, no measures and more than allowed, reads 'Companies that are likely to be high emitters and not measuring will attract the most scrutiny from regulators and investors.' The top right quarter, all measured and more than allowed, reads 'Companies emit more than regulators allow but the measurements show a clear path to mitigation through the purchase of carbon credits.' The bottom left quarter, no measures and net-negative, reads 'Companies able to achieve carbon neutrality or even be net-negative in emissions but unable to demonstrate it will still face scrutiny from regulators.' The bottom right quarter, all measured and net-negative, reads 'Companies able to remove more emissions than they create have an opportunity to aggregate those reductions and sell on a cap-and-trade market.'

    Recommendations

    Measure the whole footprint. Devise a plan to measure scope 1, 2, and 3 greenhouse gas emissions at a level that is auditable by a third party.

    Gauge the impact of Industry 4.0. New technologies in Industry 4.0 include IoT, additive manufacturing, and advanced analytics. Make sustainability a core part of your focus as you plan out how these technologies will integrate with your business.

    Commit to net zero. Make a clear commitment to achieve net-zero emissions by a specific date as part of your organization’s core strategy. Take a continuous improvement approach to make progress towards the goal with measurable results.

    New laws from governments will have the highest degree of influence on an organization’s decision to reduce emissions. (Info-Tech Tech Trends 2022 Survey)

    Info-Tech Resources

    Intangible Value Creation

    TREND 04 | DATA ARCHITECTURE

    Use blockchain technology to turn unique intellectual property into saleable digital products. Provide governance around marketplaces where sales are made.

    Emerging technologies:
    Blockchain, Distributed Ledger Technology, Virtual Environments

    Introduction

    Decentralized technologies are propelling the digital economy.

    As the COVID-19 pandemic has accelerated our shift into virtual social and economic systems, blockchain technology poses a new technological frontier – further disrupting digital interactions and value creation by providing a modification of data without relying on third parties. New blockchain software developments are being used to redefine how central banks distribute currency and to track provenance for scarce digital assets.

    Tokenizing the blockchain

    Non-fungible tokens (NFTs) are distinct cryptographic tokens created from blockchain technology. The rarity systems in NFTs are redefining digital ownership and being used to drive creator-centric communities.

    Not crypto-currency, central currency

    Central Bank Digital Currencies (CBDC) combine the same architecture of cryptocurrencies built on blockchain with the financial authority of a central bank. These currencies are not decentralized because they are controlled by a central authority, rather they are distributed systems. (Decrypt, 2021)

    80% of banks are working on a digital currency. (Atlantic Council, 2021)

    Brands that launched NFTs

    NBA, NFL, Formula 1, Nike, Stella Artois, Coca-Cola, Mattel, Dolce & Gabbana, Ubisoft, Charmin

    Banks that launched digital currencies

    The Bahamas, Saint Kitts and Nevis, Antigua and Barbuda, Saint Lucia, Grenada

    Signals

    ID on the blockchain

    Blockchains can contain smart contracts that automatically execute given specific conditions, protecting stakeholders involved in a transaction. These have been used by central banks to automate when and how currency can be spent and by NFT platforms to attribute a unique identity to a digital asset. Automation and identity verification are the most highly valued digital capabilities of IT practitioners.

    $69.3 million – The world’s most expensive NFT artwork sale, for Beeple’s “Everydays: The First 5,000 Days” (The New York Times, Mar. 2021)

    Digital capabilities that provide high value to the organization

    E-commerce 50%
    Automation 79%
    Smart contracts 42%
    Community building and engagement 55%
    Real-time payments 46%
    Tracking provenance 33%
    Identity verification 74%

    (Info-Tech Tech Trends 2022 Survey)

    Drivers

    Financial autonomy

    Central banks view cryptocurrencies as "working against the public good" and want to maintain control over their financial system to maintain the integrity of payments and provide financial crime oversight and protections against money laundering. (Board of Governors of the Federal Reserve System, 2021)

    Bitcoin energy requirements and greenhouse gas emissions

    Annual energy consumption of the Bitcoin blockchain in China is estimated to peak in 2024 at 297 TwH and generate 130.5 million metric tons of carbon emissions. That would exceed the annual GHG of the Czech Republic and Qatar and rank in the top 10 among 182 cities and 42 industrial sectors in China. This is motiving cryptocurrency developers and central banks to move away from the energy-intensive "Proof of Work" mining approach and towards the "Proof of Stake" approach. (Nature Communications, 2021)

    Digital communities

    During the pandemic, people spent more time exploring digital spaces and interacting in digital communities. Asset ownership within those communities is a way for individuals to show their own personal investment in the community and achieve a status that often comes with additional privileges. The digital assets can also be viewed as an investment vehicle or to gain access to exclusive experiences.

    “The pillars of the music economy have always been based on three things that the artist has never had full control of. The idea of distribution is freed up. The way we are going to connect to fans in this direct to fan value prop is very interesting. The fact we can monetize it, and that money exchange, that transaction is immediate. And on a platform like S!NG we legitimately have a platform to community build…. Artists are getting a superpower.” (Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace)

    Raine Maida, Chief Product Officer, S!NG, and Singer, Our Lady Peace.

    Listen to the Tech Insights podcast: Raine Maida's startup is an NFT app for music

    Case Study

    Situation

    Artists can create works and distribute them to a wide audience more easily than ever with the internet. Publishing a drawing or a song to a website allows it to be infinitely copied. Creators can use social media accounts and digital advertisements to build up a fan base for their work and monetize it through sales or premium-access subscriber schemes.

    Complication

    The internet's capacity for frictionless distribution is a boon and a burden for artists at the same time. Protecting copyright in a digital environment is difficult because there is no way to track a song or a picture back to its creator. This devalues the work because it can be freely exchanged by users.

    Resolution

    S!NG allows creators to mint their works with a digital token that stamps its origin to the file and tracks provenance as it is reused and adapted into other works. It uses the ERC 721 standard on the Ethereum blockchain to create its NFT tokens. They are portable files that the user can create for free on the S!NG platform and are interoperable with other digital token platforms. This enables a collaboration utility by reducing friction in using other people's works while giving proper attribution. Musicians can create mix tracks using the samples of others’ work easily and benefit from a smart-contract-based revenue structure that returns money to creators when sales are made. (Interview with Geoff Osler and Raine Maida, S!NG Executives)

    Risks and Benefits

    Benefits

    Autonomy Digital money and assets could proliferate the desire for autonomy as users have greater control over their assets (by cutting out the middlemen, democratizing access to investments, and re-claiming ownership over intangible data).
    Community Digital worlds and assets offer integrated and interoperable experiences influenced by user communities.
    Equity Digital assets allow different shareholder equity models as they grant accessible and affordable access to ownership.

    Risks

    Volatility Digital assets are prone to volatile price fluctuations. A primary reason for this is due to its perceived value relative to the fiat currency and the uncertainty around its future value.
    Security While one of the main features of blockchain-based digital assets is security, digital assets are vulnerable to breaches during the process of storing and trading assets.
    Access Access to digital marketplaces requires a steep learning curve and a base level of technical knowledge.

    What's Next

    Into the Metaverse:

    Digital tokens are finding new utility in virtual environments known as the Metaverse. Decentraland is an example of a virtual reality environment that can be accessed via a web browser. Based on the Ethereum blockchain, it's seen sales of virtual land plots for hundreds of thousands of dollars. Sotheby's is one buyer, building a digital replica of its New Bond Street gallery in London, complete with commissionaire Hans Lomuldur in avatar form to greet visitors. The gallery will showcase and sell Sotheby's digital artworks. (Artnet News, 2021)

    Bitcoin as legal tender:

    El Salvador became the first country in the world to make Bitcoin legal tender in September 2021. The government intended for this to help citizens avoid remittance fees when receiving money sent from abroad and to provide a way for citizens without bank accounts to receive payments. Digital wallet Chivo launched with technical glitches and in October a loophole that allowed “price scalping” had to be removed to stop speculators from using the app to trade for profit. El Salvador’s experiment will influence whether other countries consider using Bitcoin as legal tender. (New Scientist, 2021)

    Uncertainties

    Stolen goods at the mint:

    William Shatner complained that Twitter account @tokenizedtweets had taken his content without permission and minted tokens for sale. In doing so, he pointed out there’s no guarantee a minted digital asset is linked to the creator of the attached intellectual property.

    Decentralized vs. distributed finance:

    Will blockchain-based markets be controlled by a single platform operator or become truly open? For example, Dapper Labs centralizes the minting of NFTs on its Flow blockchain and controls sales through its markets. OpenSea allows NFTs minted elsewhere to be brought to the platform and sold.

    Supply and demand:

    Platforms need to improve the reliability of minting technology to create tokens in the future. Ethereum's network is facing more demand than it can keep up with and requires future upgrades to improve its efficiency. Other platforms that support minting tokens are also awaiting upgrades to be fully functional or have seen limited NFT projects launched on their platform.

    Intangible Value Creation Scenarios

    Determine your organization’s strategy by considering the different scenarios based on two main factors. The design decisions are made around whether digital assets are decentralized or distributed and whether the assets facilitate transactions or collections.

    A map of Intangible Value Creation scenarios with two axes representing 'Fungibility, From assets that are designed to be exchanged like currency to assets that are unique' and 'Asset Control Model, From decentralized control with open ownership to centralized control with distributed assets'. The axes split the map into quarters. 'Fungibility' ranges from 'Transactional' on the left to 'Collectible' on the right. 'Asset Control Model' ranges from 'Distributed' on top to 'Decentralized' on bottom. The top left quarter, distributed transactional, reads 'Platform-controlled digital exchanges and utility (e.g. tokens exchanged for fan experiences, central bank digital currency, S!NG).' The top right quarter, distributed collectible, reads 'Platform-controlled digital showcases and community (e.g. NBA Top Shot, Decentraland property).' The bottom left quarter, decentralized transactional, reads 'Peer-controlled digital exchanges and utility (e.g. Bitcoin).' The bottom right quarter, decentralized collectible, reads 'Peer-controlled digital showcases and community (e.g. OpenSea and Ethereum-based NFTs).'

    Recommendations

    Determine your role in the digital asset ecosystem.
    • Becoming a platform provider for digital tokens will require a minting capability to create blockchain-based assets and a marketplace for users to exchange them.
    • Issuing digital tokens to a platform through a sale will require making partnerships and marketing.
    • Investing in digital assets will require management of digital wallets and subject-matter expert analysis of the emerging markets.
    Track the implications of digital currencies.

    Track what your country’s central bank is planning for digital currency and determine if you’ll need to prepare to support it. Be informed about payment partner support for cryptocurrency and consider any complications that may introduce.

    $1 billion+ – The amount of cryptocurrency spent by consumers globally through crypto-linked Visa cards in first half of 2021. (CNBC, July 2021)

    Info-Tech Resources

    Automation as a Service

    TREND 05 | INNOVATION

    Automate business processes and access new sophisticated technology services through platform integration.

    Emerging technologies:
    Cloud platforms, APIs, Generative AI

    Introduction

    The glue for innovation

    Rapidly constructing a business model that is ready to compete in a digital economy requires continuous innovation. Application programming interfaces (APIs) can accelerate innovation by unlocking marketplaces of ready-to-use solutions to business problems and automating manual tasks to make more time for creativity. APIs facilitate a microarchitecture approach and make it possible to call upon a new capability with a few lines of code. This is not a new tool, as the first API was specified in 1951, but there were significant advances of both scale and capability in this area in 2021.

    In the past 18 months, API adoption has exploded and even industries previously considered as digital laggards are now integrating them to reinvent back-office processes. Technology platforms specializing in API management are attracting record-breaking investment. And sophisticated technology services such as artificial intelligence are being delivered by APIs.

    APIs can play a role in every company’s digital strategy, from transforming back-office processes to creating revenue as part of a platform.

    $500,000 was invested in API companies in 2016. (Forbes, May 2021)

    $2,000,000,000+ was invested in API companies in 2020. (Forbes, May 2021)

    69% of IT practitioners say digital transformation has been a high priority for their organization during the pandemic. (Info-Tech Tech Trends 2022 Survey)

    51% of developers used more APIs in 2020 than in 2019. (InsideHPC, 2021)

    71% of developers planned to use even more APIs in 2021. (InsideHPC, 2021)

    Signals

    IT practitioners indicate that digital transformation was a strong focus for their organization during the pandemic and will remain so during the period afterwards, and one-third say their organizations were “extremely focused” on digital transformation.

    When it came to shifting processes from being done manually to being completed digitally, more than half of IT practitioners say they shifted at least 21% of their processes during the past year. More than one in five say that at least 60% of their processes were shifted from manual to digital in the past year.

    3.5 trillion calls were performed on API management platform Apigee, representing a 50% increase year over year. (SiliconANGLE, 2021)

    Processes shifted from manual to digital in the past year

    A horizontal bar chart recording survey responses regarding the percent of processes that shifted from manual to digital in the past year. The horizontal axis is 'percent of survey respondents' with values from 0 to 35%. The vertical axis is 'percent of process shifted to digital' with bar labels 'Between 0 to 20%', 'Between 21 to 40%', and so on until 'Between 81 to 100%'. 20% of respondents answered '0 to 20%' of processes went digital. 28% of respondents answered '21 to 40%' of processes went digital. 30% of respondents answered '41 to 60%' of processes went digital. 15% of respondents answered '61 to 80%' of processes went digital. 7% of respondents answered '81 to 100%' of processes went digital.

    Drivers

    Covid-19

    The pandemic lockdowns pushed everyone into a remote-work scenario. With in-person interaction not an option, even more traditional businesses had to adapt to digital processes.

    Customer Expectations

    The success of digital services in the consumer space is causing expectations to rise in other areas, such as professional services. Consumers now want their health records to be portable and they want to pay their lawyer through e-transfer, not by writing a cheque. (Interview with Mik Lernout)

    Standardization

    Technology laggard industries such as legal and healthcare are recognizing the pain of working with siloed systems. New standardization efforts are driving the adoption of open APIs at a rapid rate. (Interview with Jennifer Jones, Research Director – Industry, Info-Tech Research Group)

    Risks and Benefits

    Benefits

    Speed Using a microarchitecture approach with readily available services constructed in different ways provides a faster way to get from idea to minimum-viable product.
    Intelligence Open APIs have more than ever exposed people to sophisticated AI algorithms that were in the domain of only advanced researchers just a couple years ago. Developers can integrate AI with a couple lines of code. Non-technical users can train algorithms with low-code and no-code tools (Forbes, Sept. 2021).
    Resilience If one function of a solution doesn't work, it can be easily replaced with another one available on the market and the overall experience is maintained.

    Risks

    Loss of Privacy APIs are being targeted by hackers as a way to access personal information. Recent API-related leaks affected Experian, John Deere, Clubhouse, and Peloton (VentureBeat, 2021).
    Complexity Using a decentralized approach to assemble applications means that there is no single party accountable for the solution. Different pieces can break, or oversights can go unnoticed.
    Copycats Platforms that take the approach of exposing all functions via API run the risk of having their services used by a competitor to offer the same solution but with an even better user experience.

    “When we think about what the pandemic did, we had this internal project called 'back to the future.' It kind of put the legal industry in a time machine and it kind of accelerated the legal industry 5, maybe even 10 years. A lot of the things we saw with the innovators became table stakes.” (Mik Lernout, Vice President of Product, Clio)

    Photo of Mik Lernout, Vice president of product, Clio.

    Listen to the Tech Insights podcast: Clio drives digital transformation to redefine the legal industry

    Case Study

    Situation

    The COVID-19 pandemic required the legal industry to shift to remote work. A typically change-resistant industry was now holding court hearings over videoconference, taking online payments, and collecting e-signatures on contracts. For Clio, a software-as-a-service software vendor that serves the legal industry, its client base grew and its usage increased. It previously focused on the innovators in the legal industry, but now it noticed laggards were going digital too.

    Complication

    Law firms have very different needs depending on their legal practice area (e.g. family law, corporate law, or personal injury) and what jurisdiction they operate in.

    Clients are also demanding more from their lawyers in terms of service experience. They don't want to travel to the law office to drop off a check but expect digital interactions on par with service they receive in other areas.

    Resolution

    Since its inception, Clio built its software product so that all of its functions could be called upon by an API as well. It describes its platform as the "operating system for the legal industry." Its API functions include capabilities like managing activities, billing, and contracts. External developers can submit applications to the Clio Marketplace to add new functionality. Its platform approach enables it to find solutions for its 150,000+ users. During the pandemic, Clio saw its customers rely on its APIs more than ever before. It expects this accelerated adoption to be the way of working in the future. (ProgrammableWeb, 2021; Interview with Mik Lernout)

    What's Next

    GOOGLE’S API-FIRST APPROACH:

    Google is expanding its Apigee API management platform so enterprises will be able to connect existing data and applications and access them via APIs. It's part of Google's API-first approach to digital transformation, helping enterprises with their integration challenges. The new release includes tools and a framework that's needed to integrate services in this way and includes pre-built connectors for common business apps and services such as Salesforce, Cloud SQL, MySQL, and BigQuery. (SiliconANGLE, 2021)

    Uncertainties

    API SECURITY:

    APIs represent another potential vulnerability for hackers to exploit and the rise in popularity has come with more security incidents. Companies using APIs have leaked data through APIs, with one research report on the state of API security finding that 91% of organizations have suffered an API security incident. Yet more than a quarter of firms running production APIs don’t have an API security strategy. (VentureBeat, 2021)

    For low IT maturity organizations moving onto platforms that introduce API capabilities, education is required about the consequences of creating more integrations. Platforms must bear some responsibility for monitoring for irregular activity. (Interview with Mik Lernout)

    Automation as a Service Scenarios

    Determine your organization’s platform strategy from the basis of your digital maturity – from that of a laggard to a native – and whether it involves monetized APIs vs. freely available public APIs. A strategy can include both the consumption of APIs and the creation of them.

    A map of Automation as a Service scenarios with two axes representing 'Business Model, From an open and public API to a monetized pay-for-use API' and 'Digital Maturity, From being a digital laggard to being a digital native'. The axes split the map into quarters. 'Business Model' ranges from 'Public APIs' on the left to 'Monetized APIs' on the right. 'Digital Maturity' ranges from 'Digital Native' on top to 'Digital Laggard' on bottom. The top left quarter, digital native public APIs, reads 'Platform business model that grows through adoption of free APIs (e.g. Clio).' The top right quarter, digital native monetized APIS, reads 'Platform business model with spectrum of API services including free tiers.' The bottom left quarter, digital laggard public APIs, reads 'Consume public APIs to simplify and automate business processes and improve customer experience (e.g. law firms using Clio).' The bottom right quarter, digital laggard monetized APIs, reads 'Consume paid APIs to provide customers with expanded services (e.g. retailer Lowe’s uses AccuWeather to predict supply and demand).'

    Recommendations

    Leverage APIs to connect your systems. Create a repeatable process to improve the quality, reusability, and governance of your web APIs.

    Transform your business model with digital platforms. Use the best practices of digital native enterprises and leverage your core assets to compete in a digital economy.

    Deliver sophisticated new capabilities with APIs. Develop an awareness of new services made available through API integration, such as artificial intelligence, and take advantage of them.

    4.5 billion words per day generated by the OpenAI natural language API GPT-3, just nine months after launch. (OpenAI, 2021)

    Info-Tech Resources

    Behind the design

    Inspiration provided by the golden ratio

    The golden ratio has long fascinated humans for its common occurrence in nature and inspired artists who adopted its proportions as a guiding principle for their creations. A new discovery of the golden ratio in economic cycles was published in August 2021 by Bert de Groot, et al. As the boundaries of value creation blur between physical and digital and the pace of change accelerates, these digital innovations may change our lives in many ways. But they are still bound by the context of the structure of the economy. Hear more about this surprising finding from de Groot and from this report’s designer by listening to our podcast. (Technological Forecasting and Social Change, 2021)

    “Everything happening will adapt itself into the next cycle, and that cycle is one phi distance away.” (Bert de Groot, professor of economics at Erasmus University Rotterdam)

    Photo of Bert de Groot, Professor of Economics at Erasmus University Rotterdam.

    Listen to the Tech Insights podcast: New discovery of the golden ratio in the economy

    Contributing Experts

    Vijay Sundaram
    Chief Strategy Officer, Zoho
    Photo of Vijay Sundaram, Chief Strategy Officer, Zoho.
    Jason Brommet
    Head of Modern Work and Security Business Group, Microsoft
    Photo of Jason Brommet, Head of Modern Work and Security Business Group at Microsoft.
    Steve Orrin
    Federal Chief Technology Officer, Intel
    Photo of Steve Orrin, Federal Chief Technology Officer, Intel.
    Wade Barnes
    CEO and Founder, Farmers Edge
    Photo of Wade Barnes, CEO and founder of Farmers Edge.

    Contributing Experts

    Raine Maida
    Chief Product Officer, S!NG
    Singer, Our Lady Peace
    Raine Maida, Chief Product Officer, S!NG Singer, Our Lady Peace.
    Geoff Osler
    CEO, S!NG
    Photo of Geoff Osler, CEO, S!NG.
    Mik Lernout
    Vice President of Product, Clio
    Photo of Mik Lernout, Vice President of Product, Clio.
    Bert de Groot
    Professor of Economics, Erasmus University Rotterdam
    Photo of Bert de Groot, Professor of Economics at Erasmus University Rotterdam.

    Bibliography – Enabling the Digital Economy

    “2021 Canada Dealer Financing Satisfaction Study.” J.D. Power, 13 May 2021. Accessed 27 May 2021.

    Brown, Sara. “The CIO Role Is Changing. Here’s What’s on the Horizon.” MIT Sloan, 2 Aug. 2021. Accessed 16 Aug. 2021.

    de Groot, E. A., et al. “Disentangling the Enigma of Multi-Structured Economic Cycles - A New Appearance of the Golden Ratio.” Technological Forecasting and Social Change, vol. 169, Aug. 2021, pp. 120793. ScienceDirect, https://doi.org/10.1016/j.techfore.2021.120793.

    Hatem, Louise, Daniel Ker, and John Mitchell. “Roadmap toward a common framework for measuring the Digital Economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Accessed 19 Oct. 2021.

    LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021.

    Pomeroy, James. The booming digital economy. HSBC, Sept. 2020. Web.

    Salman, Syed. “Digital Transformation Realized Through COBIT 2019.” ISACA, 13 Oct. 2020. Accessed 25 Oct. 2021.

    Bibliography – Hybrid Collaboration

    De Smet, Aaron, et al. “Getting Real about Hybrid Work.” McKinsey Quarterly, 9 July 2021. Web.

    Herskowitz, Nicole. “Brace Yourselves: Hybrid Work Is Hard. Here’s How Microsoft Teams and Office 365 Can Help.” Microsoft 365 Blog, 9 Sept. 2021. Web.

    Melin, Anders, and Misyrlena Egkolfopoulou. “Employees Are Quitting Instead of Giving Up Working From Home.” Bloomberg, 1 June 2021. Web.

    Spataro, Jared. “Microsoft and LinkedIn Share Latest Data and Innovation for Hybrid Work.” The Official Microsoft Blog, 9 Sept. 2021. Web.

    Subin, Samantha. “The new negotiation over job benefits and perks in post-Covid hybrid work.” CNBC, 23 Apr. 2021. Web.

    Torres, Roberto. “How to Sidestep Overspend as Hybrid Work Tests IT.” CIO Dive, 26 July 2021. Accessed 16 Sept. 2021.

    Wong, Christine. “How the hybrid workplace will affect IT spending.” ExpertIP, 15 July 2021. Web.

    Yang, Longqi, et al. “The Effects of Remote Work on Collaboration among Information Workers.” Nature Human Behaviour, Sept. 2021, pp. 1-12. Springer Nature, https://doi.org/10.1038/s41562-021-01196-4.

    Bibliography – Battle Against Ransomware

    Berg, Leandro. “RTF Report: Combatting Ransomware.” Institute for Security and Technology (IST), 2021. Accessed 21 Sept. 2021.

    Dudley, Renee. “The Extortion Economy: How Insurance Companies Are Fueling a Rise in Ransomware Attacks.” ProPublica, 27 Aug. 2019. Accessed 22 Sept. 2021.

    Durbin, Steve. “Council Post: Artificial Intelligence: The Future Of Cybersecurity?” Forbes, 23 Sept. 2021. Accessed 21 Oct. 2021.

    “FACT SHEET: Ongoing Public U.S. Efforts to Counter Ransomware.” The White House, 13 Oct. 2021. Web.

    Jeffery, Lynsey, and Vignesh Ramachandran. “Why ransomware attacks are on the rise — and what can be done to stop them.” PBS NewsHour, 8 July 2021. Web.

    McBride, Timothy, et al. Data Integrity: Recovering from Ransomware and Other Destructive Events. NIST Special Publication (SP) 1800-11, National Institute of Standards and Technology, 22 Sept. 2020. NIST Computer Security Resource Center (CSRC), https://doi.org/10.6028/NIST.SP.1800-11.

    Mehrotra, Karitkay, and Jennifer Jacobs. “Crypto Channels Targeted in Biden’s Fight Against Ransomware.” BNN Bloomberg, 21 Sept. 2021. Web.

    Sharma, Mayank. “Hackers demand $70m ransom after executing massive Solar Winds-like attack.” TechRadar, 5 July 2021. Web.

    “Unhacked: 121 Tools against Ransomware on a Single Website.” Europol, 26 July 2021. Web.

    Bibliography – Carbon Metrics in Energy 4.0

    “The A List 2020.” CDP, 2021. Web.

    Baazil, Diedrik, Hugo Miller, and Laura Hurst. “Shell loses climate case that may set precedent for big oil.” Australian Financial Review, 27 May 2021. Web.

    “BlackRock’s 2020 Carbon Footprint.” BlackRock, 2020. Accessed 25 May 2021.

    “CDP Media Factsheet.” CDP, n.d. Accessed 25 May 2021.

    Glaser, April, and Leticia Miranda. “Amazon workers demand end to pollution hitting people of color hardest.” NBC News, 24 May 2021. Accessed 25 May 2021.

    Little, Mark. “Why Canada should be the home of the new global sustainability standards board.” Business Council of Canada, 1 Oct. 2021. Accessed 22 Oct. 2021.

    McIntyre, Catherine. “Canada vying for global headquarters to oversee sustainable-finance standards.” The Logic, 22 July 2021. Web.

    “Net Zero Scorecard.” Energy & Climate Intelligence Unit, 2021. Accessed 25 May 2021.

    Sayer, Peter. “Greenhouse gas emissions: The next big issue for CIOs.” CIO, 13 Oct. 2021. Web.

    “Scope 1 and Scope 2 Inventory Guidance.” US EPA, OAR. 14 Dec. 2020. Web.

    Sorkin, Andrew Ross. “BlackRock C.E.O. Larry Fink: Climate Crisis Will Reshape Finance.” The New York Times, 14 Jan. 2020. Web.

    “Sustainable IT Pledge.” CIO Strategy Council, 2021. Accessed 22 Oct. 2021.

    Bibliography – Intangible Value Creation

    Areddy, James T. “China Creates Its Own Digital Currency, a First for Major Economy.” Wall Street Journal, 5 Apr. 2021. Web.

    Boar, Codruta, et al. Impending arrival - a sequel to the survey on central bank digital currency. BIS Papers No 107, Jan. 2020. Web.

    Brainard, Lael. “Speech by Governor Brainard on Private Money and Central Bank Money as Payments Go Digital: An Update on CBDCs.” Board of Governors of the Federal Reserve System, 24 May 2021. Accessed 28 May 2021.

    Howcroft, Elizabeth, and Ritvik Carvalho. “How a 10-second video clip sold for $6.6 million.” Reuters, 1 Mar. 2021. Web.

    “Central Bank Digital Currency Tracker.” Atlantic Council, 2021. Accessed 10 Sept. 2021.

    “Expert Comment From Warwick Business School: Problems With El Salvador’s Bitcoin Experiment Are Unsurprising.” Mondo Visione, 8 Sept. 2021. Accessed 10 Sept. 2021.

    Goldstein, Caroline. “In Its Ongoing Bid to Draw Crypto-Collectors, Sotheby’s Unveils a Replica of Its London H.Q. in the Blockchain World Decentraland.” Artnet News, 7 June 2021. Web.

    Hamacher, Adriana. “Taco Bell to Charmin: 10 Big Brands Jumping On The NFT Bandwagon.” Decrypt, 22 Mar. 2021. Web.

    Hazan, Eric, et al. “Getting tangible about intangibles: The future of growth and productivity?” McKinsey. 16 June 2021. Web.

    Bibliography – Intangible Value Creation

    Herrera, Pedro. “Dapp Industry Report: Q3 2021 Overview.” DappRadar, 1 Oct. 2021. Web.

    Holland, Frank. “Visa Says Crypto-Linked Card Usage Tops $1 Billion in First Half of 2021.” CNBC, 7 July 2021. Web.

    Jiang, Shangrong, et al. “Policy Assessments for the Carbon Emission Flows and Sustainability of Bitcoin Blockchain Operation in China.” Nature Communications, vol. 12, no. 1, Apr. 2021, p. 1938. Springer Nature, https://doi.org/10.1038/s41467-021-22256-3.

    Reyburn, Scott. “JPG File Sells for $69 Million, as ‘NFT Mania’ Gathers Pace.” The New York Times, 11 Mar. 2021. Web.

    Taylor, Luke. “Bitcoin: El Salvador’s Cryptocurrency Gamble Hit by Trading Loophole.” New Scientist, 25 Oct. 2021. Web.

    Bibliography – Automation as a Service

    Belsky, Scott. “The Furry Lisa, CryptoArt, & The New Economy Of Digital Creativity.” Medium, 21 Feb. 2021. Web.

    Culbertson, Joy. “10 Top Law APIs.” ProgrammableWeb, 14 Feb. 2021. Web.

    Caballar, Rina Diane. “Programming by Voice May Be the Next Frontier in Software Development - IEEE Spectrum.” IEEE Spectrum: Technology, Engineering, and Science News, 22 Mar 2021. Accessed 23 Mar. 2021.

    Gonsalves, Chris. “The Problem with APIs.” VentureBeat, 7 May 2021. Web.

    Graca, Joao. “Council Post: How APIs Are Democratizing Access To AI (And Where They Hit Their Limits).” Forbes, 24 Sept 2021. Accessed 28 Sept. 2021.

    Harris, Tony. “What is the API Economy?” API Blog: Everything You Need to Know, 4 May 2021. Web.

    Kitsing, Meelis. Scenarios for Digital Platform Ecosystems, 2020, pp. 453-57. ResearchGate, https://doi.org/10.1109/ICCCS49078.2020.9118571.

    Pilipiszyn, Ashley. “GPT-3 Powers the Next Generation of Apps.” OpenAI, 25 Mar. 2021. Web.

    Rethans, John. “So You Want to Monetize Your APIs?” APIs and Digital Transformation, 29 June 2018. Web.

    Bibliography – Automation as a Service

    Salyer, Patrick. “API Stack: The Billion Dollar Opportunities Redefining Infrastructure, Services & Platforms.” Forbes, 4 May 2021. Accessed 27 Oct. 2021.

    staff. “RapidAPI Raises $60M for Expansion of API Platform.” InsideHPC, 21 Apr. 2021. Web.

    Taulli, Tom. “API Economy: Is It The Next Big Thing?” Forbes, 18 Jan. 2021. Accessed 5 May 2021.

    Warren, Zach. “Clio Taking 2021 Cloud Conference Virtual, Announces New Mission Among Other News.” Legaltech News, 11 Mar. 2021. Web.

    Wheatley, Mike. “Google Announces API-First Approach to Application Data Integration with Apigee.” SiliconANGLE, 28 Sept. 2021. Web.

    About the research

    Tech trends survey

    As part of its research process for the 2022 Tech Trends Report, Info-Tech Research Group conducted an open online survey among its membership and wider community of professionals. The survey was fielded from August 2021 to September 2021, collecting 475 responses.

    The underlying metrics are diverse, capturing 14 countries and regions and 16 Industries.

    A geospatial chart of the world documenting the percentage of respondents from each country to Info-Tech's '2022 Tech Trends Report' Percentages are below.
    01 United States 45.3% 08 India 1.7%
    02 Canada 19.2% 09 Other (Asia) 1.7%
    03 Africa 9.3% 10 New Zealand 1.5%
    04 Other (Europe) 5.3% 11 Germany 0.8%
    05 Australia 4.2% 12 Mexico 0.4%
    06 Great Britain 3.8% 13 Netherlands 0.4%
    07 Middle East 2.9% 14 Japan 0.2%

    Industry

    01 Government 18.9%
    02 Media, Information, & Technology 12.8%
    03 Professional Services 12.8%
    04 Manufacturing 9.9%
    05 Education 8.8%
    06 Healthcare 8.2%
    07 Financial Services 7.8%
    08 Transportation & Logistics 3.4%
    09 Utilities 3.4%
    10 Insurance 2.5%
    11 Retail & Wholesale 2.5%
    12 Construction 2.3%
    13 Natural Resources 2.1%
    14 Real Estate & Property Management 1.7%
    15 Arts & Leisure 1.5%
    16 Professional Associations 1.3%

    Department

    IT (information technology) 88.2%
    Other (Department) 3.79%
    Operations 2.32%
    Research & Development 1.89%
    Sales 1.26%
    Administration 1.06%
    Finance 0.42%
    HR (Human Resources) 0.42%
    Marketing 0.42%
    Production 0.21%

    Role

    Manager 24%
    Director-level 22%
    C-level officer 19%
    VP-level 9%
    Team lead / supervisor 7%
    Owner / President / CEO 7%
    Team member 7%
    Consultant 5%
    Contractor 1%

    IT Spend

    Respondents on average spent 35 million per year on their IT budget.

    Accounting for the outlier responses – the median spend sits closer to 4.5 million per year. The highest spend on IT was within the Government, Healthcare, and Retail & Wholesale sectors.

    Develop a Business Continuity Plan

    • Buy Link or Shortcode: {j2store}411|cart{/j2store}
    • member rating overall impact: 9.1/10 Overall Impact
    • member rating average dollars saved: $37,093 Average $ Saved
    • member rating average days saved: 30 Average Days Saved
    • Parent Category Name: DR and Business Continuity
    • Parent Category Link: /business-continuity
    • Recent crises have increased executive awareness and internal pressure to create a business continuity plan (BCP).
    • Industry and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.
    • IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Our Advice

    Critical Insight

    • BCP requires input from multiple departments with different and sometimes conflicting objectives. There are typically few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.
    • As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but ultimately business leaders need to own the BCP – they know their processes, and therefore, their requirements to resume business operations better than anyone else.
    • The traditional approach to BCP is a massive project that most organizations can’t execute without hiring a consultant. To execute BCP in-house, carve up the task into manageable pieces as outlined in this blueprint.

    Impact and Result

    • Implement a structured and repeatable process that you apply to one business unit at a time to keep BCP planning efforts manageable.
    • Use the results of the pilot to identify gaps in your recovery plans and reduce overall continuity risk while continuing to assess specific risks as you repeat the process with additional business units.
    • Enable business leaders to own the BCP going forward. Develop a template that the rest of the organization can use.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Develop a Business Continuity Plan Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should develop a business continuity plan, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify BCP maturity and document process dependencies

    Assess current maturity, establish a team, and choose a pilot business unit. Identify business processes, dependencies, and alternatives.

    • BCP Maturity Scorecard
    • BCP Pilot Project Charter Template
    • BCP Business Process Workflows Example (Visio)
    • BCP Business Process Workflows Example (PDF)

    2. Conduct a BIA to determine acceptable RTOs and RPOs

    Define an objective impact scoring scale, estimate the impact of downtime, and set recovery targets.

    • BCP Business Impact Analysis Tool

    3. Document the recovery workflow and projects to close gaps

    Build a workflow of the current steps for business recovery. Identify gaps and risks to recovery. Brainstorm and prioritize solutions to address gaps and mitigate risks.

    • BCP Tabletop Planning Template (Visio)
    • BCP Tabletop Planning Template (PDF)
    • BCP Project Roadmap Tool
    • BCP Relocation Checklists

    4. Extend the results of the pilot BCP and implement governance

    Present pilot project results and next steps. Create BCMS teams. Update and maintain BCMS documentation.

    • BCP Pilot Results Presentation
    • BCP Summary
    • Business Continuity Teams and Roles Tool

    5. Appendix: Additional BCP tools and templates

    Use these tools and templates to assist in the creation of your BCP.

    • BCP Recovery Workflow Example (Visio)
    • BCP Recovery Workflow Example (PDF)
    • BCP Notification, Assessment, and Disaster Declaration Plan
    • BCP Business Process Workarounds and Recovery Checklists
    • Business Continuity Management Policy
    • Business Unit BCP Prioritization Tool
    • Industry-Specific BIA Guidelines
    • BCP-DRP Maintenance Checklist
    • Develop a COVID-19 Pandemic Response Plan Storyboard
    [infographic]

    Workshop: Develop a Business Continuity Plan

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define BCP Scope, Objectives, and Stakeholders

    The Purpose

    Define BCP scope, objectives, and stakeholders.

    Key Benefits Achieved

    Prioritize BCP efforts and level-set scope with key stakeholders.

    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Flowchart key business processes to identify business processes, dependencies, and alternatives.

    Outputs

    BCP Maturity Scorecard: measure progress and identify gaps.

    Business process flowcharts: review, optimize, and allow for knowledge transfer of processes.

    Identify workarounds for common disruptions to day-to-day continuity.

    2 Define RTOs and RPOs Based on Your BIA

    The Purpose

    Define RTOs and RPOs based on your BIA.

    Key Benefits Achieved

    Set recovery targets based business impact, and illustrate the importance of BCP efforts via the impact of downtime.

    Activities

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of downtime.

    2.3 Determine acceptable RTO/RPO targets for business processes based on business impact.

    Outputs

    BCP Business Impact Analysis: objective scoring scale to assess cost, goodwill, compliance, and safety impacts.

    Apply the scoring scale to estimate the impact of downtime on business processes.

    Acceptable RTOs/RPOs to dictate recovery strategy.

    3 Create a Recovery Workflow

    The Purpose

    Create a recovery workflow.

    Key Benefits Achieved

    Build an actionable, high-level, recovery workflow that can be adapted to a variety of different scenarios.

    Activities

    3.1 Conduct a tabletop exercise to determine current recovery procedures.

    3.2 Identify and prioritize projects to close gaps and mitigate recovery risks.

    3.3 Evaluate options for command centers and alternate business locations (i.e. BC site).

    Outputs

    Recovery flow diagram – current and future state

    Identify gaps and recovery risks.

    Create a project roadmap to close gaps.

    Evaluate requirements for alternate business sites.

    4 Extend the Results of the Pilot BCP and Implement Governance

    The Purpose

    Extend the results of the pilot BCP and implement governance.

    Key Benefits Achieved

    Outline the actions required for the rest of your BCMS, and the required effort to complete those actions, based on the results of the pilot.

    Activities

    4.1 Summarize the accomplishments and required next steps to create an overall BCP.

    4.2 Identify required BCM roles.

    4.3 Create a plan to update and maintain your overall BCP.

    Outputs

    Pilot BCP Executive Presentation

    Business Continuity Team Roles & Responsibilities

    3. Maintenance plan and BCP templates to complete the relevant documentation (BC Policy, BCP Action Items, Recovery Workflow, etc.)

    Further reading

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Analyst Perspective

    A BCP touches every aspect of your organization, making it potentially the most complex project you’ll take on. Streamline this effort or you won’t get far.

    None of us needs to look very far to find a reason to have an effective business continuity plan.

    From pandemics to natural disasters to supply chain disruptions to IT outages, there’s no shortage of events that can disrupt your complex and interconnected business processes. How in the world can anyone build a plan to address all these threats?

    Don’t try to boil the ocean. Use these tactics to streamline your BCP project and stay on track:

    • Focus on one business unit at a time. Keep the effort manageable, establish a repeatable process, and produce deliverables that provide a starting point for the rest of the organization.
    • Don’t start with an extensive risk analysis. It takes too long and at the end you’ll still need a plan to resume business operations following a disruption. Rather than trying to predict what could cause a disruption, focus on how to recover.
    • Keep your BCP documentation concise. Use flowcharts, checklists, and diagrams instead of traditional manuals.

    No one can predict every possible disruption, but by following the guidance in this blueprint, you can build a flexible continuity plan that allows you to withstand the threats your organization may face.

    Frank Trovato

    Research Director,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Andrew Sharp

    Senior Research Analyst,
    IT Infrastructure & Operations Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Recent crises have increased executive awareness and internal pressure to create a BCP.
    • Industry- and government-driven regulations require evidence of sound business continuity practices.
    • Customers demand their vendors provide evidence of a workable BCP prior to signing a contract.

    IT leaders, because of their cross-functional view and experience with incident management and DR, are often asked to lead BCP efforts.

    Common Obstacles

    • IT managers asked to lead BCP efforts are dealing with processes and requirements beyond IT and outside of their control.
    • BCP requires input from multiple departments with different and sometimes conflicting objectives.
    • Typically there are few, if any, dedicated resources for BCP, so it can't be a full-time, resource-intensive project.

    Info-Tech’s Approach

    • Focus on implementing a structured and repeatable process that can be applied to one business unit at a time to avoid BCP from becoming an overwhelming project.
    • Enable business leaders to own the BCP going forward by establishing a template that the rest of the organization can follow.
    • Leverage BCP outcomes to refine IT DRP recovery objectives and achieve DRP-BCP alignment.

    Info-Tech Insight

    As an IT leader you have the skill set and organizational knowledge to lead a BCP project, but you must enable business leaders to own their department’s BCP practices and outputs. They know their processes and, therefore, their requirements to resume business operations better than anyone else.

    Use this research to create business unit BCPs and structure your overall BCP

    A business continuity plan (BCP) consists of separate but related sub-plans, as illustrated below. This blueprint enables you to:

    • Develop a BCP for a selected business unit (as a pilot project), and thereby establish a methodology that can be repeated for remaining business units.
    • Through the BCP process, clarify requirements for an IT disaster recovery plan (DRP). Refer to Info-Tech’s Disaster Recovery Planning workshop for instructions on how to create an IT DRP.
    • Implement ongoing business continuity management to govern BCP, DRP, and crisis management.

    Overall Business Continuity Plan

    IT Disaster Recovery Plan

    A plan to restore IT application and infrastructure services following a disruption.

    Info-Tech’s disaster recovery planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

    BCP for Each Business Unit

    A set of plans to resume business processes for each business unit. This includes:

    • Identifying business processes and dependencies.
    • Defining an acceptable recovery timeline based on a business impact analysis.
    • Creating a step-by-step recovery workflow.

    Crisis Management Plan

    A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

    Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

    IT leaders asked to develop a BCP should start with an IT Disaster Recovery Plan

    It’s a business continuity plan. Why should you start continuity planning with IT?

    1. IT services are a critical dependency for most business processes. Creating an IT DRP helps you mitigate a key risk to continuity quicker than it takes to complete your overall BCP, and you can then focus on other dependencies such as people, facilities, and suppliers.
    2. A BCP requires workarounds for IT failures. But it’s difficult to plan workarounds without a clear understanding of the potential IT downtime and data loss. Your DRP will answer those questions, and without a DRP, BCP discussions can get bogged down in IT discussions. Think of payroll as an example: if downtime might be 24 hours, the business might simply wait for recovery; if downtime might be a week, waiting it out is not an option.
    3. As an IT manager, you can develop an IT DRP primarily with resources within your control. That makes it an easier starting point and puts IT in a better position to shift responsibility for BCP to business leaders (where it should reside) since essentially the IT portion is done.

    Create a Right-Sized Disaster Recovery Plan today.

    Modernize the BCP

    If your BCP relies heavily on paper-based processes as workarounds, it’s time to update your plan.

    Back when transactions were recorded on paper and then keyed into the mainframe system later, it was easier to revert to deskside processes. There is very little in the way of paper-based processes anymore, and as a result, it is increasingly difficult to resume business processes without IT.

    Think about your own organization. What IT system(s) are absolutely critical to business operations? While you might be able to continue doing business without IT, this requires regular preparation and training. It’s likely a completely offline process and won’t be a viable workaround for long even if staff know how to do the work. If your data center and core systems are down, technology-enabled workarounds (such as collaboration via mobile technologies or cloud-based solutions) could help you weather the outage, and may be more flexible and adaptable for day-to-day work.

    The bottom line:

    Technology is a critical dependency for business processes. Consider the role IT systems play as process dependencies and as workarounds as part of continuity planning.

    Info-Tech’s approach

    The traditional approach to BCP takes too long and produces a plan that is difficult to use and maintain.

    The Problem: You need to create a BCP, but don’t know where to start.

    • BCP is being demanded more and more to comply with regulations, mitigate business risk, meet customer demands, and obtain insurance.
    • IT leaders are often asked to lead BCP.

    The Complication: A traditional BCP process takes longer to show value.

    • Traditional consultants don’t usually have an incentive to accelerate the process.
    • At the same time, self-directed projects with no defined process go months without producing useful deliverables.
    • The result is a dense manual that checks boxes but isn’t maintainable or usable in a crisis.

    A pie chart is separated into three segments, Internal Mandates 43%, Customer Demands 23%, and Regulatory Requirements 34%. The bottom of the image reads Source: Info-Tech Research Group.

    The Info-Tech difference:

    Use Info-Tech’s methodology to right-size and streamline the process.

    • Reduce required effort. Keep the work manageable and maintain momentum by focusing on one business unit at a time; allow that unit to own their BCP.
    • Prioritize your effort. Evaluate the current state of your BCP to identify the steps that are most in need of attention.
    • Get valuable results faster. Functional deliverables and insights from the first business unit’s BCP can be leveraged by the entire organization (e.g. communication, assessment, and BC site strategies).

    Expedite BCP development

    Info-Tech’s Approach to BCP:

    • Start with one critical business unit to manage scope, establish a repeatable process, and generate deliverables that become a template for remaining business units.
    • Resolve critical gaps as you identify them, generating early value and risk mitigation.
    • Create concise, practical documentation to support recovery.

    Embed training and awareness throughout the planning process.

    BCP for Business Unit A:

    Scope → Pilot BIA → Response Plan → Gap Analysis

    → Lessons Learned:

    • Leverage early results to establish a BCM framework.
    • Take action to resolve critical gaps as they are identified.
    • BCP for Business Units B through N.
    • Scope→BIA→Response Plan→Gap Analysis

    = Ongoing governance, testing, maintenance, improvement, awareness, and training.

    By comparison, a traditional BCP approach takes much longer to mitigate risk:

    • An extensive, upfront commitment of time and resources before defining incident response plans and mitigating risk.
    • A “big bang” approach that makes it difficult to predict the required resourcing and timelines for the project.

    Organizational Risk Assessment and Business Impact Analysis → Solution Design to Achieve Recovery Objectives → Create and Validate Response Plans

    Case Study

    Continuity Planning Supports COVID-19 Response

    Industry: Non-Profit
    Source: Info-Tech Advisory Services

    A charitable foundation for a major state university engaged Info-Tech to support the creation of their business continuity plan.

    With support from Info-Tech analysts and the tools in this blueprint, they worked with their business unit stakeholders to identify recovery objectives, confirm recovery capabilities and business process workarounds, and address gaps in their continuity plans.

    Results

    The outcome wasn’t a pandemic plan – it was a continuity plan that was applicable to pandemics. And it worked. Business processes were prioritized, gaps in work-from-home and business process workarounds had been identified and addressed, business leaders owned their plan and understood their role in it, and IT had clear requirements that they were able and ready to support.

    “The work you did here with us was beyond valuable! I wish I could actually explain how ready we really were for this…while not necessarily for a pandemic, we were ready to spring into action, set things up, the priorities were established, and most importantly some of the changes we’ve made over the past few years helped beyond words! The fact that the groups had talked about this previously almost made what we had to do easy.“ -- VP IT Infrastructure

    Download the BCP Case Study

    Project Overview: BCP

    Phases Phase 1: Identify BCP Maturity and Document Process Dependencies Phase 2: Conduct a BIA to Determine Acceptable RTOs and RPOs Phase 3: Document the Recovery Workflow and Projects to Close Gaps Phase 4: Extend the Results of the Pilot BCP and Implement Governance
    Steps 1.1 Assess current BCP maturity 2.1 Define an objective impact scoring scale 3.1 Determine current recovery procedures 4.1 Consolidate BCP pilot insights to support an overall BCP project plan
    1.2 Establish the pilot BCP team 2.2 Estimate the impact of downtime 3.2 Identify and prioritize projects to close gaps 4.2 Outline a business continuity management (BCM) program
    1.3 Identify business processes, dependencies, and alternatives 2.3 Determine acceptable RTO/RPO targets 3.3 Evaluate BC site and command center options 4.3 Test and maintain your BCP
    Tools and Templates

    BCP Business Impact Analysis Tool

    Results Presentation

    BCP Maturity Scorecard

    Tabletop Planning Template

    BCP Summary

    Pilot Project Charter

    Recovery Workflow Examples

    Business Continuity Teams and Roles

    Business Process Workflows Examples

    BCP Project Roadmap

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    BCP Business Impact Analysis Tool: Conduct and document a business impact analysis using this document.

    BCP Recovery Workflows Example: Model your own recovery workflows on this example.

    BCP Project Roadmap: Use this tool to prioritize projects that can improve BCP capabilities and mitigate gaps and risks.

    BCP Relocation Checklists: Plan for and manage a site relocation – whether to an alternate site or work from home.

    Key deliverable:

    BCP Summary Document

    Summarize your organization's continuity capabilities and objectives in a 15-page, easy-to-consume template.

    This document consolidates data from the supporting documentation and tools to the right.

    Download Info-Tech’s BCP Summary Document

    Insight summary

    Focus less on risk, and more on recovery

    Avoid focusing on risk and probability analysis to drive your continuity strategy. You never know what might disrupt your business, so develop a flexible plan to enable business resumption regardless of the event.

    Small teams = good pilots

    Choose a small team for your BCP pilot. Small teams are better at trialing new techniques and finding new ways to think about problems.

    Calculate downtime impact

    Develop and apply a scoring scale to develop a more-objective assessment of downtime impact for the organization. This will help you prioritize recovery.

    It’s not no, but rather not now…

    You can’t address all the organization’s continuity challenges at once. Prioritize high value, low effort initiatives and create a long-term roadmap for the rest.

    Show Value Now

    Get to value quickly. Start with one business unit with continuity challenges, and a small, focused project team who can rapidly learn the methodology, identify continuity gaps, and define solutions that can also be leveraged by other departments right away.

    Lightweight Testing Exercises

    Outline recovery capabilities using lightweight, low risk tabletop planning exercises. Our research shows tabletop exercises increase confidence in recovery capabilities almost as much as live exercises, which carry much higher costs and risks.

    Blueprint benefits

    Demonstrate compliance with demands from regulators and customers

    • Develop a plan that satisfies auditors, customers, and insurance providers who demand proof of a continuity plan.
    • Demonstrate commitment to resilience by identifying gaps in current capabilities and projects to overcome those gaps.
    • Empower business users to develop their plans and perform regular maintenance to ensure plans don’t go stale.
    • Establish a culture of business readiness and resilience.

    Leverage your BCP to drive value (Business Benefits)

    • Enable flexible, mobile, and adaptable business operations that can overcome disruptions large and small. This includes making it easier to work remotely in response to pandemics or facility disruptions.
    • Clarify the risk of the status quo to business leaders so they can make informed decisions on where to invest in business continuity.
    • Demonstrate to customers your ability to overcome disruptions and continue to deliver your services.

    Info-Tech Advisory Services lead to Measurable Value

    Info-Tech members told us they save an average of $44,522 and 23 days by working with an Info-Tech analyst on BCP (source: client response data from Info-Tech's Measured Value Survey).

    Why do members report value from analyst engagement?

    1. Expert advice on your specific situation to overcome obstacles and speed bumps.
    2. Structure the project and stay on track.
    3. Review project deliverables and ensure the process is applied properly.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostic and consistent frameworks are used throughout all four options.

    Guided Implementation

    Your Trusted Advisor is a call away.

    A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between eight to twelve calls over the course of four to six months.

    Scoping

    Call 1: Scope requirements, objectives, and stakeholders. Identify a pilot BCP project.

    Business Processes and Dependencies

    Calls 2 - 4: Assess current BCP maturity. Create business process workflows, dependencies, alternates, and workarounds.

    Conduct a BIA

    Calls 5 – 7: Create an impact scoring scale and conduct a BIA. Identify acceptable RTO and RPO.

    Recovery Workflow

    Calls 8 – 9: Create a recovery workflow based on tabletop planning.

    Documentation & BCP Framework

    Call 10: Summarize the pilot results and plan next steps. Define roles and responsibilities. Make the case for a wider BCP program.

    Workshop Overview

    Contact your account representative for more information.

    workshops@infotech.com | 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Identify BCP Maturity, Key Processes, and Dependencies Conduct a BIA to Determine Acceptable RTOs and RPOs Document the Current Recovery Workflow and Projects to Close Gaps Identify Remaining BCP Documentation and Next Steps Next Steps and Wrap-Up (offsite)
    Activities

    1.1 Assess current BCP maturity.

    1.2 Identify key business processes to include in scope.

    1.3 Create a flowchart for key business processes to identify business processes, dependencies, and alternatives.

    2.1 Define an objective scoring scale to indicate different levels of impact.

    2.2 Estimate the impact of a business disruption on cost, goodwill, compliance, and health & safety.

    2.3 Determine acceptable RTOs/RPOs for selected business processes based on business impact.

    3.1 Review tabletop planning – what is it, how is it done?

    3.2 Walk through a business disruption scenario to determine your current recovery timeline, RTO/RPO gaps, and risks to your ability to resume business operations.

    3.3 Identify and prioritize projects to close RTO/RPO gaps and mitigate recovery risks.

    4.1 Assign business continuity management (BCM) roles to govern BCP development and maintenance, as well as roles required to execute recovery.

    4.2 Identify remaining documentation required for the pilot business unit and how to leverage the results to repeat the methodology for remaining business units.

    4.3 Workshop review and wrap-up.

    5.1 Finalize deliverables for the workshop.

    5.2 Set up review time for workshop outputs and to discuss next steps.

    Deliverables
    1. Baseline BCP maturity status
    2. Business process flowcharts
    3. Business process dependencies and alternatives recorded in the BIA tool
    1. Potential impact of a business disruption quantified for selected business processes.
    2. Business processes criticality and recovery priority defined
    3. Acceptable RTOs/RPOs defined based on business impact
    1. Current-state recovery workflow and timeline.
    2. RTO/RPO gaps identified.
    3. BCP project roadmap to close gaps
    1. BCM roles and responsibilities defined
    2. Workshop results deck; use this to communicate pilot results and next steps
    1. Finalized deliverables

    Phase 1

    Identify BCP Maturity and Document Process Dependencies

    Phase 1

    1.1 Assess Current BCP Maturity

    1.2 Establish the pilot BCP team

    1.3 Identify business processes, dependencies, and alternatives

    Insights & Outcomes

    Define the scope for the BCP project: assess the current state of the plan, create a pilot project team and pilot project charter, and map the business processes that will be the focus of the pilot.

    Participants

    • BCP Coordinator
    • BCP Executive Sponsor
    • Pilot Business Unit Manager & Process SMEs

    Step 1.1

    Assess current BCP Maturity

    This step will walk you through the following activities:

    • Complete Info-Tech’s BCP Maturity Scorecard

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    You'll use the following tools & templates:

    Outcomes & Insights

    Establish current BCP maturity using Info-Tech’s ISO 22301-aligned BCP Maturity Scorecard.

    Evaluate the current state of your continuity plan

    Use Info-Tech’s Maturity Scorecard to structure and accelerate a BCP maturity assessment.

    Conduct a maturity assessment to:

    • Create a baseline metric so you can measure progress over time. This metric can also drive buy-in from senior management to invest time and effort into your BCP.
    • Understand the scope of work to create a complete business continuity plan.
    • Measure your progress and remaining gaps by updating your assessment once you’ve completed the activities in this blueprint.

    This blueprint primarily addresses the first four sections in the scorecard, which align with the creation of the core components of your business continuity plan.

    Info-Tech’s BCP Maturity Scorecard

    Info-Tech’s maturity scorecard is aligned with ISO 22301, the international standard that describes the key elements of a functioning business continuity management system or program – the overarching set of documents, practices, and controls that support the ongoing creation and maintenance of your BCP. A fully functional BCMS goes beyond business continuity planning to include crisis management, BCP testing, and documentation management.

    Audit tools tend to treat every bullet point in ISO 22301 as a separate requirement – which means there’s almost 400 lines to assess. Info-Tech’s BCP Maturity Scorecard has synthesized key requirements, minimizing repetition to create a high-level self-assessment aligned with the standard.

    A high score is a good indicator of likely success with an audit.

    Download Info-Tech's BCP Maturity Scorecard

    Tool: BCP Maturity Scorecard

    Assess your organization’s BCP capabilities.

    Use Info-Tech’s BCP Maturity Scorecard to:

    • Assess the overall completeness of your existing BCP.
    • Track and demonstrate progress towards completion as you work through successive planning iterations with additional business units.
    1. Download a copy of the BCP Maturity Scorecard. On tab 1, indicate the percent completeness for each item using a 0-10 scale (0 = 0% complete, 10 = 100% complete).
    2. If you anticipate improvements in a certain area, make note of it in the “Comments” column.
    3. Review a visual representation of your overall scores on tab 2.

    Download Info-Tech's BCP Maturity Scorecard

    "The fact that this aligns with ISO is huge." - Dr. Bernard Jones MBCI, CBCP

    Step 1.2

    Establish the pilot BCP team

    This step will walk you through the following activities:

    • Assign accountability, responsibility, and roles.
    • Develop a project charter.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • Executive Sponsor
    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Assign roles and responsibilities for the BCP pilot project. Set milestones and timelines for the pilot.

    Take a pilot approach for BCP

    Limit the scope of an initial BCP project to get to value faster.

    Pilot Project Goals

    • Establish a repeatable methodology that fits your organization and will accelerate BCP development, with tangible deliverables that provide a template for the rest of the business.
    • Identify high-priority business continuity gaps for the pilot business unit, many of which will also apply to the overall organization.
    • Identify initiatives to start addressing gaps now.
    • Enable business users to learn the BCP methodology and toolset so they can own and maintain their business unit BCPs.

    Accomplishments expected:

    • Define key business processes and process dependencies, and alternatives if dependencies are not available.
    • Classify key business processes by criticality for one business unit, using an objective impact scoring scale.
    • Set recovery objectives for these key processes.
    • Document workarounds and recovery plans.
    • Identify gaps in recovery plans and list action items to mitigate risks.
    • Develop a project plan to structure a larger continuity project.

    What not to expect from a pilot project:

    • A complete organizational BCP (the pilot is a strong starting point).
    • Implemented solutions to all BCP gaps (proposed solutions will need to be evaluated first).

    Structure IT’s role in continuity planning

    Clearly define IT’s role in the pilot BCP project to deliver a successful result that enables business units to own BCP in the future.

    Though IT is a critical dependency for most processes, IT shouldn’t own the business continuity plan. IT should be an internal BCP process consultant, and each business unit must own their plan.

    IT should be an internal BCP consultant.

    • IT departments interact with all business units, which gives IT leaders at least a high-level understanding of business operations across the organization.
    • IT leaders typically also have at least some knowledge of disaster recovery, which provides a foundation for tackling BCP.
    • By contrast, business leaders often have little or no experience with disaster recovery, and don’t have the same level of experience as IT when it comes to working with other business units.

    Why shouldn’t IT own the plan?

    • Business unit managers have the authority to direct resources in their department to participate in the BCP process.
    • Business users are the experts in their processes, and are in the best position to identify dependencies, downtime impacts, recovery objectives, and viable solutions (e.g., acceptable alternate sites or process workarounds).
    • Ultimately, business unit managers and executives must decide whether to mitigate, accept, or transfer risks.

    Info-Tech Insight

    A goal of the pilot is to seed success for further planning exercises. This is as much about demonstrating the value of continuity planning to the business unit, and enabling them to own it, as it is about implementing the methodology successfully.

    Create a RACI matrix for the pilot

    Assemble a small, focused team for the pilot project empowered to discover, report, and present possible solutions to continuity planning challenges in your organization.

    Outline roles and responsibilities on the pilot team using a “RACI” exercise. Remember, only one party can be ultimately accountable for the work being completed.

    Example Pilot BCP Project RACI

    Board Executive Team BCP Executive Sponsor BCP Team Leader BCP Coordinator Pilot Bus. Unit Manager Expert Bus. Unit Staff IT Manager
    Communicate BCP project status I I I A R C C I
    Assign resources to pilot BCP project A R C R C R
    Conduct continuity planning activities I A/R R R R R
    Create pilot BCP deliverables I A R R C C C
    Manage BCP documentation I A C R I C C
    Integrate results into BCMS I I A R R I C C
    Create overall BCP project plan I I A R C C

    R: Responsible for doing the work.

    A: Accountable to ensure the activity/work happens.

    C: Consulted prior to decision or action.

    I: Informed of the decision/action once it’s made.

    "Large teams excel at solving problems, but it is small teams that are more likely to come up with new problems for their more sizable counterparts to solve." – Wang & Evans, 2019

    Info-Tech Insight

    Small teams tend to be better at trialing new techniques and finding new ways to think about problems, both of which are needed for a BCP pilot project.

    Choose one business unit for the pilot

    Many organizations begin their BCP project with a target business unit in mind. It’s still worth establishing whether this business unit meets the criteria below.

    Good candidates for a pilot project:

    • Business processes are standardized and documented.
    • Management and staff are motivated to improve business continuity.
    • The business unit is sufficiently well resourced to spare time (e.g. a few hours a week) to dedicate to the BCP process.
    • If the business unit doesn’t meet these criteria, consider addressing shortfalls before the pilot (e.g. via stakeholder management or business process analysis) or selecting another unit.
    • Many of the decisions will ultimately require input and support from the business unit’s manager(s). It is critical that they are bought into and engaged with the project.
    • The leader of the first business unit will be a champion for BCP within the executive team.
    • Sometimes, there’s no clear place to start. If this is the case for you, consider using Info-Tech’s Business Unit BCP Prioritization Tool to determine the order in which business units should undergo BCP development.

    Create role descriptions for the pilot project

    Use these role descriptions and your RACI chart to define roles for the pilot.

    These short descriptions establish the functions, expectations, and responsibilities of each role at a more granular level.

    The Board and executives have an outsized influence on the speed at which the project can be completed. Ensure that communication with these stakeholders is clear and concise. Avoid involving them directly in activities and deliverable creation, unless it’s required by their role (e.g. as a business unit manager).

    Project Role Description
    Board & Executive Team
    • Will receive project status updates but are not directly involved in deliverable creation.
    Executive Sponsor
    • Liaison with the executive team.
    • Accountable to ensure the pilot BCP is completed.
    • Set project goals and approve resource allocation and funding.
    Pilot Business Unit Manager
    • Drive the project and assign required resources.
    • Delegate day-to-day project management tasks to the BCP Coordinator.
    BCP Coordinator
    • Function as the project manager. This includes scheduling activities, coordinating resources, reporting progress, and managing deliverables.
    • Learn and apply the BCP methodology to achieve project goals.
    Expert Business Unit Staff
    • Pilot business unit process experts to assist with BCP development for that business unit.
    IT Manager
    • Provide guidance on IT capabilities and recovery options.
    Other Business Unit Managers
    • Consulted to validate or provide input to the business impact analysis and RTOs/RPOs.

    Identify a suitable BCP Coordinator

    A skilled and committed coordinator is critical to building an effective and durable BCP.

    • Coordinating the BC planning effort requires a perspective that’s informed by IT, but goes beyond IT.
    • For example, many IT professionals only see business processes where they intersect with IT. The BCP Coordinator needs to be able to ask the right questions to help the business units think through dependencies for critical processes.
    • Business analysts can thrive in this role, which requires someone effective at dissecting business processes, working with business users, identifying requirements, and managing large projects.

    Structure the role of the BCP Coordinator

    The BCP Coordinator works with the pilot business unit as well as remaining business units to provide continuity and resolve discrepancies as they come up between business units.

    Specifically, this role includes:

    • Project management tasks (e.g. scheduling, assigning tasks, coordinating resources, and reporting progress).
    • Learning the BCP methodology (through the pilot) so that this person can lead remaining business units through their BCP process. This enables the IT leader who had been assigned to guide BCP development to step back into a more appropriate consulting role.
    • Managing the BCP workflow.

    "We found it necessary to have the same person work with each business unit to pass along lessons learned and resolve contingency planning conflicts for common dependencies." – Michelle Swessel, PM and IT Bus. Analyst, Wisconsin Compensation Rating Bureau (WCRB)

    Template: Pilot Project Charter

    Formalize participants, roles, milestones, risks for the pilot project.

    Your charter should:

    1. Define project parameters, including drivers, objectives, deliverables, and scope.
    2. Identify the pilot business unit.
    3. Assign a BCP pilot team, including a BCP Coordinator, to execute the methodology.
    4. Define before-and-after metrics to enable the team to measure pilot success.
    5. Set achievable, realistic target dates for specific project milestones.
    6. Document risks, assumptions, and constraints.

    Download Info-Tech’s BCP Pilot Project Charter Template

    Step 1.3

    Identify business processes, dependencies, and alternatives

    This step will walk you through the following activities:

    • Identify key business processes.
    • Document the process workflow.
    • Identify dependencies and alternates for those dependencies.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    You'll use the following tools & templates:

    Outcomes & Insights

    Documented workflows, process dependencies, and workarounds when dependencies are unavailable.

    Flowchart business processes

    Workflows help you visually identify process dependencies and optimization opportunities.

    • Business continuity planning is business process focused. You need to document business processes, dependencies, and downtime workarounds.
    • Process documentation is a basic BCP audit requirement, but it will also:
      • Keep discussions about business processes well-scoped and focused – by documenting the process, you also clarify for everyone what you’re actually talking about.
      • Remind participants of process dependencies and workarounds.
      • Make it easier to spot possible process breakdowns or improvements.
      • Capture your work, which can be used to create or update SOP documentation.
    • Use flowcharts to capture process workflows. Flowcharts are often quicker to create, take less time to update, and are ultimately more usable than a dense manual.

    Info-Tech Insight

    Process review often results in discovering informal processes, previously unknown workarounds or breakdowns, shadow IT, or process improvement opportunities.

    1.3.1 Prioritize pilot business unit processes

    Input

    • List of key business unit processes.

    Output

    • List of key business unit processes, now prioritized (at a high-level)

    Materials

    • Whiteboard/flip charts
    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (leads the discussion)
    • Pilot Business Unit Manager

    30 minutes

    1. Create a list of all formal and informal business processes executed by the pilot business unit.
    2. Discuss the impact of process downtime, and do a quick assessment whether impact of downtime for each process would be high, medium, or low across each of these criteria:
      • Revenue or costs (e.g. supports sales, billing, or productivity)
      • Goodwill (e.g. affects internal or external reputation)
      • Compliance (e.g. affects legal or industry requirements)
      • Health or safety (e.g. affects employee/public health & safety)

    Note: A more in-depth analysis will be conducted later to refine priorities. The goal here is a high-level order of priority for the next steps in the planning methodology (identify business processes and dependencies).

    1. In the BCP Business Impact Analysis Tool, Processes and Dependencies tab, record the following:
      • The business processes in rough order of criticality.
      • For each process, provide a brief description that focuses on purpose and impact.
      • For each process, name a process owner (i.e. accountable for process completion – could be a manager or senior staff, not necessarily those executing the process).

    1.3.2 Review process flows & identify dependencies

    Input

    • List of key business unit processes (prioritized at a high level in Activity 1.3.1).
    • Business process flowcharts.

    Output

    • Business process flowcharts

    Materials

    • Whiteboard/flip charts
    • Microsoft Visio, or other flowcharting software
    • BCP Business Impact Analysis Tool

    Download Info-Tech’s Business Process Workflows Example

    1.5 hours

    1. Use a whiteboard to flowchart process steps. Collaborate to clarify process steps and dependencies. If processes are not documented, use this as an opportunity to create standard operating procedures (SOPs) to drive consistency and process optimization, as described in the Info-Tech blueprint, Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind.
    2. Record the dependencies in tab 1 of the BCP Business Impact Analysis Tool in the appropriate columns:
      • People – Anyone involved in the process, from providing guidance to executing the steps.
      • IT Applications – Core IT services (e.g. ERP, CRM) required for this process.
      • End-user devices & equipment – End-user devices, locally-installed apps, IoT, etc.
      • Facility – Any special requirements beyond general office space.
      • Suppliers & Service Providers – Third-parties who support this process.

    Info-Tech Insight

    Policies and procedures manuals, if they exist, are often out of date or incomplete. Use these as a starting point, but don’t stop there. Identify the go-to staff members who are well versed in how a process works.

    1.3.3 Document workarounds

    Input

    • Business process flowcharts.
    • List of process dependencies.

    Output

    • Workarounds and alternatives in the event dependencies aren’t available.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the activity)
    • Pilot Business Unit Manager
    • Business Process Subject Matter Experts (SMEs)

    1.5 hours

    Identify alternatives to critical dependencies to help you create contingency plans.

    1. For each business process, identify known alternatives for each primary dependency. Ignore for the moment how long the workaround or alternate would be feasible.
    2. Record alternatives in the Business Continuity Business Impact Analysis Tool, Processes and Dependencies tab, Alternatives columns (a separate column for each category of dependency):
      • People – Can other staff execute the process steps? (Example: managers can step in if needed.)
      • IT Applications – Is there a manual workaround or other alternative while enterprise technology services are unavailable? (Example: database is down, but data is stored on physical forms.)
      • End-User Devices and Equipment – What alternatives exist to the usual end-user technologies, such as workstations and desk phones? (Example: some staff have cell phones.)
      • Facility Location and Requirements – Is there an alternate location where this work can be conducted? (Example: work from home, or from another building on the campus.)
      • Suppliers and External Services – Is there an alternative source for key suppliers or other external inputs? (Example: find alternate suppliers for key inputs.)
      • Additional Inputs or Requirements – What workarounds exist for additional artifacts that enable process steps (e.g. physical inventory records, control lists)? (Example: if hourly pay information is missing, run the same payroll as the previous run and reconcile once that information is available.)

    Phase 2

    Conduct a BIA to Determine Acceptable RTOs and RPOs

    Phase 2

    2.1 Define an objective impact scoring scale

    2.2 Estimate the impact of downtime

    2.3 Determine acceptable RTO/RPO targets

    Insights & Outcomes

    Assess the impact of business process downtime using objective, customized impact scoring scales. Sort business processes by criticality and by assigning criticality tiers, recovery time, and recovery point objectives.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 2.1

    Define an objective scoring scale

    This step will walk you through the following activities:

    • Identify impact criteria that are relevant to your business.
    • Create a scale that defines a range of impact for relevant criteria.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Define an impact scoring scale relevant to your business, which allows you to more-objectively assess the impact of business process downtime.

    Set appropriate recovery objectives

    Recovery time and recovery point objectives should align with business impact.

    The activities in Phase 2 will help you set appropriate, acceptable recovery objectives based on the business impact of process downtime.

    • The recovery time objective (RTO) and recovery point objective (RPO) are the recovery goals set for individual processes and dependencies to ensure your business unit meets its overall acceptable recovery timeline.

    For example:

    • An RTO of four hours means staff and other required resources must be available to support the business processes within four hours of an incident (e.g. relocate to an alternate worksite if necessary, access needed equipment, log-in to needed systems, get support for completing the process from alternate staff, etc.)
    • An RPO of four hours for a customer database means the most recent secondary copy of the data must never be more than four hours old – e.g. running a backup every four hours or less.

    Conduct a Business Impact Analysis (BIA)

    Create Impact Scoring Scales→Assess the impact of process downtime→Review overall impact of process downtime→Set Criticality Tiers→Set Recovery Time and Recovery Point Objectives

    Create financial impact scales

    Identify maximum cost and revenue impacts to build financial impact scales to measure the financial impact of process downtime.

    Work with the Business Unit Manager and Executive Sponsor to identify the maximum impact in each category to the entire business. Use a worst-case scenario to estimate the maximum for each scale. In the future, you can use this scoring scale to estimate the impact of downtime for other business units.

    • Loss of Revenue: Estimate the upper bound for this figure from the previous year, and divide that by the number of business days in the year. Note: Some organizations may choose to exclude revenue as a category where it won’t be lost (e.g. public-sector organizations).
    • Loss of Productivity: Proxy for lost workforce productivity using payroll numbers. Use the fully loaded payroll for the company, divided by the number of working days in the year as the maximum.
    • Increased Operating Costs: Isolate this to known additional costs resulting from a disruption. Does the interruption itself increase operating costs (e.g. if using timesheets for hourly/contract employees and that information is lost or unavailable, do you assume a full work week)?
    • Financial Penalties: If there are known financial penalties (e.g. due to failure to meet SLAs or other contractual obligations), include those values in your cost estimates.

    Info-Tech Insight

    Cost estimates are like hand grenades and horseshoes: you don’t need to be exact. It’s much easier to get input and validation from other stakeholders when you have estimates. Even weak estimates are far better than a blank sheet.

    Create goodwill, compliance, and safety impact scales

    Create a quantitative, more-objective scoring scale for goodwill, compliance and safety by following the guidance below.

    • Impact on Customers: By default, the customer impact scale is based on the percent of your total customer base impacted. You can also modify this scale to include severity of impact or alter it to identify the maximum number of customers that would be impacted.
    • Impact on Staff: Consider staff that are directly employed by the organization or its subsidiaries.
    • Impact on Business Partners: Which business partners would be affected by a business disruption?
    • Impact on Health & Safety: Consider the extent to which process downtime could increase the risk of the health & safety of staff, customers, and the general public. In addition, degradation of health & safety services should be noted.
    • Impact on Compliance: Set up the scale so that you can capture the impact of any critical regulatory requirements that might not be met if a particular process was down for 24 hours. Consider whether you expect to receive leeway or a grace period from the governance body that requires evidence of compliance.

    Info-Tech Best Practice

    Use just the impact scales that are relevant to your organization.

    Tool: Impact Scoring Scales

    • Define 4-point scoring scales in the BCP business impact analysis tool for a more objective assessment than gut-feel rankings.
    • You don’t need to include every category, if they aren’t relevant to your organization.
    • Refine the scoring scale as needed through the pilot project.
    • Use the same scoring scale for impact analyses with additional business units in the future.

    An image depicting the Business Impact Analysis Tool. A note pointing to the Level of Impact and Direct Cost Impact Scales columns states: Add the maximum cost impacts across each of the four impact scales to the tool. The rest of the scale will auto-populate based on the criteria outlined in the “Level of Impact” column. A note pointing to the column headers states: Change the names of the column headers in this tab. The changes to column headers will populate across the rest of the tool. Indicate exclusions from the scale here. A note pointing to the Goodwill Impact Scales columns reads: Update the Goodwill impact scales. For example, perhaps a critical impact on customers could be defined as “a significant impact on all customers using the organization’s services in a 24-hour period.” A note pointing to the Compliance, Heath and Safety Impact Scales columns reads: Review the compliance and safety impact scales, and update as required.

    Step 2.2

    Estimate the impact of downtime

    This step will walk you through the following activities:

    • Apply the scoring scale developed in step 2.1 to assess the impact of downtime for specific business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Develop an objective view of the impact of downtime for key business processes.

    2.2.1 Estimate the impact of downtime

    1.5 hours

    Input

    • List of business processes, dependencies, and workarounds, all documented in the BIA tool.

    Output

    • Impact of downtime scores for key business unit processes.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Print a copy of the Scoring Criteria tab to use as a reference, or have it open on another screen. In tab 3 of the BCP Business Impact Analysis Tool use the drop-down menu to assign a score of 0 to 4 based on levels of impact defined in the Scoring Criteria tab.
    2. Work horizontally across all categories for a single process. This will set a benchmark, familiarize you with the scoring system, and allow you to modify any scoring scales if needed. In general, begin with the process that you know to be most critical.
      • For example, if call center sales operations are down:
        • Loss of Revenue would be the portion of sales revenue generated through the call center. This might score a 2 or 3 depending on the proportion of sales generated through the call center.
        • The Impact on Customers might be a 1 or 2 depending on the extent that existing customers might be using the call center to purchase new products or services.
        • The Legal/Regulatory Compliance and Health or Safety Risk might be a 0.
    3. Next, work vertically across all processes within a single category. This will allow you to compare scores within the category as you create them.

    Tool: Impact Analysis

    • The goal of the exercise is to arrive at a defensible ranking of process criticality, based on the impact of downtime.
    • Make sure participants can see the scores you’re assigning during the exercise (e.g. by writing out the scores on a whiteboard, or displaying the tool on a projector or screen) and can reference the scoring scales tab to understand what the scores mean.
    • Take notes to record the rationale behind the impact scores. Consider assigning note-taking duties to one of the participants.

    An image of the Impact Analysis Tool. A note pointing to the column headings states: Any customized column headings from tab 2, Scoring Criteria are automatically ported to this tab. A note pointing to the Impact on Goodwill columns reads: Score each application across each scoring scale from 0 to 4. Be sure to refer back to the scoring scale defined in tab 2. Have the scoring scale printed out, written on a whiteboard, or displayed on a separate screen. A note pointing to the tool's dropdown boxes states: Score categories using the drop-down boxes. A note pointing to the centre columns reads: Ignore scoring for categories you choose to exclude. You can hide these columns to clean up the tool if needed.

    2.2.2 Sort processes into Criticality Tiers

    30 minutes

    Input

    • Processes, with assigned impact scores (financial impact, goodwill impact, compliance and safety impact).

    Output

    • Business processes sorted into criticality tiers, based on the impact of downtime.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. In general, consider the Total Impact on Goodwill, Compliance, and Safety first.
      • An effective tactic to start the process is to assign a tier 1 rating to all processes with a Goodwill, Compliance, and Safety score that’s 50% or more of the highest total score, tier 2 where scores are between 25% and 50%, and tier 3 where scores are below 25% (see table below for an example).
      • In step 2.3, you’ll align recovery time objectives with the criticality tiers. So, Tier 1 processes will target recovery before Tier 2 processes, and Tier 2 processes will target recovery before Tier 3 processes.
    2. Next, consider the Total Cost of Downtime.
    • The Total Cost is calculated by the tool based on the Scoring Criteria in tab 2 and the estimates in the BIA.
    • Consider whether the total cost impact justifies changing the criticality rating. “Smoke test” categorization with participants. Are there any surprises (processes more or less critical than expected)?
  • If the categorization doesn’t seem right, check that the scoring scale was applied consistently.
  • Example: Highest total Goodwill, Compliance, and Safety impact score is 18.

    Tier Score Range % of high score
    Tier 1 - Gold 9-18 50-100%
    Tier 2 - Silver 5 to 9 25-50%
    Tier 3 - Bronze 0 to 5 0-25%

    Step 2.3

    Determine acceptable RTO and RPO targets

    This step will walk you through the following activities:

    • Identify acceptable Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for business processes.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes and Insights

    Right-size recovery objectives based on business impact.

    Right-size recovery objectives

    Acceptable RTOs and RPOs must be right-sized to the impact of downtime.

    Rapid recovery typically requires more investment.

    The impact of downtime for most business processes tends to look something like the increasing impact curve in the image to the right.

    In the moments after a disruption, impact tends to be minimal. Imagine, for example, that your organization was suddenly unable to pay its suppliers (don’t worry about the reason for the disruption, for the moment). Chances are, this disruption wouldn’t affect many payees if it lasted just a few minutes, or even a few hours. But if the disruption were to continue for days, or weeks, the impact of downtime would start to spiral out of control.

    In general, we want to target recovery somewhere between the point where impact begins, and the point where impact is intolerable. We want to balance the impact of downtime with the investment required to make processes more resilient.

    Info-Tech Insight

    Account for hard copy files as well as electronic data. If that information is lost, is there a backup? BCP can be the driver to remove the last resistance to paperless processes, allowing IT to apply appropriate data protection.

    Set recovery time objectives and recovery point objectives in the “Debate Space”

    A graph with the X axis labelled as: Increasing downtime/data loss and the Y-axis labelled Increasing Impact. The graph shows a line rising as impact and downtime/data loss increase, with the lowest end of the line (on the left) labelled as minimal impact, and the highest point of the line (on the right) labelled maximum tolerance. The middle section of the line is labelled as the Debate Space, and a note reads: Acceptable RTO/RPO must be between Low Impact and Maximum Tolerance

    2.3.1 Define process-level recovery objectives

    1 hour

    Input

    • Processes, ranked by criticality.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool

    Participants

    • BCP Coordinator (facilitates the discussion)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review the “Debate Space” diagram (shown in previous section) with all participants.
    2. Ask business participants for each process: how much downtime is tolerable, acceptable, or appropriate? How much data loss is tolerable?
      • If participants aren’t yet comfortable setting recovery objectives, identify the point at which downtime and data loss first becomes noticeable and the point at which downtime and data loss becomes intolerable.
      • Choose an RTO and RPO for each process that falls within the range set by these two extremes.

    RTOs and RPOs are business-defined, impact-aligned objectives that you may not be able to achieve today. It may require significant investments of time and capital to enable the organization to meet RTO and RPO.

    2.3.2 Align RTOs within and across criticality tiers

    1 hour

    Input

    • Results from pilot BCP impact analysis.

    Output

    • Initial business-defined recovery objectives for each process.

    Materials

    • BCP Business Impact Analysis Tool
    • Whiteboard/ flipchart

    Participants

    • BCP Coordinator
    • BCP Project Sponsor
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager (optional)

    Set a range for RTO for each Tier.

    1. Start with your least critical/Tier 3 processes. Use the filter in the “Criticality Rating” column in the Impact Analysis tab of the BIA tool to show only Tier 3 processes.
      • What range of RTOs did the group assign for processes in this Tier? Does the group agree that these targets are appropriate for these processes?
      • Record the range of RTOs on the whiteboard or flipchart.
    2. Next, look at Tier 2 processes. Use the same filter to show just Tier 2 processes.
      • Record the range of RTOs, confirm the range with the group, and ensure there’s no overlap with the Tier 3 range.
      • If the RTOs in one Tier overlap with RTOs in another, you’ll need to adjust RTOs or move processes between Tiers (if the impact analysis justifies it).
    Tier RTO
    Tier 1 4 hrs- 24 hrs
    Tier 2 24 hrs - 72 hrs
    Tier 3 72 hrs - 120 hrs

    Phase 3

    Document the Recovery Workflow and Projects to Close Gaps

    3.1 Determine current recovery procedures

    3.2 Identify and prioritize projects to close gaps

    3.3 Evaluate business continuity site and command center options

    Insights & Outcomes

    Outline business recovery processes. Highlight gaps and risks that could hinder business recovery. Brainstorm ideas to address gaps and risks. Review alternate site and business relocation options.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Business Process SMEs

    Step 3.1

    Determine current recovery procedures

    This step will walk you through the following activities:

    • Create a step-by-step, high-level recovery workflow.
    • Highlight gaps and risks in the recovery workflow.
    • Test the workflow against multiple scenarios.

    This step involves the following participants:

    • BCP Coordinator
    • Crisis Management Team
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Establish steps required for business recovery and current recovery timelines.

    Identify risks & gaps that could delay or obstruct an effective recovery.

    Conduct a tabletop planning exercise to draft business recovery plans

    Tabletop exercises are the most effective way to test and increase business confidence in business recovery capabilities.

    Why is tabletop planning so effective?

    • It enables you play out a wider range of scenarios than technology-based testing (e.g. full-scale, parallel) due to cost and complexity factors.
    • It is non-intrusive, so it can be executed more frequently than other testing methodologies.
    • It provides a thorough test of your recovery workflow since the exercise is, essentially, paper-based.
    • After you have a BCP in place, this exercise can continue to be a valuable testing exercise for BCP to capture changes in your recovery process.

    A graph titled: Tabletop planning had the greatest impact on respondent confidence in meeting recovery objectives. The graph shows that the relative importance of Tabletop Planning is 57%, compared to 33% for Unit Testing, 3% for Simulation Testing, 6% for Parallel Testing, and 2% for Full-Scale Testing. The source for the graph is Info-Tech Research Group.

    Step 2 - 2 hours
    Establish command center.

    Step 2: Risks

    • Command center is just 15 miles away from primary site.

    Step 2: Gaps

    • Confirm what’s required to set up the command center.
    • Who has access to the EOC?
    • Does the center have sufficient bandwidth, workstations, phones, telephone lines?

    3.1.1 Choose a scenario for your first tabletop exercise

    30 minutes

    Input

    • List of past incidents.
    • Risks to business continuity that are of high concern.

    Output

    • Scenario for the tabletop exercise.

    Materials

    • N/A

    Participant

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot business unit manager

    At the business unit level, the goal is to define a plan to resume business processes after an incident.

    A good scenario is one that helps the group focus on the goal of tabletop planning – to discuss and document the steps required to recover business processes. We suggest choosing a scenario for your first exercise that:

    • Disrupts many process dependencies (i.e. facilities, staff, IT services, suppliers).
    • Does not result in major property damage, harm, or loss of life. Business resumption is the focus of this exercise, not emergency response.
    • Has happened in the past, or is of concern to the business.

    An example: a gas leak at company HQ that requires the area to be cordoned off and power to be shut down. The business must resume processes from another location without access to materials, equipment, or IT services at the primary location.

    A plan that satisfies the gas leak scenario should meet the needs of other scenarios that affect your normal workspace. Then use BCP testing to validate that the plan meets a wider range of incidents.

    3.1.2 Define the BCP activation process

    1 hour

    Input

    • Any existing crisis management, incident response or emergency response plans.
    • BC Scenario.

    Output

    • High level incident notification, assessment, and declaration workflow.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator
    • Crisis Management Team (if one exists)
    • Business Process SMEs
    • Pilot Business Unit Manager

    Answer the questions below to structure your notification, assessment, and BCP activation procedures.

    Notification

    How will you be notified of a disaster event? How will this be escalated to leadership? How will the team responsible for making decisions coordinate (if they can’t meet on-site)? What emergency response plans are in place to protect health and safety? What additional steps are involved if there’s a risk to health and safety?

    Assessment

    Who’s in charge of the initial assessment? Who may need to be involved in the assessment? Who will coordinate if multiple teams are required to investigate and assess the situation? Who needs to review the results of the assessment, and how will the results of the assessment be communicated (e.g. phone bridge, written memo)? What happens if your primary mode of communication is unavailable (e.g. phone service is down)?

    Declaration

    Who is responsible today for declaring a disaster and activating business continuity plans? What are the organization’s criteria for activating continuity plans, and how will BCP activation be communicated? Establish a crisis management team to guide the organization through a wide range of crises by Implementing Crisis Management Best Practices.

    3.1.3 Document the business recovery workflow

    1 hour

    Input

    • Pilot BIA.
    • Any existing crisis management, incident response, or emergency response plans.
    • BC Scenario

    Output

    • Outline of your BCP declaration and business recovery plan.

    Materials

    • Cue cards, sticky notes, whiteboard and markers, or Visio template.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Do the following:

    1. Create separate flows for facility, IT, and staff disruptions. Include additional workflows as needed.
      • We suggest you outline the recovery process at least to the point where business processes are restored to a minimum viable functional level.
    2. On white cue cards:
      1. Record the step.
      2. Indicate the task owner.
      3. Estimate how long the step will take.
    3. On yellow cue cards, document gaps in people, process, and technology requirements to complete the step.
    4. On red cue cards, indicate risks (e.g. no backup person for a key staff member).

    Info-Tech Best Practice

    Tabletop planning is most effective when you keep it simple.

    • Be focused; stay on task and on time.
    • Revisit each step and record risks and mitigation strategies.
    • Discuss each step from start to finish.
    • Revise the plan with key task owners.
    • Don’t get weighed down by tools.
    • Simple tools, like cue cards or whiteboards, can be very effective.

    Tool: BCP Recovery Workflow

    Document the steps you identified in the tabletop to create your draft recovery workflow.

    Why use a flowchart?

    • Flowcharts provide an at-a-glance view, are ideal for crisis scenarios where pressure is high and effective, and where timely communication is necessary.
    • For experienced managers and staff, a high-level reminder of process flows or key steps is sufficient.
    • Where more detail is required, include links to supporting documentation (which could include checklists, vendor documentation/contracts, other flowcharts, etc.)

    Create one recovery workflow for all scenarios.

    Traditional planning calls for separate plans for different “what-if” scenarios. This is challenging not just because it’s a lot more documentation – and maintenance – but because it’s impossible to predict every possible incident. Use the template, aligned to recovery of process dependencies, to create one recovery workflow for each business unit that can be used in and tested against different scenarios.

    Download Info-Tech’s BCP Recovery Workflow Example

    "We use flowcharts for our declaration procedures. Flowcharts are more effective when you have to explain status and next steps to upper management." – Assistant Director-IT Operations, Healthcare Industry

    "Very few business interruptions are actually major disasters. It’s usually a power outage or hardware failure, so I ensure my plans address ‘minor’ incidents as well as major disasters."- BCP Consultant

    3.1.4 Document achievable recovery metrics (RTA/RPA)

    30 minutes

    Input

    • Pilot BCP BIA.
    • Draft recovery workflow.

    Output

    • RTA and RPA for each business process.

    Materials

    • Pilot BCP BIA.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Add the following data to your copy of the BCP Business Impact Analysis Tool.

    1. Estimate the recovery time achievable (RTA) for each process based on the required time for the process to be restored to a minimum acceptable functional level. Review your recovery workflow to identify this timeline. For example, if the full process from notification, assessment, and declaration to recovery and relocation would take a full day, set the RTA to 24 hours.
    2. Estimate the recovery point achievable (RPA) for each process based on the maximum amount of data that could be lost. For example, if data on a particular system is backed up offsite once per day, and the onsite system was destroyed just before that backup began, the entire day’s data could be lost and the achievable RPO is 24 hours. Note: Enter a value of 9999 to indicate that data is unrecoverable.

    Info-Tech Insight

    Operating at a minimum acceptable functional level may not be feasible for more than a few days or weeks. Develop plans for immediate continuity first, then develop further plans for long-term continuity processes as required. Recognize that for longer term outages, you will evolve your plans in the crisis to meet the needs of the situation.

    3.1.5 Test the workflow of other scenarios

    1 hour

    Input

    • Draft recovery workflow.

    Output

    • Updated draft recovery workflow.

    Materials

    • Draft recovery workflow.
    • Projector or screen.

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager

    Work from and update the soft copy of your recovery workflow.

    1. Would any steps change if the scenario changes? If yes, capture the different flow with a decision diamond. See the example Recovery Workflow for a workflow that uses decision diamonds. Identify any new gaps or risks you encounter with red and yellow cards.
    2. Make sure the decision diamonds are as generalized as possible. For example, instead of creating a separate response plan for each scenario that would require you to relocate from your existing building, create one response plan for relocation and one response plan for remaining in place.
    3. See the next section for some examples of different types of scenarios that you may include in your recovery workflow.

    Info-Tech Insight

    Remember that health and safety risks must be dealt with first in a crisis. The business unit recovery workflow will focus on restoring business operations after employees are no longer at risk (e.g. the risk has been resolved or employees have been safely relocated). See Implement Crisis Management Best Practices for ideas on how to respond to and assess a wide range of crises.

    Not all scenarios will have full continuity plans

    Risk management is a business decision. Business continuity planning can help decision makers understand and decide on whether to accept or mitigate high impact, low probability risks.

    For some organizations, it’s not practical or possible to invest in the redundancy that would be necessary to recover in a timely manner from certain major events.

    Leverage existing risk management practices to identify key high impact events that could present major business continuity challenges that could cause catastrophic disruptions to facility, IT, staffing, suppliers, or equipment. If you don’t have a risk register, review the scenarios on the next slide and brainstorm risks with the working group.

    Work through tabletop planning to identify how you might work through an event like this, at a high level. In step 3.2, you can estimate the effort, cost, and benefit for different ideas that can help mitigate the damage to the business to help decision makers choose between investment in mitigation or accepting the risk.

    Document any scenarios that you identify as outside the scope of your continuity plans in the “Scope” section of your BCP Summary document.

    For example:

    A single location manufacturing company is creating a BCP.

    The factory is large and contains expensive equipment; it’s not possible to build a second factory for redundancy. If the factory is destroyed, operations can’t be resumed until the factory is rebuilt. In this case, the BCP outlines how to conduct an orderly business shutdown while the factory is rebuilt.

    Contingency planning to resume factory operations after less destructive events, as well as a BCP for corporate services, is still practical and necessary.

    Considerations for other BCP scenarios

    Scenario Type Considerations
    Local hazard (gas leak, chemical leak, criminal incident, etc.)
    • Systems might be accessible remotely, but hands-on maintenance will be required eventually. “Work from home” won’t be a long-term solution.
    • An alternate site is required for service continuity. Can be within normal commuting distance.
    Equipment/building damage (fire, roof collapse, etc.)
    • Equipment will need repair or replacement (vendor involvement).
    • An alternate site is required for service continuity. Can be nearby.
    Regional natural disasters
    • Utilities may be affected (power, running water, etc.).
    • Expect staff to take care of their families first before work.
    • A geographically distant alternate site is required for service continuity.
    Supplier failure (IT provider outage, disaster at supplier, etc.)
    • Service-level agreements are important to establish recovery timelines. Review contracts and master services agreements.
    Staff (lottery win, work stoppage, pandemic/quarantine)
    • Staff are suddenly unavailable. Expect that no warm handoff to alternates is possible and that time to ramp up on the process is accounted for.
    • In a pandemic scenario, work from home, remote toolsets, and digital/contactless workflows become critical.

    Step 3.2

    Identify and prioritize projects to close gaps

    This step will walk you through the following activities:

    • Brainstorm solutions to identified gaps and risks.
    • Prioritize projects and action items to close gaps and risks.
    • Assess the impact of proposed projects on the recovery workflow.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify and prioritize projects and action items that can improve business continuity capabilities.

    3.2.1 Brainstorm solutions to address risks and gaps

    1 hour

    Input

    • Draft recovery workflow.
    • Known continuity risks and gaps.

    Output

    • Ideas for action items and projects to improve business continuity.

    Materials

    • Flipchart

    Participants

    • BCP Coordinator (facilitates the exercise)
    • Business Process Subject Matter Experts (SMEs)
    • Pilot Business Unit Manager
    1. Review each of the risk and gap cards from the tabletop exercise.
    2. As a group, brainstorm ideas to address gaps, mitigate risks, and improve resiliency. Write the list of ideas on a whiteboard or flip chart paper. The solutions can range from quick-wins and action items to major capital investments. The following slides can help you seed ideas to support brainstorming and idea generation.

    Info-Tech Best Practice

    Try to avoid debates about feasibility at this point. The goal is to get ideas on the board.

    When you’re brainstorming solutions to problems, don’t stop with the first idea, even if the solution seems obvious. The first idea isn’t always the best or only solution – other ideas can expand on it and improve it.

    Step 4: No formal process to declare a disaster and invoke business continuity.

    Step 7: Alternate site could be affected by the same regional event as the main office.

    Step 12: Need to confirm supplier service-level agreements (SLAs).

    1. Continue to create BCP documentation.
    2. Identify a third location for regional disasters.
    3. Contact suppliers to confirm SLAs and validate alignment with RTOs/RPOs.
    4. Add BCP requirements collection to service procurement process?

    Discuss your remote work capabilities

    With COVID-19, most organizations have experience with mass work-from-home.

    Review the following case studies. Do they reflect your experience during the COVID-19 pandemic?

    Unacceptable risk

    • A small insurance company provided laptops to staff so they could work remotely.
    • Complication: Cheque and print stock is a dependency and no plan was made to store check stock offsite in a secure fashion.

    Key dependencies missing

    • A local government provided laptops to key staff so they could work remotely.
    • Complication: The organization didn’t currently own enough Citrix licenses for every user to be online concurrently.

    Unable to serve customers

    • The attestation and land services department of a local government agency provided staff with remote access to key apps.
    • Complication: Their most critical business processes were designed to be in-person – they had no plan to execute these processes from home.

    Consider where your own work-from-home plans fell short.

    • Were your collaboration and communication solutions too difficult for users to use effectively?
    • Did legacy infrastructure affect performance or limit capabilities? Were security concerns appropriately addressed?
    • What challenges did IT face supporting business users on break-fix and new requests?
    • Were there logistical needs (shipping/receiving, etc.) that weren’t met?
    • Develop an updated plan to support work-from-home using Info-Tech’s BCP Relocation Checklists and Home Office Survey template, and integrate these into your overall BCP documentation. Stakeholders can easily appreciate the value of this plan since it’s relevant to recent experience.

    Identify opportunities to improve continuity plans

    What gaps in your continuity response could be addressed with better planning?

    People

    • Alternates are not identified
    • Roles in a disaster are not formalized
    • No internal/external crisis comm. strategy

    Site & Facilities

    • No alternate place of business or command center identified
    • No formal planning or exercises to test alternate site viability

    • Identify a viable secondary site and/or work-from-home plan, and develop a schedule for testing activities. Review in Step 3.3 of the Develop a Business Continuity Plan blueprint.

    External Services & Suppliers

    • Contingency plans for a disruption not planned or formalized
    • No formal review of service-level agreements (SLAs)

    • Contact key suppliers and vendors to establish SLAs, and ensure they meet requirements.
    • Review supplier continuity plans.

    Technology & Physical Assets

    • No secondary site or redundancy for critical IT systems
    • No documented end-to-end IT DR plan

    Tool: BCP Project Roadmap

    Prioritize and visualize BCP projects to present options to decision makers.

    Not all BCP projects can be tackled at once. Enable decision makers to defer, rather than outright reject, projects that aren’t feasible at this time.

    1. Configure the tool in Tab 1. Setup. Adjust criteria and definitions for criteria. Note that shaded columns are required for reporting purposes and can’t be modified.
    2. Add projects and action items in Tab 2. Data Entry. Fields highlighted in red are all required for the dashboard to populate. All other fields are optional but will provide opportunities to track more detailed data on project ideas.
    3. To generate the dashboard in Tab 3. Roadmap, open the Data ribbon and under Queries and Connections click Refresh All. You can now use the slicers on the right of the sheet.

    Download Info-Tech’s BCP Project Roadmap Tool

    Demonstrate BCP project impacts

    Illustrate the benefits of proposed projects.

    1. Review your recovery workflow.
    2. Make updates to a second copy of the high-level outline to illustrate how the business response to a disaster scenario will change once proposed projects are complete.
    • Remove steps that have been made unnecessary.
    • Remove any risks or gaps that have been mitigated or addressed.
    • Verify that proposed projects close gaps between acceptable and achievable recovery capabilities in the BIA tool.
  • The visual impact of a shorter, less-risky recovery workflow can help communicate the benefits of proposed projects to decision makers.
  • Step 3.3

    Evaluate business continuity site and command center options

    This step will walk you through the following activities:

    • Take a deep dive on the requirements for working from an alternate location.
    • Assess different options for an alternate location.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • Expert Business Unit Staff

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Identify requirements for an alternate business site.

    Tool: Relocation Checklists

    An alternate site could be another company building, a dedicated emergency operations center, or work-from-home. Use this tool to guide and prepare for any relocation exercise.

    • Coordinate your response with the pre-populated checklists in Tabs 1 & 2, identify who’s responsible for items on the checklists, and update your recovery workflows to reflect new steps. When reviewing the checklist, consider what can be done to prepare ahead of a crisis.
      • For example, you may wish to create crisis communication templates to streamline crisis communications during a disaster.
    • Calculate the effort required to provision equipment for relocated users in Tabs 3 & 4.
    • Evaluate your options for alternate sites with the requirements matrix in Tab 5. Use your evaluation to identify how the organization could address shortcomings of viable options either ahead of time or at the time of an incident.

    Download Info-Tech’s BCP Relocation Checklists

    Create a checklist of requirements for an alternate site

    Leverage the roll-up view, in tab 3, of dependencies required to create a list of requirements for an alternate site in tab 4.

    1. The table on Tab 5 of the relocation checklists is pre-populated with some common requirements. Modify or replace requirements to suit your needs for an alternate business/office site. Be sure to consider distance, transportation, needed services, accessibility, IT infrastructure, security, and seating capacity at a minimum.
    2. Don’t assume. Verify. Confirm anything that requires permissions from the site owner. What network providers have a presence in the building? Can you access the site 24/7 and conduct training exercises? What facilities and services are available? Are you guaranteed the space if needed?

    "There are horror stories about organizations that assumed things about their alternate site that they later found out they weren’t true in practice." – Dr. Bernard Jones, MBCI CBCP

    Info-Tech Insight

    If you choose a shared location as a BCP site, a regional disaster may put you in competition with other tenants for space.

    Identify a command center

    For command center and alternate worksite selection, remember that most incidents are local and short term. Identify an onsite and an offsite command center.

    1. For events where the building is not compromised, identify an onsite location, ideally with remote conferencing capabilities and planning and collaboration tools (projectors, whiteboards, flipcharts). The onsite location can also be used for BCM and crisis management meetings. Remember, most business continuity events are not regional or massively destructive.
    2. For the offsite command center, select a location that is sufficiently far away from your normal business location to maintain separation from local incidents while minimizing commute time. However, consider a geographically distant option (e.g. more than 50 miles away) identified for those scenarios where it is a regional disaster, or plan to leverage online tools to create a virtual command center (see the Insight box below).
    3. The first members of the Emergency Response Team to be notified of the incident will determine which location to use or whether a third alternative is required.

    Info-Tech Insight

    For many organizations, a dedicated command center (TVs on the wall, maps and charts in filing cabinets) isn’t necessary. A conference bridge and collaboration tools allowing everyone to work remotely can be an acceptable offsite command center as long as digital options can meet your command center requirements.

    Create a plan for a return to normal

    Operating in continuity mode for an extended period of time tends to result in higher costs and reduced business capabilities. It’s important to restore normal operations as soon as possible.

    Advance planning can minimize risks and delays in returning to normal operations.

    Leverage the methodology and tools in this blueprint to define your return to normal (repatriation) procedures:

    1. Repeat the tabletop planning exercise to determine the repatriation steps and potential gaps. How will you return to the primary site from your alternate site? Does data need to be re-entered into core systems if IT services are down? Do you need to transfer job duties back to primary staff?
    2. What needs to be done to address the gaps in the return to normal workflow? Are there projects or action items that could make return to normal easier?

    For more on supporting a business move back to the office from the IT perspective, see Responsibly Resume IT Operations in the Office

    Potential business impacts of ongoing operations at a failover site

    • The cost of leasing alternate business worksites.
    • Inability to deliver on strategic initiatives while in emergency/interim operations mode, resulting in lost business opportunities.
    • A growing backlog of work that falls outside of emergency operations mode.
    • Travel and accommodation costs if the alternate site is geographically remote.
    • Additional vendor licensing and contract costs.

    Phase 4

    Extend the Results of the Pilot BCP and Implement Governance

    Phase 4

    4.1 Consolidate BCP pilot insights to support an overall BCP project plan

    4.2 Outline a business continuity management (BCM) program

    4.3 Test and maintain your BCP

    Insights & Outcomes

    Summarize and consolidate your initial insights and documentation. Create a project plan for overall BCP. Identify teams, responsibilities, and accountabilities, and assign documentation ownership. Integrate BCP findings in DR and crisis management practices. Set guidelines for testing, plan maintenance, training, and awareness.

    Participants

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    Step 4.1

    Consolidate BCP pilot insights to support an overall BCP project plan

    This step will walk you through the following activities:

    • Summarize and consolidate outputs and key insights from the BCP pilot.
    • Identify outputs from the pilot that can be re-used for the overall BCP.
    • Create a project charter for an overall BCP.

    This step involves the following participants:

    • BCP Coordinator
    • Pilot Business Unit Manager
    • BCP Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Present results from the pilot BCP, and outline how you’ll use the pilot process with other business units to create an overall continuity program.

    Structure the overall BCP program.

    Template: BCP Pilot Results Presentation

    Highlight key findings from the BCP pilot to make the case for next steps.

    • Highlight critical gaps or risks identified, any potential process improvements, and progress made toward improving overall BCP maturity through the pilot project. Summarize the benefits of the pilot project for an executive audience.
    • Review process recovery objectives (RTO/RPO). Provide an overview of recovery capabilities (RTA/RPA). Highlight any significant gaps between objectives and capabilities.
    • Propose next steps, including an overall BCP project and program, and projects and action items to remediate gaps and risks.
    • Develop a project plan to estimate resource requirements for an overall BCP project prior to delivering this presentation. Quantifying required time and resources is a key outcome as it enables the remaining business units to properly scope and resource their BCP development activities and can help managers overcome the fear of the unknown.

    Download Info-Tech’s BCP Pilot Results Presentation

    Tool: BCP Summary

    Sum up information from completed BCP documents to create a high-level BCP overview for auditors and executives.

    The BCP Summary document is the capstone to business unit continuity planning exercises. It consolidates your findings in a short overview of your business continuity requirements, capabilities, and maintenance procedures.

    Info-Tech recommends embedding hyperlinks within the Summary to the rest of your BCP documentation to allow the reader to drill down further as needed. Leverage the following documents:

    • Business Impact Analysis
    • BCP Recovery Workflows
    • Business Process Workflows
    • BCP Project Roadmap
    • BCP Relocation Checklists
    • Business Continuity Policy

    Download Info-Tech’s BCP Summary Document

    Reuse templates for additional exercises

    The same methodology described in this blueprint can be repeated for each business unit. Also, many of the artifacts from the BCP pilot can be reused or built upon to give the remaining business units a head start. For example:

    • BCP Pilot Project Charter Template. Make a copy to use as a base for the next business unit’s BCP project charter, and update the stakeholders/roles and milestone dates. The rest of the content can remain the same in most cases.
    • BCP Reference Workbook. This tool contains information common to all business units and can be updated as needed.
    • BCP Business Impact Analysis Tool. You may need to start a separate copy for each business unit to allow enough space to capture all business processes. However, use the same scoring scale to drive consistent assessments. In addition, the scoring completed by the pilot business unit provides an example and benchmark for assessing other business processes.
    • BCP Recovery Workflow. The notification, assessment, and declaration steps can be standardized so remaining business units can focus primarily on recovery after a disaster is declared. Similarly, many of the steps related to alternate sites and IT workarounds will also apply to other business units.
    • BCP Project Roadmap Tool. Many of the projects identified by the pilot business unit will also apply to other business units – update the list as needed.
    • The Business Unit BCP Prioritization Tool, BCP Executive Presentation, and Business Continuity Policy Template do not need to be updated for each business unit.

    Info-Tech Best Practice

    You may need to create some artifacts that are site specific. For example, relocation plans or emergency plans may not be reusable from one site to another. Use your judgement to reuse as much of the templates as you can – similar templates simplify audit, oversight, and plan management.

    Create an Overall BCP Project Charter

    Modify the pilot project charter to encompass the larger BCP project.

    Adjust the pilot charter to answer the following questions:

    • How much time and effort should the rest of the project take, based on findings from the pilot? When do you expect to meet certain milestones? What outputs and outcomes are expected?
    • In what order should additional business units complete their BCP? Who needs to be involved?
    • What projects to address continuity gaps were identified during the pilot? What investments will likely be required?
    • What additional documentation is required? This section and the appendix include templates to document your BCM Policy, Teams & Contacts, your notification procedures, and more.
    • How does this integrate with the other areas of business resilience and continuity (IT disaster recovery planning and crisis management planning)?
    • What additional activities, such as testing, are required?

    Prioritize business units for further BCP activities.

    As with the pilot, choose a business unit, or business units, where BCP will have the greatest impact and where further BCP activities will have the greatest likelihood of success. Prioritize business units that are critical to many areas of the business to get key results sooner.

    Work with one business unit at a time if:

    • Required resources from the business unit are available to focus on BCP full-time over a short period (one to two weeks).
    • More hands-on guidance (less delegation) is needed.
    • The business unit is large or has complex processes.

    Work with several business units at the same time if:

    • Required resources are only available sporadically over a longer period of time.
    • Less guidance (more delegation) is possible.
    • All business units are small and have well-documented processes.

    Download Info-Tech’s Business Unit BCP Prioritization Tool

    Step 4.2

    Outline a Business Continuity Management (BCM) Program

    This step will walk you through the following activities:

    • Identify teams and roles for BCP and business continuity management.
    • Identify individuals to fill key roles.

    This step involves the following participants:

    • BCP Coordinator
    • Executive Sponsor

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Document BCP teams, roles, and responsibilities.

    Document contact information, alternates, and succession rules.

    Outline a Business Continuity Management Program

    A BCM program, also known as a BCM system, helps structure business continuity activities and practices to deliver long-term benefits to your business.

    A BCM program should:

    • Establish who is responsible and accountable for BCP practices, activities, and documentation, and set documentation management practices.
    • Define a process to improve plans. Review and update continuity requirements, suggest enhancements to recovery capabilities, and measure progress and improvements to the plan over time.
    • Coordinate disaster recovery, business continuity, and crisis management planning outputs and practices.
    • Communicate the value of the continuity program to the organization.

    Develop a Business Continuity Management Program

    Phase 4 of this blueprint will focus on the following elements of a business continuity management program:

    • BCM Roles, Responsibilities, and Accountabilities
    • BCM Document Management Practices
    • Integrate BC, IT DR, Crisis Management, and Emergency Management
    • Business Continuity Plan maintenance and testing
    • Training and awareness

    Schedule a call with an Info-Tech Analyst for help building out these core elements, and for advice on developing the rest of your BCM program.

    Create BCM teams

    Include a mix of strong leaders and strong planners on your BC management teams.

    BC management teams (including the secondary teams such as the emergency response team) have two primary roles:

    1. Preparation, Planning, and Governance: Conduct and consolidate business impact analyses. Review, and support the development of recovery workflows, including emergency response plans and business unit recovery workflows. Organize testing and training. Report on the state of the continuity plan.
    2. Leadership During a Crisis: Coordinate and support the execution of business recovery processes. To meet these goals, each team needs a mix of skill sets.

    Crisis leaders require strong crisis management skills:

    • Ability to make quick decisions under pressure with incomplete information.
    • Excellent verbal communication skills.
    • Strong leadership skills. Calm in stressful situations.
    • Team leaders are ideally, but not necessarily, those with the most senior title on each team. It’s more important that the team leader has the appropriate skill set.

    Collectively, the team must include a broad range of expertise as well as strong planning skills:

    • Diverse expertise to be able to plan for and respond to a wide range of potential incidents, from health and safety to reputational damage.
    • Excellent organizational skills and attention to detail.
    • Excellent written communication skills.

    Note: For specific BC team roles and responsibilities, including key resources such as Legal, HR, and IT SMEs required to prepare for and execute crisis management plans, see Implement Crisis Management Best Practices.

    Structure the BCM Team

    Create a hierarchy of teams to govern and coordinate business continuity planning and crisis management.

    BCM Team: Govern business continuity, DR, and crisis management planning. Support the organization’s response to a crisis, including the decision to declare a disaster or emergency.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    Emergency Response Teams: Assist staff and BC teams during a crisis, with a focus first on health and safety. There’s usually one team per location. Develop and maintain emergency response plans.

    IT Disaster Recovery Team: Manage the recovery of IT services and data following an incident. Develop and maintain the IT DRP.

    Business Unit BCP Teams: Coordinate business process recovery at the business unit level. Develop and maintain business unit BCPs.

    “Planning Mode”

    Executive Team → BC Management Team ↓

    • Emergency Response Teams (ERT)
    • Crisis Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    “Crisis Mode”

    Executive Team ↔Crisis Management Team↓ ↔ Emergency Response Teams (ERT)

    • BC Management Team
    • IT DR Management Team
    • Business Unit BCP Teams

    For more details on specific roles to include on these teams, as well as more information on crisis management, review Info-Tech’s blueprint, Implement Crisis Management Best Practices.

    Tool: BCM Teams, Roles, Contacts, and Vendors

    Track teams, roles, and contacts in this template. It is pre-populated with roles and responsibilities for business continuity, crisis management, IT disaster recovery, emergency response, and vendors and suppliers critical to business operations.

    • Expect overlap across teams. For example, the BC Management Team will include representation from each secondary team to ensure plans are in sync. Similarly, both the Crisis Communication Team and BC Management Team should include a representative from your legal team to ensure legal issues are considered in communications as well as overall crisis management.
    • Clarify spending and decision authority for key members of each team during a crisis.

    Track contact information in this template only if you don’t have a more streamlined way of tracking it elsewhere.

    Download Info-Tech’s Business Continuity Teams and Roles Tool

    Manage key vendors

    Review supplier capabilities and contracts to ensure they meet your requirements.

    Suppliers and vendors might include:

    • Material shipments
    • IT/telecoms service providers
    • Integrators and business process outsourcing providers
    • Independent contractors
    • Utilities (power, water, etc.)

    Supplier RTOs and RPOs should align with the acceptable RTOs and RPOs defined in the BIA. Where they do not, explore options for improvement.

    Confirm the following:

    1. The supplier’s own BC/DR capabilities – how they would recover their own operations in a disaster scenario.
    2. Any continuity services the supplier provides – how they can help you recover your operations in a disaster scenario.
    3. Their existing contractual obligations for service availability (e.g. SLAs).

    Download Info-Tech’s BCP Supplier Evaluation Questionnaire

    Organize your BCMS documentation

    Your BCP isn’t any one document. It’s multiple documents that work together.

    Continue to work through any additional required documentation. Build a repository where master copies of each document will reside and can be updated as required. Assign ownership of document management to someone with an understanding of the process (e.g. the BCP Coordinator).

    Governance Recovery
    BCMS Policy BCP Summary Core BCP Recovery Workflows
    Business Process Workflows Action Items & Project Roadmap BCP Recovery Checklists
    BIA Teams, Roles, Contact Information BCP Business Process Workarounds and Recovery Checklists
    BCP Maturity Scorecard BCP Project Charter Additional Recovery Workflows
    Business Unit Prioritization Tool BCP Presentation

    Info-Tech Best Practice

    Recovery documentation has a different audience, purpose, and lifecycle than governance documentation, and keeping the documents separate can help with content management. Disciplined document management keeps the plan current and accessible.

    Align your IT DRP with your BCP

    Use the following BCP outputs to inform your DRP:

    • Business process technology dependencies. This includes technology not controlled by IT (e.g. cloud-based services).
    • RTOs and RPOs for business processes.
    • Technology projects identified by the business to improve resilience (e.g. improved mobility support).
    PCP Outputs DRP Activities
    Business processes defined Identify critical applications

    Dependencies identified:

    • People
    • Enterprise tech
    • Personal devices
    • Workspace and facilities
    • Services and other inputs

    Identify IT dependencies:

    • Infrastructure
    • Secondary applications

    Recovery objectives defined:

    • BIA and RTOs/RPOs
    • Recovery workflows

    Identify recovery objectives:

    • BIA and RTOs/RPOs
    • IT Recovery workflows

    Projects identified to close gaps:

    • Resourcing changes (e.g. training secondary staff)
    • Process changes (e.g. optimize processes and define interim processes)
    • Technology changes (e.g. improving mobility)

    Identify projects to close gaps:

    • Projects to improve DR capability (e.g. data replication, standby systems).
    • Projects to improve resiliency (e.g. redundant components)

    Info-Tech Insight

    Don’t think of inconsistencies between your DRP and BCP as a problem. Discrepancies between the plans are part of the discovery process, and they’re an opportunity to have a conversation that can improve alignment between IT service capabilities and business needs. You should expect that there will be discrepancies – managing discrepancies is part of the ongoing process to refine and improve both plans.

    Schedule activities to keep BC and DR in sync

    BC/DR Planning Workflow

    1. Collect BCP outputs that impact IT DRP (e.g. technology RTOs/RPOs).

    2. As BCPs are done, BCP Coordinator reviews outputs with IT DRP Management Team.

    3. Use the RTOs/RPOs from the BCPs as a starting point to determine IT recovery plans.

    4. Identify investments required to meet business-defined RTOs/RPOs, and validate with the business.

    5. Create a DR technology roadmap to meet validated RTOs/RPOs.

    6. Review and update business unit BCPs to reflect updated RTOs/RPOs.

    Find and address shadow IT

    Reviewing business processes and dependencies can identify workarounds or shadow IT solutions that weren’t visible to IT and haven’t been included in IT’s DR plan.

    • If you identify technology process dependencies that IT didn’t know about, it can be an opportunity to start a conversation about service support. This can be a “teachable moment” to highlight the risks of adopting and implementing technology solutions without consulting IT.
    • Highlight the possible impact of using technology services that aren’t supported by IT. For example:
      • RTOs and RPOs may not be in line with business requirements.
      • Costs could be higher than supported solutions.
      • Security controls may not be in line with compliance requirements.
      • IT may not be able to offer support when the service breaks or build new features or functionality that might be required in the future.
    • Make sure that if IT is expected to support shadow IT solutions, these systems are included in the IT DRP and that the risks and costs of supporting the non-core solution are clear to all parties and are compared to an alternative, IT-recommended solutions.

    Shadow IT can be a symptom of larger service support issues. There should be a process for requesting and tracking non-standard services from IT with appropriate technical, security, and management oversight.

    Review and reprioritize BC projects to create an overall BC project roadmap

    Assign the BCP Coordinator the task of creating a master list of BC projects, and then work with the BC management team to review and reprioritize this list, as described below:

    1. Build a list of BC projects as you work with each business unit.
      1. Add proposed projects to a master copy of the BCP Project Roadmap Tool
      2. For each subsequent business unit, copy project names, scoring, and timelines into the master roadmap tool.
    2. Work with the Executive Sponsor, the IT BCM representative, and the BCM team to review and reprioritize projects.
      1. In the master BCP Project Roadmap Tool, review and update project scoring, taking into account the relative importance of each project within the overall list. Rationalize the list (e.g. eliminate duplicate projects).
    3. The project roadmap is a suggested list of projects at this stage. Assign a project sponsor and project manager (from the BC management team or appropriate delegates) to each project to take it through your organization’s normal project scoping and approval process.

    Improving business continuity capabilities is a marathon, not a sprint. Change for the better is still change and introduces risk – massive changes introduce massive risk. Incremental changes help minimize disruption. Use Info-Tech research to deliver organizational change.

    "Developing a BCP can be like solving a Rubik’s Cube. It’s a complex, interdepartmental concern with multiple and sometimes conflicting objectives. When you have one side in place, another gets pushed out of alignment." – Ray Mach, BCP Expert

    Step 4.3

    Test and maintain your BCP

    This step will walk you through the following activities:

    • Create additional documentation to support your business continuity plan.
    • Create a repository for documentation, and assign ownership for BCP documentation.

    This step involves the following participants:

    • BCP Coordinator

    In this step, you’ll use these tools and templates:

    Outcomes & Insights

    Create a plan to maintain the BCP.

    Iterate on your plan

    Tend your garden, and pull the weeds.

    Mastery comes through practice and iteration. Iterating on and testing your plan will help you keep up to date with business changes, identify plan improvements, and help your organization’s employees develop a mindset of continuity readiness. Maintenance drives continued success; don’t let your plan become stagnant, messy, and unusable.

    Your BCM program should structure BCP reviews and updates by answering the following:

    1. When do we review the plan?
    2. What are the goals of a review?
    3. Who must lead reviews and update BCP documents?
    4. How do we track reviews, tests, and updates?

    Structure plan reviews

    There are more opportunities for improvements than just planned reviews.

    At a minimum, review goals should include:

    1. Identify and document changes to BCP requirements.
    2. Identify and document changes to BCP capabilities.
    3. Identify gaps and risks and ways to remediate risks and close gaps.

    Who leads reviews and updates documents?

    The BCP Coordinator is likely heavily involved in facilitating reviews and updating documentation, at least at first. Look for opportunities to hand off document ownership to the business units over time.

    How do we track reviews, tests, and updates?

    Keep track of your good work by keeping a log of document changes. If you don’t have one, you can use the last tab on the BCP-DRP Maintenance Checklist.

    When do we review the plan?

    1. Scheduled reviews: At a minimum, plan reviews once a year. Plan owners should review the documents, identify needed updates, and notify the coordinator of any changes to their plan.
    2. As-needed reviews: Project launches, major IT upgrades, office openings or moves, organizational restructuring – all of these should trigger a BCP review.
    3. Testing exercises: Schedule controlled exercises to test and improve different aspects of your continuity plan, and ensure that lessons learned become part of plan documentation.
    4. Retrospectives: Take the opportunity to learn from actual continuity events and crises by conducting retrospectives to evaluate your response and brainstorm improvements.

    Conduct a retrospective after major incidents

    Use a retrospective on your COVID-19 response as a starting point. Build on the questions below to guide the conversation.

    • If needed, how did we set up remote work for our users? What worked, and what didn’t?
    • Did we discover any long-term opportunities to improve business processes?
    • Did we use any continuity plans we have documented?
    • Did we effectively prioritize business processes for recovery?
    • Were expectations from our business users in line with our plans?
    • What parts of our plan worked, and where can we improve the plan?
    1. Gather stakeholders and team members
    2. Ask:
      1. What happened?
      2. What did we learn?
      3. What did we do well?
      4. What should we have done differently?
      5. What gaps should we take action to address?
    3. Prepare a plan to take action

    Outcomes and benefits

    • Confirm business priorities.
    • Validate that business recovery solutions and procedures are effective in meeting business requirements (i.e. RTOs and RPOs).
    • Identify gaps in continuity resources, procedures, or documentation, and options to close gaps.
    • Build confidence in the response team and recovery capabilities.

    Tool: Testing and Maintenance Schedule

    Build a light-weight maintenance schedule for your BCP and DRP plans.

    This tool helps you set a schedule for plan update activities, identify document and exercise owners, and log updates for audit and governance purposes.

    • Add the names of your documents and brainstorm update activities.
    • Activities (document updates, testing, etc.) might be scheduled regularly, as-needed, or both. If they happen “as needed,” identify the trigger for the activity.
    • Start tracking past activities and resulting changes in Tab 3. You can also track crises that tested your continuity capabilities on this tab.

    Info-Tech Insight

    Everyone gets busy. If there’s a meeting you can schedule months in advance, schedule it months in advance! Then send reminders closer to the date. As soon as you’re done the pilot BCP, set aside time in everyone’s calendar for your first review session, whether that’s three months, six months, or a year from now.

    Appendix

    Additional BCP Tools and Templates

    Template Library: Business Continuity Policy

    Create a high-level policy to govern BCP and clarify BCP requirements.

    Use this template to:

    • Outline the organizational commitment to BCM.
    • Clarify the mandate to prepare, validate, and maintain continuity plans that align with business requirements.
    • Define specific policy statements that signatories to the policy are expected to uphold.
    • Require key stakeholders to review and sign off on the template.

    Download Info-Tech’s Business Continuity Policy template

    Template Library: Workarounds & Recovery Checklists

    Capture the step-by-step details to execute workarounds and steps in the business recovery process.

    If you require more detail to support your recovery procedures, you can use this template to:

    • Record specific steps or checklists to support specific workarounds or recovery procedures.
    • Identify prerequisites for workarounds or recovery procedures.

    Download Info-Tech’s BCP Process Workarounds & Recovery Checklists Template

    Template Library: Notification, Assessment, Declaration

    Create a procedure that outlines the conditions for assessing a disaster situation and invoking the business continuity plan.

    Use this template to:

    • Guide the process whereby the business is notified of an incident, assesses the situation, and declares a disaster.
    • Set criteria for activating business continuity plans.
    • Review examples of possible events, and suggest options on how the business might proceed or react.

    Download Info-Tech’s BCP Notification, Assessment, and Disaster Declaration Plan template

    Template Library: BCP Recovery Workflow Example

    Review an example of BCP recovery workflows.

    Use this template to:

    • Generate ideas for your own recovery processes.
    • See real examples of recovery processes for warehousing, supply, and distribution operations.
    • Review an example of working BCP documentation.

    Download Info-Tech’s BCP Recovery Workflows Example

    Create a Pandemic Response Plan

    If you’ve been asked to build a pandemic-specific response plan, use your core BCP findings to complete these pandemic planning documents.

    • At the onset of the COVID-19 crisis, IT departments were asked to rapidly ramp up work-from-home capabilities and support other process workarounds.
    • IT managers already knew that obstacles to working from home would go beyond internet speed and needing a laptop. Business input is critical to uncover unexpected obstacles.
    • IT needed to address a range of issues from security risk to increased service desk demand from users who don’t normally work from home.
    • Workarounds to speed the process up had to be balanced with good IT practices and governance (Asset Management, Security, etc.)
    • If you’ve been asked to update your Pandemic Response Plan, use this template and your core BCP deliverables to deliver a set of streamlined documentation that draws on lessons learned from the COVID-19 pandemic.

    Structure HR’s role in the pandemic plan

    Leverage the following materials from Info-Tech’s HR-focused sister company, McLean & Company.

    These HR research resources live on the website of Info-Tech’s sister company, McLean & Company. Contact your Account Manager to gain access to these resources.

    Summary of Accomplishment

    Knowledge Gained

    This blueprint outlined:

    • The streamlined approach to BCP development.
    • A BIA process to identify acceptable, appropriate recovery objectives.
    • Tabletop planning exercises to document and validate business recovery procedures.

    Processes Optimized

    • Business continuity development processes were optimized, from business impact analysis to incident response planning.
    • In addition, pilot business unit processes were identified and clarified to support BCP development, which also provided the opportunity to review and optimize those processes.

    Key Deliverables Completed

    • Core BCP deliverables for the pilot business unit, including a business impact analysis, recovery workflows, and a project roadmap.
    • BCP Executive Presentation to communicate pilot results as well as a summary of the methodology to the executive team.
    • BCP Summary to provide a high-level view of BCP scope, objectives, capabilities, and requirements.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com

    1-888-670-8889

    Research Contributors and Experts

    Dr. Bernard A. Jones, MBCI, CBCP

    Professor and Continuity Consultant Berkeley College

    Dr. Jones is a professor at Berkeley College within the School of Professional Studies teaching courses in Homeland Security and Emergency Management. He is a member of the National Board of Directors for the Association of Continuity Professionals (ACP) as well as the Information & Publications Committee Chair for the Garden State Chapter of the ACP. Dr. Jones earned a doctorate degree in Civil Security Leadership, Management & Policy from New Jersey City University where his research focus was on organizational resilience.

    Kris L. Roberson

    Disaster Recovery Analyst Veterans United Home Loans

    Kris Roberson is the Disaster Recovery Analyst for Veterans United Home Loans, the #1 VA mortgage lender in the US. Kris oversees the development and maintenance of the Veterans United Home Loans DR program and leads the business continuity program. She is responsible for determining the broader strategies for DR testing and continuity planning, as well as the implementation of disaster recovery and business continuity technologies, vendors, and services. Kris holds a Masters of Strategic Leadership with a focus on organizational change management and a Bachelors in Music. She is a member of Infragard, the National Association of Professional Women, and Sigma Alpha Iota, and holds a Project+ certification.

    Trevor Butler

    General Manager of Information Technology City of Lethbridge

    As the General Manager of Information Technology with the City of Lethbridge, Trevor is accountable for providing strategic management and advancement of the city’s information technology and communications systems consistent with the goals and priorities of the corporation while ensuring that corporate risks are appropriately managed. He has 15+ years of progressive IT leadership experience, including 10+ years with public sector organizations. He holds a B.Mgt. and PMP certification along with masters certificates in both Project Management and Business Analysis.

    Robert Miller

    Information Services Director Witt/Kieffer

    Bob Miller is the Information Services Director at Witt/Kieffer. His department provides end-user support for all company-owned devices and software for Oak Brook, the regional offices, home offices, and traveling employees. The department purchases, implements, manages, and monitors the infrastructure, which includes web hosting, networks, wireless solutions, cell phones, servers, and file storage. Bob is also responsible for the firm’s security planning, capacity planning, and business continuity and disaster preparedness planning to ensure that the firm has functional technology to conduct business and continue business growth.

    Related Info-Tech Research

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Create Visual SOP Documents that Drive Process Optimization, Not Just Peace of Mind

    Go beyond satisfying auditors to drive process improvement, consistent IT operations, and effective knowledge transfer.

    Select the Optimal Disaster Recovery Deployment Model

    Determine which deployment models, including hybrid solutions, best meet your DR requirements.

    Bibliography

    “Business Continuity Planning.” IT Examination HandBook. The Federal Financial Institution Examination Council (FFIEC), February 2015. Web.

    “Business Continuity Plans and Emergency Contact Information.” FINRA, 12 February 2015. Web.

    “COBIT 5: A Business Framework for the Governance and Management of Enterprise IT.” ISACA, n.d. Web.

    Disaster Resource GUIDE. Emergency Lifeline Corporation, n.d. Web.

    “DR Rules & Regulations.” Disaster Recovery Journal, March 2017. Web.

    “Federal Information Security Management Act (FISMA).” Homeland Security, 2014. Web.

    FEMA. “Planning & Templates.” FEMA, n.d. Web.

    “FINRA-SEC-CFTC Joint Advisory (Regulatory Notice 13-25).” FINRA, August 2013. Web.

    Gosling, Mel and Andrew Hiles. “Business Continuity Statistics: Where Myth Meets Fact.” Continuity Central, 24 April 2009. Web.

    Hanwacker, Linda. “COOP Templates for Success Workbook.” The LSH Group, 2016. Web.

    Potter, Patrick. “BCM Regulatory Alphabet Soup – Part Two.” RSA Link, 28 August 2012. Web.

    The Good Practice Guidelines. Business Continuity Institute, 2013. Web.

    Wang, Dashun and James A. Evans. “When Small Teams are Better than Big Ones.” Harvard Business Review, 21 February 2019. Web.

    Explore the Secrets of SAP Digital Access Licensing

    • Buy Link or Shortcode: {j2store}143|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • SAP’s licensing rules surrounding use and indirect access are vague, making it extremely difficult to purchase with confidence and remain compliant.
    • SAP has released nine document-type licenses that can be used in digital access licensing scenarios, but this model has its own challenges.
    • Whether you decide to remain “as is” or proactively change licensing over to the document model, either option can be costly and confusing.
    • Indirect static read can be a cause of noncompliance when data is exported but the processing capability of SAP ERP is used in real time.

    Our Advice

    Critical Insight

    • Examine all indirect access possibilities. Understanding how in-house or third-party applications may be accessing and utilizing the SAP digital core is critical to be able to correctly address issues.
    • Know what’s in your contract. Each customer agreement is different, and older agreements may provide both benefits and challenges when evaluating your SAP license position.
    • Understand the intricacies of document licensing. While it may seem digital access licensing will solve compliance concerns, there are still questions to address and challenges SAP must resolve.

    Impact and Result

    • Conduct an internal analysis to examine where digital access licensing may be needed to mitigate risk, as SAP will be speaking with all customers in due course. Indirect access can be a costly audit settlement.
    • Conduct an analysis to remove inactive and duplicate users, as multiple logins may exist and could end up costing the organization license fees when audited.
    • Adopt a cyclical approach to reviewing your SAP licensing and create a reference document to track your software needs, planned licensing, and purchase negotiation points.
    • Learn the SAP way of conducting business, which includes a best-in-class sales structure and unique contracts and license use policies, combined with a hyper-aggressive compliance function. Conducting business with SAP is not a typical vendor experience, and you will need different tools to emerge successfully from a commercial transaction.

    Explore the Secrets of SAP Digital Access Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you need to understand and document your SAP digital access licensing strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand, assess, and decide on digital access licensing

    Begin your SAP digital access licensing journey by evaluating licensing changes and options, and then make contractual changes to ensure compliance.

    • Explore the Secrets of SAP Digital Access Licensing – Phase 1: Understand, Assess, and Decide on Digital Access Licensing
    • SAP License Summary and Analysis Tool
    • SAP Digital Access Licensing Pricing Tool
    [infographic]

    Determine Your Zero Trust Readiness

    • Buy Link or Shortcode: {j2store}249|cart{/j2store}
    • member rating overall impact: 9.8/10 Overall Impact
    • member rating average dollars saved: $24,574 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting

    CISOs pushing for zero trust as their security strategy face several challenges including:

    • Understanding and clarifying the benefits of zero trust for the organization.
    • The inability to verify all business operations are maintaining security best practices.
    • Convincing business units to add more security controls that go against the grain of reducing friction in workflows while still demonstrating these controls support the business.

    Our Advice

    Critical Insight

    • Zero trust must benefit the business and security. Because the road to zero trust is an iterative process, IT security will need to constantly determine how different areas of zero trust will affect core business processes.
    • Zero trust reduces reliance on perimeter security. Zero trust is a strategy that solves how to move beyond the reliance on perimeter security and move controls to where the user accesses resources.
    • Not everyone can achieve zero trust, but everyone can adopt it. Zero trust will be different for every organization and may not be applicable in every control area. This means that zero trust is not a one-size-fits-all approach to IT security. Zero trust is the goal, but some organizations can only get so close to the ideal.

    Impact and Result

    Zero trust is a journey that uses multiple capabilities and requires multiple parties to contribute to an organization’s security. Use Info-Tech’s approach to:

    • Understand zero trust as a strategic platform for building your security roadmap.
    • Assess your current state and determine the benefits of adopting zero trust to help plan your roadmap.
    • Separate vendors from the hype surrounding zero trust to adopt a vendor-agnostic approach to your zero trust planning.

    Determine Your Zero Trust Readiness Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should determine your zero trust readiness, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand zero trust

    Recognize the zero trust ideal and understand the different zero trust schools of thought.

    2. Assess your zero trust readiness

    Assess and determine the benefits of zero trust and identify and evaluate vendors in the zero trust market.

    • Zero Trust Security Benefit Assessment Tool
    [infographic]

    Create and Manage Enterprise Data Models

    • Buy Link or Shortcode: {j2store}340|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $7,263 Average $ Saved
    • member rating average days saved: 16 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Business executives don’t understand the value of Conceptual and Logical Data Models and how they define their data assets.
    • Data, like mercury, is difficult to manage and contain.
    • IT needs to justify the time and cost of developing and maintaining Data Models.
    • Data as an asset is only perceived from a physical point of view, and the metadata that provides context and definition is often ignored.

    Our Advice

    Critical Insight

    • Data Models tell the story of the organization and its data in pictures to be used by a business as a tool to evolve the business capabilities and processes.
    • Data Architecture and Data Modeling have different purposes and should be represented as two distinct processes within the software development lifecycle (SDLC).
    • The Conceptual Model provides a quick win for both business and IT because it can convey abstract business concepts and thereby compartmentalize the problem space.

    Impact and Result

    • A Conceptual Model can be used to define the semantics and relationships for your analytical layer.
      • It provides a visual representation of your data in the semantics of business.
      • It acts as the anchor point for all data lineages.
      • It can be used by business users and IT for data warehouse and analytical planning.
      • It provides the taxonomies for data access profiles.
      • It acts as the basis for your Enterprise Logical and Message Models.

    Create and Manage Enterprise Data Models Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create enterprise data models, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Setting the stage

    Prepare your environment for data architecture.

    • Enterprise Data Models

    2. Revisit your SDLC

    Revisit your SDLC to embed data architecture.

    • Enterprise Architecture Tool Selection

    3. Develop a Conceptual Model

    Create and maintain your Conceptual Data Model via an iterative process.

    4. Data Modeling Playbook

    View the main deliverable with sample models.

    • Data Modeling Playbook
    [infographic]

    Workshop: Create and Manage Enterprise Data Models

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Establish the Data Architecture Practice

    The Purpose

    Understand the context and goals of data architecture in your organization.

    Key Benefits Achieved

    A foundation for your data architecture practice.

    Activities

    1.1 Review the business context.

    1.2 Obtain business commitment and expectations for data architecture.

    1.3 Define data architecture as a discipline, its role, and the deliverables.

    1.4 Revisit your SDLC to embed data architecture.

    1.5 Modeling tool acquisition if required.

    Outputs

    Data Architecture vision and mission and governance.

    Revised SDLC to include data architecture.

    Staffing strategy.

    Data Architecture engagement protocol.

    Installed modeling tool.

    2 Business Architecture and Domain Modeling

    The Purpose

    Identify the concepts and domains that will inform your data models.

    Key Benefits Achieved

    Defined concepts for your data models.

    Activities

    2.1 Revisit business architecture output.

    2.2 Business domain selection.

    2.3 Identify business concepts.

    2.4 Organize and group of business concepts.

    2.5 Build the Business Data Glossary.

    Outputs

    List of defined and documented entities for the selected.

    Practice in the use of capability and business process models to identify key data concepts.

    Practice the domain modeling process of grouping and defining your bounded contexts.

    3 Harvesting Reference Models

    The Purpose

    Harvest reference models for your data architecture.

    Key Benefits Achieved

    Reference models selected.

    Activities

    3.1 Reference model selection.

    3.2 Exploring and searching the reference model.

    3.3 Harvesting strategies and maintaining linkage.

    3.4 Extending the conceptual and logical models.

    Outputs

    Established and practiced steps to extend the conceptual or logical model from the reference model while maintaining lineage.

    4 Harvesting Existing Data Artifacts

    The Purpose

    Gather more information to create your data models.

    Key Benefits Achieved

    Remaining steps and materials to build your data models.

    Activities

    4.1 Use your data inventory to select source models.

    4.2 Match semantics.

    4.3 Maintain lineage between BDG and existing sources.

    4.4 Select and harvest attributes.

    4.5 Define modeling standards.

    Outputs

    List of different methods to reverse engineer existing models.

    Practiced steps to extend the logical model from existing models.

    Report examples.

    5 Next Steps and Wrap-Up (offsite)

    The Purpose

    Wrap up the workshop and set your data models up for future success.

    Key Benefits Achieved

    Understanding of functions and processes that will use the data models.

    Activities

    5.1 Institutionalize data architecture practices, standards, and procedures.

    5.2 Exploit and extend the use of the Conceptual model in the organization.

    Outputs

    Data governance policies, standards, and procedures for data architecture.

    List of business function and processes that will utilize the Conceptual model.

    Identify and Reduce Agile Contract Risk

    • Buy Link or Shortcode: {j2store}232|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $10,000 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Customer maturity levels with Agile are low, with 67% of organizations using Agile for less than five years.
    • Customer competency levels with Agile are also low, with 84% of organizations stating they are below a high level of competency.
    • Contract disputes are the number one or two types of disputes faced by organizations across all industries.

    Our Advice

    Critical Insight

    • Agile contracts require different wording and protections than traditional or waterfall contracts.
    • Agile buzzwords by themselves do not create an Agile contract.
    • There is a delicate balance between being overly prescriptive in an Agile contract and too lax.

    Impact and Result

    • Identify options for Agile contract provisions.
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Harness the power of Agile development and collaboration with the vendor while preserving contractual flexibility.
    • Focus on the correct contract clauses to manage Agile risk.

    Identify and Reduce Agile Contract Risk Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should treat Agile contracts differently from traditional or waterfall contracts, and review Info-Tech’s methodology, and understand the twelve contract clauses that are different for Agile contracts.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and evaluate options

    Use the information in this blueprint and Info-Tech’s Agile Contract Playbook-Checklist to review and assess your Agile contracts, ensuring that the provisions and protections are suitable for Agile contracts specifically.

    • Agile Contracts Playbook-Checklist
    [infographic]

    Workshop: Identify and Reduce Agile Contract Risk

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify and Evaluate Options

    The Purpose

    To understand Agile-specific contract clauses, to improve risk identification, and to be more effective at negotiating Agile contract terms.

    Key Benefits Achieved

    Increased awareness of how Agile contract provisions are different from traditional or waterfall contracts in 12 key areas.

    Understanding available options.

    Understanding the impact of being too prescriptive.

    Activities

    1.1 Review the Agile Contract Playbook-Checklist.

    1.2 Review 12 contract provisions and reinforce key learnings with exercises.

    Outputs

    Configured Playbook-Checklist as applicable

    Exercise results and debrief

    Build an Application Department Strategy

    • Buy Link or Shortcode: {j2store}180|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $220,866 Average $ Saved
    • member rating average days saved: 34 Average Days Saved
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application delivery has modernized. There are increasing expectations on departments to deliver on organizational and product objectives with increasing velocity.
    • Application departments produce many diverse, divergent products, applications, and services with expectations of frequent updates and changes based on rapidly changing landscapes

    Our Advice

    Critical Insight

    • There is no such thing as a universal “applications department.” Unlike other domains of IT, there are no widely accepted frameworks that clearly outline universal best practices of application delivery and management.
    • Different software needs and delivery orientations demand a tailored structure and set of processes, especially when managing a mixed portfolio or multiple delivery methods.

    Impact and Result

    Understand what your department’s purpose is through articulating its strategy in three steps:

    • Determining your application department’s values, principles, and orientation.
    • Laying out the goals, objectives, metrics, and priorities of the department.
    • Building a communication plan to communicate your overall department strategy.

    Build an Application Department Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should build an application department strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take stock of who you are

    Consider and record your department’s values, principles, orientation, and capabilities.

    • Build an Application Department Strategy – Phase 1: Take Stock of Who You Are
    • Application Department Strategy Supporting Workbook

    2. Articulate your strategy

    Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.

    • Build an Application Department Strategy – Phase 2: Articulate Your Strategy
    • Application Department Strategy Template

    3. Communicate your strategy

    Communicate your department’s strategy to your key stakeholders.

    • Build an Application Department Strategy – Phase 3: Communicate Your Strategy

    Infographic

    Workshop: Build an Application Department Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Take Stock of Who You Are

    The Purpose

    Understand what makes up your application department beyond the applications and services provided.

    Key Benefits Achieved

    Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.

    Activities

    1.1 Identify your team’s values and guiding principles.

    1.2 Define your department’s orientation.

    Outputs

    A summary of your department’s values and guiding principles

    A clear view of your department’s orientation and supporting capabilities

    2 Articulate Your Strategy

    The Purpose

    Lay out all the details that make up your application department strategy.

    Key Benefits Achieved

    A completed application department strategy canvas containing everything you need to communicate your strategy.

    Activities

    2.1 Write your application department vision statement.

    2.2 Define your application department goals and metrics.

    2.3 Specify your department capabilities and orientation.

    2.4 Prioritize what is most important to your department.

    Outputs

    Your department vision

    Your department’s goals and metrics that contribute to achieving your department’s vision

    Your department’s capabilities and orientation

    A prioritized roadmap for your department

    3 Communicate Your Strategy

    The Purpose

    Lay out your strategy’s communication plan.

    Key Benefits Achieved

    Your application department strategy presentation ready to be presented to your stakeholders.

    Activities

    3.1 Identify your stakeholders.

    3.2 Develop a communication plan.

    3.3 Wrap-up and next steps

    Outputs

    List of prioritized stakeholders you want to communicate with

    A plan for what to communicate to each stakeholder

    Communication is only the first step – what comes next?

    Tactics to Retain IT Talent

    • Buy Link or Shortcode: {j2store}549|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • Regrettable turnover is impacting organizational productivity and leading to significant costs associated with employee departures and the recruitment required to replace them.
    • Many organizations focus on increasing engagement to improve retention, but this approach doesn’t address the entire problem.

    Our Advice

    Critical Insight

    • Engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.

    Impact and Result

    • Build the case for creating retention plans by leveraging employee data and feedback to identify the key reasons for turnover that need to be addressed.
    • Target employee segments and work with management to develop solutions to retain top talent.

    Tactics to Retain IT Talent Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Tactics to Retain IT Talent Storyboard – Use this storyboard to develop a targeted talent retention plan to retain top and core talent in the organization.

    Integrate data from exit surveys and interviews, engagement surveys, and stay interviews to understand the most commonly cited reasons for employee departure in order to select and prioritize tactics that improve retention. This blueprint will help you identify reasons for regrettable turnover, select solutions, and create an action plan.

    • Tactics to Retain IT Talent Storyboard

    2. Retention Plan Workbook – Capture key information in one place as you work through the process to assess and prioritize solutions.

    Use this tool to document and analyze turnover data to find suitable retention solutions.

    • Retention Plan Workbook

    3. Stay Interview Guide – Managers will use this guide to conduct regular stay interviews with employees to anticipate and address turnover triggers.

    The Stay Interview Guide helps managers conduct interviews with current employees, enabling the manager to understand the employee's current engagement level, satisfaction with current role and responsibilities, suggestions for potential improvements, and intent to stay with the organization.

    • Stay Interview Guide

    4. IT Retention Solutions Catalog – Use this catalog to select and prioritize retention solutions across the employee lifecycle.

    Review best-practice solutions to identify those that are most suitable to your organizational culture and employee needs. Use the IT Retention Solutions Catalog to explore a variety of methods to improve retention, understand their use cases, and determine stakeholder responsibilities.

    • IT Retention Solutions Catalog
    [infographic]

    Workshop: Tactics to Retain IT Talent

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Reasons for Regrettable Turnover

    The Purpose

    Identify the main drivers of turnover at the organization.

    Key Benefits Achieved

    Find out what to explore during focus groups.

    Activities

    1.1 Review data to determine why employees join, stay, and leave.

    1.2 Identify common themes.

    1.3 Prepare for focus groups.

    Outputs

    List of common themes/pain points recorded in the Retention Plan Workbook.

    2 Conduct Focus Groups

    The Purpose

    Conduct focus groups to explore retention drivers.

    Key Benefits Achieved

    Explore identified themes.

    Activities

    2.1 Conduct four 1-hour focus groups with the employee segment(s) identified in the pre-workshop activities.

    2.2 Info-Tech facilitators independently analyze results of focus groups and group results by theme.

    Outputs

    Focus group feedback.

    Focus group feedback analyzed and organized by themes.

    3 Identify Needs and Retention Initiatives

    The Purpose

    Home in on employee needs that are a priority.

    Key Benefits Achieved

    A list of initiatives to address the identified needs

    Activities

    3.1 Create an empathy map to identify needs.

    3.2 Shortlist retention initiatives.

    Outputs

    Employee needs and shortlist of initiatives to address them.

    4 Prepare to Communicate and Launch

    The Purpose

    Prepare to launch your retention initiatives.

    Key Benefits Achieved

    A clear action plan for implementing your retention initiatives.

    Activities

    4.1 Select retention initiatives.

    4.2 Determine goals and metrics.

    4.3 Plan stakeholder communication.

    4.4 Build a high-level action plan.

    Outputs

    Finalized list of retention initiatives.

    Goals and associated metrics recorded in the Retention Plan Workbook.

    Further reading

    Tactics to Retain IT Talent

    Keep talent from walking out the door by discovering and addressing moments that matter and turnover triggers.

    Executive Summary

    Your Challenge

    Many organizations are facing an increase in voluntary turnover as low unemployment, a lack of skilled labor, and a rise in the number of vacant roles have given employees more employment choices.

    Common Obstacles

    Regrettable turnover is impacting organizational productivity and leading to significant costs associated with employee departures and the recruitment required to replace them.

    Many organizations tackle retention from an engagement perspective: Increase engagement to improve retention. This approach doesn't consider the whole problem.

    Info-Tech's Approach

    Build the case for creating retention plans by leveraging employee data and feedback to identify the key reasons for turnover that need to be addressed.

    Target employee segments and work with management to develop solutions to retain top talent.

    Info-Tech Insight

    Engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.

    This research addresses regrettable turnover

    This is an image of a flow chart with three levels. The top level has only one box, labeled Turnover.  the Second level has 2 boxes, labeled Voluntary, and Involuntary.  The third level has two boxes under Voluntary, labeled Non-regrettable: The loss of employees that the organization did not wish to keep, e.g. low performers, and Regrettable:  The loss of employees that the organization wishes it could have kept.

    Low unemployment and rising voluntary turnover makes it critical to focus on retention

    As the economy continues to recover from the pandemic, unemployment continues to trend downward even with a looming recession. This leaves more job openings vacant, making it easier for employees to job hop.

    This image contains a graph of the US Employment rate between 2020 - 2022 from the US Bureau of Economic Analysis and Bureau of Labor Statistics (BLS), 2022, the percentage of individuals who change jobs every one to five years from 2022 Job Seeker Nation Study, Jobvite, 2022, and voluntary turnover rates from BLS, 2022

    With more employees voluntarily choosing to leave jobs, it is more important than ever for organizations to identify key employees they want to retain and put plans in place to keep them.

    Retention is a challenge for many organizations

    The number of HR professionals citing retention/turnover as a top workforce management challenge is increasing, and it is now the second highest recruiting priority ("2020 Recruiter Nation Survey," Jobvite, 2020).

    65% of employees believe they can find a better position elsewhere (Legaljobs, 2021). This is a challenge for organizations in that they need to find ways to ensure employees want to stay at the organization or they will lose them, which results in high turnover costs.

    Executives and IT are making retention and turnover – two sides of the same coin – a priority because they cost organizations money.

    • 87% of HR professionals cited retention/turnover as a critical and high priority for the next few years (TINYpulse, 2020).
    • $630B The cost of voluntary turnover in the US (Work Institute, 2020).
    • 66% of organizations consider employee retention to be important or very important to an organization (PayScale, 2019).

    Improving retention leads to broad-reaching organizational benefits

    Cost savings: the price of turnover as a percentage of salary

    • 33% Improving retention can result in significant cost savings. A recent study found turnover costs, on average, to be around a third of an employee's annual salary (SHRM, 2019).
    • 37.9% of employees leave their organization within the first year. Employees who leave within the first 90 days of being hired offer very little or no return on the investment made to hire them (Work Institute, 2020).

    Improved performance

    Employees with longer tenure have an increased understanding of an organization's policies and processes, which leads to increased productivity (Indeed, 2021).

    Prevents a ripple effect

    Turnover often ripples across a team or department, with employees following each other out of the organization (Mereo). Retaining even one individual can often have an impact across the organization.

    Transfer of knowledge

    Retaining key individuals allows them to pass it on to other employees through communities of practice, mentoring, or other knowledge-sharing activities.

    Info-Tech Insight

    Improving retention goes beyond cost savings: Employees who agree with the statement "I expect to be at this organization a year from now" are 71% more likely to put in extra hours and 32% more likely to accomplish more than what is expected of their role (McLean & Company Engagement Survey, 2021; N=77,170 and 97,326 respectively).

    However, the traditional engagement-focused approach to retention is not enough

    Employee engagement is a strong driver of retention, with only 25% of disengaged employees expecting to be at their organization a year from now compared to 92% of engaged employees (McLean & Company Engagement Survey, 2018-2021; N=117,307).

    Average employee Net Promoter Score (eNPS)

    This image contains a graph of the Average employee Net Promoter Score (eNPS)

    Individual employee Net Promoter Scores (eNPS)

    This image contains a graph of the Individual employee Net Promoter Scores (eNPS)

    However, engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave.

    This analysis of McLean & Company's engagement survey results shows that while an organization's average employee net promoter score (eNPS) stays relatively static, at an individual level there is a huge amount of volatility.

    This demonstrates the need for an approach that is more capable of responding to or identifying employees' in-the-moment needs, which an annual engagement survey doesn't support.

    Turnover triggers and moments that matter also have an impact on retention

    Retention needs to be monitored throughout the employee lifecycle. To address the variety of issues that can appear, consider three main paths to turnover:

    1. Employee engagement – areas of low engagement.
    2. Turnover triggers that can quickly lead to departures.
    3. Moments that matter in the employee experience (EX).

    Employee engagement

    Engagement drivers are strong predictors of turnover.

    Employees who are highly engaged are 3.6x more likely to believe they will be with the organization 12 months from now than disengaged employees (McLean & Company Engagement Survey, 2018-2021; N=117,307).

    Turnover triggers

    Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure.

    Turnover triggers are a cause for voluntary turnover more often than accumulated issues (Lee et al.).

    Moments that matter

    Employee experience is the employee's perception of the accumulation of moments that matter within their employee lifecycle.

    Retention rates increase from 21% to 44% when employees have positive experiences in the following categories: belonging, purpose, achievement, happiness, and vigor at work. (Workhuman, 2020).

    While managers do not directly impact turnover, they do influence the three main paths to turnover

    Research shows managers do not appear as one of the common reasons for employee turnover.

    Top five most common reasons employees leave an organization (McLean & Company, Exit Survey, 2018-2021; N=107 to 141 companies,14,870 to 19,431 responses).

    Turnover factorsRank
    Opportunities for career advancement1
    Satisfaction with my role and responsibilities2
    Base pay3
    Opportunities for career-related skill development4
    The degree to which my skills were used in my job5

    However, managers can still have a huge impact on the turnover of their team through each of the three main paths to turnover:

    Employee engagement

    Employees who believe their managers care about them as a person are 3.3x more likely to be engaged than those who do not (McLean & Company, 2021; N=105,186).

    Turnover triggers

    Managers who are involved with and aware of their staff can serve as an early warning system for triggers that lead to turnover too quickly to detect with data.

    Moments that matter

    Managers have a direct connection with each individual and can tailor the employee experience to meet the needs of the individuals who report to them.

    Gallup has found that 52% of exiting employees say their manager could have done something to prevent them from leaving (Gallup, 2019). Do not discount the power of managers in anticipating and preventing regrettable turnover.

    Addressing engagement, turnover triggers, and moments that matter is the key to retention

    This is an image of a flow chart with four levels. The top level has only one box, labeled Turnover.  the Second level has 2 boxes, labeled Voluntary, and Involuntary.  The third level has two boxes under Voluntary, labeled Non-regrettable, and Regrettable.  The fourth level has three boxes under Regrettable, labeled Employee Engagement, Turnover triggers, and Moments that matter

    Info-Tech Insight

    HR traditionally seeks to examine engagement levels when faced with retention challenges, but engagement is only a part of the full picture. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.

    Follow Info-Tech's two-step process to create a retention plan

    1. Identify Reasons for Regrettable Turnover

    2. Select Solutions and Create an Action Plan

    Step 1

    Identify Reasons for Regrettable Turnover

    After completing this step you will have:

    • Analyzed and documented why employees join, stay, and leave your organization.
    • Identified common themes and employee needs.
    • Conducted employee focus groups and prioritized employee needs.

    Step 1 focuses on analyzing existing data and validating it through focus groups

    Employee engagement

    Employee engagement and moments that matter are easily tracked by data. Validating employee feedback data by speaking and empathizing with employees helps to uncover moments that matter. This step focuses on analyzing existing data and validating it through focus groups.

    Engagement drivers such as compensation or working environment are strong predictors of turnover.
    Moments that matter
    Employee experience (EX) is the employee's perception of the accumulation of moments that matter with the organization.
    Turnover triggers
    Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure.

    Turnover triggers

    This step will not touch on turnover triggers. Instead, they will be discussed in step 2 in the context of the role of the manager in improving retention.

    Turnover triggers are events that act as shocks or catalysts that quickly lead to an employee's departure.

    Info-Tech Insight

    IT managers often have insights into where and why retention is an issue through their day-to-day work. Gathering detailed quantitative and qualitative data provides credibility to these insights and is key to building a business case for action. Keep an open mind and allow the data to inform your gut feeling, not the other way around.

    Gather data to better understand why employees join, stay, and leave

    Start to gather and examine additional data to accurately identify the reason(s) for high turnover. Begin to uncover the story behind why these employees join, stay, and leave your organization through themes and trends that emerge.

    Look for these icons throughout step 2.

    Join

    Why do candidates join your organization?

    Stay

    Why do employees stay with your organization?

    Leave

    Why do employees leave your organization?

    For more information on analysis, visualization, and storytelling with data, see Info-Tech's Start Making Data-Driven People Decisions blueprint.

    Employee feedback data to look at includes:

    Gather insights through:

    • Focus groups
    • Verbatim comments
    • Exit interviews
    • Using the employee value proposition (EVP) as a filter (does it resonate with the lived experience of employees?)

    Prepare to draw themes and trends from employee data throughout step 1.

    Uncover employee needs and reasons for turnover by analyzing employee feedback data.

    • Look for trends (e.g. new hires join for career opportunities and leave for the same reason, or most departments have strong work-life balance scores in engagement data).
    • Review if there are recurring issues being raised that may impact turnover.
    • Group feedback to highlight themes (e.g. lack of understanding of EVP).
    • Identify which key employee needs merit further investigation or information.

    This is an image showing how you can draw out themes and trends using employee data throughout step 1.

    Classify where key employee needs fall within the employee lifecycle diagram in tab 2 of the Retention Plan Workbook. This will be used in step 2 to pinpoint and prioritize solutions.

    Info-Tech Insight

    The employee lifecycle is a valuable way to analyze and organize engagement pain points, moments that matter, and turnover triggers. It ensures that you consider the entirety of an employee's tenure and the different factors that lead to turnover.

    Examine new hire data and begin to document emerging themes

    Join

    While conducting a high-level analysis of new hire data, look for these three key themes impacting retention:

    Issues or pain points that occurred during the hiring process.

    Reasons why employees joined your organization.

    The experience of their first 90 days. This can include their satisfaction with the onboarding process and their overall experience with the organization.

    Themes will help to identify areas of strength and weakness organization-wide and within key segments. Document in tab 3 of the Retention Plan Workbook.

    1. Start by isolating the top reasons employees joined your organization. Ask:
      • Do the reasons align with the benefits you associate with working at your organization?
      • How might this impact your EVP?
      • If you use a new hire survey, look at the results for the following questions:
      • For which of the following reasons did you apply to this organization?
      • For what reasons did you accept the job offer with this organization?
    2. then, examine other potential problem areas that may not be covered by your new hire survey, such as onboarding or the candidate experience during the hiring process.
      • If you conduct a new hire survey, look at the results in the following sections:
        • Candidate Experience
        • Acclimatization
        • Training and Development
        • Defining Performance Expectations

      Analyze engagement data to identify areas of strength that drive retention

      Employees who are engaged are 3.6x more likely to believe they will be with the organization 12 months from now (McLean & Company Engagement Survey, 2018-2021; N=117,307). Given the strength of this relationship, it is essential to identify areas of strength to maintain and leverage.

      1. Look at the highest-performing drivers in your organization's employee engagement survey and drivers that fall into the "leverage" and "maintain" quadrants of the priority matrix.
        • These drivers provide insight into what prompts broader groups of employees to stay.

      This is an image of a quadrant analysis, with the following quadrants in order from left to right, top to bottom.  Improve; Leverage; Evaluate; Maintain.

      1. Look into what efforts have been made to maintain programs, policies, and practices related to these drivers and ensure they are consistent across the entire organization.
      2. Document trends and themes related to engagement strengths in tab 2 of the Retention Plan Workbook.

      If you use Info-Tech's Engagement Survey, look in detail at what are classified as "Retention Drivers": total compensation, working environment, and work-life balance.

      Identify areas of weakness that drive turnover in your engagement data

      1. Look at the lowest-performing drivers in your organization's employee engagement survey and drivers that fall into the "improve" and "evaluate" quadrants of the priority matrix.
        • These drivers provide insight into what pushes employees to leave the organization.
      2. Delve into organizational efforts that have been made to address issues with the programs, policies, and practices related to these drivers. Are there any projects underway to improve them? What are the barriers preventing improvements?
      3. Document trends and themes related to engagement weaknesses in tab 2 of the Retention Plan Workbook.

      If you use a product other than Info-Tech's Engagement Survey, your results will look different. The key is to look at areas of weakness that emerge from the data.

      This is an image of a quadrant analysis, with the following quadrants in order from left to right, top to bottom.  Improve; Leverage; Evaluate; Maintain.

      If you use Info-Tech's Engagement Survey, look in detail at what are classified as "Retention Drivers": total compensation, working environment, and work-life balance.

      Mine exit surveys to develop an integrated, holistic understanding of why employees leave

      Conduct a high-level analysis of the data from your employee exit diagnostic. While analyzing this data, consider the following:

      • What are the trends and quantitative data about why employees leave your organization that may illuminate employee needs or issues at specific points throughout the employee lifecycle?
      • What are insights around your key segments? Data on key segments is easily sliced from exit survey results and can be used as a starting point for digging deeper into retention issues for specific groups.
      • Exit surveys are an excellent starting point. However, it is valuable to validate the data gathered from an exit survey using exit interviews.
      1. Isolate results for key segments of employees to target with retention initiatives (e.g. by age group or by department).
      2. Identify data trends or patterns over time; for example, that compensation factors have been increasing in importance.
      3. Document trends and themes taken from the exit survey results in tab 2 of the Retention Plan Workbook.

      If your organization conducts exit interviews, analyze the results alongside or in lieu of exit survey data.

      Compare new hire data with exit data to identify patterns and insights

      Determine if new hire expectations weren't met, prompting employees to leave your organization, to help identify where in the employee lifecycle issues driving turnover may be occurring.

      1. Look at your new hire data for the top reasons employees joined your organization.
        • McLean & Company's New Hire Survey database shows that the top three reasons candidates accept job offers on average are:
          1. Career opportunities
          2. Nature of the job
          3. Development opportunities
      2. Next, look at your exit data and the top reasons employees left your organization.
        1. McLean & Company's Exit Survey database shows that the top three reasons employees leave on average are:
          1. Opportunities for career advancement
          2. Base pay
          3. Satisfaction with my role and responsibilities
      3. Examine the results and ask:
        • Is there a link between why employees join and leave the organization?
        • Did they cite the same reasons for joining and for leaving?
        • What do the results say about what your employees do and do not value about working at your organization?
      4. Document the resulting insights in tab 2 of the Retention Plan Workbook.

      Example:

      A result where employees are leaving for the same reason they're joining the organization could signal a disconnect between your organization's employee value proposition and the lived experience.

      Revisit your employee value proposition to uncover misalignment

      Your employee value proposition (EVP), formal or informal, communicates the value your organization can offer to prospective employees.

      If your EVP is mismatched with the lived experience of your employees, new hires will be in for a surprise when they start their new job and find out it isn't what they were expecting.

      Forty-six percent of respondents who left a job within 90 days of starting cited a mismatch of expectations about their role ("Job Seeker Nation Study 2020," Jobvite, 2020).

      1. Use the EVP as a filter through which you look at all your employee feedback data. It will help identify misalignment between the promised and the lived experience.
      2. If you have EVP documentation, start there. If not, go to your careers page and put yourself in the shoes of a candidate. Ask what the four elements of an EVP look like for candidates:
        • Compensation and benefits
        • Day-to-day job elements
        • Working conditions
        • Organizational elements
      3. Next, compare this to your own day-to-day experiences. Does it differ drastically? Are there any contradictions with the lived experience at your organization? Are there misleading statements or promises?
      4. Document any insights or patterns you uncover in tab 2 of the Retention Plan Workbook.

      Conduct focus groups to examine themes

      Through focus groups, explore the themes you have uncovered with employees to discover employee needs that are not being met. Addressing these employee needs will be a key aspect of your retention plan.

      Identify employee groups who will participate in focus groups:

      • Incorporate diverse perspectives (e.g. employees, managers, supervisors).
      • Include employees from departments and demographics with strong and weak engagement for a full picture of how engagement impacts your employees.
      • Invite boomerang employees to learn why an individual might return to your organization after leaving.

      image contains two screenshots Mclean & Company's Standard Focus Group Guide.

      Customize Info-Tech's Standard Focus Group Guide based on the themes you have identified in tab 3 of the Retention Plan Workbook.

      The goal of the focus group is to learn from employees and use this information to design or modify a process, system, or other solution that impacts retention.

      Focus questions on the employees' personal experience from their perspective.

      Key things to remember:

      • It is vital for facilitators to be objective.
      • Keep an open mind; no feelings are wrong.
      • Beware of your own biases.
      • Be open and share the reason for conducting the focus groups.

      Info-Tech Insight

      Maintaining an open dialogue with employees will help flesh out the context behind the data you've gathered and allow you to keep in mind that retention is about people first and foremost.

      Empathize with employees to identify moments that matter

      Look for discrepancies between what employees are saying and doing.

      1. Say

      "What words or quotes did the employee use?"

      3.Think

      "What might the employee be thinking?"

      Record feelings and thoughts discussed, body language observed, tone of voice, and words used.

      Look for areas of negative emotion to determine the moments that matter that drive retention.

      2. Do

      "What actions or behavior did the employee demonstrate?"

      4. Feel

      "What might the employee be feeling?"

      Record them in tab 3 of the Retention Plan Workbook.

      5. Identify Needs

      "Needs are verbs (activities or desires), not nouns (solutions)"

      Synthesize focus group findings using Info-Tech's Empathy Map Template.

      6. Identify Insights

      "Ask yourself, why?"

      (Based on Stanford d.school Empathy Map Method)

      Distill employee needs into priority issues to address first

      Take employee needs revealed by your data and focus groups and prioritize three to five needs.

      Select a limited number of employee needs to develop solutions to ensure that the scope of the project is feasible and that the resources dedicated to this project are not stretched too thin. The remaining needs should not be ignored – act on them later.

      Share the needs you identify with stakeholders so they can support prioritization and so you can confirm their buy-in and approval where necessary.

      Ask yourself the following questions to determine your priority employee needs:

      • Which needs will have the greatest impact on turnover?
      • Which needs have the potential to be an easy fix or quick win?
      • Which themes or trends came up repeatedly in different data sources?
      • Which needs evoked particularly strong or negative emotions in the focus groups?

      This image contains screenshots of two table templates found in tab 5 of the Retention Plan Workbook

      In the Retention Plan Workbook, distill employee needs on tab 2 into three to five priorities on tab 5.

      Step 2

      Select Solutions and Create an Action Plan

      After completing this step, you will have:

      • Selected and prioritized solutions to address employee needs.
      • Created a plan to launch stay interviews.
      • Built an action plan to implement solutions.

      Select IT-owned solutions and implement people leader–driven initiatives

      Solutions

      First, select and prioritize solutions to address employee needs identified in the previous step. These solutions will address reasons for turnover that influence employee engagement and moments that matter.

      • Brainstorm solutions using the Retention Solutions Catalog as a starting point. Select a longlist of solutions to address your priority needs.
      • Prioritize the longlist of solutions into a manageable number to act on.

      People leaders

      Next, create a plan to launch stay interviews to increase managers' accountability in improving retention. Managers will be critical to solving issues stemming from turnover triggers.

      • Clarify the importance of harnessing the influence of people leaders in improving retention.
      • Discover what might cause individual employees to leave through stay interviews.
      • Increase trust in managers through training.

      Action plan

      Finally, create an action plan and present to senior leadership for approval.

      Look for these icons in the top right of slides in this step.

      Select solutions to employee needs, starting with the Retention Solutions Catalog

      Based on the priority needs you have identified, use the Retention Solutions Catalog to review best-practice solutions for pain points associated with each stage of the lifecycle.

      Use this tool as a starting point, adding to it and iterating based on your own experience and organizational culture and goals.

      This image contains three screenshots from Info-Tech's Retention Solutions Catalog.

      Use Info-Tech's Retention Solutions Catalog to start the brainstorming process and produce a shortlist of potential solutions that will be prioritized on the next slide.

      Info-Tech Insight

      Unless you have the good fortune of having only a few pain points, no single initiative will completely solve your retention issues. Combine one or two of these broad solutions with people-leader initiatives to ensure employee needs are addressed on an individual and an aggregate level.

      Prioritize solutions to be implemented

      Target efforts accordingly

      Quick wins are high-impact, low-effort initiatives that will build traction and credibility within the organization.

      Long-term initiatives require more time and need to be planned for accordingly but will still deliver a large impact. Review the planning horizon to determine how early these need to begin.

      Re-evaluate low-impact and low-effort initiatives and identify ones that either support other higher impact initiatives or have the highest impact to gain traction and credibility. Look for low-hanging fruit.

      Deprioritize initiatives that will take a high degree of effort to deliver lower-value results.

      When assessing the impact of potential solutions, consider:

      • How many critical segments or employees will this solution affect?
      • Is the employee need it addresses critical, or did the solution encompass several themes in the data you analyzed?
      • Will the success of this solution help build a case for further action?
      • Will the solution address multiple employee needs?

      Info-Tech Insight

      It's better to master a few initiatives than under-deliver on many. Start with a few solutions that will have a measurable impact to build the case for further action in the future.

      Solutions

      Low ImpactMedium ImpactLarge Impact
      Large EffortThis is an image of the used to help you prioritize solutions to be implemented.
      Medium Effort
      Low Effort

      Use tab 3 of the Retention Plan Workbook to prioritize your shortlist of solutions.

      Harness the influence of people leaders to improve employee retention

      Leaders at all levels have a huge impact on employees.

      Effective people leaders:

      • Manage work distribution.
      • Create a motivating work environment.
      • Provide development opportunities.
      • Ensure work is stimulating and challenging, but not overwhelming.
      • Provide clear, actionable feedback.
      • Recognize team member contributions.
      • Develop positive relationships with their teams.
      • Create a line of sight between what the employee is doing and what the organization's objectives are.

      Support leaders in recommitting to their role as people managers through Learning & Development initiatives with particular emphasis on coaching and building trust.

      For coaching training, see Info-Tech's Build a Better Manager: Team Essentials – Feedback and Coaching training deck.

      For more information on supporting managers to become better people leaders, see Info-Tech's Build a Better Manager: Manage Your People blueprint.

      "HR can't fix turnover. But leaders on the front line can."
      – Richard P. Finnegan, CEO, C-Suite Analytics

      Equip managers to conduct regular stay interviews to address turnover triggers

      Managers often have the most visibility into their employees' personal and work lives and have a key opportunity to anticipate and address turnover triggers.

      Stay interviews are an effective way of uncovering potential retention issues and allowing managers to act as an early warning system for turnover triggers.

      Examples of common turnover triggers and potential manager responses:

      • Moving, creating a long commute to the office.
        • Through stay interviews, a manager can learn that a long commute is an issue and can help find workarounds such as flexible/remote work options.
      • Not receiving an expected promotion.
        • A trusted manager can anticipate issues stemming from this, discuss why the decision was made, and plan development opportunities for future openings.

      Stay interview best practices

      1. Conducted by an employee's direct manager.
      2. Happen regularly as a part of an ongoing process.
      3. Based on the stay interview, managers produce a turnover forecast for each direct report.
        1. The method used by stay interview expert Richard P. Finnegan is simple: red for high risk, yellow for medium, and green for low.
      4. Provide managers with training and a rough script or list of questions to follow.
        1. Use and customize Info-Tech's Stay Interview Guide to provide a guide for managers on how to conduct a stay interview.
      5. Managers use the results to create an individualized retention action plan made up of concrete actions the manager and employee will take.

      Sources: Richard P. Finnegan, CEO, C-Suite Analytics; SHRM

      Build an action plan to implement the retention plan

      For each initiative identified, map out timelines and actions that need to be taken.

      When building actions and timelines:

      • Refer to the priority needs you identified in tab 4 of the Retention Plan Workbook and ensure they are addressed first.
      • Engage internal stakeholders who will be key to the development of the initiatives to ensure they have sufficient time to complete their deliverables.
        • For example, if you conduct manager training, Learning & Development needs to be involved in the development and launch of the program.
      • Include a date to revisit your baseline retention and engagement data in your project milestones.
      • Designate process owners for new processes such as stay interviews.

      Plan for stay interviews by determining:

      • Whether stay interviews will be a requirement for all employees.
      • How much flexibility managers will have with the process.
      • How you will communicate the stay interview approach to managers.
      • If manager training is required.
      • How managers should record stay interview data and how you will collect this data from them as a way to monitor retention issues.
        • For example, managers can share their turnover forecasts and action plans for each employee.

      Be clear about manager accountabilities for initiatives they will own, such as stay interviews. Plan to communicate the goals and timelines managers will be asked to meet, such as when they must conduct interviews or their responsibility to follow up on action items that come from interviews.

      Track project success to iterate and improve your solutions

      Analyze measurements

      • Regularly remeasure your engagement and retention levels to identify themes and trends that provide insights into program improvements.
      • For example, look at the difference in manager relationship score to see if training has had an impact, or look at changes in critical segment turnover to calculate cost savings.

      Revisit employee and manager feedback

      • After three to six months, conduct additional surveys or focus groups to determine the success of your initiatives and opportunities for improvement. Tweak the program, including stay interviews, based on manager and employee feedback.

      Iterate frequently

      • Revisit your initiatives every two or three years to determine if a refresh is necessary to meet changing organizational and employee needs and to update your goals and targets.

      Key insights

      Insight 1Insight 2Insight 3

      Retention and turnover are two sides of the same coin. You can't fix retention without first understanding turnover.

      Engagement surveys mask the volatility of the employee experience and hide the reason why individual employees leave. You must also talk to employees to understand the moments that matter and engage managers to understand turnover triggers.

      Improving retention isn't just about lowering turnover, it's about discovering what healthy retention looks like for your organization.

      Insight 4Insight 5Insight 6

      HR professionals often have insights into where and why retention is an issue. Gathering detailed employee feedback data through surveys and focus groups provides credibility to these insights and is key to building a case for action. Keep an open mind and allow the data to inform your gut feeling, not the other way around.

      Successful retention plans must be owned by both IT leaders and HR.

      IT leaders often have the most visibility into their employees' personal and work lives and have a key opportunity to anticipate and address turnover triggers.

      Stay interviews help managers anticipate potential retention issues on their teams.

      Workshop Overview

      Contact your account representative for more information.
      workshops@infotech.com 1-888-670-8889

      Info-Tech AnalystsPre-workPost-work
      Client Data Gathering and PlanningImplementation Supported Through Analyst Calls

      1.1 Discuss participants, logistics, overview of workshop activities

      1.2 Provide support to client for below activities through calls.

      2.1 Schedule follow-up calls to work through implementation of retention solutions based on identified needs.
      Client

      1.Gather results of engagement survey, new hire survey, exit survey, and any exit and stay interview feedback.

      2.Gather and analyze turnover data.

      3.Identify key employee segment(s) and identify and organize participants for focus groups.

      4.Complete cost of turnover analysis.

      5.Review turnover data and prioritize list of employee segments.

      1.Obtain senior leader approval to proceed with retention plan.

      2.Finalize and implement retention solutions.

      3.Prepare managers to conduct stay interviews.

      4.Communicate next steps to stakeholders.

      Workshop Overview

      Contact your account representative for more information.
      workshops@infotech.com 1-888-670-8889

      ActivitiesDay 1Day 2Day 3Day 4
      Assess Current StateConduct Focus GroupsIdentify Needs and Retention InitiativesPrepare to Communicate and Launch

      1.1 Review data to determine why employees join, stay, and leave.

      1.2 Identify common themes.

      1.3 Prepare for focus groups.

      2.1 Conduct four 1-hour focus groups with the employee segment(s) identified in the pre-workshop activities..

      2.2 Info-Tech facilitators independently analyze results of focus groups and group results by theme.

      3.1 Create an empathy map to identify needs

      3.2 Shortlist retention initiatives

      4.1 Select retention initiatives

      4.2 Determine goals and metrics

      4.3 Plan stakeholder communication4.4 Build a high-level action plan

      Deliverables

      1.List of common themes/pain points recorded in the Retention Plan Workbook

      2.Plan for focus groups documented in the Focus Group Guide

      1.Focus group feedback

      2.Focus group feedback analyzed and organized by themes

      1.Employee needs and shortlist of initiatives to address them1.Finalized list of retention initiatives

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

      Workshop

      “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

      Consulting

      “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

      Diagnostics and consistent frameworks used throughout all four options

      Research Contributors and Experts

      Jeff Bonnell
      VP HR
      Info-Tech Research Group

      Phillip Kotanidis
      CHRO
      Michael Garron Hospital

      Michael McGuire
      Director, Organizational Development
      William Osler Health System

      Dr. Iris Ware
      Chief Learning Officer
      City of Detroit

      Richard P. Finnegan
      CEO
      C-Suite Analytics

      Dr. Thomas Lee
      Professor of Management
      University of Washington

      Jane Moughon
      Specialist in increasing profits, reducing turnover, and maximizing human potential in manufacturing companies

      Lisa Kaste
      Former HR Director
      Citco

      Piyush Mathur
      Head of Workforce Analytics
      Johnson & Johnson

      Gregory P. Smith
      CEO
      Chart Your Course

      Works Cited

      "17 Surprising Statistics about Employee Retention." TINYpulse, 8 Sept. 2020. Web.
      "2020 Job Seeker Nation Study." Jobvite, April 2020. Web.
      "2020 Recruiter Nation Survey." Jobvite, 2020. Web.
      "2020 Retention Report: Insights on 2019 Turnover Trends, Reasons, Costs, & Recommendations." Work Institute, 2020. Web.
      "25 Essential Productivity Statistics for 2021." TeamStage, 2021. Accessed 22 Jun. 2021.
      Agovino, Theresa. "To Have and to Hold." SHRM, 23 Feb. 2019. Web.
      "Civilian Unemployment Rate." Bureau of Labor Statistics, June 2020. Web.
      Foreman, Paul. "The domino effect of chief sales officer turnover on salespeople." Mereo, 19 July 2018. Web.
      "Gross Domestic Product." U.S. Bureau of Economic Analysis, 27 May 2021. Accessed 22 Jun. 2020.
      Kinne, Aaron. "Back to Basics: What is Employee Experience?" Workhuman, 27August 2020. Accessed 21 Jun. 2021.
      Lee, Thomas W, et al. "Managing employee retention and turnover with 21st century ideas." Organizational Dynamics, vol 47, no. 2, 2017, pp. 88-98. Web.
      Lee, Thomas W. and Terence R. Mitchell. "Control Turnover by Understanding its Causes." The Blackwell Handbook of Principles of Organizational Behaviour. 2017. Print.
      McFeely, Shane, and Ben Wigert. "This Fixable Problem Costs U.S. Businesses $1 Trillion." Gallup. 13 March 2019. Web.
      "Table 18. Annual Quit rates by Industry and Region Not Seasonally Adjusted." Bureau of Labor Statistics. June 2021. Web.
      "The 2019 Compensation Best Practices Report: Will They Stay or Will They Go? Employee Retention and Acquisition in an Uncertain Economy." PayScale. 2019. Web.
      Vuleta, Branka. "30 Troubling Employee Retention Statistics." Legaljobs. 1 Feb. 2021. Web.
      "What is a Tenured Employee? Top Benefits of Tenure and How to Stay Engaged as One." Indeed. 22 Feb. 2021. Accessed 22 Jun. 2021.

      Create an Effective SEO Keyword Strategy

      • Buy Link or Shortcode: {j2store}568|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Marketing Solutions
      • Parent Category Link: /marketing-solutions

      Digital Marketers working with an outdated or bad SEO strategy often see:

      • Declining keyword ranking and traffic
      • Poor keyword strategy
      • On-page errors

      Our Advice

      Critical Insight

      Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

      Impact and Result

      Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

      • Competitive keyword research and identification of opportunities
      • On-page keyword strategy

      Create an Effective SEO Keyword Strategy Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Create an Effective SEO Keyword Strategy

      Update your on-page SEO strategy with competitively relevant keywords.

      • Create an Effective SEO Keyword Strategy Storyboard
      [infographic]

      Further reading

      Create an Effective SEO Keyword Strategy
      Update your on-page SEO strategy with competitively relevant keywords.

      Analyst Perspective

      Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

      Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

      Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

      SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

      This is a picture of Terra Higginson

      Terra Higginson
      Marketing Research Director
      SoftwareReviews

      Executive Summary

      Your Challenge

      Digital marketers working with an outdated or bad SEO strategy often see:

      • Declining keyword ranking and traffic
      • Poor keyword strategy
      • On-page errors

      Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

      Common Obstacles

      Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

      • SEO practitioners that focus on gaming the system
      • Ever-changing SEO technology
      • Lack of understanding of the best SEO techniques
      • SEO techniques focus on the needs of computers, not people
      • Lack of continued investment

      SoftwareReviews' Approach

      Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

      • Competitive keyword research and identification of opportunities
      • On-page keyword strategy

      Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

      SoftwareReviews' SEO Methodology

      In this blueprint, we will cover:

      Good SEO vs. Poor SEO Techniques

      The difference between good and bad SEO techniques.

      Common Good
      SEO Techniques

      Common Poor
      SEO Techniques

      • Writing content for people, not machines.
      • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
      • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
      • Keyword stuffing and content duplication.
      • A strategy that focuses on computers first and people second.
      • Low-quality or purchased backlinks.

      Companies With Great SEO…

      Keyword Strategy

      • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

      Error-Free Site

      • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

      Pillar & Content Clusters

      • Employ a pillar and content cluster strategy to help move the buyer through their journey.

      Authentic Off-Page Strategy

      • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

      SEO Terms Defined

      A glossary to define common Phase 1 SEO terms.

      Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

      Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

      Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

      On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

      Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

      H1: HTML code that tells a search engine the title of the page (neilpatel.com).

      SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

      Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
      – An excerpt from Google's mission statement

      Your Challenge

      Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

      Digital marketers with SEO problems will often see the following issues:

      • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
      • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
      • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
      • Errors – Neglected sites often have a large number of errors.
      • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

      The best place to hide a dead body is on page two of the search results.
      – Huffington Post

      Common Obstacles

      Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

      • Inefficient and ineffective SEO practitioners.
      • Changing SEO technology and search engine algorithms.
      • Lack of understanding of the best-in-class SEO techniques.
      • Lack of a sustainable plan to manage the strategy and invest in SEO.

      SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
      – Google Search Central Blog

      Benefits of Proper SEO

      A good SEO keyword strategy will create long-term, sustainable SEO growth:

      • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
      • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
      • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
      • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

      Digital Marketing SEO Stats

      61%
      61% of marketers believe that SEO is the key to online success.
      Source: Safari Digital

      437%
      Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
      Source: Safari Digital

      Good SEO Aligns With Search Intent

      What type of content is the user searching for? Align your keyword to the logical search objective.

      Informational

      This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

      Commercial

      This term categorizes search intent for when a user wants to do research before making a purchase.

      Transactional

      This term categorizes search intent for when a user wants to purchase something.

      Navigational

      This term categorizes search intent for when a user wants to find a specific page.

      SoftwareReviews' Methodology toCreate an Effective SEO Strategy

      1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
      Phase Steps
      1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
      2. Research the keywords of top competitors.
      3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
      1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
      2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
      3. Record the current ranking for the pages' keywords then reassess after three to six months.
      Phase Outcomes
      • Understanding of competitive landscape for SEO
      • A list of target new keywords
      • Keyword optimized product and service pages

      Guided Implementation

      What does a typical GI on this topic look like?

      Phase 1 Phase 2

      Call #1: Identify your current SEO keyword strategy.

      Call #2: Discuss how to start a competitive keyword analysis.

      Call #4: Discuss how to build the list of target keywords.

      Call #6: Discuss keyword optimization of the product & services pages.

      Call #8: (optional)

      Schedule a call to update every three to six months.

      Call #3: Discuss the results of the competitive keyword analysis.

      Call #5: Discuss which pages to update with new target keywords.

      Call #7: Review final page content and tags.

      Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

      A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

      Guided Implementation

      What does a typical GI on this topic look like?

      Phase 1 Phase 2

      Call #1: Identify your current SEO keyword strategy.

      Call #2: Discuss how to start a competitive keyword analysis.

      Call #4: Discuss how to build the list of target keywords.

      Call #6: Discuss keyword optimization of the product & services pages.

      Call #8: (optional)

      Schedule a call to update every three to six months.

      Call #3: Discuss the results of the competitive keyword analysis.

      Call #5: Discuss which pages to update with new target keywords.

      Call #7: Review final page content and tags.

      Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

      A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

      SoftwareReviews offers various levels of support to best suit your needs

      Included Within an Advisory Membership Optional Add-Ons
      DIY Toolkit Guided Implementation Workshop Consulting
      "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

      Insight Summary

      People-First Content

      Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

      Find White Space

      A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

      Optimize On-Page Keywords

      By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

      Understand the Strategy

      If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

      Quality Trumps Quantity

      The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

      Stop Here and Ask Yourself:

      • Do I have an updated (completed within the last two years) buyer persona and journey?
      • Do I know who the ICP (ideal client profile) is for my product or company?

      If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

      The Steps to SEO Phase 1

      The Keyword Strategy

      1. Current Keywords
        • Identify the keywords your SEO strategy is currently targeting.
      2. Competitive Analysis
        • Research the keywords of competitor(s). Identify keyword whitespace.
      3. New Target Keywords
        • Identify and rank keywords that will result in more quality leads and less competition.
      4. Product & Service Pages
        • Identify your current product and service pages. These pages represent the easiest content to update on your site.
      5. Individual Page Update
        • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

      Resources Needed for Search Engine Optimization

      Consider the working skills required for search engine optimization.

      Required Skills/Knowledge

      • SEO
      • Web development
      • Competitive analysis
      • Content creation
      • Understanding of buyer persona and journey
      • Digital marketing

      Suggested Titles

      • SEO Analyst
      • Competitive Intelligence Analyst
      • Content Marketing Manager
      • Website Developer
      • Digital Marketing Manager

      Digital Marketing Software

      • CMS that allows you to easily access and update your content

      SEO Software

      • SEO tool

      Step 1: Current Keywords

      Use this sheet to record your current keyword research.

      Use your SEO tool to research keywords and find the following:
      Use a quality tool like SEMRush to obtain SEO data.

      1. Keyword difficulty
      2. Search volume
      3. Search intent

      This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

      Step 2: Competitive Analysis

      Use this sheet to guide the research on your competitors' keywords.

      Use your SEO tool to find the following:

      1. Top organic keywords
      2. Ranking of keywords
      3. Domain authority and trust
      4. Position changes

      This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

      Step 3: New Target Keywords

      Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

      Use your SEO tool to research keywords and find the following:
      Use a quality tool like SEMRush to obtain SEO data.

      1. Keyword difficulty
      2. Search volume
      3. Search intent

      This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

      Step 4: Product & Service Pages

      Duplicate this page so that you have a separate page for each URL from Step 4

      Use this sheet to identify your current product and service pages.

      Use your SEO tool to find the following:

      1. Current rank
      2. Current keywords

      This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

      Step 5: Individual Page Strategy

      Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

      Date last optimized:
      mm/dd/yyyy

      This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

      Bibliography

      Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

      "Our approach – How Google Search works." Google Search. Accessed September 2022.

      "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

      Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

      Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

      Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

      Reduce Shadow IT With a Service Request Catalog

      • Buy Link or Shortcode: {j2store}302|cart{/j2store}
      • member rating overall impact: 10.0/10 Overall Impact
      • member rating average dollars saved: $129,999 Average $ Saved
      • member rating average days saved: 35 Average Days Saved
      • Parent Category Name: Asset Management
      • Parent Category Link: /asset-management
      • Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.
      • Renewal Management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.
      • Over-purchasing: Contracts may be renewed without a clear picture of usage, potentially renewing unused applications.

      Our Advice

      Critical Insight

      There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

      Impact and Result

      Our blueprint will help you design a service that draws the business to use it. If it is easier for them to buy from IT than it is to find their own supplier, they will use IT.

      A heavy focus on customer service, design optimization, and automation will provide a means for the business to get what they need, when they need it, and provide visibility to IT and security to protect organizational interests.

      This blueprint will help you:

      • Design the request service
      • Design the request catalog
      • Build the request catalog
      • Market the service

      Reduce Shadow IT With a Service Request Catalog Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Reduce Shadow IT With a Service Request Catalog – A step-by-step document that walks you through creation of a request service management program.

      Use this blueprint to create a service request management program that provides immediate value.

      • Reduce Shadow IT With a Service Request Catalog Storyboard

      2. Nonstandard Request Assessment – A template for documenting requirements for vetting and onboarding new applications.

      Use this template to define what information is needed to vet and onboard applications into the IT environment.

      • Nonstandard Request Assessment

      3. Service Request Workflows – A library of workflows used as a starting point for creating and fulfilling requests for applications and equipment.

      Use this library of workflows as a starting point for creating and fulfilling requests for applications and equipment in a service catalog.

      • Service Request Workflows

      4. Application Portfolio – A template to organize applications requested by the business and identify which items are published in the catalog.

      Use this template as a starting point to create an application portfolio and request catalog.

      • Application Portfolio

      5. Reduce Shadow IT With a Service Request Catalog Communications Template – A presentation and communications plan to announce changes to the service and introduce a catalog.

      Use this template to create a presentation and communications plan for launching the new service and service request catalog.

      • Reduce Shadow IT with a Service Request Catalog Communications Template
      [infographic]

      Workshop: Reduce Shadow IT With a Service Request Catalog

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Design the Service

      The Purpose

      Collaborate with the business to determine service model.

      Collaborate with IT teams to build non-standard assessment process.

      Key Benefits Achieved

      Designed a service for service requests, including new product intake.

      Activities

      1.1 Identify challenges and obstacles.

      1.2 Complete customer journey map.

      1.3 Design process for nonstandard assessments.

      Outputs

      Nonstandard process.

      2 Design the Catalog

      The Purpose

      Design the service request catalog management process.

      Key Benefits Achieved

      Ensure the catalog is kept current and is integrated with IT service catalog if applicable.

      Activities

      2.1 Determine what will be listed in the catalog.

      2.2 Determine process to build and maintain the catalog, including roles, responsibilities, and workflows.

      2.3 Define success and determine metrics.

      Outputs

      Catalog scope.

      Catalog design and maintenance plan.

      Defined success metrics

      3 Build and Market the Catalog

      The Purpose

      Determine catalog contents and how requests will be fulfilled.

      Key Benefits Achieved

      Catalog framework and service level agreements will be defined.

      Create communications documents.

      Activities

      3.1 Determine how catalog items will be displayed.

      3.2 Complete application categories for catalog.

      3.3 Create deployment categories and SLAs.

      3.4 Design catalog forms and deployment workflows.

      3.5 Create roadmap.

      3.6 Create communications plan.

      Outputs

      Catalog workflows and SLAs.

      Roadmap.

      Communications deck.

      4 Breakout Groups – Working Sessions

      The Purpose

      Create an applications portfolio.

      Prepare to populate the catalog.

      Key Benefits Achieved

      Portfolio and catalog contents created.

      Activities

      4.1 Using existing application inventory, add applications to portfolio and categorize.

      4.2 Determine which applications should be in the catalog.

      4.3 Determine which applications are packaged and can be easily deployed.

      Outputs

      Application Portfolio.

      List of catalog items.

      Further reading

      Reduce Shadow IT With a Service Request Catalog

      Foster business partnerships with sourcing-as-a-service.

      Analyst Perspective

      Improve the request management process to reduce shadow IT.

      In July 2022, Ivanti conducted a study on the state of the digital employee experience, surveying 10,000 office workers, IT professionals, and C-suite executives. Results of this study indicated that 49% of employees are frustrated by their tools, and 26% of employees were considering quitting their jobs due to unsuitable tech. 42% spent their own money to gain technology to improve their productivity. Despite this, only 21% of IT leaders prioritized user experience when selecting new tools.

      Any organization’s workers are expected to be productive and contribute to operational improvements or customer experience. Yet those workers don’t always have the tools needed to do the job. One option is to give the business greater control, allowing them to choose and acquire the solutions that will make them more productive. Info-Tech's blueprint Embrace Business-Managed Applications takes you down this path.

      However, if the business doesn’t want to manage applications, but just wants have access to better ones, IT is positioned to provide services for application and equipment sourcing that will improve the employee experience while ensuring applications and equipment are fully managed by the asset, service, and security teams.

      Improving the request management and deployment practice can give the business what they need without forcing them to manage license agreements, renewals, and warranties.

      Photo of Sandi Conrad

      Sandi Conrad
      ITIL Managing Professional
      Principal Research Director, IT Infrastructure & Operations,
      Info-Tech Research Group

      Your challenge

      This research is designed to help organizations that are looking to improve request management processes and reduce shadow IT.

      Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.

      Renewal management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.

      Over-purchasing and over-spending: Contracts may be renewed without a clear picture of utilization, potentially renewing unused applications. Applications or equipment may be purchased at retail price where corporate, government, or educational discounts exist.

      Info-Tech Insight

      To increase the visibility of the IT environment, IT needs to transform the request management process to create a service that makes it easier for the business to access the tools they need rather than seeking them outside of the organization.

      609
      Average number of SaaS applications in large enterprises

      40%
      On average, only 60% of provisioned SaaS licenses are used, with the remaining 40% unused.

      — Source: Zylo, SaaS Trends for IT Leaders, 2022

      Common obstacles

      Too many layers of approvals and a lack of IT workers makes it difficult to rethink service request fulfillment.

      Delays: The business may not be getting the applications they need from IT to do their jobs or must wait too long to get the applications approved.

      Denials: Without IT’s support, the business is finding alternative options, including SaaS applications, as they can be bought and used without IT’s input or knowledge.

      Threats: Applications that have not been vetted by security or installed without their knowledge may present additional threats to the organization.

      Access: Self-serve isn’t mature enough to support an applications catalog.

      A diagram that shows the number of SaaS applications being acquired outside of IT is increasing year over year, and that business units are driving the majority of SaaS spend.

      8: average number of applications entering the organization every 30 days

      — Source: Zylo, SaaS Trends for Procurement, 2022

      Info-Tech’s approach

      Improve the request management process to create sourcing-as-a-service for the business.

      • Improve customer service
      • Reduce shadow IT
      • Gain control in a way that keeps the business happy

      1. Design the service

      Collaborate with the business

      Identify the challenges and obstacles

      Gain consensus on priorities

      Design the service

      2. Design the catalog

      Determine catalog scope

      Create a process to build and maintain the catalog

      Define metrics for the request management process

      3. Build the catalog

      Determine descriptions for catalog items

      Create definitions for license types, workflows, and SLAs

      Create application portfolio

      Design catalog forms and workflows

      4. Market the service

      Create a roadmap

      Determine messaging

      Build a communications plan

      Blueprint deliverables

      Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

      Communications Presentation

      Photo of Communications Presentation

      Application Portfolio

      Photo of Application Portfolio

      Visio Library

      Photo of Visio Library

      Nonstandard Request Assessment

      Photo of Nonstandard Request Assessment

      Create a request management process and service catalog to improve delivery of technology to the business

      Build, Optimize, and Present a Risk-Based Security Budget

      • Buy Link or Shortcode: {j2store}371|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Security Strategy & Budgeting
      • Parent Category Link: /security-strategy-and-budgeting
      • Year after year, CISOs need to develop a comprehensive security budget that is able to mitigate against threats.
      • This budget will have to be defended against many other stakeholders to ensure there is proper funding.
      • Security budgets are unlike other departmental budgets. Increases or decreases in the budget can drastically affect the organizational risk level.
      • CISOs struggle with the ability to assess the effectiveness of their security controls and where to allocate money.

      Our Advice

      Critical Insight

      • CISOs can demonstrate the value of security when they correlate mitigations to business operations and attribute future budgetary needs to business evolution.
      • To identify the critical areas and issues that must be reflected in your security budget, develop a comprehensive corporate risk analysis and mitigation effectiveness model, which will illustrate where the moving targets are in your security posture.

      Impact and Result

      • Info-Tech’s methodology moves you away from the traditional budgeting approach to building a budget that is designed to be as dynamic as the business growth model.
      • Collect your organization's requirements and build different budget options to describe how increases and decreases can affect the risk level.
      • Discuss the different budgets with the business to determine what level of funding is needed for the desired level of security.
      • Gain approval of your budget early by preshopping and presenting the budget to individual stakeholders prior to the final budget approval process.

      Build, Optimize, and Present a Risk-Based Security Budget Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should build, optimize, and present a risk-based security budget, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Review requirements for the budget

      Collect and review the required information for your security budget.

      • Build, Optimize, and Present a Risk-Based Security Budget – Phase 1: Review Requirements for the Budget

      2. Build the budget

      Take your requirements and build a risk-based security budget.

      • Build, Optimize, and Present a Risk-Based Security Budget – Phase 2: Build the Budget
      • Security Budgeting Tool

      3. Present the budget

      Gain approval from business stakeholders by presenting the budget.

      • Build, Optimize, and Present a Risk-Based Security Budget – Phase 3: Present the Budget
      • Preshopping Security Budget Presentation Template
      • Final Security Budget Presentation Template
      [infographic]

      Workshop: Build, Optimize, and Present a Risk-Based Security Budget

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Review Requirements for the Budget

      The Purpose

      Understand your organization’s security requirements.

      Collect and review the requirements.

      Key Benefits Achieved

      Requirements are gathered and understood, and they will provide priorities for the security budget.

      Activities

      1.1 Define the scope and boundaries of the security budget.

      1.2 Review the security strategy.

      1.3 Review other requirements as needed, such as the mitigation effectiveness assessment or risk tolerance level.

      Outputs

      Defined scope and boundaries of the security budget

      2 Build the Budget

      The Purpose

      Map business capabilities to security controls.

      Create a budget that represents how risk can affect the organization.

      Key Benefits Achieved

      Finalized security budget that presents three different options to account for risk and mitigations.

      Activities

      2.1 Identify major business capabilities.

      2.2 Map capabilities to IT systems and security controls.

      2.3 Categorize security controls by bare minimum, standard practice, and ideal.

      2.4 Input all security controls.

      2.5 Input all other expenses related to security.

      2.6 Review the different budget options.

      2.7 Optimize the budget through defense-in-depth options.

      2.8 Finalize the budget.

      Outputs

      Identified major business capabilities, mapped to the IT systems and controls

      Completed security budget providing three different options based on risk associated

      Optimized security budget

      3 Present the Budget

      The Purpose

      Prepare a presentation to speak with stakeholders early and build support prior to budget approvals.

      Present a pilot presentation and incorporate any feedback.

      Prepare for the final budget presentation.

      Key Benefits Achieved

      Final presentations in which to present the completed budget and gain stakeholder feedback.

      Activities

      3.1 Begin developing a communication strategy.

      3.2 Build the preshopping report.

      3.3 Practice the presentation.

      3.4 Conduct preshopping discussions with stakeholders.

      3.5 Collect initial feedback and incorporate into the budget.

      3.6 Prepare for the final budget presentation.

      Outputs

      Preshopping Report

      Final Budget Presentation

      Assess Your Readiness to Implement UCaaS

      • Buy Link or Shortcode: {j2store}305|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Voice & Video Management
      • Parent Category Link: /voice-video-management
      • Employees no longer work in the office all the time and have adopted a hybrid or remote policy.
      • Security is on your mind when it comes to the risks associated with data and voice across the internet.
      • You are unaware of the technology used by other departments, such as sales and marketing.

      Our Advice

      Critical Insight

      • The importance of doing your due diligence and building out requirements is paramount to deciding on what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you have done your homework.
      • There are five reasons you should migrate to UCaaS: flexibility & scalability, productivity, enhanced security, business continuity, and cost savings. Challenge your selection with these criteria at your foundation and you cannot go wrong.

      Impact and Result

      With features such as messaging, collaboration tools, and video conferencing, UCaaS enables users to be more effective regardless of location and device. This can lead to quicker decision making and reduce communication delays.

      Assess Your Readiness to Implement UCaaS Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Assess Your Readiness to Implement UCaaS Storyboard – Research that reviews the business drivers to move to a UCaaS solution.

      In addition to examining the benefits of UCaaS, this deck covers how to drive toward an RFP and convince the C-suite to champion your UCaaS strategy.

      • Assess Your Readiness to Implement UCaaS Storyboard

      2. UCaaS Readiness Questionnaire – Three sets of questions to help determine your organization's readiness to move to a UCaaS platform.

      This questionnaire is a starting point. Sections include: 1) Current State Questionnaire, 2) IT Infrastructure Readiness Questionnaire, and 3) UCaaS Vendor Questionnaire. These questions can also be added to an RFP for UCaaS vendors you may want to work with.

      • UCaaS Readiness Questionnaire
      [infographic]

      Further reading

      Assess Your Readiness to Implement UCaaS

      Unified communication as a service (UCaaS) is already here. Find the right solution for your organization, whether it is Teams Phone or another solution.

      Analyst Perspective

      UCaaS is the solution to the hybrid and remote working world

      Hybrid/remote work is a reality and there is little evidence to prove otherwise despite efforts to return employees to the office. A 2023 survey from Zippia says 74% of US companies are planning to or have implemented hybrid work policies. Given the reality of the new ways people work, there’s a genuine need for a UCaaS solution.

      The days of on-premises private branch exchange (PBX) and legacy voice over internet protocol (VoIP) solutions are numbered, and organizations are examining alternative solutions to redundant desk phones. The stalwarts of voice solutions, Cisco and Avaya, have seen the writing on the wall for some time: the new norm must be a cloud-based solution that integrates via API with content resource management (CRM), email, chat, and collaboration tools.

      Besides remaining agile when accommodating different work locations, it’s advantageous to be able to quickly scale and meet the needs of organizations and their employees. New technology is moving at such a pace that utilizing a UCaaS service is truly beneficial, especially given its AI, analytics, and mobile capabilities. Being held back by an on-premises solution that is capitalized over several years is not a wise option.

      Photo of John Donovan
      John Donovan
      Principle Research Director, I&O Practice
      Info-Tech Research Group

      Insight Summary

      Improved integration and communication in a hybrid world
      Unified communication as a service (UCaaS) integrates several tools into one platform to provide seamless voice, video, chat, collaboration, sharing and much more. The ability to work from anywhere and the ability to use application programming interfaces (APIs) to integrate content resource management (CRM) and other productivity tools into a unified environment is a key component of employee productivity, whether at the office or remote, or even on mobile devices.

      Simplify your maintenance, management, and support
      Communication and voice using a cloud provisioner has many benefits and makes life easier for your IT staff. No more ongoing maintenance, upgrades, patching and managing servers or private branch exchanges (PBXs). UCaaS is easy to deploy, and due to its scalability and flexibility, users can easily be added or removed. Now businesses can retire their legacy technical debt of voice hardware and old desk phones that clutter the office.

      Oversight on security
      The utilization of a software as a service (SaaS) platform in UCaaS form does by design risk data breaches, phishing, and third-party malware. Fortunately, you can safeguard your organization’s security by ensuring the vendor you choose features SOC2 certification, taking care of encryption, firewalls, two-factor authentication and security incident handling, and disaster recovery. The big players in the UCaaS world have these features.

      Executive Summary

      Your Challenge

      So, your legacy PBX is ready to be replaced. It has no support or maintenance contract, and you face a critical decision. You could face these challenges:

      • Employees no longer work in the office all the time and have adopted a hybrid or remote policy
      • Security risks associated with data and voice across the internet
      • Limited awareness of the technology used by some departments, such as sales and marketing

      Common Obstacles

      Businesses may worry about several obstacles when it’s time to choose a voice and collaboration solution. For example:

      • Concern over internet connectivity or disruptions
      • Uncertainty integrating systems with the platform
      • Unsure whether employees will embrace new tools/workflows that completely change how they work, collaborate, and communicate
      • Failure to perform due diligence when trying to choose the right solution for an organization

      Info-Tech’s Approach

      It’s critically important to perform due diligence and build out requirements when deciding what UCaaS solution works for you. Even if you decide not to pursue this cloud-based service, at least you will:

      • Determine your business case
      • Evaluate your roadmap for unified communication
      • Ask all the right questions to determine suitability

      In this advisory deck, you will see a set of questions you must ask including whether Teams is suitable for your business.

      Info-Tech Insight

      Determine your communication and collaboration needs. Evaluate your current use of voice, video, chat, collaboration, sharing, and mobility whether for the office or remote work. Evaluate your security and regulatory requirements and needs. Determine the integration requirements when evaluating top vendors.

      The evolution of unified communication

      How we moved from fax machines and desk phones to an integrated set of tools on one platform in the cloud

      A diagram that shows the evolution of unified communication from 1980s to 2020s.

      Business drivers for moving to UCaaS

      What organizations look to gain or save by moving to UCaaS solutions

      Flexibility and scalability
      Ability to add/remove users and services as appropriate for changing business needs, allowing for quick adaptation to changing markets.

      Productivity
      Offering features like messaging, collaboration tools, and video conferencing enables users to be more effective regardless of location and device. May lead to quicker decision making and reduced communication delays.

      Cost savings
      Eliminating the need for on-premises hardware and software, reducing maintenance and support costs. Predictable monthly billing.

      Business continuity
      Reducing risks of disruption or disaster. Allowing users to work from anywhere when the physical office is unavailable. Additional features can include disaster recovery and backup services.

      Enhanced security
      UCaaS providers usually offer advanced security and compliance features including encryption, firewall, intrusion detection, and certifications like HIPAA and SOC 2.

      KPIs to demonstrate success

      What key metrics should businesses measure to demonstrate a successful UCaaS project?
      What improvements are needed?
      What can be optimized?

      KPI Measurement
      User adoption rate
      • % of employees utilizing UCaaS solutions
      • # of users who completed UCaaS training/onboarding
      • # of calls or messages sent per user
      Call quality and reliability
      • % of calls with good to excellent quality
      • # of dropped calls or call disruption
      • Mean opinion score (MOS) for video and voice quality
      Cost savings
      • TCO for UCaaS compared to previous solution
      • Cost per month for UCaaS
      • Reduced hardware/maintenance and communication costs
      Improved productivity
      • Time saved with streamlined comms workflows
      • # of successful collaborative projects or meetings
      • Improved speed and quality for customer service or support
      Customer satisfaction
      • Net promoter score or CSAT
      • Positive customer reviews
      • Time-to-resolution of customer issues
      Scalability
      • Ability to add/remove/change user features as needed
      • Time to deploy new UCaaS features
      • Scalability of network to support increased UCaaS usage

      What are the surveys telling us?

      Different organizations adopt UCaaS solutions for different reasons

      95%

      Collaboration: No Jitter’s study on team collaboration found that 95% of survey respondents think collaborative communication apps are a necessary component of a successful communications strategy.
      Source: No Jitter, 2018.

      95%

      Security: When deploying remote communication solutions, 95% of businesses say they want to use VPN connections to keep data private.
      Source: Mitel, 2018.

      31%

      Flexibility: While there are numerous advantages to cloud-based communications, 31% of companies intend to use UCaaS to eliminate technical debt from legacy systems and processes.
      Source: Freshworks, 2019.

      UCaaS adoption

      While many organizations are widely adopting UCaaS, they still have data security concerns

      UCaaS deployments are growing

      UCaaS is growing at a rate that shows the market for UC is moving toward cloud-based voice and collaboration solutions at a rate of 29% year over year.

      Source: Synergy Research Group, 2017.

      Security is still a big concern

      While it’s increasingly popular to adopt cloud-based unified communication solutions, 70% of those companies are still concerned about their data security.

      Source: Masergy, 2022.


      Concerns around security range from encrypting conversations to controlling who has access to what data in the organization’s network to how video is managed on emerging video communications platforms.

      Info-Tech Insight

      Ensure you maintain a robust security posture with your data regardless of where it is being stored. Security breaches can happen at any location.

      UCaaS vs. on-premises UC

      A diagram that shows UCaaS benefits

      Main benefits of UCaaS

      • Rapid deployment: Cloud hosting provides the ability to deploy quickly.
      • Ease of management: It’s no longer necessary for companies to manage communications across multiple platforms and devices.
      • Better connection: The communication flow across teams and with customers is faster and easier with phone, messaging, audio and video conferencing available in one place.
      • Scalability: Since UCaaS is an on-demand service, companies can scale their communication needs to what’s immediately required at an affordable price.

      Info-Tech Insight

      There are five reasons you should migrate to UCaaS. They are advanced technology, easily scalable, cost efficiencies, highly available, and security. There are always outliers, but these five criteria are a reliable foundation when assessing a vendor/product.

      UCaaS architecture

      The 6 primary elements of UCaaS

      Unified communications as a service (UCaaS) is a cloud-based subscription service primarily for communication tools such as voice, video, messaging, collaboration, content sharing, and other cloud services over the internet. It uses VoIP to process calls.

      The popularity of UCaaS is increasing with the recent trend of users working remotely full or part-time and requiring collaboration tools for their work.

      • The main benefit to businesses is the ability to remove on-premises hardware and reduce technical debt.
      • Additionally, it removes the need for expensive up-front capital costs and reduces communications costs.
      • From a productivity perspective, delivering these services under one platform/service increases effective collaboration and allows instant communication regardless of device or location.

      A diagram that shows protocols

      Features available to UCaaS/UC

      Must-haves vs. nice-to-haves

      A diagram that shows Must-haves vs. nice-to-haves UC features

      Info-Tech Insight

      Decide what matters most to the organization when choosing the UC platform and applications. Divide criteria into must-have vs. nice-to-have categories.

      Security and UCaaS

      • Maintain company integrity
      • Enhance data security
      • Regulatory compliance
      • Reduce risk of fraud
      • Protect data for multiple devices

      What are the concerns? What is at risk?

      • DDoS attacks: Enterprise transactions are paralyzed by flooding of data across the network preventing access
      • Phishing: Users are tricked into clicking a URL and sharing an organization’s sensitive data
      • Ransomware: Malicious attack preventing the business from accessing data and demanding a ransom for access
      • Third-party malware: Software infected with a virus, trojan horse, worms, spyware, or even ransomware with malicious intent

      Security solutions in UCaaS

      End-to-end encryption is critical

      SRTP

      • Secure real-time protocol is a cryptographic protocol used to secure voice & video calls over IP networks
      • SRTP provides encryption, message authentication, and integrity protection for voice and data packets. Using advanced encryption standard (AES) reduces chance of DDoS attacks

      TLS

      • Transport layer security (TLS) is a cryptographic protocol that secures data in transit over the internet, protecting from interception and tampering

      VPNs and firewalls

      • Virtual private networks (VPNs) are used to secure and encrypt connections between remote devices and the network. UCaaS providers can use VPN to secure access from remote locations
      • Firewalls are your primary line of defense against unauthorized traffic entering or leaving the network

      SIP

      • Session initiated protocol (SIP) over TLS is used to initiate and terminate video and voice calls over the internet. UCaaS providers often use SIP over TLS to encrypt and secure SIP messages

      SSH

      • Secure shell (SSH) is a cryptographic network protocol used to secure remote access and communications over the network. SSH is often used by UCaaS providers to secure remote management and configuration of systems

      Info-Tech Insight

      Encryption is a must for securing data and voice packets across the internet. These packets can be vulnerable to eavesdropping techniques and local area network (LAN) breaches. This risk must be mitigated from end to end.

      UCaaS

      Seven vendors competing with Microsoft’s integrated suite of collaboration tools

      Zoom

      A logo of Zoom
      Best for large meetings and webinars

      Key features:

      • Virtual meetings up to 300 users, up to 1,000 with enterprise version
      • Team chat
      • Digital whiteboard
      • Phone

      RingCentral

      A logo of RingCentral
      Best for project management collaboration tools

      Key features:

      • Video conferencing up to 200 users
      • Chat
      • Voice calls
      • Video polls and captioning
      • Digital whiteboard

      Nextiva

      A logo of Nextiva
      Best for CRM support, best-in-class functionality and features

      Key features:

      • Single dashboard
      • Chat
      • Cospace collaboration tool
      • Templates
      • Voice and call pop

      GoTo Connect

      A logo of GoTo Connect
      Best for integration with other business apps

      Key features:

      • Video conferencing up to 250 participants
      • Meeting transcripts
      • Dial plan

      Dialpad

      A logo of Dialpad
      Best for small companies under 15 users

      Key features:

      • Video meetings up to 15 participants
      • AI transcripts with call summary
      • Call controls share screen, switch between devices
      • Channel conversations with calendar app

      WebEx

      A logo of WebEx
      Only vendor offering real-time translation & closed captioning

      Key features:

      • Video meetings up to 200 participants
      • Calling features with noise removal, call recording, and transcripts
      • Live polling and Q&A

      Google Workspace

      A logo of Google Workspace
      Best for whole team collaboration for docs and slides

      Key features:

      • Google meet video
      • Collaboration on docs, sheets, and slides
      • Google chat and spaces
      • Calendars with sync updates with Gmail and auto-reminders

      Avaya and Cisco

      The major players in the VoIP on-premises PBX world have moved to a cloud experience to compete with Microsoft and other UCaaS players

      Avaya offers the OneCloud UC platform. It is one of the last UC vendors to offer on-premises solutions. In a market which is moving to the cloud at a serious pace, Avaya retains a 14% share. It made a strategic partnership with RingCentral in 2019 and in February 2021 they formed a joint venture which is now called Avaya Cloud Office, a UCaaS solution that integrates Avaya’s communication and collaboration solution with the RingCentral cloud platform.

      With around 33% of the UC market, Cisco also has a selection of UC products and services for on-premises deployment and the cloud, including WebEx Calling, Jabber, Unity Connections for voice messaging, and Single Number Reach for extensive telephony features.

      Both vendors support on-premises and cloud-based solutions for UC.

      Services provided by Avaya and Cisco in the UCaaS space

      A logo of Avaya Cloud Office
      Avaya Cloud Office

      • Voice calling: Cloud-based phone system over the internet with call forwarding, call transfer, voice mail, and more
      • Video conferencing: Virtual meetings for real-time collaboration, screen sharing, virtual backgrounds, video layout, meeting recording, whiteboarding and annotation, and virtual waiting room
      • Messaging: A feature that allows users to send and receive instant messages and SMS text messaging on the same platform
      • Collaboration: Work together on documents and projects in real time. File sharing and task management
      • Contact center: Manage customer interactions across voice, email, chat, and social media
      • Mobile app: Allows users to access communication and collaboration features on smartphones and tablets

      A logo of Cisco WebEx
      Cisco WebEx

      • Voice calling: Cisco WebEx calling provides cloud-based phone system over the internet including call forwarding, transfer, and voice mail
      • Video conferencing: Features include virtual meeting and real-time collaboration, screen sharing, and virtual backgrounds and layouts, highly scalable to large audiences
      • Messaging: Features include chat and SMS
      • Collaboration: Allows users to work together on docs and projects in real time, including file sharing and task management
      • Contact center: Multiple contact center solutions offered for small, medium, and large enterprises
      • Mobile app: Software clients for Jabber on cellphones
      • Artificial intelligence: Business insights, automatic transcripts, notes, and highlights to capture the meeting

      Service desk and contact center cloud options

      INDUSTRY: All industries
      SOURCE: Software reviews

      What vendors offer and what they don’t

      RingCentral integrates with some popular contact centers such as Five 9, Talkdesk and Sharpen. They also have a built-in contact center solution that can be integrated with their messaging and video conferencing tools.

      GoToConnect integrates with several leading customer service providers including Zendesk and Salesforce Service Cloud They also offer a built-in contact center solution with advanced call routing and management features.

      WebEx integrates with a variety of contact center and customer service platforms including Five9, Genesys, and ServiceNow.

      Dialpad integrates with contact center platforms such as Talkdesk and ServiceNow as well as CRM tools such as Salesforce and HubSpot.

      Google Workspace integrates with third-party contact center platforms through their Google Cloud Contact Center AI offering.

      SoftwareReviews

      A diagram that shows some top cloud options in Software reviews

      UCaaS comparison table

      A diagram of a UCaaS comparison table
      * Some reported issues around sound and voice quality may be due to network
      **Limited to certain plans

      Differences between UCaaS and CPaaS

      UCaaS

      CPaaS

      Defined

      Unified communication as a service – a cloud-based platform providing a suite of tools like voice, video messaging, file sharing & contact center.

      Communication platform as a service – a cloud-based platform allowing developers to use APIs to integrate real-time communications into their own applications.

      Functionality

      Designed for end users accessing a suite of tools for communication and collaboration through a unified platform.

      Designed for developers to create and integrate comms features into their own applications.

      Use cases

      Replace aging on-premises PBX systems with consolidated voice and collaboration services.

      Embedded communications capabilities into existing applications through SDKs, Java, and .NET libraries.

      Cost

      Often has a higher cost depending on services provided which can be quite comprehensive.

      Can be more cost effective than UCaaS if the business only requires a few communication features Integrated into their apps.

      Customization

      Offers less customization as it provides a predefined suite of tools that are rarely customized.

      Highly flexible and customizable so developers can build and integrate to fit unique use cases.

      Vendors

      Zoom, MS Teams, Cisco WebEx, RingCentral 8x8, GoTo Meeting, Slack, Avaya & many more.

      Twilio, Vonage, Pivo, MessageBird, Nexmo, SignalWire, CloudTalk, Avaya OneCloud, Telnyx, Voximplant, and others.

      Microsoft Teams Phone

      UCaaS for Microsoft 365

      Consider your approach to the telephony question. Microsoft incorporates telephony functionality with their broader collaboration suite. Other providers do the opposite.

      Microsoft’s voice solution

      These options allow you to plan for an all-cloud solution, connect to your own carrier, or use a combination of all cloud with a third-party carrier. Caveat: Calling plans must be available in your country or region.

      How do you connect with the public switched telephone network (PSTN)?

      Microsoft has three options for connecting the phone system to the PSTN:

      Calling Plan

      • Uses Microsoft's phone system and adds a domestic and international calling plan, which enables worldwide calling but depends on your chosen license
      • Since PSTN Calling Plan operates out of Microsoft 365, you are not required to deploy/maintain on-premises hardware
      • Customers can connect a supported session border controller (SBC) via direct routing if it’s necessary to operate with third-party PBX analog devices or other voice solutions supported by the SBC
      • You can assign your phone numbers directly in the Teams Admin Center

      This plan will work for you if:

      • There is a calling plan available in your region
      • You don’t need to maintain your PSTN carrier
      • You want to use Microsoft's managed PSTN
      • No SBC is necessary in your organization
      • Teams provides all the features your business needs

      Operator Connect

      • Leverage existing contracts or find a new operator from a selection of participating operators
      • Operator-managed infrastructure, your operator manages PSTN calling services and SBC
      • Faster, easier deployment, quickly connect to your operator and assign phone numbers directly from Teams Admin Center
      • Enhanced support and reliability, operators provide technical support and shared service level agreements
      • Customers can connect a supported SBC via Direct Routing for interoperability with third-party PBXs, analog devices, and other third-party voice solution equipment supported by SBC

      This plan will work for you if:

      • There is no calling plan available in your region
      • Your preferred carrier participates in the Microsoft operator connect plan
      • You are looking to get a new operator that enables calling in Teams

      Direct Routing

      • Connect your own supported SBC to Microsoft Phone System directly without needing additional on-premises software
      • Use virtually any voice solution carrier with Microsoft Phone System
      • Can be configured and managed by customers or by your carrier or partner (ask if your carrier or partner provides this option)
      • Configure interoperability between your voice solution equipment (e.g., a third-party PBX and analog devices) and Microsoft Phone System
      • Assign phone numbers directly from Teams Admin Center

      This plan will work for you if:

      • You want to use Teams with Phone System
      • You need to retain your current PSTN carrier
      • You want to mix routing – some calls are going via Calling Plans, some via your carrier
      • You need to interoperate with third-party PBXs and/or equipment such as overhead pagers, analog devices
      • Teams has all the features that your organization requires


      For more information, go to Microsoft Teams call flows.

      Teams phone architecture

      Microsoft offers three options that can be deployed based on several factors and questions you must answer.

      Microsoft Teams phone considerations when connecting to a PSTN

      • Do you want to move on-premises users to the cloud?
      • Is Microsoft's PSTN Calling Plan available in your region?
      • Is your preferred operator a participant in the Microsoft Operator Connect Program?
      • Do you want or need to keep your current voice carrier (e.g., does an existing contract require you to do so)?
      • Do you have an existing on-premises legacy PBX that you want or need to keep?
      • Does your current legacy PBX offer unique business-critical features?
      • Do all/any of your users require features not currently offered in Phone System?

      1. Phone System with Calling Plan

      All in the cloud for Teams users
      A diagram that shows Phone System with Calling Plan.

      Infrastructure requirements:

      Requires uninterrupted connection with Microsoft 365 Yes
      Available worldwide* No
      Requires deploying and maintaining a supported session border controller (SBC) No
      Requires contract with third-party carrier No

      *List of countries where calling plans are available: aka.ms/callingplans

      2. Phone System with own carrier via operator connect

      Phone system in the cloud; connectivity to on-premises voice network for Teams users
      A diagram that shows Phone System with own carrier via operator connect

      Infrastructure requirements:

      Requires uninterrupted connection with Microsoft 365 Yes
      Available worldwide* No
      Requires deploying and maintaining a supported session border controller (SBC) No
      Requires contract with third-party carrier Yes

      *List of countries where Operator Connect is available: aka.ms/operatorconnect

      3. Phone System with own carrier via Direct Routing

      Phone system in the cloud; connectivity to on-premises voice network for Teams users
      A diagram that shows Phone System with own carrier via Direct Routing

      Infrastructure requirements:

      Requires uninterrupted connection with Microsoft 365 Yes
      Available worldwide Yes
      Requires deploying and maintaining a supported session border controller (SBC) Yes
      Requires contract with third-party carrier* Yes

      *Unless deployed as an option to provide connection to third-party PBX, analog devices, or other voice equipment for users who are on Phone System with Calling Plans


      A Metrigy study found that 70% of organizations adopting MS Teams are using direct routing to connect to the PSTN
      Note: Complex organizations with varying needs can adopt all three options simultaneously.

      Avoid overpurchasing Microsoft telephony

      Microsoft telephony products on a page

      A diagram that shows Microsoft telephony products

      Pros:

      • The complete package: sole-sourcing your environment for simpler management
      • Users familiar with Microsoft will only have one place to go for telephony
      • You can bring your own provider and manage your own routing, giving you more choice
      • This can keep costs down as you do not have to pay for calling plan services
      • You can choose your own third-party solution while still taking advantage of the integrations that make Microsoft so attractive as a vendor

      Cons:

      • The most expensive option of the three
      • Less control and limited features compared to other pure-play telephony vendors
      • This service requires expertise in managing telephony infrastructure
      • Avoiding the cloud may introduce technical debt in the long term
      • You will have to manage integrations and deal with limited feature functionality (e.g. you may be able to receive inbound calls but not make outbound calls)

      Why does it matter?

      Phone System is Microsoft’s answer to the premises-based private branch exchange (PBX) functionality that has traditionally required a large capital expenditure. The cloud-based Phone System, offered with Microsoft’s highest tier of Microsoft/Office 365 licensing, allows Skype/Teams customers access to the following features (among others):

      • PSTN telephony (inbound and outbound)
      • Auto attendants (a menu system for callers to navigate your company directory)
      • Call forwarding, voice mail, and transferring
      • Caller ID
      • Shared lines
      • Common area phones

      Phone System, especially the Teams version, is a fully-featured telephony solution that integrates natively with a popular productivity solution. Phone System is worth exploring because many organizations already have Teams licenses.

      Key insights

      1. Don’t pay twice for the same service (unless you must). If you already have M/O365 E5 customer, Teams telephony can be a great way to save money and streamline your environment.
      2. Consider your approach to the telephony question. Microsoft incorporates telephony functionality into a broader collaboration suite. Other providers do the opposite. This reflects their relative strengths.
      3. Teams is a platform. You can use it as a front end for other telephone services. This might make sense if you have a preferred cloud PBX provider.

      Sources

      “Plan your Teams voice solution,” Microsoft, 2022.

      “Microsoft Calling Plans for Teams,” Microsoft, 2023.

      “Plan Direct Routing,” Microsoft, 2023.

      “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 2022.

      “Microsoft Teams Phone Systems: 5 Deployment Options in 2020,” AeroCom, 2020.

      Contact Center and Teams integration

      Three Teams integration options

      If you want to use a certified and direct routing solution for Teams Phone, use the Connect model.

      If you want to use Azure bots and the Microsoft Graph Communication APIs that enable solution providers to create the Teams app, use the Extend model.

      If you want to use the SDK that enables solution providers to embed native Teams experiences in their App, use the Power model (under development).

      The Connect model features

      The Extend model features

      The Power model features (TBD)

      Office 365 authN for agents to connect to their MS tenant from their integrated CCaaS client

      Team graph APIs and Cloud Communication APIs for integration with Teams

      Goal: One app, one screen contact center experience

      Use Teams to see when agents are available

      Teams-based app for agent experience Chat and collaboration experience integrated with the Teams Client

      Goal: Adapt using software development kits (SDKs)

      Transfers and groups call support for Teams

      Teams as the primary calling endpoint for the agent

      Goal: One dashboard experience

      Teams Graph APIs and Cloud communication APIs for integration with Teams

      Teams' client calling for the all the call controls. Preserve performance & quality of Teams client experience

      Multi-tenant SIP trunking to support several customers on solution provider’s SBC

      Agent experience apps for both Teams web and mobile client

      Solution providers to use Microsoft certified session border controller (SBC)

      Analytics workflow management role-based experience for agents in the CaaS app in Teams

      Teams phone network assessment

      Useful tools for Microsoft network testing and Microsoft Teams site assessment

      Plan network basics

      • Does your network infrastructure have enough capacity? Consider switch ports, wireless access points, and other coverage.
      • If you use VLANs and DHCP, are your scopes sized accordingly?
      • Evaluate and test network paths from where devices are deployed to Microsoft 365.
      • Open the required firewall ports and URLs for Microsoft 365 as per guidance.
      • Review and test E911 requirements and configuration for location accuracy and compliance.
      • Avoid using a proxy server and optimize media paths for reliability and quality.

      What internet speed do I need for Teams calls?

      • Microsoft Teams uses about 1.2 Mbps for HD video calling (720p), 1.5 Mbps for 1080p, 500 kbps for standard quality video (360p). Group video requires about 1 Mbps, HD group video uses about 2 Mbps.

      Key physical considerations

      • Power: Do you have enough electrical outlets? If the device needs an external power source, how close can you position it to an outlet?
      • Device placement: Where will your device be located? Review desk stands, wall mounts, and other accessories from the original equipment manufacturer (OEM).
      • Security: Does your device need to be locked in certain spaces?
      • Accessibility: Does the device meet the accessibility requirements of its primary user? Consider where it's placed, wire length, and handset or headset usability.

      Prepare your organization's network for Microsoft Teams

      Plan your Teams voice solution

      Check your internet connection for Teams Phone System

      Teams Phone Mobile

      UCaaS Activity

      Questions that must be addressed by your business and the vendor. Site surveys and questionnaires for your assessment

      Activity: Questionnaire

      Input: Evaluate your current state, Network readiness
      Output: Decisions on readiness, Gaps in infrastructure readiness, Develop a project plan
      Materials: UCaaS Readiness Questionnaire
      Participants: Infrastructure Manager, Project Manager, Network Engineer, Voice Engineer

      As a group, read through the questions on Tabs 1 and 2 of the UCaaS Readiness Questionnaire workbook. The answers to the questions will determine if you have gaps to fill when determining your readiness to move forward on a UCaaS solution.

      You may produce additional questions during the session that pertain to your specific business and situation. Please add them to the questionnaire as needed.

      Record your answers to determine next steps and readiness.

      When assessing potential vendors, use Tab 3 to determine suitability for your organization and requirements. This section may be left to a later date when building a request for proposal (RFP).

      Call #1: Review client advisory deck and next steps.

      Call #2: Assess readiness from answers to the Tab 1 questions.

      Download the UCaaS Readiness Questionnaire here

      Critical Path – Teams with Phone System Deployment

      A diagram that shows Critical Path – Teams with Phone System Deployment

      Example Ltd.’s Communications Guide

      A diagram that shows Example Ltd.’s Communications Guide

      [Insert Organization Name]’s Communications Guide

      A diagram that shows [Insert Organization Name]’s Communications Guide

      Related Info-Tech Research

      Photo of Modernize Communications and Collaboration Infrastructure

      Modernize Communications and Collaboration Infrastructure

      Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users. A new communications and collaboration infrastructure is due to replace or update the legacy infrastructure in place today.

      Photo of Establish a Communication and Collaboration System Strategy

      Establish a Communication and Collaboration System Strategy

      Communication and collaboration portfolios are overburdened with redundant and overlapping services. Between Office 365, Slack, Jabber, and WebEx, IT is supporting a collection of redundant apps. This redundancy takes a toll on IT, and on the user.

      Photo of Implement a Transformative IVR Experience That Empowers Your Customers

      Implement a Transformative IVR Experience That Empowers Your Customers

      Learn the strategies that will allow you to develop an effective interactive voice response (IVR) framework that supports self-service and improves the customer experience.

      Bibliography

      “8 Security Considerations for UCaaS.” Tech Guidance, Feb. 2022. Accessed March 2023.

      “2022 UCaaS & CCaaS market trends snapshot.” Masergy, 2022. Web.

      “All-in-one cloud communications.” Avaya, 2023. Accessed April 2023. Web.

      Carter, Rebekah. “UC Case Study in Focus: Microsoft Teams and GroupM.” UC Today, 9 May 2022. Accessed Feb. 2023.

      “Cisco Unified Communications Manager Cloud (Cisco UCM Cloud) Data Sheet.” Cisco, 15 Sept. 2021. Accessed Jan. 2023.

      “Cloud Adoption as Viewed by European Companies: Assessing the Impact on Public, Hybrid and Private Cloud Communications.” Mitel, 2018. Web.

      De Guzman, Marianne. “Unified Communications Security: The Importance of UCaaS Encryption.” Fit Small Business, 13 Dec. 2022. Accessed March 2023.

      “Evolution of Unified Communications.” TrueConf, n.d. Accessed March 2023. Web.

      Froehlich, Andrew. “Choose between Microsoft Teams vs. Zoom for conference needs.” TechTarget, 7 May 2021. Accessed March 2023.

      Gerwig, Kate. “UCaaS explained: Guide to unified communications as a service.” TechTarget, 29 March 2022. Accessed Jan. 2023.

      Irei, Alissa. “Emerging UCaaS trends include workflow integrations and AI.” TechTarget, 21 Feb 2020. Accessed Feb. 2023.

      Kuch, Mike. “What Is Unified Communications as a Service (UCaaS)?” Avaya, 27 Dec. 2022. Accessed Jan. 2023.

      Lazar, Irwin. “UC vendors extend mobile telephony capabilities.” TechTarget, 10 Feb. 2023. Accessed Mar 2023.

      McCain, Abby. "30 Essential Hybrid Work Statistics [2023]: The Future of Work." Zippia, 20 Feb. 2023. Accessed Mar 2023.

      “Meet the modern CIO: What CEOs expect from their IT leaders.” Freshworks, 2019. Web.

      “A New Era of Workplace Communications: Will You Lead or Be Left Behind.” No Jitter, 2018. Web.

      Plumley, Mike, et al. “Microsoft Teams IT architecture and voice solutions posters.’” Microsoft Teams, Microsoft, 14 Feb. 2023. Accessed March 2023.

      Rowe, Carolyn, et al. “Plan your Teams voice solution” Microsoft Learn, Microsoft, 1 Oct. 2022.

      Rowe, Carolyn, et al. “Microsoft Calling Plans for Teams.” Microsoft Learn, Microsoft, 23 May 2023.

      Rowe, Carolyn, et al. “Plan Direct Routing.” Microsoft Learn, Microsoft, 20 Feb. 2023.

      Scott, Rob. “Cisco vs. Microsoft Cloud Calling—Discussing the Options,” UC Today, 21 April 2022.

      Smith, Mike. “Microsoft Teams Phone Systems: 5 Deployment Options in 2020.” YouTube, uploaded by AeroCom Inc, 23 Oct. 2020.

      “UCaaS - Getting Started With Unified Communications As A Service.” Cloudscape, 10 Nov. 2022. Accessed March 2023.

      “UCaaS Market Accelerating 29% per year; RingCentral, 8x8, Mitel, BroadSoft and Vonage Lead.” Synergy Research Group, 16 Oct. 2017. Web.

      “UCaaS Statistics – The Future of Remote Work.” UC Today, 21 April 2022. Accessed Feb. 2023.

      “Workplace Collaboration: 2021-22.” Metrigy, 27 Jan. 2021. Web.

      Why learn from Tymans Group?

      The TY classes contain in-depth learning material based on over 30 years of experience in IT Operations and Resilience.

      You receive the techniques, tips, tricks, and "professional secrets" you need to succeed in your resilience journey.

      Why would I share "secrets?"

      Because over time, you will find that "secrets" are just manifested experiences.

      What do I mean by that? Gordon Ramsay, who was born in 1966 like me, decided to focus on his culinary education at age 19. According to his Wikipedia page, that was a complete accident. (His Wikipedia page is a hoot to read, by the way.) And he has nothing to prove anymore. His experience in his field speaks for itself.

      I kept studying in my original direction for just one year longer, but by 21, I founded my first company in Belgium in 1987, in the publishing industry. This was extended by IT experiences in various sectors, like international publishing and hospitality, culminating in IT for high-velocity international financial markets and insurance.

      See, "secrets" are a great way to get you to sign up for some "guru" program that will "tell all!" Don't fall for it, especially if the person is too young to have significant experience.

      There are no "secrets." There is only experience and 'wisdom." And that last one only comes with age.

      If I were in my 20s, 30s, or 40s, there is no chance I would share my core experiences with anyone who could become my competitor. At that moment, I'm building my own credibility and my own career. I like helping people, but not to the extent that it will hurt my prospects. 

      And that is my second lesson: be always honest about your intentions. Yes, always. 

      At the current point in my career, "hurting my prospects" is less important. Yes, I still need to make a living, and in another post, I will explain more about that. Here, I feel it is important to share my knowledge and experience with the next people who will take my place in the day-to-day operations of medium and large corporations. And that is worth something. Hence, "sharing my secrets."

      Gert

      Why learn about resilience from us?

      This is a great opportunity to learn from my 30+ years of resilience experience. TY's Gert experienced 9/11 in New York, and he was part of the Lehman Disaster Recovery team that brought the company back within one (one!) week of the terrorist attack.

      He also went through the London Bombings of 2005 and the 2008 financial crisis, which required fast incident responses, the Covid 2020 issues, and all that entailed. Not to mention that Gert was part of the Tokyo office disaster response team as early as 1998, ensuring that Salomon was protected from earthquakes and floods in Japan.

      Gert was part of the solution (for his clients) to several further global events, like the admittedly technical log4J event in 2021, the 2024 Crowdstrike event, and many other local IT incidents, to ensure that clients could continue using the services they needed at that time.

      Beyond the large corporate world, we helped several small local businesses improve their IT resilience with better cloud storage and security solutions. 

      These solutions and ways of thinking work for any business, large or small.

      The TY team

      Explore our resilience solutions.

      Increase Grant Application Success

      • Buy Link or Shortcode: {j2store}314|cart{/j2store}
      • member rating overall impact: 9.5/10 Overall Impact
      • member rating average dollars saved: $7,799 Average $ Saved
      • member rating average days saved: 10 Average Days Saved
      • Parent Category Name: Cost & Budget Management
      • Parent Category Link: /cost-and-budget-management
      • Writing grants has not been prioritized by the organization.
      • Your organization is unable to start, finish, and/or continue priority projects or initiatives as it does not have sufficient funds.
      • Grants are applied to in an ad hoc manner by employees who do not have sufficient time and resources to dedicate to the process.

      Our Advice

      Critical Insight

      There are three critical components to the grant application process:

      • Being strategic about the grant opportunities your organization chooses to pursue.
      • Dedicating sufficient time and resources to writing a competitive grant application.
      • Ensuring your organization will be able to adhere to the grant parameters if awarded the funding.

      Impact and Result

      • By leveraging Info-Tech’s methodology, your organization will strategically select, write, and submit competitive grant applications, securing additional funding sources to support the organization and the communities you serve.
      • This research can enhance the grant writing capabilities of the organization and ensure that every grant chosen aligns with your organizational priorities.
      • This blueprint will drive consensus on which grant applications should be prioritized by the organization, ensuring resourcing, feasibility, and significance are considered.

      Increase Grant Application Success Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should enhance your organization's grant application lifecycle and how you can increase the number of grants your organization is awarded. Review Info-Tech’s methodology and understand the four ways Info-Tech can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Identify Opportunities

      Identify grant funding opportunities that align with your organization's priorities. Ensure the programs, services, projects, and initiatives that align with these priorities can be financially supported by grant funding.

      • Increase Grant Application Success – Phase 1: Identify Opportunities
      • Grant Identification and Prioritization Tool for Organizations

      2. Grant Prioritization

      Prioritize applying for the grant opportunities that your organization identified. Be sure to consider the feasibility of implementing the project or initiative if your organization is awarded the grant.

      • Increase Grant Application Success – Phase 2: Grant Prioritization

      3. Write the Grant Application

      Write a competitive grant application that has been strategically developed and actively critiqued by various internal and external reviewers.

      • Increase Grant Application Success – Phase 3: Write the Grant Application
      • Grant Writing Checklist

      4. Submit the Grant Application

      Submit an exemplary grant application that meets the guidelines and expectations of the granting agency prior to the due date.

      • Increase Grant Application Success – Phase 4: Submit the Grant Application
      • Grant Follow-up Email Template

      Infographic

      Workshop: Increase Grant Application Success

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Determine Your Organization's Priorities

      The Purpose

      Determine the key priorities of your organization and identify grant funding opportunities that align with those priorities.

      Key Benefits Achieved

      Prevents duplicate grant applications from being submitted

      Ensures the grant and the organization's priorities are aligned

      Increases the success rate of grant applications

      Activities

      1.1 Discuss grant funding opportunities and their importance to the organization.

      1.2 Identify organizational priorities.

      Outputs

      An understanding of why grants are important to your organization

      A list of priorities being pursued by your organization

      2 Prioritize Grant Funding Opportunities

      The Purpose

      Identify potential grant funding opportunities that align with the projects/initiatives the organization would like to pursue. Prioritize these funding opportunities and identify which should take precedent based on resourcing, importance, likelihood of success, and feasibility.

      Key Benefits Achieved

      Generate a list of potential funding opportunities that can be revisited when resources allow

      Obtain consensus from your working group on which grants should be pursued based on how they have been prioritized

      Activities

      2.1 Develop a list of potential grant funding opportunities.

      2.2 Define the resource capacity your organization has to support the granting writing process.

      2.3 Discuss and prioritize grant opportunities

      Outputs

      A list of potential grant funding opportunities

      Realistic expectations of your organization's capacity to undertake the grant writing lifecycle

      Notes and priorities from your discussion on grant opportunities

      3 Sketch a Grant Application

      The Purpose

      Take the grant that was given top priority in the last section and sketch out a draft of what that application will look like. Think critically about the sketch and determine if there are opportunities to further clarify and demonstrate the goals of the grant application.

      Key Benefits Achieved

      A sketch ready to be developed into a grant application

      A critique of the sketch to ensure that the application will be well understood by the reviewers of your submission

      Activities

      3.1 Sketch the grant application.

      3.2 Perform a SWOT analysis of the grant sketch.

      Outputs

      A sketched version of the grant application ready to be drafted

      A SWOT analysis that critically examines the sketch and offers opportunities to enhance the application

      4 Prepare to Submit the Grant Application

      The Purpose

      Have the grant application actively critiqued by various internal and external individuals. This will increase the grant application's quality and generate understanding of the application submission and post-submission process.

      Key Benefits Achieved

      A list of individuals (internal and external) that can potentially review the application prior to submission

      Preparation for the submission process

      An understanding of why the opportunity to learn how to improve future grant applications is so important

      Activities

      4.1 Identify potential individuals who will review the draft of your grant application.

      4.2 Discuss next steps around the grant submission.

      4.3 Review grant writing best practices.

      Outputs

      A list of potential individuals who can be asked to review and critique the grant application

      An understanding of what the next steps in the process will be

      Knowledge of grant writing best practices

      Into the Metaverse

      • Buy Link or Shortcode: {j2store}95|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Innovation
      • Parent Category Link: /innovation
      • Define the metaverse.
      • Understand where Meta and Microsoft are going and what their metaverse looks like today.
      • Learn about other solution providers implementing the enterprise metaverse.
      • Identify risks in deploying metaverse solutions and how to mitigate them.

      Our Advice

      Critical Insight

      • A metaverse experience must combine the three Ps: user presence is represented, the world is persistent, and data is portable.

      Impact and Result

      • Understand how Meta and Microsoft define the Metaverse and the coming challenges that enterprises will need to solve to harness this new digital capability.

      Into the Metaverse Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Into the Metaverse – A deck that examines how IT can prepare for the new digital world

      Push past the hype and understand what the metaverse really means for IT.

      • Into the Metaverse Storyboard

      Infographic

      Further reading

      Into the Metaverse

      How IT can prepare for the new digital world.

      Analyst Perspective

      The metaverse is still a vision of the future.

      Photo of Brian Jackson, Research Director, CIO, Info-Tech Research Group.

      On October 28, 2021, Mark Zuckerberg got up on stage and announced Facebook's rebranding to Meta and its intent to build out a new business line around the metaverse concept. Just a few days later, Microsoft's CEO Satya Nadella put forward his own idea of the metaverse at Microsoft Ignite. Seeing two of Silicon Valley's most influential companies pitch a vision of avatar-driven virtual reality collaboration sparked our collective curiosity. At the heart of it lies the question, "What is the metaverse, anyway?“

      If you strip back the narrative of the companies selling you the solutions, the metaverse can be viewed as technological convergence. Years of development on mixed reality, AI, immersive digital environments, and real-time communication are culminating in a totally new user experience. The metaverse makes the digital as real as the physical. At least, that's the vision.

      It will be years yet before the metaverse visions pitched to us from Silicon Valley stages are realized. In the meantime, understanding the individual technologies contributing to that vision can help CIOs realize business value today. Join me as we delve into the metaverse.

      Brian Jackson
      Research Director, CIO
      Info-Tech Research Group

      From pop culture to Silicon Valley

      Sci-fi visionaries are directly involved in creating the metaverse concept

      The term “metaverse” was coined by author Neal Stephenson in the 1992 novel “Snow Crash.” In the novel, main character Hiro Protagonist interacts with others in a digitally defined space. Twenty-five years after its release, the cult classic is influential among Silicon Valley's elite. Stephenson has played some key roles in Silicon Valley firms. He became the first employee at Blue Origin, the space venture founded by Jeff Bezos, in 2006, and later became chief futurist at augmented reality firm Magic Leap in 2014. Stephenson also popularized the Hindu concept "avatar" in his writing, paving the way for people to embody digitally rendered models to participate in the metaverse (Vanity Fair, 2017).

      Even earlier concepts of the metaverse were examined in the 1980s, with William Gibson’s “Neuromancer” exploring the same idea as cyberspace. Gibson's novel was influenced by his time in Seattle, where friend and Microsoft executive Eileen Gunn took him to hacker bars where he'd eavesdrop on "the poetics of the technological subculture" (Medium, 2022). Other visions of a virtual reality mecca were brought to life in the movies, including the 1982 Disney release “Tron,” the 1999 flick “The Matrix,” and 2018’s “Ready Player One.”

      There's a common set of traits among these sci-fi narratives that help us understand what Silicon Valley tech firms are now set to commercialize: users interact with one another in a digitally rendered virtual world, with a sense of presence provided through the use of a head-mounted display.

      Cover of the book Snow Crash by Neal Stephenson.

      Image courtesy nealstephenson.com

      Meta’s view of the metaverse

      CEO Mark Zuckerberg rebranded Facebook to make his intent clear

      Mark Zuckerberg is all in on the metaverse, announcing October 28, 2021, that Facebook would be rebranded to Meta. The new brand took effect on December 1, and Facebook began trading under the new stock ticker MVRS on certain exchanges. On February 15, 2022, Zuckerberg announced at a company meeting that his employees will be known as Metamates. The company's new values are to live in the future, build awesome things, and focus on long-term impact. Its motto is simply "Meta, Metamates, me" (“Out With the Facebookers. In With the Metamates,” The New York Times, 2022).

      Meta's Reality Labs division will be responsible for developing its metaverse product, using Meta Quest, its virtual reality head-mounted displays. Meta's early metaverse environment, Horizon Worlds, rolled out to Quest users in the US and Canada in early December 2021. This drove a growth in its monthly user base by ten times, to 300,000 people. The product includes Horizon Venues, tailored to attending live events in VR, but not Horizon Workrooms, a VR conferencing experience that remains invite-only. Horizon Worlds provides users tools to construct their own 3D digital environments and had been used to create 10,000 separate worlds by mid-February 2022 (“Meta’s Social VR Platform Horizon Hits 300,000 Users,“ The Verge, 2022).

      In the future, Meta plans to amplify the building tools in its metaverse platform with generative AI. For example, users can give speech commands to create scenes and objects in VR. Project CAIRaoke brings a voice assistant to an augmented reality headset that can help users complete tasks like cooking a stew. Zuckerberg also announced Meta is working on a universal speech translator across all languages (Reuters, 2022).

      Investment in the metaverse:
      $10 billion in 2021

      Key People:
      CEO Mark Zuckerberg
      CTO Andrew Bosworth
      Chief Product Officer Chris Cox

      (Source: “Meta Spent $10 Billion on the Metaverse in 2021, Dragging Down Profit,” The New York Times, 2022)

      Microsoft’s view of the metaverse

      CEO Satya Nadella showcased a mixed reality metaverse at Microsoft Ignite

      In March 2021 Microsoft announced Mesh, an application that allows organizations to build out a metaverse environment. Mesh is being integrated into other Microsoft hardware and software, including its head-mounted display, the HoloLens, a mixed reality device. The Mesh for HoloLens experience allows users to collaborate around digital content projected into the real world. In November, Microsoft announced a Mesh integration with Microsoft Teams. This integration brings users into an immersive experience in a fully virtual world. This VR environment makes use of AltspaceVR, a VR application Microsoft first released in May 2015 (Microsoft Innovation Stories, 2021).

      Last Fall, Microsoft also announced it is rebranding its Dynamics 365 Connected Store solution to Dynamics 365 Connected Spaces, signaling its expansion from retail to all spaces. The solution uses cognitive vision to create a digital twin of an organization’s physical space and generate analytics about people’s behavior (Microsoft Dynamics 365 Blog, 2021).

      In the future, Microsoft wants to make "holoportation" a part of its metaverse experience. Under development at Microsoft Research, the technology captures people and things in photorealistic 3D to be projected into mixed reality environments (Microsoft Research, 2022). It also has plans to offer developers AI-powered tools for avatars, session management, spatial rendering, and synchronization across multiple users. Open standards will allow Mesh to be accessed across a range of devices, from AR and VR headsets, smartphones, tablets, and PCs.

      Microsoft has been developing multi-user experiences in immersive 3D environments though its video game division for more than two decades. Its capabilities here will help advance its efforts to create metaverse environments for the enterprise.

      Investment in the metaverse:
      In January 2022, Microsoft agreed to acquire Activision Blizzard for $68.7 billion. In addition to acquiring several major gaming studios for its own gaming platforms, Microsoft said the acquisition will play a key role in the development of its metaverse.

      Key People:
      CEO Satya Nadella
      CEO of Microsoft Gaming Phil Spencer
      Microsoft Technical Research Fellow Alex Kipman

      Current state of metaverse applications from Meta and Microsoft

      Meta

      • Horizon Worlds (formerly Facebook Horizon). Requires an Oculus Rift S or Quest 2 headset to engage in an immersive 3D world complete with no-code building tools for users to construct their own environments. Users can either interact in the space designed by Meta or travel to other user-designed worlds through the plaza.
      • Horizon Workrooms (beta, invite only). An offshoot of Horizon Worlds but more tailored for business collaboration. Users can bring in their physical desks and keyboards and connect to PC screens from within the virtual setting. Integrates with Facebook’s Workplace solution.

      Microsoft

      • Dynamics 365 Connected Spaces (preview). Cognitive vision combined with surveillance cameras provide analytics on people's movement through a facility.
      • Mesh for Microsoft Teams (not released). Collaborate with your colleagues in a virtual reality space using personalized avatars. Use new 2D and 3D meeting experiences.
      • Mesh App for HoloLens (preview). Interact with colleagues virtually in a persistent digital environment that is overlaid on top of the real world.
      • AltspaceVR. A VR space accessible via headset or desktop computer that's been available since 2015. Interact through use of an avatar to participate in daily events

      Current providers of an “enterprise metaverse”

      Other providers designing mixed reality or digital twin tools may not have used the “metaverse” label but provide the same capabilities via platforms

      Logo for NVIDIA Omniverse. Logo for TeamViewer.
      NVIDIA Omniverse
      “The metaverse for engineers,” Omniverse is a developer toolset to allow organizations to build out their own unique metaverse visions.
      • Omniverse Nucleus is the platform database that allows clients to publish digital assets or subscribe to receive changes to them in real-time.
      • Omniverse Connectors are used to connect to Nucleus and publish or subscribe to individual assets and entire worlds.
      • NVIDIA’s core physics engine provides a scalable and physically accurate world simulation.
      TeamViewer’s Remote as a Service Platform
      Initially focusing on providing workers remote connectivity to work desktops, devices, and robotics, TeamViewer offers a range of software as a service products. Recent acquisitions to this platform see it connecting enterprise workflows to frontline workers using mixed reality headsets and adding more 3D visualization development tools to create digital twins. Clients include Coca-Cola and BMW.

      “The metaverse matters in the future. TeamViewer is already making the metaverse tangible in terms of the value that it brings.” (Dr. Hendrik Witt, Chief Product Officer, TeamViewer)

      The metaverse is a technological convergence

      The metaverse is a platform combining multiple technologies to enable social and economic activity in a digital world that is connected to the physical world.

      A Venn diagram with four circles intersecting and one circle unconnected on the side, 'Blockchain, Emerging'. The four circles, clock-wise from top, are 'Artificial Intelligence', 'Real-Time Communication', 'Immersive Digital Space', and 'Mixed Reality'. The two-circle crossover sections, clock-wise from top-right are AI + RTC: 'Smart Agent-Facilitated Communication', RTC + IDS: 'Avatar-Based Social Interaction', IDS + MR: 'Digital Immersive UX', and MR + AI: 'Perception AI'. There are only two three-circle crossover sections labelled, AI + RTC + MR: 'Generative Sensory Environments' and RTC + IDS + MR: 'Presence'. The main cross-section is 'METAVERSE'.

      Info-Tech Insight

      A metaverse experience must combine the three P’s: user presence is represented, the world is persistent, and data is portable.

      Mixed reality provides the user experience (UX) for the metaverse

      Both virtual and augmented reality will be part of the picture

      Mixed reality encompasses both virtual reality and augmented reality. Both involve allowing users to immerse themselves in digital content using a head-mounted device or with a smartphone for a less immersive effect. Virtual reality is a completely digital world that is constructed as separate from the physical world. VR headsets take up a user's entire field of vision and must also have a mechanism to allow the user to interact in their virtual environment. Augmented reality is a digital overlay mapped on top of the real world. These headsets are transparent, allowing the user to clearly see their real environment, and projects digital content on top of it. These headsets must have a way to map the surrounding environment in 3D in order to project digital content in the right place and at the right scale.

      Meta’s Plans

      Meta acquired virtual reality developer Oculus VR Inc. and its set of head-mounted displays in 2014. It continues to develop new hardware under the Oculus brand, most recently releasing the Oculus Quest 2. Oculus Quest hardware is required to access Meta's early metaverse platform, Horizon Worlds.

      Microsoft’s Plans

      Microsoft's HoloLens hardware is a mixed reality headset. Its visor that can project digital content into the main portion of the user's field of vision and speakers capable of spatial audio. The HoloLens has been deployed at enterprises around the world, particularly in scenarios where workers typically have their hands busy. For example, it can be used to view digital schematics of a machine while a worker is performing maintenance or to allow a remote expert to "see through the eyes" of a worker.

      Microsoft's Mesh metaverse platform, which allows for remote collaboration around digital content, was demonstrated on a HoloLens at Microsoft Ignite in November 2021. Mesh is also being integrated into AltspaceVR, an application that allows companies to hold meetings in VR with “enterprise-grade security features including secure sign-ins, session management and privacy compliance" (Microsoft Innovation Stories, 2021).

      Immersive digital environments provide context in the metaverse

      The interactive environment will be a mix of digital and physical worlds

      If you've played a video game in the past decade, you've experienced an immersive 3D environment, perhaps even in a multiplayer environment with many other users at the same time. The video game industry grew quickly during the pandemic, with users spending more time and money on video games. Massive multiplayer online games like Fortnite provide more than a gaming environment. Users socialize with their friends and attend concerts featuring famous performers. They also spend money on different appearances or gestures to express themselves in the environment. When they are not playing the game, they are often watching other players stream their experience in the game. In many ways, the consumer metaverse already exists on platforms like Fortnite. At the same time, gaming developers are improving the engines for these experiences and getting closer to approximating the real world both visually and in terms of physics.

      In the enterprise space, immersive 3D environments are also becoming more popular. Manufacturing firms are building digital twins to represent entire factories, modeling their real physical environments in digital space. For example, BMW’s “factory of the future” uses NVIDIA Omniverse to create a digital twin of its assembly system, simulated down to the detail of digital workers. BMW uses this simulation to plan reconfiguration of its factory to accommodate new car models and to train robots with synthetic data (“NVIDIA Omniverse,” NVIDIA, 2021).

      Meta’s Plans

      Horizon Workrooms is Meta's business-focused application of Horizon Worlds. It facilitates a VR workspace where colleagues can interact with others’ avatars, access their computer, use videoconferencing, and sketch out ideas on a whiteboard. With the Oculus Quest 2 headset, passthrough mode allows users to add their physical desk to the virtual environment (Oculus, 2022).

      Microsoft’s Plans

      AltspaceVR is Microsoft's early metaverse environment and it can be accessed with Oculus, HTC Vive, Windows Mixed Reality, or in desktop mode. Separately, Microsoft Studios has been developing digital 3D environments for its Xbox video game platform for yeas. In January 2022, Microsoft acquired games studio Activision Blizzard for $68.7 billion, saying the games studio would play a key role in the development of the metaverse.

      Real-time communications allow for synchronous collaboration

      Project your voice to a room full of avatars for a presentation or whisper in someone’s ear

      If the metaverse is going to be a good place to collaborate, then communication must feel as natural as it does in the real world. At the same time, it will need to have a few more controls at the users’ disposal so they can focus in on the conversation they choose. Audio will be a major part of the communication experience, augmented by expressive avatars and text.

      Mixed reality headsets come with integrated microphones and speakers to enable voice communications. Spatial audio will also be an important component of voice exchange in the metaverse. When you are in a videoconference conversation with 50 participants, every one of those people will sound as though they are sitting right next to you. In the metaverse, each person will sound louder or quieter based on how distant their avatar is from you. This will allow large groups of people to get together in one digital space and have multiple conversations happening simultaneously. In some situations, there will also be a need for groups to form a “party” as they navigate the metaverse, meaning they would stay linked through a live audio connection even if their avatars were not in the same digital space. Augmented reality headsets also allow remote users to “see through the eyes” of the person wearing the headset through a front-facing camera. This is useful for hands-on tasks where expert guidance is required.

      People will also need to communicate with people not in the metaverse. More conventional videoconference windows or chat boxes will be imported into these environments as 2D panels, allowing users to integrate them into the context of their digital space.

      Meta’s Plans

      Facebook Messenger is a text chat and video chat application that is already integrated into Facebook’s platform. Facebook also owns WhatsApp, a messaging platform that offers group chat and encrypted messaging.

      Microsoft’s Plans

      Microsoft Teams is Microsoft’s application that combines presence-based text chat and videoconferencing between individuals and groups. Dynamics 365 Remote Assist is its augmented reality application designed for HoloLens wearers or mobile device users to share their real-time view with experts.

      Generative AI will fill the metaverse with content at the command of the user

      No-code and low-code creation tools will be taken to the next level in the metaverse

      Metaverse platforms provide users with no-code and low-code options to build out their own environments. So far this looks like playing a game of Minecraft. Users in the digital environment use native tools to place geometric shapes and add textures. Other metaverse platforms allow users to design models or textures with tools outside the platform, often even programming behaviors for the objects, and then import them into the metaverse. These tools can be used effectively, but it can be a tedious way to create a customized digital space.

      Generative AI will address that by taking direction from users and quickly generating content to provide the desired metaverse setting. Generative AI can create content that’s meaningful based on natural inputs like language or visual information. For example, a user might give voice commands to a smart assistant and have a metaverse environment created or take photos of a real-world object from different angles to have its likeness digitally imported.

      Synthetic data will also play a role in the metaverse. Instead of relying only on people to create a lot of relevant data to train AI, metaverse platform providers will also use simulated data to provide context. NVIDIA’s Omniverse Replicator engine provides this capability and can be used to train self-driving cars and manipulator robots for a factory environment (NVIDIA Newsroom, 2021).

      Meta’s Plans

      Meta is planning to use generative AI to allow users to construct their VR environments. It will allow users to describe a world to a voice assistant and have it created for them. Users could also speak to each other in different languages with the aid of a universal translator. Separately, Project CAIRaoke combines cognitive vision with a voice assistant to help a user cook dinner. It keeps track of where the ingredients are in the kitchen and guides the user through the steps (Reuters, 2022).

      Microsoft’s Plans

      Microsoft Mesh includes AI resources to help create natural interactions through speech and vision learning models. HoloLens 2 already uses AI models to track users’ hands and eye movements as well as map content onto the physical world. This will be reinforced in the cloud through Microsoft Azure’s AI capabilities (Microsoft Innovation Stories, 2021).

      Blockchain will provide a way to manage digital identity and assets across metaverse platforms

      Users will want a way to own their metaverse identity and valued digital possessions

      Blockchain technology provides a decentralized digital ledger that immutably records transactions. A specific blockchain can either be permissioned, with one central party determining who gets access, or permissionless, in which anyone with the means can transact on the blockchain. The permissionless variety emerged in 2008 as the foundation of Bitcoin. It's been a disruptive force in the financial industry, with Bitcoin inspiring a long list of offshoot cryptocurrencies, and now even central banks are examining moving to a digital currency standard.

      In the past couple of years, blockchain has spurred a new economy around digital assets. Smart contracts can be used to create a token on a blockchain and bind it to a specific digital asset. These assets are called non-fungible tokens (NFTs). Owners of NFTs can prove their chain of ownership and sell their tokens to others on a variety of marketplaces.

      Blockchain could be useful in the metaverse to track digital identity, manage digital assets, and enable data portability. Users could register their own avatars as NFTs to prove they are the real person behind their digital representation. They may also want a way to verify they own a virtual plot of land or demonstrate the scarcity of the digital clothing they are wearing in the metaverse. If users want to leave a certain metaverse platform, they could export their avatar and digital assets to a digital wallet and transfer them to another platform that supports the same standards.

      In the past, centralized platforms that create economies in a virtual world were able to create digital currencies and sell specific assets to users without the need for blockchain. Second Life is a good example, with Linden Labs providing a virtual token called Linden Dollars that users can exchange to buy goods and services from each other within the virtual world. Second Life processes 345 million transactions a year for virtual goods and reports a GDP of $650 million, which would put it ahead of some countries (VentureBeat, 2022). However, the value is trapped within Second Life and can't be exported elsewhere.

      Meta’s Plans

      Meta ended its Diem project in early 2022, winding down its plan to offer a digital currency pegged to US dollars. Assets were sold to Silvergate Bank for $182 million. On February 24, blockchain developer Atmos announced it wanted to bring the project back to life. Composed of many of the original developers that created Diem while it was still a Facebook project, the firm plans to raise funds based on the pitch that the new iteration will be "Libra without Facebook“ (CoinDesk, 2022).

      Microsoft’s Plans

      Microsoft expanded its team of blockchain developers after its lead executive in this area stated the firm is closely watching cryptocurrencies and NFTs. Blockchain Director York Rhodes tweeted on November 8, 2021, that he was expanding his team and was interested to connect with candidates "obsessed with Turing complete, scarce programmable objects that you can own & transfer & link to the real world through a social contract.”

      The enterprise metaverse holds implications for IT across several functional areas

      Improve maturity in these four areas first

      • Infrastructure & Operations
        • Lay the foundation
      • Security & Risk
        • Mitigate the risks
      • Apps
        • Deploy the precursors
      • Data & BI
        • Prepare to integrate
      Info-Tech and COBIT5's IT Management & Governance Framework with processes arranged like a periodic table. Highlighted process groups are 'Infrastructure & Operations', 'Security & Risk', 'Apps', and 'Data & BI'.

      Infrastructure & Operations

      Make space for the metaverse

      Risks

      • Network congestion: Connecting more devices that will be delivering highly graphical content will put new pressures on networks. Access points will have more connections to maintain and transit pathways more bandwidth to accommodate.
      • Device fragmentation: Currently many different vendors are selling augmented reality headsets used in the enterprise, including Google, Epson, Vuzix, and RealWear. More may enter soon, creating various types of endpoints that have different capabilities and different points of failure.
      • New workflows: Enterprises will only be able to benefit from deploying mixed reality devices if they're able to make them very useful to workers. Serving up relevant information in the context of a hands-free interface will become a new competency for enterprises to master.

      Mitigations

      • Dedicated network: Some companies are avoiding the congestion issue by creating a separate network for IoT devices on different infrastructure. For example, they might complement the Wi-Fi network with a wireless network on 5G or LoRaWAN standards.
      • Partner with systems integrators: Solutions vendors bringing metaverse solutions to the enterprise are already working with systems integrator partners to overcome integration barriers. These vendors are solving the problems of delivering enterprise content to a variety of new mixed reality touchpoints and determining just the right information to expose to users, at the right time.

      Security & Risk

      Mitigate metaverse risks before they take root

      Risks

      • Broader attack surface: Adding new mixed reality devices to the enterprise network will create more potential points of ingress for a cyberattack. Previous enterprise experiences with IoT in the enterprise have seen them exploited as weak points and used to create botnets or further infiltrate company networks.
      • More data in transit: Enterprise data will be flowing between these new devices and sometimes outside the company firewall to remote connections. Data from industrial IoT could also be integrated into these solutions and exposed.
      • New fraud opportunities: When Web 1.0 was first rolling out, not every company was able to secure the rights to the URL address matching its brand. Those not quick enough on the draw saw "domain squatters" use their brand equity to negotiate for a big pay day or, worse yet, to commit fraud. With blockchain opening up similar new digital real estate in Web3, the same risk arises.

      Mitigations

      • Mobile device management (MDM): New mixed reality headsets can be secured using existing MDM solutions on the market.
      • Encryption: Encrypting data end to end as it flows between IoT devices ensures that even if it does leak, it's not likely to be useful to a hacker.
      • Stake your claim: Claiming your brand's name in new Web3 domains may seems tedious, but it is likely to be cheap and might save you a headache down the line.

      Apps

      Deploy to your existing touchpoints

      Risks

      • Learning curves: Using new metaverse applications to complete tasks and collaborate with colleagues won’t be a natural progression for everyone. New headsets, gesture-based controls, and learning how to navigate the metaverse will present hurdles for users to overcome before they can be productive.
      • Is there a dress code in the metaverse? Avatars in the metaverse won’t necessarily look like the people behind the controls. What new norms will be needed to ensure avatars are appropriate for a work setting?
      • Fragmentation: Metaverse experiences are already creating islands. Users of Horizon Worlds can’t connect with colleagues using AltspaceVR. Similar to the challenges around different videoconferencing software, users could find they are divided by applications.

      Mitigations

      • Introduce concepts over time: Ask users to experiment with meeting in a VR context in a small group before expanding to a companywide conference event. Or have them use a headset for a simple video chat before they use it to complete a task in the field.
      • Administrative controls: Ensure that employees have some boundaries when designing their avatars, enforced either through controls placed on the software or through policies from HR.
      • Explore but don’t commit: It’s early days for these metaverse applications. Explore opportunities that become available through free trials and new releases to existing software suites but maintain flexibility to pivot should the need arise.

      Data & BI

      Deploy to your existing touchpoints

      Risks

      • Interoperability: There is no established standard for digital objects or behaviors in the metaverse. Meta and Microsoft say they are committed to open standards that will ensure portability of data across platforms, but how that will be executed isn’t clear yet.
      • Privacy: Sending data to another platform carries risks that it will be exfiltrated and stored elsewhere, presenting some challenges for companies that need to be compliant with legislation such as GDPR.
      • High-fidelity models: 3D models with photorealistic textures will come with high CPU requirements to render properly. Some head-mounted displays will run into limitations.

      Mitigations

      • Adopt standard interfaces: Using open APIs will be the most common path to integrating enterprise systems to metaverse applications.
      • Maintain compliance: The current approach enterprises take to creating data lakes and presenting them to platforms will extend to the metaverse. Building good controls and anonymizing data that resides in these locations will enable firms to interact in new platforms and remain compliant.
      • Right-sized rendering: Providing enough data to a device to make it useful without overburdening the CPU will be an important consideration. For example, TeamViewer uses polygon reduction to display 3D models on lower-powered head-mounted displays.

      More Info-Tech research to explore

      CIO Priorities 2022
      Priorities to compete in the digital economy.

      Microsoft Teams Cookbook
      Recipes for best practices and use cases for Microsoft Teams.

      Run Better Meetings
      Hybrid, virtual, or in person – set meeting best practices that support your desired meeting norms.

      Double Your Organization’s Effectiveness With a Digital Twin
      Digital twin: A living, breathing reflection.

      Contributing experts

      Photo of Dr. Hendrik Witt, Chief Product Officer, TeamViewer

      Dr. Hendrik Witt
      Chief Product Officer,
      TeamViewer

      Photo of Kevin Tucker, Principal Research Director, Industry Practice, INFO-TECH RESEARCH GROUP

      Kevin Tucker
      Principal Research Director, Industry Practice,
      INFO-TECH RESEARCH GROUP

      Bibliography

      Cannavò, Alberto, and F. Lamberti. “How Blockchain, Virtual Reality and Augmented Reality Are Converging, and Why.” IEEE Consumer Electronics Magazine, vol. 10, no. 5, Sept. 2020, pp. 6-13. IEEE Xplore. Web.

      Culliford, Elizabeth. “Meta’s Zuckerberg Unveils AI Projects Aimed at Building Metaverse Future.” Reuters, 24 Feb. 2022. Web.

      Davies, Nahla. “Cybersecurity and the Metaverse: Pioneering Safely into a New Digital World.” GlobalSign Blog, 10 Dec. 2021. GlobalSign by GMO. Web.

      Doctorow, Cory. “Neuromancer Today.” Medium, 10 Feb. 2022. Web.

      Heath, Alex. “Meta’s Social VR Platform Horizon Hits 300,000 Users.” The Verge, 17 Feb. 2022. Web.

      “Holoportation™.” Microsoft Research, 22 Feb. 2022. Microsoft. Accessed 3 March 2022.

      Isaac, Mike. “Meta Spent $10 Billion on the Metaverse in 2021, Dragging down Profit.” The New York Times, 2 Feb. 2022. Web.

      Isaac, Mike, and Sheera Frenkel. “Out With the Facebookers. In With the Metamates.” The New York Times, 15 Feb. 2022. Web.

      Langston, Jennifer. “‘You Can Actually Feel like You’re in the Same Place’: Microsoft Mesh Powers Shared Experiences in Mixed Reality.” Microsoft Innovation Stories, 2 Mar. 2021. Microsoft. Web.

      “Maple Leaf Sports & Entertainment and AWS Team Up to Transform Experiences for Canadian Sports Fans.” Amazon Press Center, 23 Feb. 2022. Amazon.com. Accessed 24 Feb. 2022. Web.

      Marquez, Reynaldo. “How Microsoft Will Move To The Web 3.0, Blockchain Division To Expand.” Bitcoinist.com, 8 Nov. 2021. Web.

      Metinko, Chris. “Securing The Metaverse—What’s Needed For The Next Chapter Of The Internet.” Crunchbase News, 6 Dec. 2021. Web.

      Metz, Rachel Metz. “Why You Can’t Have Legs in Virtual Reality (Yet).” CNN, 15 Feb. 2022. Accessed 16 Feb. 2022.

      “Microsoft to Acquire Activision Blizzard to Bring the Joy and Community of Gaming to Everyone, across Every Device.” Microsoft News Center, 18 Jan. 2022. Microsoft. Web.

      Nath, Ojasvi. “Big Tech Is Betting Big on Metaverse: Should Enterprises Follow Suit?” Toolbox, 15 Feb. 2022. Accessed 24 Feb. 2022.

      “NVIDIA Announces Omniverse Replicator Synthetic-Data-Generation Engine for Training AIs.” NVIDIA Newsroom, 9 Nov. 2021. NVIDIA. Accessed 9 Mar. 2022.

      “NVIDIA Omniverse - Designing, Optimizing and Operating the Factory of the Future. 2021. YouTube, uploaded by NVIDIA, 13 April 2021. Web.

      Peters, Jay. “Disney Has Appointed a Leader for Its Metaverse Strategy.” The Verge, 15 Feb. 2022. Web.

      Robinson, Joanna. The Sci-Fi Guru Who Predicted Google Earth Explains Silicon Valley’s Latest Obsession.” Vanity Fair, 23 June 2017. Accessed 13 Feb. 2022.

      Scoble, Robert. “New Startup Mixes Reality with Computer Vision and Sets the Stage for an Entire Industry.” Scobleizer, 17 Feb. 2022. Web.

      Seward, Zack. “Ex-Meta Coders Raising $200M to Bring Diem Blockchain to Life: Sources.” CoinDesk, 24 Feb. 2022. Web.

      Shrestha, Rakesh, et al. “A New Type of Blockchain for Secure Message Exchange in VANET.” Digital Communications and Networks, vol. 6, no. 2, May 2020, pp. 177-186. ScienceDirect. Web.

      Sood, Vishal. “Gain a New Perspective with Dynamics 365 Connected Spaces.” Microsoft Dynamics 365 Blog, 2 Nov. 2021. Microsoft. Web.

      Takahashi, Dean. “Philip Rosedale’s High Fidelity Cuts Deal with Second Life Maker Linden Lab.” VentureBeat, 13 Jan. 2022 Web.

      “TeamViewer Capital Markets Day 2021.” TeamViewer, 10 Nov. 2021. Accessed 22 Feb. 2022.

      VR for Work. Oculus.com. Accessed 1 Mar. 2022.

      Wunderman Thompson Intelligence. “New Trend Report: Into the Metaverse.” Wunderman Thompson, 14 Sept. 2021. Accessed 16 Feb. 2022.

      Select and Implement a Social Media Management Platform

      • Buy Link or Shortcode: {j2store}554|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Marketing Solutions
      • Parent Category Link: /marketing-solutions
      • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
      • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

      Our Advice

      Critical Insight

      • SMMP selection must be driven by your overall customer experience management strategy; link your SMMP selection to your organization’s CXM framework.
      • Shadow IT will dominate if IT does not step in. Even more so than other areas, SMMP selection is rife with shadow IT.
      • Ensure strong points of integration between SMMP and other software such as CRM. SMMPs can contribute to a unified, 360-degree customer view.

      Impact and Result

      • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
      • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

      Select and Implement a Social Media Management Platform Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should implement an SMMP, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Develop a technology enablement approach

      Conduct a maturity assessment to determine whether a dedicated SMMP is right for your organization.

      • Select and Implement a Social Media Management Platform – Phase 1: Develop a Technology Enablement Approach for Social Media
      • Social Media Maturity Assessment Tool
      • Social Media Opportunity Assessment Tool
      • SMMP Use-Case Fit Assessment Tool

      2. Select an SMMP

      Use the Vendor Landscape findings and project guidance to develop requirements for your SMMP RFP, and evaluate and shortlist vendors based on your expressed requirements.

      • Select and Implement a Social Media Management Platform – Phase 2: Select an SMMP
      • SMMP Vendor Shortlist & Detailed Feature Analysis Tool
      • SMMP Vendor Demo Script
      • SMMP RFP Template
      • SMMP RFP Evaluation and Scoring Tool
      • Vendor Response Template

      3. Review implementation considerations

      Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

      • Select and Implement a Social Media Management Platform – Phase 3: Review Implementation Considerations
      • Social Media Steering Committee Charter Template
      [infographic]

      Workshop: Select and Implement a Social Media Management Platform

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Launch Your SMMP Selection Project

      The Purpose

      Discuss the general project overview for the SMMP selection.

      Key Benefits Achieved

      Determine your organization’s readiness for SMMP.

      Activities

      1.1 Identify organizational fit for the technology.

      1.2 Evaluate social media opportunities within your organization.

      1.3 Determine the best use-case scenario for your organization.

      Outputs

      Organizational maturity assessment

      SMMP use-case fit assessment

      2 Plan Your Procurement and Implementation Process

      The Purpose

      Plan the procurement and implementation of the SMMP.

      Key Benefits Achieved

      Select an SMMP.

      Review implementation considerations.

      Activities

      2.1 Review use-case scenario results, identify use-case alignment

      2.2 Review the SMMP Vendor Landscape vendor profiles and performance.

      2.3 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

      2.4 Meet with the project manager to discuss results and action items.

      Outputs

      Vendor shortlist

      SMMP RFP

      Vendor evaluations

      Selection of an SMMP

      Framework for SMMP deployment and integration

      Further reading

      Select and Implement a Social Media Management Platform

      Rein in social media by choosing a management platform that’s right for you.

      ANALYST PERSPECTIVE

      Enterprise use of social media for customer interaction has exploded. Select the right management platform to maximize the value of your social initiatives.

      Social media has rapidly become a ubiquitous channel for customer interaction. Organizations are using social media for use cases from targeted advertising, to sales prospecting, to proactive customer service. However, the growing footprint of social media initiatives – and the constant proliferation of new social networks – has created significant complexity in effectively capturing the value of social.

      Organizations that are serious about social manage this complexity by leveraging dedicated social media management platforms. These platforms provide comprehensive capabilities for managing multiple social media networks, creating engagement and response workflows, and providing robust social analytics. Selecting a best-fit SMMP allows for standardized, enterprise-wide capabilities for managing all aspects of social media.

      This report will help you define your requirements for social media management and select a vendor that is best fit for your needs, as well as review critical implementation considerations such as CRM integration and security.

      Ben Dickie
      Research Director, Enterprise Applications
      Info-Tech Research Group

      Executive summary

      Situation

      • Social media has reached maturity as a proven, effective channel for customer interaction across multiple use cases, from customer analytics to proactive customer service.
      • Organizations are looking to IT to provide leadership with social media technology enablement and integration with other enterprise systems.

      Complication

      • The proliferation of social media networks, customer data, and use cases has made ad hoc social media management challenging.
      • Many organizations struggle with shadow IT when it comes to technology enablement for social media; SMMP fragmentation leads to increased costs and no uniformity in enterprise social media management capabilities.

      Resolution

      • Social media management platforms (SMMPs) reduce complexity and increase the results of enterprise social media initiatives. SMMPs integrate with a variety of different social media services, including Facebook, Twitter, LinkedIn, and YouTube. The platforms offer a variety of tools for managing social media, including account management, in-band response and engagement, and social monitoring and analytics.
      • The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media. Using an SMMP to manage social media is considerably more cost effective than ad hoc (manual) management.
      • IT must partner with other departments (e.g. Marketing) to successfully evaluate, select, and implement an SMMP. Before selecting an SMMP, the organization must have a solid overall strategy for leveraging social media in place. If IT does not work as a trusted advisor to the business, shadow IT in social media management will be rampant.

      Info-Tech Insight

      1. SMMP selection must be driven by your overall customer experience management strategy: link your SMMP selection to your organization’s CXM framework.
      2. Shadow IT will dominate if IT does not step in: even more so than other areas, SMMP selection is rife with shadow IT.
      3. Ensure strong points of integration between SMMP and other software such as customer relationship management (CRM). SMMPs can contribute to a unified, 360-degree customer view.

      Framing the SMMP selection and implementation project

      This Research Is Designed For:
      • IT directors advising the business on how to improve the effectiveness and efficiency of social media campaigns through technology.
      • IT professionals involved in evaluating, selecting, and deploying an SMMP.
      • Business analysts tasked with collection and analysis of SMMP business requirements.
      This Research Will Help You:
      • Clearly link your business requirements to SMMP selection criteria.
      • Select an SMMP vendor that meets your organization’s needs across marketing, sales, and customer service use cases.
      • Adopt standard operating procedures for SMMP deployment that address issues such as platform security and CRM integration.
      This Research Will Also Assist:
      • Executive-level stakeholders in the following roles:
        • Vice-president of Sales, Marketing, or Customer Service.
        • Business unit managers tasked with ensuring strong end-user adoption of an SMMP.
      This Research Will Help Them
      • Understand what’s new in the SMMP market.
      • Evaluate SMMP vendors and products for your enterprise needs.
      • Determine which products are most appropriate for particular use cases and scenarios.

      Social media management platforms augment social capabilities within a broader customer experience ecosystem

      Customer Experience Management (CXM)

      'Customer Relationship Management Platform' surrounded by supporting capabilities, one of which is highlighted, 'Social Media Management Platform'.

      Social Media Management Platforms are one piece of the overall customer experience management ecosystem, alongside tools such as CRM platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses SMMP alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for SMMP based on customer personas and external market analysis.

      SMMPs reduce complexity and increase the effectiveness of enterprise social media programs

      • SMMPs are solutions (typically cloud based) that offer a host of features for effectively monitoring the social cloud and managing your organization’s presence in the social cloud. SMMPs give businesses the tools they need to run social campaigns in a timely and cost-effective manner.
      • The typical SMMP integrates with two or more social media services (e.g. Facebook, Twitter) via the services’ API or a dedicated connector. SMMPs are not simply a revised “interface layer” for a single social media service. They provide layers for advanced management and analytics across multiple services.
      • The unique value of SMMPs comes from their ability to manage and track multiple social media services. Aggregating and managing data from multiple services gives businesses a much more holistic view of their organization’s social initiatives and reputation in the social cloud.
      Diagram with 'End Users (e.g. marketing managers)' at the top and social platforms like Facebook and Twitter at the bottom; in between them are 'SMMPs’: 'Account & Campaign Management', 'Social Engagement', and 'Social Monitoring/Analytics'.
      SMMPs mediate interactions between end users and the social cloud.

      Info-Tech Best Practice

      The increasing complexity of social media, coupled with the rising importance of social channels, has led to a market for formal management platforms. Organizations with an active presence in social media (i.e. multiple services or pages) should strongly consider selecting and deploying an SMMP.

      Failing to rein in social media initiatives leads to more work, uninformed decisions, and diminishing returns

      • The growth of social media services has made manually updating pages and feeds an ineffective and time-consuming process. The challenge is magnified when multiple brands, product lines, or geographic subsidiaries are involved.
        • Use the advanced account management features of an SMMP to reduce the amount of time spent updating social media services.
      • Engaging customers through social channels can be a delicate task – high volumes of social content can easily overwhelm marketing and service representatives, leading to missed selling opportunities and unacceptable service windows.
        • Use the in-band engagement capabilities of an SMMP to create an orderly queue for social interactions.
      • Consumer activity in the social cloud has been increasing exponentially. As the volume of content grows, separating the signal from the noise becomes increasingly difficult.
        • Use the advanced social analytics of an SMMP to ensure critical consumer insights are not overlooked.
      Ad Hoc Management vs. SMMPs:
      What’s the difference?

      Ad Hoc Social Media Management

      Social media initiatives are managed directly through the services themselves. For example, a marketing professional would log in to multiple corporate Twitter accounts to post the same content for a promotional campaign.

      Social Media Management Platform

      Social media initiatives are managed through a third-party software platform. For example, a marketing professional would update all social account simultaneously with just a couple clicks. SMMPs also provide cross-service social analytics – highly valuable for decision makers!

      Info-Tech Best Practice

      Effectively managing a social media campaign is not a straightforward exercise. If you have (or plan to have) a large social media footprint, now is the time to procure formal software tools for social media management. Continuing to manage social media in an ad hoc manner is sapping time and money.

      Review the critical success factors for SMMP across the project lifecycle, from planning to post-implementation

      Info-Tech Insight

      Executive management support is crucial. The number one overall critical success factor for an SMMP strategy is top management support. This emphasizes the importance of sales, service, and marketing and prudent corporate strategic alignment. A strategic objective in SMMP projects is to position top management as an enabler rather than a barrier.

      Planning Implementation Post-Implementation Overall
      1 Appropriate Selection Project Management Top Management Support Top Management Support
      2 Clear Project Goals Top Management Support Project Management Appropriate Selection
      3 Top Management Support Training Training Project Management
      4 Business Mission and Vision Effective Communication Effective Communication Training
      5 Project Management Supplier Supports Appropriate Selection Clear Project Goals

      (Source: Information Systems Frontiers)

      Dell uses a dedicated social media management platform to power a comprehensive social command center

      CASE STUDY

      Industry: High-Tech | Source: Dell
      With a truly global customer base, Dell gets about 22,000 mentions on the social web daily, and does not sit idly by. Having established a physical Social Media Command Center powered by Salesforce’s Social Studio, Dell was one of the companies that pioneered the command center concept for social response.

      The SMMP carries out the following activities:

      • Tracking mentions of Dell in the social cloud
      • Sentiment analysis
      • Connecting customers who need assistance with experts who can help them
      • Social media training
      • Maintenance of standards for social media interactions
      • Spreading best social media practices across the organization

      Today the company claims impressive results, including:

      • “Resolution rate” of 99% customer satisfaction
      • Boosting its customer reach with the same number of employees
      • One third of Dell’s former critics are now fans

      Logo for Dell.

      Tools:
      • Salesforce Social Studio
      • Three rows of monitors offering instant insights into customer sentiment, share of voice, and geography.
      Staff:
      • The center started with five people; today it is staffed by a team of 15 interacting with customers in 11 languages.
      • Dell values human interaction; the center is not running on autopilot, and any ambiguous activity is analyzed (and dealt with) manually on an individual basis.

      Follow Info-Tech’s methodology for selection and implementation of enterprise applications

      Prior to embarking on the vendor selection stage, ensure you have set the right building blocks and completed the necessary prerequisites.

      Diagram with 'Enterprise Applications' at the center surrounded by a cycle of 'conceptual', 'consensus', 'concrete', and 'continuous'. The outer circle has three categories with three actions each, 'Governance and Optimization: Process Optimization, Support/ Maintenance, Transition to Operations', 'Strategy and Alignment: Foundation, Assessment, Strategy/ Business Case', and 'Implementation: System Implementation, Business Process Management, Select and Implement'. Follow Info-Tech’s enterprise applications program that covers the application lifecycle from the strategy stage, through selection and implementation, and up to governance and optimization.

      The implementation and execution stage entails the following steps:

      1. Define the business case.
      2. Gather and analyze requirements.
      3. Build the RFP.
      4. Conduct detailed vendor evaluations.
      5. Finalize vendor selection.
      6. Review implementation considerations.

      Info-Tech Insight

      A critical preceding task to selecting a social media management platform is ensuring a strategy is in place for enterprise social media usage. Use our social media strategy blueprint to ensure the foundational elements are in place prior to proceeding with platform selection.

      Use this blueprint to support your SMMP selection and implementation

      Launch the SMMP Project and Collect Requirements — Phase 1

      Benefits — Use the project steps and activity instructions outlined in this blueprint to streamline your selection process and implementation planning. Save time and money, and improve the impact of your SMMP selection by leveraging Info-Tech’s research and project steps.

      Select Your SMMP Solution — Phase 2

      Use Info-Tech’s SMMP Vendor Landscape contained in Phase 2 of this project to support your vendor reviews and selection. Refer to the use-case performance results to identify vendors that align with the requirements and solution needs identified by your earlier project findings.

      Get Ready for Your SMMP Implementation — Phase 3

      Info-Tech Insight — Not everyone’s connection and integration needs are the same. Understand your own business’s integration environment and the unique technical and functional requirements that accompany them to create criteria and select a best-fit SMMP solution.

      Use Info-Tech’s use-case scenario approach to select a best-fit solution for your business needs

      Readiness

      Determine where you are right now and where your organization needs to go with a social media strategy.

      Three stages eventually leading to shapes in a house, 'Distributed Stage', 'Loosely Coupled Stage', and 'Command Center Stage'.
      Use-Case Assessment

      Identify the best-fit use-case scenario to determine requirements that best align with your strategy.

      Three blocks labelled 'Social Listening & Analytics', 'Social Customer Care', and 'Social Publishing & Campaign Management'.
      Selection

      Approach vendor selection through a use-case centric lens to balance the need for different social capabilities.

      Logos for vendors including Adobe, Hootsuite, CISION, and more.

      Info-Tech walks you through the following steps to help you to successfully select and implement your SMMP

      Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes.

      Locate your starting point in the research based on the current stage of your project.

      Legend for the diagram above: lines represent Major Milestones, size of circles represent Low or High effort, size of text represents Average or Greater importance, and color of the circles represents the phase.

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      Guided Implementation

      Workshop

      Consulting

      "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

      Diagnostics and consistent frameworks used throughout all four options

      Select and Implement a Social Media Management Platform – project overview

      1. Develop a Technology Enablement Approach 2. Select an SMMP 3. Review Implementation Considerations
      Supporting Tool icon

      Best-Practice Toolkit

      1.1 Determine if a dedicated SMMP is right for your organization

      • Social Media Maturity Assessment Tool
      • Social Media Opportunity Assessment Tool

      1.2 Use an SMMP to enable marketing, sales, and service use cases

      • SMMP Use-Case Fit Assessment Tool

      2.1 SMMP Vendor Landscape

      • CRM Suite Evaluation and RFP Scoring Tool

      2.2 Select your SMMP

      • SMMP Vendor Demo Script Template
      • SMMP RFP Template

      3.1 Establish best practices for SMMP implementation

      • Social Media Steering Committee

      3.2 Assess the measured value from the project

      Guided Implementations

      • Identify organizational fit for the technology.
      • Evaluate social media opportunities within your organization.
      • Evaluate which SMMP use-case scenario is best fit for your organization
      • Discuss the use-case fit assessment results and the Vendor Landscape.
      • Review contract.
      • Determine what is the right governance structure to overlook the SMMP implementation.
      • Identify the right deployment model for your organization.
      • Identify key performance indicators for business units using an SMMP.
      Associated Activity icon

      Onsite Workshop

      Module 1:
      Launch Your SMMP Selection Project
      Module 2:
      Plan Your Procurement and Implementation Process
      Phase 1 Outcome:
      • Social Media Maturity Assessment
      • SMMP Use-Case Assessment
      Phase 2 Outcome:
      • Selection of an SMMP
      Phase 3 Outcome:
      • A plan for implementing the selected SMMP

      SMMP selection and implementation workshop overview

      Associated Activity icon Contact your account representative or email Workshops@InfoTech.com for more information.

      Day 1

      Preparation

      Day 2

      Workshop Day

      Day 3

      Workshop Day

      Day 4

      Workshop Day

      Day 5

      Working Session

      Workshop Preparation
      • Facilitator meets with the project manager and reviews the current project plans and IT landscape of the organization.
      • A review of scheduled meetings and engaged IT and business staff is performed.
      Morning Itinerary
      • Conduct activities from Develop a technology enablement approach for social media phase, including social media maturity and readiness assessment.
      • Conduct overview of the market landscape, trends, and vendors.
      Afternoon Itinerary
      • Interview business stakeholders.
      • Prioritize SMMP requirements.
      Morning Itinerary
      • Perform a use-case scenario assessment.
      Afternoon Itinerary
      • Review use-case scenario results; identify use-case alignment.
      • Review the SMMP Vendor Landscape vendor profiles and performance.
      Morning Itinerary
      • Continue review of SMMP Vendor Landscape results and use-case performance results.
      Afternoon Itinerary
      • Create a custom vendor shortlist.
      • Investigate additional vendors for exploration in the market.
      Workshop Debrief
      • Meet with project manager to discuss results and action items.
      • Wrap up outstanding items from workshop.
      (Post-Engagement): Procurement Support
      • The facilitator will support the project team to outline the RFP contents and evaluation framework.
      • Planning of vendor demo script. Input: solution requirements and use-case results.
      Example of a light blue slide. The light blue slides at the end of each section highlight the key activities and exercises that will be completed during the engagement with our analyst team.

      Use these icons to help direct you as you navigate this research

      Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.

      A small monochrome icon of a wrench and screwdriver creating an X.

      This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.

      A small monochrome icon depicting a person in front of a blank slide.

      This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members who will come onsite to facilitate a workshop for your organization.

      A small monochrome icon depicting a descending bar graph.

      This icon denotes a slide that pertains directly to the Info-Tech vendor profiles on marketing management technology. Use these slides to support and guide your evaluation of the MMS vendors included in the research.

      Select and Implement a Social Media Management Platform

      PHASE 1

      Develop a Technology Enablement Approach for Social Media

      Phase 1: Develop a technology enablement approach for social media

      Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 1 is highlighted.
      Estimated Timeline: 1-3 Months

      Info-Tech Insight

      Before an SMMP can be selected, the organization must have a strategy in place for enterprise social media. Implementing an SMMP before developing a social media strategy would be akin to buying a mattress without knowing the size of the bed frame.

      Major Milestones Reached
      • Project launch
      • Completion of requirements gathering and documentation

      Key Activities Completed

      • Readiness assessment
      • Project plan / timeline
      • Stakeholder buy-in
      • Technical assessment
      • Functional assessment

      Outcomes from This Phase

      Social Media Maturity Assessment

      Phase 1 outline

      Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 1: Develop a technology enablement approach for social media

      Proposed Time to Completion: 2 weeks
      Step 1.1: Determine if a dedicated SMMP is right for your organization Step 1.2: Use an SMMP to enable marketing, sales, and service use cases
      Start with an analyst kick-off call:
      • Assess your readiness for the SMMP project.
      • Evaluate social media opportunities within your organization.
      Review findings with analyst:
      • Discuss how an SMMP can assist with marketing, sales, and customer service.
      • Evaluate which SMMP use case scenario is best fit for your organization.
      Then complete these activities…
      • Assess your social media maturity.
      • Inventory social media networks to be supported by the SMMP.
      Then complete these activities…
      • Assess best-fit use-case scenario.
      • Build the metrics inventory.
      With these tools & templates:
      • Social Media Maturity Assessment Tool
      • Social Media Opportunity Assessment Tool
      With these tools & templates:
      • SMMP Use-Case Fit Assessment Tool
      Phase 1 Results & Insights:
      • Social Media Maturity Assessment
      • SMMP Use-Case Assessment

      Phase 1, Step 1: Determine if a dedicated SMMP is right for your organization

      1.1

      1.2

      Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

      This step will walk you through the following activities:

      • Assess where your organization sits on the social media maturity curve.
      • Inventory the current social media networks that must be supported by the SMMP.
      • Go/no-go assessment on SMMP.

      This step involves the following participants:

      • Digital Marketing Executive
      • Digital Strategy Executive
      • Business stakeholders

      Outcomes of this step

      • Social media maturity assessment
      • Inventory of enterprise social media
      • SMMP Go/no-go decision

      Before selecting an SMMP, start with the fundamentals: build a comprehensive strategy for enterprise social media

      Why build a social media strategy?

      • Social media is neither a fad nor a phenomenon; it is simply another tool in the business process. Social channels do not necessitate a radical departure from the organization’s existing customer interaction strategy. Rather, social media should be added to your channel mix and integrated within the existing CRM strategy.
      • Social media allows organizations to form direct and indirect connections through the Friend-of-a-Friend (FOAF) model, which increases the credibility of the information in the eyes of the consumer.
      • Social media enables organizations to share, connect, and engage consumers in an environment where they are comfortable. Having a social media presence is rapidly becoming a pre-requisite for successful business-to-consumer enterprises.

      Important considerations for an enterprise social media strategy:

      • Determine how social media will complement existing customer interaction goals.
      • Assess which social media opportunities exist for your organization.
      • Consider the specific goals you want to achieve using social channels and pick your services accordingly.
      • Not all social media services (e.g. Facebook, Twitter, LinkedIn) are equal. Consider which services will be most effective for goal achievement.
      For more information on developing a strategy for enterprise social media, please refer to Info-Tech’s research on Social Media.

      Implement a social media strategy by determining where you are right now and where your organization needs to go

      Organizations pass through three main stages of social media maturity: distributed, loosely coupled, and command center. As you move along the maturity scale, the business significance of the social media program increases. Refer to Info-Tech’s Implement a Social Media Program for guidance on how to execute an ongoing social media program.
      The y-axis 'Business Significance'.

      Distributed Stage

      Shapes labelled 'Sales', 'Customer Service', and 'Marketing'.

      • Open-source or low-cost solutions are implemented informally by individual depts. for specific projects.
      • Solutions are deployed to fulfill a particular function without an organizational vision. The danger of this stage is lack of consistent customer experience and wasted resources.

      Loosely Coupled Stage

      Same shapes with the addition of 'PR' and surrounded by a dotted-line house.

      • More point solutions are implemented across the organization. There is a formal cross-departmental effort to integrate some point solutions.
      • Risks include failing to put together an effective steering committee and not including IT in the decision-making process.

      Command Center Stage

      Same shapes with a solid line house.

      • There’s enterprise-level steering committee with representation from all areas: execution of social programs is handled by a fully resourced physical (or virtual) center.
      • Risks include improper resource allocation and lack of end-user training.
      The x-axis 'Maturity Stages'.
      Optimal stages for SMMP purchase

      Assess where your organization sits on the social media maturity curve

      Associated Activity icon 1.1.1 30 Minutes

      INPUT: Social media initiatives, Current status

      OUTPUT: Current State Maturity Assessment

      MATERIALS: Whiteboard, Markers, Sticky notes

      PARTICIPANTS: Digital Strategy Executive, Business stakeholders

      Before you can move to an objective assessment of your social media program’s maturity, take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service). Document the results in the Social Media Maturity Assessment Tool to determine your social media readiness score.

      Department Social Media Initiative(s) Current Status
      Marketing Branded Facebook page with updates and promotions Stalled: insufficient resources
      Sales LinkedIn prospecting campaign for lead generation, qualification, and warm open Active: however, new reps are poorly trained on LinkedIn prospect best practices
      Customer Service Twitter support initiative: mentions of our brand are paired with sentiment analysis to determine who is having problems and to reach out and offer support Active: program has been highly successful to date
      HR Recruitment campaign through LinkedIn and Branch Out Stalled: insufficient technology support for identifying leading candidates
      Product Development Defect tracking for future product iterations using social media Partially active: Tracked, but no feedback loop present
      Social Media Maturity Level Distributed

      Determine your organization’s social media maturity with Info-Tech’s Maturity Assessment Tool

      Supporting Tool icon 1.1 Social Media Maturity Assessment Tool

      Assessing where you fit on the social media maturity continuum is critical for setting the future direction of your social media program. We’ll work through a short tool that assesses the current state of your social media program, then discuss the results.

      Info-Tech’s Social Media Maturity Assessment Tool will help you determine your company’s level of maturity and recommend steps to move to the next level or optimize the status quo of your current efforts.

      INFO-TECH TOOL Sample of the Social Media Current State Assessment.

      The social cloud is a dominant point of interaction: integrate social channels with existing customer interaction channels

      • Instead of thinking of customers as an island, think of them interacting with each other and with organizations in the social cloud. As a result, the social cloud itself becomes a point of interaction, not just individual customers.
      • The social cloud is accessible with services like social networks (e.g. Facebook) and micro-blogs (Twitter).
      • Previous lessons learned from the integration of Web 1.0 e-channels should be leveraged as organizations add the social media channel into their overall customer interaction framework:
        • Do not design exclusively around a single channel. Design hybrid-channel solutions that include social channels.
        • Balance customer segment goals and attributes, product and service goals and attributes, and channel capabilities.
      The 'Web 2.0 Customer Interaction Framework' with 'Social Cloud' above, connected to the below through 'Conversations & Information'. Below are two categories with their components interconnected, 'Communication Channels: Face to Face, Phone, E-mail, Web, and Social Media' and 'Customer Experience Management: Marketing, Sales, and Service'.

      Info-Tech Best Practice

      Don’t believe that social channel integration will require an entire rebuild of your CXM strategy. Social channels are just new interaction channels that need to be integrated – as you’ve done in the past with Web 1.0 e-channels.

      Understand the different types of social media services and how they link to social media strategy and SMMP selection

      Before adopting an SMMP, it’s important to understand the underlying services they manage. Social media services facilitate the creation and dissemination of user-generated content, and can be grouped according to their purpose and functionality:
      • Social Networking: Social networking services use the Friend-of-a-Friend model to allow users to communicate with their personal networks. Users can share a wide variety of information and media with one another. Social networking sites include Facebook and LinkedIn.
      • Blogging: Blogs are websites that allow users to upload text and media entries, typically displayed in reverse-chronological order. Prominent blogging services include Blogger and WordPress.
      • Micro-Blogging: Micro-blogging is similar to blogging, with the exception that written content is limited to a set number of characters. Twitter, the most popular service, allows users to post messages up to 140 characters.
      • Social Multimedia: Social multimedia sites provide an easy way for users to upload and share multimedia content (e.g. pictures, video) with both their personal contacts as well as the wider community. YouTube is extremely popular for video sharing, while Instagram is a popular option for sharing photos and short videos.

      Info-Tech Best Practice

      In many cases, services do not fit discretely within each category. With minor exceptions, creating an account on a social media service is free, making use of these services extremely cost effective. If your organization makes extensive use of a particular service, ensure it is supported by your SMMP vendor.

      Four categories of social media company logos: 'Social multimedia', 'Micro-blogging', 'Blogging', and 'Social Networking'.

      Inventory the current social media networks that must be supported by the SMMP

      Associated Activity icon 1.1.2

      INPUT: Social media services

      OUTPUT: Inventory of enterprise social media

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project team

      1. List all existing social media networks used by your organization.
      2. For each network, enumerate all the accounts that are being used for organizational objectives.
      3. Identify the line of business that administers and manages each service.
      Network Use Case Account Ownership
      Facebook
      • Branding
      • Marketing
      • Social Monitoring
      • Facebook recruitment
      • Corporate Communications
      • Marketing
      Twitter
      • Social monitoring
      • Customer response
      • Corporate
      • Customer Service
      ... ... ...

      An explosion of social media services and functionality has made effectively managing social interactions a complex task

      • Effectively managing social channels is an increasingly complicated task. Proliferation of social media services and rapid end-user uptake has made launching social interactions a challenge for small and large organizations.
      • Using multiple social media services can be a nightmare for account management (particularly when each brand or product line has its own set of social accounts).
      • The volume of data generated by the social cloud has also created barriers for successfully responding in-band to social stakeholders (social engagement), and for carrying out social analytics.
      • There are two methods for managing social media: ad hoc management and platform-based management.
        • Ad hoc social media management is accomplished using the built-in functionality and administrative controls of each social media service. It is appropriate for small organizations with a very limited scope for social media interaction, but poses difficulties once “critical mass” has been reached.
      Comparison of 'Ad Hoc Management' with each social media platform managed directly by the user and 'Platform-Based Management' with social platforms managed by a 'SMMP' which is managed by the user.
      Ad hoc management results in a number of social media touch points. SMMPs serve as a single go-to point for all social media initiatives

      Info-Tech Best Practice

      Managing social media is becoming increasingly difficult to do through ad hoc methods, particularly for larger organizations and those with multiple brand portfolios. Ad hoc management is best suited for small organizations with an institutional client base who only need a bare bones social media presence.

      Select social media services that will achieve your specific objectives – and look for SMMPs that integrate with them

      What areas are different social media services helpful in?
      Domain Opportunity Consumer Social Networks (Facebook) Micro-Blogging (Twitter) Professional Social Networks (LinkedIn) Consumer Video Sharing Networks (YouTube)
      Marketing Building Positive Brand Image Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Increase Mind Share Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Gaining Customer Insights Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Sales Gaining Sales Insights Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Increase Revenue Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Customer Acquisition Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
      Service Customer Satisfaction Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'. Green circle 'Proven Useful'.
      Increase Customer Retention Green circle 'Proven Useful'. Green circle 'Proven Useful'. Dark Blue circle 'Potentially Useful'.
      Reducing Cost of Service Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Dark Blue circle 'Potentially Useful'. Green circle 'Proven Useful'.

      Green circle 'Proven Useful'. Proven Useful*

      Dark Blue circle 'Potentially Useful'. Potentially Useful

      *Proven useful by Info-Tech statistical analysis carried out on a cross-section of real-world implementations.

      Social media is invaluable for marketing, sales, and customer service. Some social media services have a higher degree of efficacy than others for certain functions. Be sure to take this into account when developing a social media strategy.

      Info-Tech Best Practice

      Different social media services are more effective than others for different goals. For example, YouTube is useful as an avenue for marketing campaigns, but it’s of substantially less use for sales functions like lead generation. The services you select while planning your social media strategy must reflect concrete goals.

      Ad hoc social media management results in manual, resource-intensive processes that are challenging to measure

      • Most organizations that have pursued social media initiatives have done so in an ad hoc fashion rather than outlining a formal strategy and deploying software solutions (e.g. SMMP).
      • Social media is often a component of Customer Experience Management (CXM); Info-Tech’s research shows many organizations are handling CRM without a strategy in place, too.
      • Social media management platforms reduce the resource-intensive processes required for ongoing social media involvement and keep projects on track by providing reporting metrics.
      Social media and CRM are often being done without a defined strategy in place.

      Four-square matrix titled 'Strategy' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.
      Source: Info-Tech Survey, N=64

      Many processes related to social media are being done manually, despite the existence of SMMPs.

      Four-square matrix titled 'technology' presenting percentages with y-axis 'CRM', x-axis 'Social Media', both having two sections 'Ad hoc' and 'Defined'.

      “When we started our social media campaign, it took 34 man-hours a week. An SMMP that streamlines these efforts is absolutely an asset.” (Edie May, Johnson & Johnson Insurance Company)

      SMMPs provide functionality for robust account management, in-band customer response, and social monitoring/analytics

      • Features such as unified account management and social engagement capabilities boost the efficiency of social campaigns. These features reduce duplication of effort (e.g. manually posting the same content to multiple services). Leverage account management functionality and in-band response to “do more with less.”
      • Features such as comprehensive monitoring of the social cloud and advanced social analytics (i.e. sentiment analysis, trends and follower demographics) allow organizations to more effectively use social media. These features empower organizations with the information they need to make informed decisions around messaging and brand positioning. Use social analytics to zero in on your most important brand advocates.

      The value proposition of SMMPs revolves around enhancing the effectiveness and efficiency of social media initiatives.

      Three primary use cases for social media management:

      Social Listening & Analytics — Monitor and analyze a variety of social media services: provide demographic analysis, frequency analysis, sentiment analysis, and content-centric analysis.

      Social Publishing & Campaign Management — Executing marketing campaigns through social channels (e.g. Facebook pages).

      Social Customer Care — Track customer conversations and provide the ability to respond in-platform to social interactions.

      Info-Tech Best Practice

      SMMPs are a technology platform, but this alone is insufficient to execute a social media program. Organization and process must be integrated as well. See Info-Tech’s research on developing a social media strategy for a step-by-step guide on how to optimize your internal organization and processes.

      Social analytics vary: balance requirements among monitoring goals and social presence/property management

      Segment your requirements around common SMMP vendor product design points. Current market capabilities vary between two primary feature categories: social cloud monitoring and social presence and property management.

      Cloud-Centric

      Social Monitoring

      Content-Centric

      Social cloud monitoring enables:
      • Brand and product monitoring
      • Reputation monitoring
      • Proactive identification of service opportunities
      • Competitive intelligence
      Social presence and property management enables:
      • Monitor and manage discussions on your social properties (e.g. Twitter feeds, Facebook Pages, YouTube channels)
      • Execute marketing campaigns within your social properties

      Social Analytics

      Social analytics provide insights to both dimensions of social media monitoring.

      Some firms only need social cloud monitoring, some need to monitor their own social media properties, and others will need to do both. Some vendors do both while other vendors excel in only one feature dimension. If you are NOT prepared to act on results from social cloud monitoring, then don’t expand your reach into the social cloud for no reason. You can always add cloud monitoring services later. Likewise, if you only need to monitor the cloud and have no or few of your own social properties, don’t buy advanced management and engagement features.

      Use social analytics to gain the most value from your SMMP

      Research indicates successful organizations employ both social cloud monitoring and management of their own properties with analytical tools to enhance both or do one or the other well. Few vendors excel at both larger feature categories. But the market is segmented into vendors that organizations should be prepared to buy more than one product from to satisfy all requirements. However, we expect feature convergence over the next 1–3 years, resulting in more comprehensive vendor offerings.

      Most sought social media analytics capabilities

      Bar Chart of SM analytics capabilities, the most sought after being 'Demographic analysis', 'Geographic analysis', 'Semantic analysis', 'Automated identification of subject and content', and 'Predictive modeling'.
      (Source: The State of Social Media Analytics (2016))

      Value driven from social analytics comes in the form of:
      • Improved customer service
      • Increased revenue
      • Uncovered insights for better targeted marketing
      • A more personalized customer experience offered
      Social analytics is integral to the success of the SMMP – take advantage of this functionality!

      Cost/Benefit Scenario: A mid-sized consumer products company wins big by adopting an SMMP

      The following example shows how an SMMP at a mid-sized consumer products firm brought in $36 000 a year.

      Before: Manual Social Media Management

      • Account management: a senior marketing manager was responsible for updating all twenty of the firm’s social media pages and feeds. This activity consumed approximately 20% of her time. Her annual salary was $80,000. Allocated cost: $16,000 per year.
      • In-band response: Customer service representatives manually tracked service requests originating from social channels. Due to the use of multiple Twitter feeds, several customers were inadvertently ignored and subsequently defected to competitors. Lost annual revenue due to customer defections: $10,000.
      • Social analytics: Analytics were conducted in a crude, ad hoc fashion using scant data available from the services themselves. No useful insights were discovered. Gains from social insights: $0.

      Ad hoc management is costing this organization $26,000 a year.

      After: Social Media Management Platform

      • Account management: Centralized account controls for rapidly managing several social media services meant the amount of time spent updating social media was cut 75%. Allocated cost savings: $12,000 per year.
      • In-band response: Using an SMMP provided customer service representatives with a console for quickly and effectively responding to customer service issues. Service window times were significantly reduced, resulting in increased customer retention. Revenue no longer lost due to defections: $10,000.
      • Social analytics: The product development group used keyword-based monitoring to assist with designing a successful new product. Social feedback noticeably boosted sales. Gains from social insights: $20,000
      • Cost of SMMP: $6,000 per year.

      The net annual benefit of adopting an SMMP is $36,000.

      Go with an SMMP if your organization needs a heavy social presence; stick with ad hoc management if it doesn’t

      The value proposition of acquiring an SMMP does not resonate the same for all organizations: in some cases, it is more cost effective to forego an SMMP and stick with ad hoc social media management.

      Follow these guidelines for determining if an SMMP is a natural fit for your organization.

      Go with an SMMP if…

      • Your organization already has a large social footprint: you manage multiple feeds/pages on three or more social media services.
      • Your organization’s primary activity is B2C marketing; your target consumers are social media savvy. Example: consumer packaged goods.
      • The volume of marketing, sales and service inquiries received over social channels has seen a sharp increase in the last 12 months.
      • Your firm or industry is the topic of widespread discussion in the social cloud.

      Stick with ad hoc management if…

      • Regulatory compliance prohibits the extensive use of social media in your organization.
      • Your organization is focused on a small number of institutional clients with well-defined organizational buying behaviors.
      • Your target market is antipathetic towards using social channels to interact with your organization.
      • Your organization is in a market space where only a bare-bones social media presence is seen as a necessity (for example, only a basic informational Facebook page is maintained).

      Info-Tech Best Practice

      Using an SMMP is definitively superior to ad hoc social media management for those organizations with multiple brands and product portfolios (e.g. consumer packaged goods). Ad hoc management is best for small organizations with an institutional client base who only need a bare bones social media presence.

      Assess which social media opportunities exist for your organization with Info-Tech’s tool

      Supporting Tool icon 1.2 Social Media Opportunity Assessment Tool

      Use Info-Tech’s Social Media Opportunity Assessment Tool to determine, based on your unique criteria, where social media opportunities exist for your organization in marketing, sales, and service.

      Info-Tech Best Practice

      1. Remember that departmental goals will overlap; gaining customer insight is valuable to marketing, sales, and customer service.
      2. The social media benefits you can expect to achieve will evolve as your processes mature.
      3. Often, organizations jump into social media because they feel they have to. Use this assessment to identify early on what your drivers should be.
      Sample of the Social Media Opportunity Assessment Tool.

      Go/no-go assessment on SMMP

      Associated Activity icon 1.1.3

      INPUT: Social Media Opportunity Questionnaire

      OUTPUT: SMMP go/no-go decision

      MATERIALS: Whiteboard, Opportunity Assessment Tool

      PARTICIPANTS: Digital Strategy Executive, Business stakeholders

      Identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

      1. Complete the questionnaire in the Social Media Opportunity Assessment Tool. Ensure all relevant stakeholders are present to answer questions pertaining to their business area.
      2. Evaluate the results to better understand whether your organization has the opportunity to achieve each established goal in marketing, sales, and customer service with an SMMP or you are not likely to benefit from investing in a social media management solution.

      Phase 1, Step 2: Use an SMMP to enable marketing, sales, and service use cases

      1.1

      1.2

      Determine if a dedicated SMMP is right for your organization Use an SMMP to enable marketing, sales, and service use cases

      This step will walk you through the following activities:

      • Profile and rank your top use cases for social media management
      • Build the metrics inventory

      This step involves the following participants:

      • Project Manager
      • Project Team

      Outcomes of this step

      • Use case suitability
      • SMMP metrics inventory

      SMMPs equip front-line sales staff with the tools they need for effective social lead generation

      • Content-centric social analytics allow sales staff to see click-through details for content posted on social networks. In many cases, these leads are warm and ready for immediate follow-up.
      • A software development firm uses an SMMP to post a whitepaper promoting its product to multiple social networks.
        • The whitepaper is subsequently downloaded by a number of potential prospects.
        • Content-centric analytics within the SMMP link the otherwise-anonymous downloads to named social media accounts.
        • Leads assigned to specific account managers, who use existing CRM software to pinpoint contact information and follow-up in a timely manner.
      • Organizations that intend to use their SMMP for sales purposes should ensure their vendor of choice offers integration with LinkedIn. LinkedIn is the business formal of social networks, and is the network with the greatest proven efficacy from a sales perspective.

      Using an SMMP to assist the sales process can…

      • Increase the number of leads generated through social channels as a result of social sharing.
      • Increase the quality of leads generated through social channels by examining influence scores.
      • Increase prospecting efficiency by finding social leads faster.
      • Keep account managers in touch with prospects and clients through social media.

      Info-Tech Best Practice

      Social media is on the rise in sales organizations. Savvy companies are using social channels at all points in the sales process, from prospecting to account management. Organizations using social channels for sales will want an SMMP to manage the volume of information and provide content-centric analytics.

      Incorporate social media into marketing workflows to gain customer insights, promote your brand, and address concerns

      While most marketing departments have used social media to some extent, few are using it to its full potential. Identify marketing workflows that can be enhanced through the use of social channel integration.
      • Large organizations must define separate workflows for each stakeholder organization if marketing’s duties are divided by company division, brand, or product lines.
      • Inquiries stemming from marketing campaigns and advertising must be handled by social media teams. For example, if a recent campaign sparks customer questions on the company’s Facebook page, be ready to respond!
      • Social media can be used to detect issues that may indicate product defects, provided defect tracking is not already incorporated into customer service workflows. If defect tracking is part of customer service processes, then such issues should be routed to the customer service organization.
      • If social listening is employed, in addition to monitoring the company's own social properties, marketing teams may elect to receive notices of major trends concerning the company's products or those of competitors.
      Word jumble of different sized buzz words around 'Brand Building'.

      I’m typically using my social media team as a proactive marketing team in the social space, whereas I’m using my consumer relations team as a reactive marketing and a reactive consumer relations taskforce. So a little bit different perspective.” (Greg Brickl, IT Director, Organic Valley)

      SMMPs allow marketers to satisfy all of their needs with one solution

      • Have a marketing manager jointly responsible for the selection of an SMMP to realize higher overall success. This will significantly improve customer acquisition approval and competitive intelligence, as well as the overall SMMP success.
      • The marketing manager should be involved in fleshing out the business requirements of the SMMP in order to select the most appropriate solution.
      • Once selected, the SMMP has multiple benefits for marketing professionals. One pivotal benefit of SMMPs for marketing is the capability for centralized account management. Multiple social pages and feeds can be rapidly managed at pre-determined times, through an easy-to-use dashboard delivered from one source.
      • Centralized account management is especially pertinent for organizations with a wide geographic client base, as they can manage wide social media campaigns within multiple time zones, delivering their messaging appropriately. (e.g. contests, product launches, etc.)
      Bar Chart comparing 'Average Success Scores' of different goals based on whether the 'Marketing Manager [was] Responsible' or not. Scores are always higher when they were.
      (Source: Info-Tech Research Group N = 37)

      Info-Tech Best Practice

      Managing multiple social media accounts on an ad hoc basis is time consuming and costs money. Lower costs and get the best results out of your social media campaigns by involving the marketing team in the SMMP selection process and knowing their functional requirements.

      Leverage SMMPs to proactively identify and respond to customer service issues occurring in the social cloud

      • SMMPs are an invaluable tool in customer service organizations. In-band response capabilities allow customer service representatives to quickly and effectively address customer service issues – either reactively or proactively.
      • Reactive customer service can be provided through SMMPs by providing response capabilities for private messages or public mentions (e.g. “@AcmeCo” on Twitter). Many SMMPs provide a queue of social media messages directed at the organization, and also give the ability to assign specific messages to an individual service representative or product expert. Responding to a high-volume of reactive social media requests can be time consuming without an SMMP.
      • Proactive customer service uses the ability of SMMPs to monitor the social cloud for specific keywords in order to identify customers having issues. Forward-thinking companies actively monitor the social cloud for customer service opportunities, to protect and improve their image.
      Illustration of reactive service where the customer initiates the process and then receives service.
      Reactive service is customer-initiated.

      Illustration of proactive service with a complaint through Twitter monitored by an SMMP allowing an associate to provide a 'Proactive Resolution'.
      SMMPs enable organizations to monitor the social cloud for service opportunities and provide proactive service in-band.

      Info-Tech Best Practice

      Historically, customer service has been “reactive” (i.e. customer initiated) and solely between the customer and supplier. Social media forces proactive service interactions between customer, supplier, and the entire social cloud. Using an SMMP significantly improves reactive and proactive service. The ability to integrate with customer service applications is essential.

      Customer service is a vital department to realize value from leveraging an SMMP

      Info-Tech’s research shows that the more departments get involved with social media implementation, the higher the success score (calculated based on respondents’ report of the positive impact of social media on business objectives). On average, each additional department involved in social media programs increases the overall social media success score by 5%. For example, organizations that leveraged social media within the customer service department, achieved a higher success score than those that did not.

      The message is clear: encourage broad participation in coordinated social media efforts to realize business goals.

      Line graph comparing 'Social Media Success Score' with the 'Number of Departments Involved'. The line trends upward on both axes.
      (Source: Info-Tech Research Group N=65)
      Bar chart comparing 'Social Media Success Scores' if 'Customer Service Involvement' was Yes or No. 'Yes' has a higher score.

      Our research indicates that the most important stakeholder to ensure steering committee success is Customer Service. This has a major impact on CRM integration requirements – more on this later.

      SMMPs are indispensable for allowing PR managers to keep tabs on the firm and its brands

      • Public relations is devoted to relationship management; as such, it is critical for savvy PR departments to have a social media presence.
      • SMMPs empower PR professionals with the ability to track the sentiment of what is said about their organization. Leverage keyword searches and heuristic analysis to proactively mitigate threats and capitalize on positive opportunities. For example, sentiment analysis can be used to identify detractors making false claims over social channels. These claims can then be countered by the Public Relations team.
      • Sentiment analysis can be especially important to the PR professional through change and crisis management situations. These tools allow an organization to track the flow of information, as well as the balance of positive and negative postings and their influence on others in the social cloud.
      • Social analytics provided by SMMPs also serve as a goldmine for competitive intelligence about rival firms and their products.

      Benefits of Sentiment Analysis for PR

      • Take the pulse of public perception of your brands (and competitors).
      • Mitigate negative comments being made and respond immediately.
      • Identify industry and consumer thought leaders to follow on social networks.

      Illustration of sentiment analysis.
      Use sentiment analysis to monitor the social cloud.

      Info-Tech Best Practice

      Leaving negative statements unaddressed can cause harm to an organization’s reputation. Use an SMMP to track what is being said about your organization; take advantage of response capabilities to quickly respond and mitigate PR risk.

      SMMPs for recruiting is an emerging talent recruitment technique and will lead to stronger candidates

      • Social media provides more direct connections between employer and applicant. It’s faster and more flexible than traditional e-channels.
      • SMMPs should be deployed to the HR silo to aid with recruiting top-quality candidates. Account management functionality can dramatically reduce the amount of time HR managers spend synchronizing content between various social media services.
      • In-band response capabilities flag relevant social conversations and allow HR managers to rapidly respond to prospective employee inquiries. Rapid response over social channels gives candidates a positive impression of the organization.
      • Analytics give HR managers insight into hiring trends and the job market at large – sentiment analysis is useful for gauging not just candidate interests, but also anonymous employee engagement.

      A social media campaign managed via SMMP can…

      • Increase the size of the applicant pool by “fishing where the fish are.”
      • Increase the quality of applicants by using monitoring to create targeted recruitment materials.
      • Increase recruiting efficiency by having a well-managed, standing presence on popular social media sites – new recruiting campaigns require less “awareness generation” time.
      • Allow HR/recruiters to be more in-touch with hiring trends via social analytics.
      Horizontal bar chart of social media platforms that recruiters use. LinkedIn is at the top with 87%. Only 4% of recruiters are NOT using social media for recruitment, while 50% of recruiters plan to increase their investment in SMR in the coming year. (Source: Jobvite, 2015)

      Collapse your drivers for SMMP and link them to Info-Tech’s Vendor Landscape use cases

      Vendor Profiles icon

      USE CASES

      Social Listening and Analytics

      What It Looks Like
      Functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

      How It Works
      Social listening and analytics includes features such as sentiment and contextual analysis, workflow moderation, and data visualization.

      Social Publishing and Campaign Management

      What It Looks Like
      Functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

      How It Works
      Social publishing and campaign management include features such as campaign execution, social post integration, social asset management, and post time optimization.

      Social Customer Care

      What It Looks Like
      Functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

      How It Works
      Social customer care use case primarily relies on strong social moderation and workflow management.

      Identify the organizational drivers for social media management – whether it is recruiting, public relations, customer service, marketing, or sales – and align them with the most applicable use case.

      Profile and rank your top use cases for social media management using the Use-Case Fit Assessment Tool

      Associated Activity icon 1.2.1 1 Hour

      INPUT: Project Manager, Core project team

      OUTPUT: Use-case suitability

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Download your own version of the tool and complete the questionnaire on tab 2, Assessment.
        • Use the information gathered from your assessments and initial project scoping to respond to the prompts to identify the business and IT requirements for the tool.
        • Answer the prompts for each statement from a range of strongly disagree to strongly agree.
      2. Review the outcomes on tab 3, Results.
        • This tab provides a qualitative measure assessing the strength of your fit against the industry use-case scenarios.
      3. If not completed as a team, debrief the results and implications to your core project team.

      Use the SMMP Use-Case Fit Assessment Tool to identify which areas you should focus on

      Supporting Tool icon 1.3 Use Case Fit Assessment Tool
      Use the Use-Case Fit Assessment Tool to understand how your unique requirements map into a specific SMMP use case.

      This tool will assess your answers and determine your relative fit against the use-case scenarios.

      Fit will be assessed as “Weak,” “Moderate,” or “Strong.”

      Consider the common pitfalls, which were mentioned earlier, that can cause IT projects to fail. Plan and take clear steps to avoid or mitigate these concerns.

      Note: These use-case scenarios are not mutually exclusive. Your organization can align with one or more scenarios based on your answers. If your organization shows close alignment to multiple scenarios, consider focusing on finding a more robust solution and concentrate your review on vendors that performed strongly in those scenarios or meet the critical requirements for each.

      INFO-TECH DELIVERABLE

      Sample of the SMMP Use-Case Fit Assessment Tool.

      Identify the marketing, sales, and customer service metrics that you will target for improvement using an SMMP

      Create measurable S.M.A.R.T. goals for the project.

      Consider the following questions when building your SMMP metrics:
      1. What are the top marketing objectives for your company? For example, is building initial awareness or driving repeat customers more important?
      2. What are the corresponding social media goals for this business objective?
      3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
      Use Case Sample Metric Descriptions Target Metric
      Social Listening and Analytics Use a listening tool to flag all mentions of our brands or company on social Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment
      Social Publishing and Campaign Management Launch a viral video campaign showcasing product attributes to drive increased YT traffic Net increase in unaided customer recall
      Social Customer Care Create brand-specific social media pages to increase customer sentiment for individual brand extensions Net increase in positive customer sentiment (i.e. as tracked by an SMMP)

      Build the metrics inventory

      Associated Activity icon 1.2.2 45 Minutes

      INPUT: Marketing, sales, and customer service objectives

      OUTPUT: Metrics inventory

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Identify the top marketing, sales, and customer service objectives for your company? For example, is building initial awareness or driving repeat customers more important?
      2. What are the corresponding social media goals for each business objective?
      3. What are some of the metrics that could be used to determine if business and social media objectives are being attained?
      Marketing/PR Objectives Social Media Goals Goal Attainment Metrics
      E.g. build a positive brand image
      • Create brand-specific social media pages to increase customer sentiment for individual brand extensions
      Net increase in positive customer sentiment (i.e. as tracked by an SMMP)
      E.g. increase customer mind share
      • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
      Net increase in unaided customer recall
      E.g. monitor public mentions
      • Use a listening tool to flag all mentions of our brands or company on social
      Increase in mentions with neutral or positive sentiment, decrease in mentions with negative sentiment

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

      Book a workshop with our Info-Tech analysts:

      Photo of an Info-Tech analyst.
      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      1.1.1

      Sample of activity 1.1.1 'Assess where your organization sits on the social media maturity curve'. Assess your organization’s social media maturity

      An Info-Tech analyst will facilitate a discussion to assess the maturity of your organization’s social media program and take an inventory of your current efforts across different departments (e.g. Marketing, PR, Sales, and Customer Service).

      1.1.2

      Sample of activity 1.1.2 'Inventory the current social media networks that must be supported by SMMP'. Inventory your current social media networks

      The analyst will facilitate an exercise to catalog all social media networks used in the organization.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

      Book a workshop with our Info-Tech analysts:

      1.1.3

      Sample of activity 1.1.3 'Go/no-go assessment on SMMP'. Go/no go assessment on SMMP

      Based on the maturity assessment, the analyst will help identify whether an SMMP will help you achieve your goals in sales, marketing, and customer service.

      1.2.1

      Sample of activity 1.2.1 'Profile and rank your top use cases for social media management using the Use Case Fit Assessment Tool'. Rank your top use cases for social media management

      An analyst will facilitate the exercise to answer a series of questions in order to determine best-fit scenario for social media management for your organization.

      1.2.2

      Sample of activity 1.2.2 'Build the metrics inventory'. Build the metrics inventory

      An analyst will lead a whiteboarding exercise to brainstorm and generate metrics for your organization’s social media goals.

      Select and Implement a Social Media Management Platform

      PHASE 2

      Select an SMMP

      This phase also includes Info-Tech’s SMMP Vendor Landscape Title icon for vendor slides.

      Phase 2: Select an SMMP

      Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 2 is highlighted.
      Estimated Timeline: 1-3 Months

      Info-Tech Insight

      Taking a use-case-centric approach to vendor selection allows you to balance the need for different social capabilities between analytics, campaign management and execution, and customer service.

      Major Milestones Reached
      • Vendor Selection
      • Finalized and Approved Contract

      Key Activities Completed

      • RFP Process
      • Vendor Evaluations
      • Vendor Selection
      • Contract Negotiation

      Outcomes from This Phase

      The completed procurement of an SMMP solution.

      • Selected SMMP solution
      • Negotiated and finalized contract

      Phase 2 outline

      Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 2: Select an SMMP

      Proposed Time to Completion: 4 weeks
      Step 2.1: Analyze and shortlist SMMP vendors Step 2.2: Evaluate vendor responses
      Start with an analyst kick-off call:
      • Evaluate the SMMP marketspace.
      • Re-evaluate best-fit use case.
      Review findings with analyst:
      • Determine your SMMP procurement strategy.
      • Reach out to SMMP vendors.
      Then complete these activities…
      • Review vendor profiles and analysis.
      • Create your own evaluation framework and shortlisting criteria.
      Then complete these activities…
      • Prioritize your requirements.
      • Create an RFP for SMMP procurement.
      • Evaluate vendor responses.
      • Set up product demonstrations.
      With these tools & templates:
      • SMMP Vendor Landscape (included here)
      • SMMP Vendor Shortlist Tool
      With these tools & templates:
      • SMMP RFP Template
      • SMMP Vendor Demo Script Template
      • SMMP Evaluation and RFP Scoring Tool
      Phase 1 Results & Insights:
      • Finalize vendor and product selection

      Phase 2, Step 1: Analyze and shortlist vendors in the space

      2.1

      2.2

      Analyze and shortlist vendors in the space Select your SMMP solution

      This step will walk you through the following activities:

      • Review vendor landscape methodology
      • Shortlist SMMP vendors

      This step involves the following participants:

      • Core team
      • Representative stakeholders from Digital Marketing, Sales, and IT

      The SMMP Vendor Landscape includes the following sections:

      VENDOR LANDSCAPE

      Info-Tech's Methodology

      Vendor title icon.

      Vendor Landscape use-case scenarios are evaluated based on weightings of features and vendor/product considerations

      Vendor Profiles icon

      Use cases were scored around the features from the general scoring identified as being relevant to the functional considerations and drivers for each scenario.

      Calculation Overview
      Advanced Features Score X Vendor Multiplier = Vendor Performance for Each Scenario
      Pie Chart of Product and Vendor Weightings.
      Product and Vendor Weightings
      Pie Chart of Advanced Features Weightings.
      Advanced Features Weightings

      Please note that both advanced feature scores and vendor multipliers are based on the specific weightings calibrated for each scenario.

      Vendor performance for each use-case scenario is documented in a weighted bar graph

      Vendor Profiles icon
      Sample of the 'Vendor performance for the use-case scenario' slide. Vendor Performance

      Vendors qualify and rank in each use-case scenario based on their relative placement and scoring for the scenario.

      Vendor Ranking

      Champion: The top vendor scored in the scenario

      Leaders: The vendors who placed second and third in the scenario

      Players: Additional vendors who qualified for the scenarios based on their scoring

      Sample of the 'Value Index for the use case scenario' slide. Value ScoreTM

      Each use-case scenario also includes a Value Index that identifies the Value Score for a vendor relative to their price point. This additional framework is meant to help price-conscious organizations identify vendors who provide the best “bang for the buck.”

      VENDOR LANDSCAPE

      Review the SMMP Vendor Evaluation

      Vendor title icon.

      SMMP market overview

      Vendor Profiles icon

      How It Got Here

      • The SMMP market was created in response to the exploding popularity of social media and the realization that it can be harnessed for a wide variety of enterprise purposes (from consumer intelligence to marketing campaigns and customer service).
      • As the number of social media services has expanded, and as the volume of content generated via social networks has ballooned, it became increasingly difficult to mine insights and manage social campaigns. A number of vendors (mostly start-ups) began offering platforms that attempted to streamline and harness social media processes.
      • As usage of social media expanded beyond just the marketing and PR function, being able to successfully scale a social strategy to a large number of customer care and sales interactions became paramount: SMMPs filled a niche by offering large-scale response and workflow management capabilities.

      Where It’s Going

      • The market is segmented into two broad camps: SMMPs focused on social listening and analytics, and SMMPs focused on social engagement. Although the two have begun to converge, there continues to be a clear junction in the market between the two, with a surprising lack of vendors that are equally adept at both sides.
      • With the rise of SMMPs, the expectation was that CRM vendors would offer feature sets similar to those of standalone SMMPS. However, CRM vendors have been slow in incorporating the functionality directly into their products. While some major vendors have made ground in this direction in the last year, organizations that are serious about social will still need a best-of-breed SMMP.
      • Other major trends include using application integration to build a 360-degree view of the customer, workflow automation, and competitive benchmarking.

      Info-Tech Insight

      As the market evolves, capabilities that were once cutting edge become default and new functionality becomes differentiating. Supporting multiple social media services and accounts has become a Table Stakes capability and should no longer be used to differentiate solutions. Instead focus on an SMMP’s social listening, campaign management, and customer care to help you find a solution that best fits your requirements.

      Review Info-Tech’s Vendor Landscape of the SMMP market to identify vendors that meet your requirements

      Vendors Evaluated

      Various logos of the vendors who were evaluated.

      Each vendor in this landscape was evaluated based on their features, product considerations, and vendor considerations. Each vendor was profiled using these evaluations and, based on their performance, qualified and placed in specific use-case scenarios.

      These vendors were included due to consideration of their market share, mind share, and platform coverage

      Vendor Profiles icon

      Vendors included in this report provide a comprehensive, innovative, and functional solution for integrating applications and automating their messaging.

      Included in this Vendor Landscape:

      Adobe: Adobe Social is a key pillar of Adobe’s ecosystem that is heavily focused on social analytics and engagement.

      Hootsuite: A freemium player with strong engagement and collaboration tools, particularly well suited for SMBs.

      Salesforce: Social Studio is a leading social media management solution and is a key channel of Salesforce Marketing Cloud.

      Sendible: A fairly new entrant to the social media management space, Sendible offers robust campaign management capability that is well suited for agencies and SMBs.

      Sprinklr: A leading solution that focuses on social customer care, offering strong ability to prioritize, route, and categorize high-volume social messaging.

      Sprout Social: A great choice for mid-sized companies looking to provide robust social engagement and customer care.

      Sysomos: Their MAP and Heartbeat products offer customers in-depth analysis of a wide array of social channels.

      Viralheat (Cision): Now a Cision product, Viralheat is an excellent option for analytics, social response workflow management, and in-band social engagement.

      Table Stakes represent the minimum standard; without these, a product doesn’t even get reviewed

      Vendor Profiles icon

      The Table Stakes

      Feature: What it is:
      Multiple Services Supported The ability to mange or analyze at least two or more social media services.
      Multiple Accounts Supported The ability to manage or analyze content from at least two or more social media accounts.
      Basic Engagement The ability to post status updates to multiple social media sites.
      Basic Analytics The ability to display inbound feeds and summary info from multiple social media sites.

      What does this mean?

      The products assessed in this Vendor Landscape meet, at the very least, the requirements outlined as Table Stakes.

      Many of the vendors go above and beyond the outlined Table Stakes, some even do so in multiple categories. This section aims to highlight the products’ capabilities in excess of the criteria listed here.

      Info-Tech Insight

      If Table Stakes are all you need from your SMMP solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.

      Advanced Features are the capabilities that allow for granular differentiation of market players and use-case performance

      Vendor Profiles icon

      Scoring Methodology

      Info-Tech scored each vendor’s features on a cumulative four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature.

      For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

      Feature: What we looked for:
      Social Media Channel Integration - Inbound Ability to monitor social media services, such as Facebook, Twitter, LinkedIn, YouTube, and more.
      Social Media Channel Integration - Outbound Ability to publish to social media services such as Facebook, Twitter, LinkedIn, YouTube, and more.
      Social Response Management Ability to respond in-band to social media posts.
      Social Moderation and Workflow Management Ability to create end-to-end routing and escalation workflows from social content.
      Campaign Execution Ability to manage social and media assets: tools for social campaign execution, reporting, and analytics.
      Social Post Archival Ability to archive social posts and platform activity to create an audit trail.
      Trend Analysis Ability to monitor trends and traffic on multiple social media sites.
      Sentiment Analysis Ability to analyze and uncover insights from attitudes and opinions expressed on social media.
      Contextual Analysis Ability to use NLP, deep learning and semantic analysis to extract meaning from social posts.
      Social Asset Management Ability to access visual asset library with access permissions and expiry dates to be used on social media.
      Post Time Optimization Ability to optimize social media posts by maximizing the level of interaction and awareness around the posts.
      Dashboards and Visualization Ability to visualize data and create analytics dashboards.

      Vendor scoring focused on overall product attributes and vendor performance in the market

      Vendor Profiles icon

      Scoring Methodology

      Info-Tech Research Group scored each vendor’s overall product attributes, capabilities, and market performance.

      Features are scored individually as mentioned in the previous slide. The scores are then modified by the individual scores of the vendor across the product and vendor performance features.

      Usability, overall affordability of the product, and the technical features of the product are considered, and scored on a five-point scale. The score for each vendor will fall between worst and best in class.

      The vendor’s performance in the market is evaluated across four dimensions on a five-point scale. Where the vendor places on the scale is determined by factual information, industry position, and information provided by customer references and/or available from public sources.

      Product Evaluation Features

      Usability The end-user and administrative interfaces are intuitive and offer streamlined workflow.
      Affordability Implementing and operating the solution is affordable given the technology.
      Architecture Multiple deployment options, platform support, and integration capabilities are available.

      Vendor Evaluation Features

      Viability Vendor is profitable, knowledgeable, and will be around for the long term.
      Focus Vendor is committed to the space and has a future product and portfolio roadmap.
      Reach Vendor offers global coverage and is able to sell and provide post-sales support.
      Sales Vendor channel partnering, sales strategies, and process allow for flexible product acquisition.

      Balance individual strengths to find the best fit for your enterprise

      Vendor Profiles icon

      A list of vendors with ratings for their 'Product: Overall, Usability, Affordability, and Architecture' and their 'Vendor: Overall, Viability, Focus, Reach, and Sales'. It uses a quarters rating system where 4 quarters of a circle is Exemplary and 0 quarters is Poor.

      For an explanation of how the Info-Tech Harvey Balls are calculated, see Information Presentation – Criteria Scores (Harvey Balls) in the Appendix.

      Balance individual strengths to find the best fit for your enterprise

      Vendor Profiles icon

      A list of vendors with ratings for their 'Evaluated Features'. Rating system uses Color coding with green being 'Feature is fully present...' and red being 'Feature is absent', and if a star is in the green then 'Feature is best in its class'.

      For an explanation of how Advanced Features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.

      Vendor title icon.

      USE CASE 1

      Social Listening and Analytics

      Seeking functionality for capturing, aggregating, and analyzing social media content in order to create actionable customer or competitive insights.

      Feature weightings for the social listening and analytics use-case scenario

      Vendor Profiles icon

      Core Features

      Sentiment Analysis Uncovering attitudes and opinions expressed on social media is important for generating actionable customer insights.
      Dashboards and Visualization Capturing and aggregating social media insights is ineffective without proper data visualization and analysis.
      Trend Analysis The ability to monitor trends across multiple social media services is integral for effective social listening.
      Contextual Analysis Understanding and analyzing language and visual content on social media is important for generating actionable customer insights.

      Additional Features

      Social Media Channel Integration – Inbound

      Social Moderation and Workflow Management

      Social Post Archival

      Feature Weightings

      Pie chart of feature weightings.

      Vendor considerations for the social listening and analytics use-case scenario

      Vendor Profiles icon

      Product Evaluation Features

      Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
      Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
      Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

      Vendor Evaluation Features

      Viability Vendor viability is critical for long-term stability of an application portfolio.
      Focus The vendor is committed to the space and has a future product and portfolio roadmap.
      Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
      Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

      Pie chart for Product and Vendor Evaluation Features.

      Vendor performance for the social listening and analytics use-case scenario

      Vendor Profiles icon
      Champion badge.

      Champions for this use case:

      Salesforce: Salesforce Social Studio offers excellent trend and in-depth contextual analysis and is among the best vendors in presenting visually appealing and interactive dashboards.
      Leader badge.

      Leaders for this use case:

      Sysomos: Sysomos MAP and Heartbeat are great offerings for conducting social media health checks using in-depth contextual analytics.

      Adobe: Adobe Social is a great choice for digital marketers that need in-depth sentiment and longitudinal analysis of social data – particularly when managing social alongside other digital channels.

      Best Overall Value badge.

      Best Overall Value Award

      Sysomos: A strong analytics capability offered in Sysomos MAP and Heartbeat at a relatively low cost places Sysomos as the best bang for your buck in this use case.

      Players in the social listening and analytics scenario

      • Sprinklr
      • Hootsuite
      • Sprout Social

      Vendor performance for the social listening and analytics use-case scenario

      Vendor Profiles icon

      Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social Listening and Analytics'.

      Value Index for the social listening and analytics scenario

      Vendor Profiles icon
      What is a Value Score?

      The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

      Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

      Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

      On a relative basis, Sysomos maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sysomos’ performance to provide a complete, relative view of their product offerings.

      Bar chart of vendors' Value Scores in social listening and analytics. Sysomos has the highest and the Average Score is 66.8.

      For an explanation of how price is determined, see Information Presentation – Price Evaluation in the Appendix.

      For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

      Vendor title icon.

      USE CASE 2

      Social Publishing and Campaign Management

      Seeking functionality for publishing content to multiple networks or accounts simultaneously, and managing social media campaigns in-depth (e.g. social property management and post scheduling).

      Feature weightings for the social publishing and campaign management use-case scenario

      Vendor Profiles icon

      Core Features

      Campaign Execution The ability to manage multiple social media services simultaneously is integral for carrying out social media campaigns.
      Social Response Management Creating response workflows is equally important to publishing capability for managing social campaigns.

      Additional Features

      Social Media Channel Integration – Outbound

      Social Moderation and Workflow Management

      Social Post Archival

      Social Asset Management

      Post Time Optimization

      Social Media Channel Integration – Inbound

      Trend Analysis

      Sentiment Analysis

      Dashboards and Visualization

      Feature Weightings

      Pie chart of feature weightings.

      Vendor considerations for the social publishing and campaign management use-case scenario

      Vendor Profiles icon

      Product Evaluation Features

      Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
      Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
      Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

      Vendor Evaluation Features

      Viability Vendor viability is critical for long-term stability of an application portfolio.
      Focus The vendor is committed to the space and has a future product and portfolio roadmap.
      Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
      Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

      Pie chart of Product and Vendor Evaluation Features.

      Vendor performance for the social publishing and campaign management use-case scenario

      Vendor Profiles icon

      Champion badge.

      Champions for this use case:

      Adobe: Adobe has the best social campaign execution capability in the market, enabling marketers to manage and auto-track multiple campaigns. It also offers a strong asset management feature that allows users to leverage Marketing Cloud content.
      Leader badge.

      Leaders for this use case:

      Salesforce: SFDC has built a social marketing juggernaut, offering top-notch response workflows and campaign execution capability.

      Hootsuite: Hootsuite has good response capabilities backed up by a strong team collaboration feature set. It offers simplified cross-platform posting and post-time optimization capabilities.

      Best Overall Value badge.

      Best Overall Value Award

      Sendible: Sendible offers the best value for your money in this use case with good response workflows and publishing capability.

      Players in the social publishing and campaign management scenario

      • Sprout Social
      • Sprinklr
      • Sendible

      Vendor performance for the social publishing and campaign management use-case scenario

      Vendor Profiles icon

      Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social publishing and campaign management'.

      Value Index for the social publishing and campaign management scenario

      Vendor Profiles icon

      What is a Value Score?

      The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

      Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

      Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

      On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

      Bar chart of vendors' Value Scores in social publishing and campaign management. Sendible has the highest and the Average Score is 72.9.

      For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

      For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

      Vendor title icon.

      USE CASE 3

      Social Customer Care

      Seeking functionality for management of the social customer service queue as well as tools for expedient resolution of customer issues.

      Feature weightings for the social customer care use-case scenario

      Vendor Profiles icon

      Core Features

      Social Moderation and Workflow Management Creating escalation workflows is important for triaging customer service, managing the social customer service queue and offering expedient resolution to customer complaints.

      Additional Features

      Social Media Channel Integration – Outbound

      Social Moderation and Workflow Management

      Social Response Management

      Social Post Archival

      Sentiment Analysis

      Dashboards and Visualization

      Campaign Execution

      Trend Analysis

      Post Time Optimization

      Feature Weightings

      Pie chart with Feature Weightings.

      Vendor considerations for the social customer case use-case scenario

      Vendor Profiles icon

      Product Evaluation Features

      Usability A clean and intuitive user interface is important for users to fully leverage the benefits of an SMMP.
      Affordability Affordability is an important consideration as the price of SMMPs can vary significantly depending on the breadth and depth of capability offered.
      Architecture SMMP is more valuable to organizations when it can integrate well with their applications, such as CRM and marketing automation software.

      Vendor Evaluation Features

      Viability Vendor viability is critical for long-term stability of an application portfolio.
      Focus The vendor is committed to the space and has a future product and portfolio roadmap.
      Reach Companies with processes that cross organizational and geographic boundaries require effective and available support.
      Sales Vendors need to demonstrate flexibility in terms of industry and technology partnerships to meet evolving customer needs.

      Pie chart with Product and Vendor Evaluation Features.

      Vendor performance for the social customer care use-case scenario

      Vendor Profiles icon

      Champion badge.

      Champions for this use case:

      Salesforce: Salesforce offers exceptional end-to-end social customer care capability with strong response escalation workflows.
      Leader badge.

      Leaders for this use case:

      Sprinklr: Sprinklr’s offering gives users high flexibility to configure escalation workflows and role-based permissions for managing the social customer service queue.

      Hootsuite: Hootsuite’s strength lies in the breadth of social networks that the platform supports in offering expedient resolution to customer complaints.

      Best Overall Value badge.

      Best Overall Value Award

      Sysomos: Sysomos is the best bang for your buck in this use case, offering essential response and workflow capabilities.

      Players in the social listening and analytics scenario

      • Sendible
      • Sysomos
      • Viralheat (Cision)

      Vendor performance for the social customer care use-case scenario

      Vendor Profiles icon

      Stacked bar chart comparing vendors' use-case performance in multiple areas of 'Social customer care'.

      Value Index for the social customer care scenario

      Vendor Profiles icon

      What is a Value Score?

      The Value Score indexes each vendor’s product offering and business strength relative to its price point. It does not indicate vendor ranking.

      Vendors that score high offer more bang-for-the-buck (e.g. features, usability, stability) than the average vendor, while the inverse is true for those that score lower.

      Price-conscious enterprises may wish to give the Value Score more consideration than those who are more focused on specific vendor/product attributes.

      On a relative basis, Sendible maintained the highest Info-Tech Value ScoreTM of the vendor group for this use-case scenario. Vendors were indexed against Sendible’s performance to provide a complete, relative view of their product offerings.

      Bar chart of vendors' Value Scores in social customer care. Sysomos has the highest and the Average Score is 79.6.

      For an explanation of how Price is determined, see Information Presentation – Price Evaluation in the Appendix.

      For an explanation of how the Info-Tech Value Index is calculated, see Information Presentation – Value Index in the Appendix.

      VENDOR LANDSCAPE

      Vendor Profiles and Scoring

      Vendor title icon.

      Use the information in the SMMP Vendor Landscape analysis to streamline your own vendor analysis process

      Vendor Profiles icon

      This section of the Vendor Landscape includes the profiles and scoring for each vendor against the evaluation framework previously outlined.

      Sample of the SMMP Vendor Landscape analysis. Vendor Profiles
      • Include an overview for each company.
      • Identify the strengths and weaknesses of the product and vendor.
      • Identify the three-year TCO of the vendor’s solution (based on a ten-tiered model).
      Sample of the Vendor Landscape profiles slide.
      Vendor Scoring

      Use the Harvey Ball scoring of vendor and product considerations to assess alignment with your own requirements.

      Review the use-case scenarios relevant to your organization’s Use-Case Fit Assessment results to identify a vendor’s fit to your organization's SMMP needs. (See the following slide for further clarification on the use-case assessment scoring process.)

      Review the stoplight scoring of advanced features to identify the functional capabilities of vendors.

      Sample of the Vendor Scoring slide.

      Adobe Social is a powerhouse for digital marketers, with extremely well-developed analytics capabilities

      Vendor Profiles icon
      Product Adobe Social
      Employees 15,000+
      Headquarters San Jose, CA
      Website Adobe.com
      Founded 1982
      Presence NASDAQ: ADBE

      Logo for Adobe.

      3 year TCO for this solution falls into pricing tier 8 between $500,000 and $1,000,000.

      Pricing tier for Adobe, tier 8.
      Pricing provided by vendor

      OVERVIEW
      • Adobe Social is a strong offering included within the broader Adobe Marketing Cloud. The product is tightly focused on social analytics and social campaign execution. It’s particularly well-suited to dedicated digital marketers or social specialists.
      STRENGTHS
      • Adobe Social provides broad capabilities across social analytics and social campaign management; its integration with Adobe Analytics is a strong selling point for organizations that need a complete, end-to-end solution.
      • It boasts great archiving capabilities (up to 7 years for outbound posts), meeting the needs of compliance-centric organizations and providing for strong longitudinal analysis capabilities.
      CHALLENGES
      • The product plays well with the rest of the Adobe Marketing Cloud, but the list of third-party CRM and CSM integrations is shorter than some other players in the market.
      • While the product is unsurprisingly geared towards marketers, organizations that want a scalable platform for customer service use cases will need to augment the product due to its focus on campaigns and analytics – service-related workflow and automation capabilities are not a core focus for the company.

      Adobe Social

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Adobe. Overall product is 3/4; overall vendor is 4/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Adobe earned 'Leader' in Social Listening & Analytics and 'Champion' in Social Publishing & Campaign Management.
      Info-Tech Recommends

      Adobe Social provides impressive features, especially for companies that position social media within a larger digital marketing strategy. Organizations that need powerful social analytics or social campaign execution capability should have Adobe on their shortlist, though the product may be an overbuy for social customer care use cases.

      Scores for Adobe's individual features, color-coded as they were previously.

      Hootsuite is a capable vendor that offers a flexible solution for monitoring many different social media services

      Vendor Profiles icon
      Product Hootsuite
      Employees 800
      Headquarters Vancouver, BC
      Website Hootsuite.com
      Founded 2007
      Presence Privately held

      Logo for Hootsuite.

      3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000.

      Pricing tier for Hootsuite, tier 6.
      Pricing derived from public information

      OVERVIEW
      • In the past, Hootsuite worked on the freemium model by providing basic social account management features. The company has since expanded its offering and put a strong focus on enterprise feature sets, such as collaboration and workflow management.
      STRENGTHS
      • Hootsuite is extremely easy to use, having one of the most straightforward interfaces of vendors evaluated.
      • It has extensive monitoring capabilities for a wide variety of social networks as well as related services, which are supported through an app store built into the Hootsuite platform.
      • The product provides a comprehensive model for team-based collaboration and workflow management, demonstrated through nice cross-posting and post-time optimization capabilities.
      CHALLENGES
      • Hootsuite’s reporting and analytics capabilities are relatively basic, particularly when contrasted with more analytics-focused vendors in the market.
      • Running cross-channel campaigns is challenging without integration with third-party applications.

      Hootsuite

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Hootsuite. Overall product is 3/4; overall vendor is 4/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Hootsuite earned 5th out of 6 in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.
      Info-Tech Recommends

      The free version of Hootsuite is useful for getting your feet wet with social management. The paid version is a great SMMP for monitoring and engaging your own social properties with good account and team management at an affordable price. This makes it ideal for SMBs. However, organizations that need deep social analytics may want to look elsewhere.

      Scores for Hootsuite's individual features, color-coded as they were previously.

      Salesforce Marketing Cloud continues to be a Cadillac solution; it’s a robust platform with a host of features

      Vendor Profiles icon
      Product Salesforce Social Studio
      Employees 24,000+
      Headquarters San Francisco, CA
      Website Salesforce.com
      Founded 1999
      Presence NASDAQ: CRM

      Logo for Salesforce.

      3 year TCO for this solution falls into pricing tier 7, between $250,000 and $500,000

      Pricing tier for Salesforce, tier 7.
      Pricing provided by vendor

      OVERVIEW
      • Social Studio is a powerful solution fueled by Salesforce’s savvy acquisitions in the marketing automation and social media management marketspace. The product has rapidly matured and is adept at both marketing and customer service use cases.
      STRENGTHS
      • Salesforce continues to excel as one of the best SMMP vendors in terms of balancing inbound analytics and outbound engagement. The recent addition of Salesforce Einstein to the platform bolsters deep learning capabilities and enhances the product’s value proposition to those that want a tool for robust customer intelligence.
      • Salesforce’s integration of Marketing Cloud, with its Sales and Service Clouds, also creates a good 360-degree customer view.
      CHALLENGES
      • Salesforce’s broad and deep feature set comes at a premium: the solution is priced materially higher than many other vendors. Before you consider Marketing Cloud, it’s important to evaluate which social media capabilities you want to develop: if you only need basic response workflows or dashboard-level analytics, purchasing Marketing Cloud runs the risk of overbuying.
      • In part due to its price point and market focus, Marketing Cloud is more suited to enterprise use cases than SMB use cases.

      Salesforce

      Vendor Profiles icon
      'Product' and 'Vendor' scores for  . Overall product is 3/4; overall vendor is 4/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Salesforce earned 'Champion' in Social Listening & Analytics, 'Leader' in Social Publishing & Campaign Management, and 'Champion' in Social Customer Care.
      Info-Tech Recommends

      Social Studio in Salesforce Marketing Cloud remains a leading solution. Organizations that need to blend processes across the enterprise that rely on social listening, deep analytics, and customer engagement should have the product on their shortlist. However, companies with more basic needs may be off-put by the solution’s price point.

      Scores for 's individual features, color-coded as they were previously.

      Sendible offers multiple social media management capabilities for SMBs and agencies

      Vendor Profiles icon
      Product Sendible
      Employees 27
      Headquarters London, UK
      Website Sendible.com
      Founded 2009
      Presence Privately held

      Logo for Sendible.

      3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

      Pricing tier for Sendible, tier 4.
      Pricing derived from public information

      OVERVIEW
      • Founded in 2009, Sendible is a rising player in the SMMP market. Sendible is primarily focused on the SMB space. A growing segment of its client base is digital marketing agencies and franchise companies.
      STRENGTHS
      • Sendible’s user interface is very intuitive and user friendly.
      • The product offers the ability to manage multiple social accounts simultaneously as well as schedule posts to multiple groups on different social networks, making Sendible a strong choice for social engagement and customer care.
      • Its affordability is strong given its feature set, making it an attractive option for organizations that are budget conscious.
      CHALLENGES
      • Sendible remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
      • Sendible’s contextual and visual content analytics are lacking vis-à-vis more analytics-centric vendors.

      Sendible

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Sendible. Overall product is 3/4; overall vendor is 4/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sendible earned 6th out of 6 and 'Best Overall Value' in Social Publishing & Campaign Management and 4th out of 6 in Social Customer Care.
      Info-Tech Recommends

      Sendible offers a viable solution for small and mid-market companies, as well as social agencies with a focus on customer engagement for marketing and customer service use cases. However, organizations that need deep social analytics may want to look elsewhere.

      Scores for Sendible's individual features, color-coded as they were previously.

      Sprinklr

      Vendor Profiles icon
      Product Sprinklr
      Employees 1,100
      Headquarters New York, NY
      Website Sprinklr.com
      Founded 2009
      Presence Privately held

      Logo for Sprinklr.

      Pricing tier for Sprinklr, tier 6.
      Pricing derived from public information

      OVERVIEW
      • Sprinklr has risen rapidly as a best-of-breed player in the social media management market. It markets a solution geared towards multiple use cases, from customer intelligence and analytics to service-centric response management.
      STRENGTHS
      • Sprinklr’s breadth of capabilities are impressive: the vendor has maintained a strong focus on social-specific functionality. As a result of this market focus, they have invested prudently in advanced social analytics and moderation workflow capabilities.
      • Sprinklr’s user experience design and data visualization capabilities are top-notch, making it a solution that’s easy for end users and decision makers to get up and running with quickly.
      CHALLENGES
      • Relative to other players in the market, the breadth and scope of Sprinklr’s integrations with other customer experience management solutions is limited.
      • Based on its feature set and price point, Sprinklr is best suited for mid-to-large organizations. SMBs run the risk of an overbuy situation.

      Sprinklr

      Vendor Profiles icon

      'Product' and 'Vendor' scores for Sprinklr. Overall product is 3/4; overall vendor is 3/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprinklr earned 4th out of 6 in Social Listening & Analytics, 5th out of 6 in Social Publishing & Campaign Management, and 'Leader' in Social Customer Care.
      Info-Tech Recommends

      Sprinklr is a strong choice for small and mid-market organizations offering breadth of social media management capabilities that covers social analytics, engagement, and customer service.

      Scores for Sprinklr's individual features, color-coded as they were previously.

      Sprout Social provides small-to-medium enterprises with robust social response capabilities at a reasonable price

      Vendor Profiles icon
      Product Sprout Social
      Employees 200+
      Headquarters Chicago, IL
      Website Sproutsocial.com
      Founded 2010
      Presence Privately held

      Logo for Sprout Social.

      3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

      Pricing tier for Sprout Social, tier 6.
      Pricing derived from public information

      OVERVIEW
      • Sprout Social has built out its enterprise capabilities over the last several years. It offers strong feature sets for account management, social monitoring and analytics, and customer care – it particularly excels at the latter.
      STRENGTHS
      • Sprout’s unified inbox and response management features are some of the most intuitive we’ve seen. This makes it a natural option for providing customer service via social channels.
      • Sprout Social is priced competitively in relation to other vendors.
      • The product provides strong social asset management capabilities where users can set content permissions and expiration dates, and limit access.
      CHALLENGES
      • Deep contextual analysis is lacking: the solution clearly falls more to the engagement side of the spectrum, and is particularly suited for social customer service.
      • Sprout Social has a limited number of technology partners for integrations with applications such as CRM and marketing automation software.
      • It still has a predominantly North American market focus.

      Sprout Social

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Sprout Social. Overall product is 3/4; overall vendor is 3/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sprout Social earned 6th out of 6 in Social Listening & Analytics and 4th out of 6 in Social Publishing & Campaign Management.
      Info-Tech Recommends

      Sprout Social’s easy-to-understand benchmarking and dashboards, paired with strong response management, make it a great choice for mid-sized enterprises concerned with social engagement. However, organizations that want to do deep social analytics will need to augment the solution.

      Scores for Sprout Social's individual features, color-coded as they were previously.

      Sysomos’ prime feature is its hardy analytics built atop a plethora of inbound social channels

      Vendor Profiles icon

      Product Sysomos MAP and Heartbeat
      Employees 200+
      Headquarters Toronto, ON
      Website Sysomos.com
      Founded 2007
      Presence Privately held

      Logo for Sysomos.

      3 year TCO for this solution falls into pricing tier 4, between $25,000 and $50,000

      Pricing tier for Sysomos, tier 4.
      Pricing derived from public information

      OVERVIEW
      • Sysomos began life as a project at the University of Toronto prior to its acquisition by Marketwire in 2010.
      • It split from Marketwire in 2015 and redesigned its product to focus on social monitoring, analysis, and engagement.

      STRENGTHS

      • MAP and Heartbeat offer extensive contextual and sentiment analytics, consolidating findings through a spam-filtering process that parses out a lot of the “noise” inherent in social media data.
      • The solution provides an unlimited number of profiles, enabling more opportunities for collaboration.
      • It provides workflow summaries, documenting the actions of staff and providing an audit trail through the entire process.

      CHALLENGES

      • Sysomos has introduced a publishing tool for social campaigns. However, its outbound capabilities continue to lag, and there are currently no tools for asset management.
      • Sysomos’ application integration stack is limited relative to other vendors.

      Sysomos

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Sysomos. Overall product is 3/4; overall vendor is 3/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Sysomos earned 'Leader' and 'Best Overall Value' in Social Listening & Analytics and 5th out of 6 as well as 'Best Overall Value' in Social Customer Care.
      Info-Tech Recommends

      Sysomos’ broad array of good features has made it a frequent challenger to Marketing Cloud on analytics-centric SMMP evaluation shortlists. Enterprise-scale customers specifically interested in social listening and analytics, rather than customer engagement and campaign execution, will definitely want to take a look.

      Scores for Sysomos's individual features, color-coded as they were previously.

      Viralheat offers a clean analysis of an organization’s social media activity and has beefed up response workflows

      Vendor Profiles icon

      Product Viralheat
      Employees 1,200
      Headquarters Chicago, IL
      Website Cision.com
      Founded 2015
      Presence Privately held

      Logo for Cision (Viralheat).

      3 year TCO for this solution falls into pricing tier 6, between $100,000 and $250,000

      Pricing tier for Cision (Viralheat), tier 6.
      Pricing derived from public information

      OVERVIEW
      • Viralheat has been in the social media market since 2009. It provides tools for analytics and in-band social engagement.
      • The company was acquired by Cision in 2015, a Chicago-based public relations technology company.

      STRENGTHS

      • Viralheat offers robust workflow management capabilities for social response and is particularly useful for customer service.
      • The product has strong post time optimization capability through its ViralPost scheduling feature.
      • Cision’s acquisition of Viralheat makes the product a great choice for third-party social media management, namely public relations and digital marketing agencies.

      CHALLENGES

      • Viralheat remains a smaller vendor in the market – its list of channel partners lags behind larger incumbents.
      • Contextual and sentiment analysis are lacking relative to other vendors.

      Cision (Viralheat)

      Vendor Profiles icon
      'Product' and 'Vendor' scores for Cision (Viralheat). Overall product is 3/4; overall vendor is 2/4.
      'Scenario Performance' awards and 'Value Index' in the three previous scenarios. Cision (Viralheat) earned  in Social Listening & Analytics,  in Social Publishing & Campaign Management, and  in Social Customer Care.
      Info-Tech Recommends

      Cision has upped its game in terms of social workflow and response management and it monitors an above-average number of services. It is a steadfast tool for brands that are primarily interested in outbound customer engagement for marketing and customer service use cases.

      Scores for Cision (Viralheat)'s individual features, color-coded as they were previously.

      Use the SMMP Vendor Shortlist Tool to customize the vendor analysis for your organization

      Vendor Profiles icon SMMP Vendor Shortlist & Detailed Feature Analysis Tool

      Instructions

      1. Eliminate misaligned vendors with knock-out criteria
        Use the SMMP Vendor Shortlist &am; Detailed Feature Analysis Tool to eliminate vendors based on specific knock-out criteria on tab 2, Knock-Out Criteria.
      2. Create your own evaluation framework
        Tailor the vendor evaluation to include your own product and vendor considerations on tab 3, Weightings. Identify the significance of advanced features for your own procurement on a scale of Mandatory, Optional, and Not Required on tab 4, Detailed Feature Analysis.
      3. Review the results of your customized evaluation
        Review your custom vendor shortlist on tab 5, Results.
      This evaluation uses both functional and architectural considerations to eliminate vendors.

      Knock-Out Criteria

      COTS vs. Open Source
      Deployment Models

      Sample of the SMMP Vender Shortlist & Detailed Feature Analysis Tool tab 5, Results.
      Sample Vendor Shortlist from tab 5, Results

      Interpreting the Results
      Your custom shortlist will rank vendors that passed the initial knock-out criteria based on their overall score.
      The shortlist will provide broken-down scoring, as well as a custom value index based on the framework set in the tool.

      Phase 2, Step 2: Select your SMMP solution

      2.1

      2.2

      Analyze and shortlist vendors in the space Select your SMMP solution

      This step will walk you through the following activities:

      • Prioritize your solution requirements.
      • Create an RFP to submit to vendors.
      • Solicit and review vendor proposals.
      • Conduct onsite vendor demonstrations.
      • Select the right solution.

      This step involves the following participants:

      • Core Project Team
      • Procurement Manager
      • Representative Stakeholders from Digital Marketing, Sales, and IT

      Outcomes of this step:

      • SMMP Selection Strategy

      Determine your SMMP procurement strategy

      Critical Points and Checks in Your Procurement
      • Follow your own organization’s procurement procedures to ensure that you adhere to your organization’s policies.
      • Based on your organization’s policies, identify if you are going to conduct a private or public RFP process.
        • If your RFP will contain sensitive information, use a private RFP process that is directed to specific vendors in order to protect the proprietary practices of your business.

      Info-Tech Insight

      If you are still not sure of a vendor’s capabilities, we recommend sending an RFI before proceeding with an RFP.

      INFO-TECH OPPORTUNITY

      If your organization lacks a clear procurement process, refer to Info-Tech's Optimize IT Procurement research to help construct a formal process for selecting application technology.

      Info-Tech’s 15-Step Procurement Process

      Use Info-Tech's procurement process to ensure that your SMMP selection is properly planned and executed.

      1. Initiate procurement.
      2. Select procurement manager.
      3. Prepare for procurement; check that prerequisites are met.
      4. Select appropriate procurement vehicle.
      5. Assemble procurement teams.
      6. Create procurement project plan.
      7. Identify and notify vendors about procurement.
      8. Configure procurement process.
      9. Gather requirements.
      10. Prioritize requirements.
      11. Build the procurement documentation package.
      12. Issue the procurement.
      13. Evaluate proposals.
      14. Recommend a vendor.
      15. Present to management.

      Much of your procurement process should already be outlined from your charter and initial project structuring.
      In this stage of the process, focus on the successful completion of steps 7-15.

      Prioritize your solution requirements based on your business, architecture, and performance needs

      Associated Activity icon

      INPUT: Requirements Workbook and requirements gathering findings

      OUTPUT: Full documentation of requirements for the RFP and solution evaluation process

      Completed in Section 3

      1. Identify Your Requirements
        Use the findings being collected in the Requirements Workbook and related materials to define clear requirements around your organization’s desired SMMP.
      2. Prioritize Your Requirements
        • Identify the significance of each requirement for your solution evaluation.
        • Identify features and requirements as mandatory, important, or optional.
        • Control the number of mandatory requirements you document. Too many mandatory requirements could create an unrealistic framework for evaluating solutions.
      3. Create a Requirements Package
        • Consolidate your identified requirements into one list, removing redundancies and conflicts.
        • Categorize the requirements based on their priority and nature.
        • Use this requirements package as you evaluate vendors and create your RFP for shortlisted vendors.

      Info-Tech Insight

      No solution will meet 100% of your requirements. Control the number of mandatory requirements you place in your procurement process to ensure that vendors that are the best fit for your organization are not eliminated unnecessarily.

      Create an RFP to submit to vendors

      Supporting Tool icon Request for Proposal Template
      Associated Activity icon Activity: Interpreting the Results

      INPUT: Requirements package, Organization’s procurement procedures

      OUTPUT: RFP

      MATERIALS: Whiteboard and markers

      PARTICIPANTS: Project manager, Core project team

      Leverage Info-Tech’s SMMP RFP Template to convey your desired suite requirements to vendors and outline the proposal and procurement steps set by your organization.

      Build Your RFP
      1. Outline the organization's procurement instructions for vendors (Sections 1, 3, and 5).
      2. Input the requirements package created in Activity 5.2 into your RFP (Section 4).
      3. Create a scenario overview to provide vendors an opportunity to give an estimated price.

      Approval Process

      Each organization has a unique procurement process; follow your own organization’s process as you submit your RFPs to vendors.

      1. Ensure compliance with your organization's standards and gain approval for submitting your RFP.

      Info-Tech RFP
      Table of Contents

      1. Statement of Work
      2. General Information
      3. Proposal Preparation Instructions
      4. Scope of Work, Specifications, and Requirements
      5. Vendor Qualifications and References
      6. Budget and Estimated Pricing
      7. Vendor Certification

      Standardize the potential responses from vendors and streamline your evaluation with a response template

      Supporting Tool icon Vendor Response Template
      Sample of the Vendor Response Template. Adjust the scope and content of the Vendor Response Template to fit your SMMP procurement process and vendor requirements.

      Section

      Why is this section important?

      About the Vendor This is where the vendor will describe itself and prove its organizational viability.
      Understanding of the Challenge Demonstrates that understanding of the problem is the first step in being able to provide a solution.
      Methodology Shows that there is a proven methodology to approach and solve the challenge.
      Proposed Solution Describes how the vendor will address the challenge. This is a very important section as it articulates what you will receive from the vendor as a solution.
      Project Management, Plan, and Timeline Provides an overview of the project management methodology, phases of the project, what will be delivered, and when.
      Vendor Qualifications Provides evidence of prior experience with delivering similar projects for similar clients.
      References Provides contact information for individuals/organizations for which the vendor has worked and who can vouch for the experience and success of working with this vendor.
      Value Added Services Remember, this could lead to a long-term relationship. It’s not only about what you need now, but also what you may need in the future.
      Requirements Confirmation from the vendor as to which requirements it can meet and how it will meet them.

      Evaluate the RFPs you receive within a clear scoring process

      Supporting Tool icon SMMP RFP Evaluation and Scoring Tool
      Steps to follow: 'Review, Evaluate, Shortlist, Brief, Select' with the first 3 highlighted.

      Associated Activity icon Activity

      Build a fair evaluation framework that evaluates vendor solutions against a set criteria rather than relative comparisons.

      INSTRUCTIONS

      1. Have members of the SMMP evaluation team review the RFP responses given by vendors.
      2. Input vendor solution information into the SMMP RFP Evaluation and Scoring Tool.
      3. Analyze the vendors against your identified evaluation framework.
      4. Identify vendors with whom you wish to arrange vendor briefings.
      5. Contact vendors and arranging briefings.
      How to use this tool
      • Review the feature list and select where each feature is mandatory, desirable, or not applicable.
      • Select if each feature has been met by the vendor RFP response.
      • Enter the costing information provided by each vendor.
      • Determine the relative importance of the features, architecture, and support.
      Tool Output
      • Costing
      • Overall score
      • Evaluation notes and comments

      Vendor product demonstration

      Vendor Profiles icon Demo Script Template

      Demo

      Invite vendors to come onsite to demonstrate the product and to answer questions. Use a demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.
      Make sure the solution will work for your business

      Provide the vendor with some usage patterns for the SMMP tool in preparation for the vendor demo.

      Provide the following information to vendors in your script:

      • Usage for different groups.
      • SMMP usage and [business analytics] usage.
      • The requirements for administration.
      How to challenge the vendors in the demo
      • Change visualization/presentation.
      • Change the underlying data.
      • Add additional datasets to the artifacts.
      • Collaboration capabilities.
      • Perform an investigation in terms of finding BI objects and identifying previous changes, and examine the audit trail.
      Sample of the SMMP Demo Script Template
      SMMP Demo Script Template

      INFO-TECH ACTIVITY

      INPUT: Requirements package, Use-case results

      OUTPUT: Onsite demo

      1. Create a demo script that will be sent to vendors that outlines SMMP usage patterns from your organization.
      2. Construct the demo script with your SMMP evaluation team, providing both prompts for the vendor to display the capabilities and some sample data for the vendor to model.

      Use vendor RFPs and demos to select the SMMP that best fits your organization’s needs

      Supporting Tool icon Suite Evaluation and Scoring Tool: Tab 5, Overall Score

      Don’t just choose the vendor who gave the best presentation. Instead, select the vendor who meets your functional requirements and organizational needs.

      Category Weight Vendor 1 Vendor 2 Vendor 3 Vendor 4
      SMMP Features 60% 75% 80% 80% 90%
      Architecture 25% 55% 60% 90% 90%
      Support 15% 10% 70% 60% 95%
      Total Score 100% 60% 74% 80% 91%
      Use your objective evaluation to select a vendor to recommend to management for procurement. Arrow from 'Vendor 4' to post script.

      Don’t automatically decide to go with the highest score; validate that the vendor is someone you can envision working with for the long term.

      • Select a vendor based not only on their evaluation performance, but also on your belief that you could form a lasting and supportive relationship with them.
      • Integration needs are dynamic, not static. Find an SMMP tool and vendor that have strong capabilities and will fit with the application and integration plans of the business.
      • In many cases, you will require professional services together with your SMMP purchase to make sure you have some guidance in the initial development and your own staff are trained properly.

      Following the identification of your selected suite, submit your recommendation to the organization’s management or evaluation team for final approval.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

      Book a workshop with our Info-Tech analysts:

      Photo of an Info-Tech analyst.
      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      Sample of 'Create an RFP to submit to vendors' slide with 'Request for Proposal Template'. Create an RFP for SMMP procurement

      Our Info-Tech analyst will walk you through the RFP preparation to ensure the SMMP requirements are articulated clearly to vendors in this space.

      Sample of 'Vendor product demonstration' slide with 'Demo Script Template'. Create SMMP demo scripts

      An analyst will walk you through the demo script preparation to guide the SMMP product demonstrations and briefings offered by vendors. The analyst will ensure the demo script addresses key requirements documented earlier in the process.

      Select and Implement a Social Media Management Platform

      PHASE 3

      Review Implementation Considerations

      Phase 3: Review implementation considerations

      Steps of this blueprint represented by circles of varying colors and sizes, labelled by text of different sizes. Only Phase 3 is highlighted.
      Estimated Timeline:

      Info-Tech Insight

      Even a solution that is a perfect fit for an organization will fail to generate value if it is not properly implemented or measured. Conduct the necessary planning before implementing your SMMP.

      Major Milestones Reached
      • Plan for implementation and expected go-live date

      Key Activities Completed

      • SMMP Implementation Plan
      • Governance Plan
      • Change Control Methods

      Outcomes from This Phase

      Plans for implementing the selected SMMP tool.

      Phase 3 outline

      Associated Activity icon Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 3: Review Implementation Considerations

      Proposed Time to Completion: 2 weeks
      Step 3.1: Establish best practices for SMMP implementation Step 3.2: Assess the measured value from the project
      Start with an analyst kick-off call:
      • Determine the right governance structure to overlook the SMMP implementation.
      • Identify integrations with other applications.
      • Establish an ongoing maintenance plan.
      • Assess the different deployment models.
      Review findings with analyst:
      • Determine the key performance indicators for each department using the SMMP
      • Identify key performance indicators for business units using an SMMP
      Then complete these activities…
      • Establish a governance structure for social media.
      • Specify data linkages with CRM.
      • Identify risks and mitigation strategies
      • Determine the right deployment model for your organization.
      Then complete these activities…
      • Identify key performance indicators for business units using an SMMP
      With these tools & templates:
      • Social Media Steering Committee
      Phase 3 Results & Insights:
      • Implementation Plan
      • SMMP KPIs

      Phase 3, Step 1: Establish best practices for SMMP implementation

      3.1

      3.2

      Establish best practices for SMMP implementation Assess the measured value from the project

      This step will walk you through the following activities:

      • Establish a governance structure for social media management.
      • Specify the data linkages you will need between your CRM platform and SMMP.

      This step involves the following participants:

      • Core Project Team

      Outcomes of this step

      • Social Media Steering Committee Charter
      • SMMP data migration Inventory
      • Determination of the deployment model that works best for your organization
      • Deployment Model

      Follow these steps for effective SMMP implementation

      What to Consider

      • Creating an overall social media strategy is the critical first step in implementing an SMMP.
      • Selecting an SMMP involves gathering business requirements, then translating those requirements into specific selection criteria. Know exactly what your business needs are to ensure the right SMMP is selected.
      • Implement the platform with an eye toward creating business value: establish points of integration with the existing CRM solution, establish ongoing maintenance policies, select the right deployment model, and train end users around role-based objectives.
      Arrow pointing down.

      Plan

      • Develop a strategy for customer interaction
      • Develop a formal strategy for social media
      • Determine business requirements
      Arrow pointing down.

      Create RFP

      • Translate into functional requirements
      • Determine evaluation criteria
      Arrow pointing down.

      Evaluate

      • Evaluate vendors against criteria
      • Shortlist vendors
      • Perform in-depth vendor review

      Implement

      • Integrate with existing CRM ecosystem (if applicable)
      • Establish ongoing maintenance policies
      • Map deployment to organizational models
      • Train end-users and establish acceptable use policies
      • Designate an SMMP subject matter expert

      Before deploying the SMMP, ensure the right social media governance structures are in place to oversee implementation

      An SMMP is a tool, not a substitute, for adequate cross-departmental social media oversight. You must coordinate efforts across constituent stakeholders.

      • Successful organizations have permanent governance structures in place for managing social media. For example, mature companies leverage Social Media Steering Committees (SMSCs) to coordinate the social media initiatives of different business units and departments. Large organizations with highly complex needs may even make use of a physical command center.
      • Compared to traditional apps projects (like CRM or ERP), social media programs tend to start as grassroots initiatives. Marketing and Public Relations departments are the most likely to spearhead the initial push, often selecting their own tools without IT involvement or oversight. This causes application fragmentation and a proliferation of shadow IT.
      • This organic adoption contrasts with the top-down approach many IT leaders are accustomed to. Bottom-up growth can ensure rapid response to social media opportunities, but it also leads to insufficient coordination. A conscious effort should be made to mature your social media strategy beyond this disorganized initial state.
      • IT can help be a “cat herder” to shepherd departments into shared initiatives.

      Info-Tech Best Practice

      Before implementing the SMMP, go through the appropriate organizational governance structures to ensure they have input into the deployment. If a social media steering committee is not already in place, rolling out an SMMP is a great opportunity to get one going. See our research on social media program execution for more details.

      Establish a governance structure for social media management

      Associated Activity icon 3.1.1 60 minutes

      INPUT: Project stakeholders, SMMP mandate

      OUTPUT: Social Media Governance Structure

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Describe the unique role that the governance team will play in social media management.
      2. Describe the overall purpose statement of the governance team.
      3. Define the roles and responsibilities of the governance team.
      4. Document the outcome in the Social Media Steering Committee Charter.

      EXAMPLE

      Executive Sponsorship
      Social Media Steering Committee
      VP Marketing VP Sales VP Customer Service VP Public Relations CIO/ IT Director
      Marketing Dept. Sales Dept. Customer Service Dept. Public Relations Dept. IT Dept.

      Use Info-Tech’s Social Media Steering Committee Charter Template to define roles and ensure value delivery

      Supporting Tool icon 3.1

      Leaders must ensure that the SMSC has a formal mandate with clear objectives, strong executive participation, and a commitment to meeting regularly. Create an SMSC Charter to formalize the committee governance capabilities.

      Developing a Social Media Steering Committee Charter:
      • Outline the committee’s structure, composition, and responsibilities using the Info-Tech Social Media Steering Committee Charter Template.
      • This template also outlines the key tasks and responsibilities for the committee:
        • Providing strategic leadership for social media
        • Leading SMMP procurement efforts
        • Providing process integration
        • Governing social media initiatives
        • Ensuring open communications between departments with ownership of social media processes
      • Keep the completed charter on file and available to all committee members. Remember to periodically update the document as organizational priorities shift to ensure the charter remains relevant.

      INFO-TECH DELIVERABLE

      Sample of the Social Media Steering Committee Charter Template.

      Integrate your social media management platform with CRM to strengthen the realization of social media goals

      • Linking social media to existing customer relationship management solutions can improve information accuracy, reduce manual effort and provide more in-depth customer insights.
        • Organizations Info-Tech surveyed, and who integrated their solutions, achieved more goals as a result.
      • Several major CRM vendors are now offering products that integrate with popular social networking services (either natively or by providing support for third-party add-ons).
        • For example, Salesforce.com now allows for native integration with Twitter, while an add-on available for Oracle gathers real-time information about prospects by pulling their extended information from publicly available LinkedIn profiles.
      • Some CRM vendors are acquiring established SMMPs outright.
        • For example, Salesforce.com acquired Radian6 for their clients that have advanced social media requirements.
      Bar chart comparing the social media goal realization of organizations that integrated their SMMP and CRM technology and those that didn't.

      Info-Tech Best Practice

      CRM vendors still lag in out-of-the-box social features, making a separate SMMP purchase a given. For companies that have not formally integrated social media with CRM, IT should develop the business case in conjunction with the applicable business-side partner (e.g. Marketing, Sales, Service, PR, etc.).

      Establish points of integration between SMMPs and CRM suites to gain a 360 degree view of the customer

      • Social media is a valuable tool from a standalone perspective, but its power is considerably magnified when it’s paired with the CRM suite.
      • Many SMMPs offer native integration with CRM platforms. IT should identify and enable these connectors to strengthen the business value of the platform.
      • An illustrated example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
        An example of how an SMMP linked via CRM can provide proactive service while contributing to sales and marketing.
      • New channels do not mean they stand alone and do not need to be integrated into the rest of the customer interaction architecture.
      • Challenge SMMP vendors to demonstrate integration experience with CRM vendors and multimedia queue vendors.
      • Manual integration – adding resolved social inquiries yourself to a CRM system after closure – cannot scale given the rapid increase in customer inquiries originating in the social cloud. Integration with interaction management workflows is most desirable.

      These tools are enabling sales, and they help us serve our customers better. And anything that does that, is a good investment on our part.” Chip Meyers, (Sales Operation Manager, Insource)

      Info-Tech Best Practice

      SMMPs are a necessary single-channel evolutionary step, just like there used to be email-only and web chat-only customer service options in the late 1990s. But they are temporary. SMMPs will eventually be subsumed into the larger marketing automation ecosystem. Only a few best of breed will survive in 10 years.

      Specify the data linkages you will need between your CRM platform and SMMP

      Associated Activity icon 3.1.2 1 hour

      INPUT: SMMP data sources

      OUTPUT: SMMP data migration inventory

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Build a list of sources of information that you’ll need to integrate with your CRM tool.
      2. Identify:
        1. Data Source
        2. Integration Direction
        3. Data Type and Use Case
      Data Source Migration/Integration Direction Data Type/Use Case
      Social Platform Bidirectional Recent Social Posts
      Customer Data Warehouse Bidirectional Contact Information, Cases, Tasks, Opportunities

      Establish a plan for ongoing platform maintenance

      • Like other enterprise applications, the SMMP will require periodic upkeep. IT must develop and codify policies around ongoing platform maintenance.
      • Platform maintenance should touch on the following areas:
        • Account access and controls – periodically, access privileges for employees no longer with the organization should be purged.
        • Platform security – cloud-based platforms will be automatically updated by the vendor to plug security holes, but on-premises solutions must be periodically updated to ensure that there are no gaps in security.
        • Pruning of old or outdated material – pages (e.g. Facebook Groups, Events, and Twitter feeds) that are no longer in use should be pruned. For example, a management console for an event that was held two years ago is unnecessary. Remove it from the platform (and the relevant service) to cut down on clutter (and reduce costs for “per-topic” priced platforms.)
      SMMP being fixed by a wrench.

      IT: SMMP Maintenance Checklist

      • Account upkeep and pruning
      • Security, privacy, and access
      • Content upkeep and pruning

      Info-Tech Best Practice

      Even cloud-based platforms like SMMPs require a certain degree of maintenance around account controls, security, and content pruning. IT should assist the business units in carrying out periodic maintenance.

      Social media is a powerful medium, but organizations must develop a prudent strategy for minimizing associated risks

      Using an SMMP can help mitigate many of the risks associated with social media. Review the risk categories on the next several slides to determine which ones can be mitigated by effective utilization of a dedicated SMMP.

      Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
      Privacy and Confidentiality High
      • Risk of inappropriate exchange of information between personal and business social networks (e.g. a personal account used for company business).
      • Abuse of privacy and confidentiality laws.
      • Whenever possible, implement separate social network accounts for business, and train your employees to avoid using personal accounts at work.
      • Have a policy in place for how to treat pre-existing accounts versus newly created ones for enterprise use.
      • Use the “unified sign-on” capabilities of an SMMP to prevent employees from directly accessing the underlying social media services.

      Good governance means being proactive in mitigating the legal and compliance risks of your social media program

      Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
      Trademark and Intellectual Property Medium
      • Copyrighted information could inappropriately be used for promotional and other business purposes (e.g. using a private user’s images in collateral).
      • Legal should conduct training to make sure the organization’s social media representatives only use information in the public domain, nothing privileged or confidential. This is particularly sensitive for Marketing and PR.
      Control over Brand Image and Inappropriate Content Medium
      • Employees on social media channels may post something inappropriate to the nature of your business.
      • Employees can post something that compromises industry and/or ethical standards.
      • Use SMMP outbound filtering/post approval workflows to censor certain inappropriate keywords.
      • Select the team carefully and ensure they are fully trained on both official company policy and social media etiquette.
      • Ensure strong enforcement of Social Media AUPs: take a zero tolerance approach to flagrant abuses.

      Security is a top-of-mind risk, though bandwidth is a low priority issue for most organizations

      Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
      IT Security Medium Risk of employees downloading or being sent malware through social media services. Your clients are also exposed to this risk; this may undermine their trust of your brand.
      • Implement policies that outline appropriate precautions by employees, such as using effective passwords and not downloading unauthorized software.
      • Use web-filtering and anti-malware software that incorporates social media as a threat vector.
      Bandwidth Low Increase in bandwidth needs to support social media efforts, particularly when using video social media such as YouTube.
      • Plan for any bandwidth requirements with IT network staff.
      • Most social media strategies shouldn’t have a material impact on bandwidth.

      Poaching of client lists and increased costs are unlikely to occur, but address as a worst case scenario

      Risk Category Likelihood Risk(s) Suggested Mitigation Strategy
      Competitors Poaching Client Lists Low The ability for a competitor to view lists of clients that have joined your organization’s social media groups.
      • In a public social network, you cannot prevent this. Monitor your own brand as well as competitors’. If client secrecy must be maintained, then you should use a private social network (e.g. Jive, Lithium, private SharePoint site), not a public network.
      Increased Cost of Servicing Customers Low Additional resources may be allocated to social media without seeing immediate ROI.
      • Augment existing customer service responsibilities with social media requests.
      • If a dedicated resource is not available, dedicate a specific amount of time per employee to be spent addressing customer concerns via social media.

      Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP

      Associated Activity icon 3.1.3 20 minutes

      INPUT: Risk assessment inventory

      OUTPUT: Top social media risks and mitigation plan

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Based on your unique business variables, which social media risk categories are most applicable to your organization? In what order?
      2. Summarize the top risks below and identify mitigation steps (which often involve effective use of a dedicated SMMP).
      Rank Risk Category Mitigation Steps
      High Confidentiality We have strong records retention requirements, so using a rules-based SMMP like SocialVolt is a must.
      Medium Brand Image Ensure that only personnel who have undergone mandatory training can touch our social accounts via an SMMP.
      Low Competitors’ Poaching Lists Migrate our Business Services division contacts onto LinkedIn – maintain no Facebook presence for these clients.

      Determine the workflows that will be supported using your social media management platform

      Determine when, where, and how social media services should be used to augment existing workflows across (and between) the business process domains. Establish escalation rules and decide whether workflows will be reactive or proactively.

      • Fine tune your efforts in each business process domain by matching social technologies to specific business workflows. This will clearly delineate where value is created by leveraging social media.
      • Common business process domains that should be targeted include marketing, sales, and customer service. Public relations, human resources, and analyst relations are other areas to consider for social process support.
      • For each business process domain, IT should assist with technology enablement and execution.
      Target domains: 'Marketing', 'Sales', 'Customer Service', 'Public Relations', 'Human Resources'.

      Info-Tech Best Practice

      The social media governance team should have high-level supervision of process workflows. Ask to see reports from line managers on what steps they have taken to put process in place for reactive and proactive customer interactions, as well as escalations and channel switching. IT helps orchestrate these processes through knowledge and expertise with SMMP workflow capability.

      There are three primary models for SMMP deployment: the agency model uses the SMMP as a third-party offering

      There are three models for deploying an SMMP: agency, centralized, and distributed.

      Agency Model
      Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)'
      • In the agency model of SMMP deployment, the platform is managed on behalf of the organization by a third party – typically a marketing or public relations agency.
      • The agency serves as the primary touch point for the client organization: the client requests the types of market research it wants done, or the campaigns it wants managed. The agency uses its own SMMP(s) to execute the requests. Often, the SMMP’s results or dashboards will be rebranded by the agency.
      • Pros: The agency model is useful when large portions of marketing, service, or public relations are already being outsourced to a third-party provider. Going with an agency also splits the cost of more expensive SMMPs over multiple clients, and limits deployment costs.
      • Cons: The client organization has no direct control over the platform; going with an agency is not cost effective for firms with in-house marketing or PR capabilities.
      • Advice: Go with an agency-managed SMMP if you already use an agency for marketing or PR.

      Select the centralized deployment model when SMMP functionality rests in the hands of a single department

      Centralized Model
      Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service'
      In this example, marketing owns and manages a single SMMP
      • In the centralized model, a single SMMP workspace is owned and operated predominantly by a single business unit or department. Unlike the agency model, the SMMP functionality is utilized in-house.
      • Information from the SMMP may occasionally be shared with other departments, but normally the platform is used almost exclusively by a single group in the company. Marketing or public relations are usually the groups that maintain ownership of the SMMP in the centralized model (with selection and deployment assistance from the IT department).
      • Pros: The centralized model provides small organizations with an in-house, dedicated SMMP without having to go through an agency. Having a single group own and manage the SMMP is considerably more cost effective than having SMMPs licensed to multiple business units in a small company.
      • Cons: If more and more departments start clamoring for control of SMMP resources, the centralized model will fail to meet the overall needs of the organization.
      • Advice: Small-to-medium enterprises with mid-sized topic or brand portfolios should use the centralized model.

      Go with a distributed deployment if multiple business units require advanced SMMP functionality

      Distributed Model
      Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.
      • In the distributed model, multiple SMMPs (sometimes from different vendors) or multiple SMMP workspaces (from a single vendor) are deployed to several groups (e.g. multiple departments or brand portfolios) in the organization.
      • Pros: The distributed model is highly effective in large organizations with multiple departments or brands that each are interested in SMMP functionality. Having separate workspaces for each business group enables customizing workspaces to satisfy different goals of the different business groups.
      • Cons: The cost of deploying multiple SMMP workspaces can be prohibitive.
      • Advice: Go with the distributed model if your organization is large and has multiple relevant departments or product marketing groups, with differing social media goals.

      Determine which deployment model works best for your organization

      Associated Activity icon 3.1.4 1 Hour

      INPUT: Deployment models

      OUTPUT: Best fit deployment model

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Project Manager, Core project team

      1. Assess and understand the three models of SMMP deployments: agency, centralized and distributed. Consider the pros and cons of each model.
      2. Understand how your organization manages enterprise social media. Consider the follow questions:
        • What is the size of your organization?
        • Who owns the management of social media in your organization?
        • Is social media managed in-house or outsourced to an agency?
        • What are the number of departments that use and rely on social media?
      3. Select the best deployment model for your organization.
      Agency Model Centralized Model Distributed Model
      Visual of the Agency Model with the 'Social Cloud' attached to the 'SMMP' attached to the 'Agency (e.g. marketing or public relations agency)' attached to the 'Client Organization (Marketing, Sales, Service)' Visual of the Centralized Model with the 'Social Cloud' attached to the 'SMMP' attached to 'Marketing' attached to the 'Sales' and 'Service' Visual of the Distributed Model with the 'Social Cloud' attached to two 'SMMPs', one attached to 'Marketing' and 'Sales', the other to 'Customer Service' and 'Public Relations'.

      Create an SMMP training matrix based on social media roles

      IT must assist the business by creating and executing a role-based training program. An SMMP expert in IT should lead training sessions for targeted groups of end users, training them only on the functions they require to perform their jobs.

      Use the table below to help identify which roles should be trained on which SMMP features.

      PR Professionals Marketing Brand, Product, and Channel Managers Customer Service Reps and Manager Product Development and Market Research IT Application Support
      Account Management Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
      Response and Engagement Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
      Social Analytics and Data Mining Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
      Marketing Campaign Execution Circle indicating a positive field. Circle indicating a positive field.
      Mobile Access Circle indicating a positive field. Circle indicating a positive field. Circle indicating a positive field.
      Archiving Circle indicating a positive field.
      CRM Integration Circle indicating a positive field.

      Phase 3, Step 2: Track your metrics

      3.1

      3.2

      Establish best practices for SMMP implementation Assess the measured value from the project

      This step will walk you through the following activities:

      • Identify metrics and KPIs for business units using a dedicated SMMP

      This step involves the following participants:

      • Core Project Team
      • Representative Stakeholders from Digital Marketing, Sales, and IT

      Outcomes of this step

      • Key Performance Indicators

      Know key performance indicators (KPIs) for each department that employs a dedicated social media management platform

      Share of Voice
      How often a brand is mentioned, relative to other brands competing in a defined market.

      User Engagement
      Quantity and quality of customer interactions with a brand or with each other, either on- or offline.

      Campaign Success
      Tracking reception of campaigns and leads brought in as a result.
      Marketing KPIs Reach
      Measurement of the size of market your brand advertisements and communications reach.

      Impressions
      The number of exposures your content, ad, or social post has to people in your target audience.

      Cost per Point (CPP)
      Cost to reach one percent of your organization’s audience.

      Product Innovation
      The quantity and quality of improvements, updates, and changes to existing products.

      Time-to-Market
      Time that passes between idea generation and the product being available to consumers.

      Product Development KPIs

      New Product Launches
      A ratio of completely new product types released to brand extensions and improvements.

      Cancelled Projects
      Measure of quality of ideas generated and quality of idea assessment method.

      Use social media metrics to complement your existing departmental KPIs – not usurp them

      Cost per Lead
      The average amount an organization spends to find leads.

      Conversion Rate
      How many sales are made in relation to the number of leads.

      Quantity of Leads
      How many sales leads are in the funnel at a given time.
      Sales KPIs Average Cycle Time
      Average length of time it takes leads to progress through the sales cycle.

      Revenue by Lead
      Total revenue divided by total number of leads.

      Avg. Revenue per Rep
      Total revenue divided by number of sales reps.

      Time to Resolution
      Average amount of time it takes for customers to get a response they are satisfied with.

      First Contact Resolution
      How often customer issues are resolved on the first contact.

      Customer Service KPIs

      Contact Frequency
      The number of repeated interactions from the same customers.

      Satisfaction Scores
      Determined from customer feedback – either through surveys or gathered sporadically.

      Social analytics don’t operate alone; merge social data with traditional data to gain the deepest insights

      Employee Retention
      The level of effort an organization exerts to maintain its current staff.

      Employee Engagement
      Rating of employee satisfaction overall or with a given aspect of the workplace.

      Preferred Employer
      A company where candidates would rather work over other companies.
      Marketing KPIs Recruitment Cycle Time
      Average length of time required to recruit a new employee.

      Employee Productivity
      A comparison of employee inputs (time, effort, etc.) and outputs (work).

      Employee Referrals
      The ratio of employee referrals that complete the recruitment process.

      There are conversations going on behind your back, and if you're not participating in them, then you're either not perpetuating the positive conversation or not diffusing the negative. And that's irresponsible in today's business world.” (Lon Safko, Social Media Bible)

      Identify key performance indicators for business units using an SMMP

      Associated Activity icon 3.2.1 30 minutes

      INPUT: Social media goals

      OUTPUT: SMMP KPIs

      MATERIALS: Whiteboard, Markers

      PARTICIPANTS: Representative stakeholders from different business units

      For each listed department, identify the social media goals and departmental key performance indicators to measure the impact of the SMMP.

      DepartmentSocial Media GoalsKPI
      Marketing
      • E.g. build a positive brand image
      • Net increase in brand recognition
      Product Development
      • Launch a viral video campaign showcasing product attributes to drive increased YT traffic
      • Net increase in unaided customer recall
      Sales
      • Enhance sales lead generation through social channels
      • Net increase in sales lead generation in the social media sales funnel
      Customer Service
      • Produce more timely responses to customer enquiries and complaints
      • Reduced time to resolution
      HR
      • Enhance social media recruitment channels
      • Number of LinkedIn recruitment

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

      Book a workshop with our Info-Tech analysts:

      Photo of an Info-Tech analyst.
      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analyst will join you and your team onsite at your location or welcome you to Info-Tech's historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      3.1.1

      Sample of activity 3.1.1 'Establish a governance structure for social media management'. Establish a governance structure for social media management

      Our Info-Tech analyst will walk you through the exercise of developing roles and responsibilities to govern your social media program.

      3.1.2

      Sample of activity 3.1.2 'Specify the data linkages you will need between your CRM platform and SMMP'. Specify the data linkages you will need between your CRM and SMMP

      The analyst will help you identify the points of integration between the SMMP and your CRM platform.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech Workshop Associated Activity icon

      Book a workshop with our Info-Tech analysts:

      3.1.3

      Sample of activity 3.1.3 'Determine your top social media risks and develop an appropriate mitigation strategy that incorporates an SMMP'. Determine your top social media risks

      Our Info-Tech analyst will facilitate the discussion to identify the top risks associated with the SMMP and determine mitigation strategies for each risk.

      3.1.4

      Sample of activity 3.1.4 'Determine which deployment model works best for your organization'. Determine the best-fit deployment model

      An analyst will demonstrate the different SMMP deployment models and assist in determining the most suitable model for your organization.

      3.2.1

      Sample of activity 3.2.1 'Identify key performance indicators for business units using an SMMP'. Identify departmental KPIs

      An analyst will work with different stakeholders to determine the top social media goals for each department.

      Appendices

      Works Cited

      Ashja, Mojtaba, Akram Hadizadeh, and Hamid Bidram. “Comparative Study of Large Information Systems’ CSFs During Their Life Cycle.” Information Systems Frontiers. September 8, 2013.

      UBM. “The State of Social Media Analytics.” January, 2016.

      Jobvite. “2015 Recruiter Nation Survey.” September, 2015.

      Vendor Landscape Analysis Appendices

      Vendor Landscape Methodology:
      Overview

      Info-Tech’s Vendor Landscapes are research materials that review a particular IT market space, evaluating the strengths and abilities of both the products available in that space, as well as the vendors of those products. These materials are created by a team of dedicated analysts operating under the direction of a senior subject matter expert over a period of several weeks.

      Evaluations weigh selected vendors and their products (collectively “solutions”) on the following eight criteria to determine overall standing:

      • Features: The presence of advanced and market-differentiating capabilities.
      • User Interface: The intuitiveness, power, and integrated nature of administrative consoles and client software components.
      • Affordability: The three-year total cost of ownership of the solution; flexibility of the pricing and discounting structure.
      • Architecture: The degree of integration with the vendor’s other tools, flexibility of deployment, and breadth of platform applicability.
      • Viability: The stability of the company as measured by its history in the market, the size of its client base, and its percentage of growth.
      • Focus: The commitment to both the market space, as well as to the various sized clients (small, mid-sized, and enterprise clients).
      • Reach: The ability of the vendor to support its products on a global scale.
      • Sales: The structure of the sales process and the measure of the size of the vendor’s channel and industry partners.

      Evaluated solutions within scenarios are visually represented by a Pathway to Success, based off a linear graph using above scoring methods:

      • Use-case scenarios are decided upon based on analyst expertise and experience with Info-Tech clients.
      • Use-case scenarios are defined through feature requirements, predetermined by analyst expertise.
      • Placement within scenario rankings consists of features being evaluated against the other scoring criteria.

      Info-Tech’s Vendor Landscapes are researched and produced according to a strictly adhered to process that includes the following steps:

      • Vendor/product selection
      • Information gathering
      • Vendor/product scoring
      • Information presentation
      • Fact checking
      • Publication

      This document outlines how each of these steps is conducted.

      Vendor Landscape Methodology:
      Vendor/Product Selection & Information Gathering

      Info-Tech works closely with its client base to solicit guidance in terms of understanding the vendors with whom clients wish to work and the products that they wish evaluated; this demand pool forms the basis of the vendor selection process for Vendor Landscapes. Balancing this demand, Info-Tech also relies upon the deep subject matter expertise and market awareness of its Senior Analysts to ensure that appropriate solutions are included in the evaluation. As an aspect of that expertise and awareness, Info-Tech’s analysts may, at their discretion, determine the specific capabilities that are required of the products under evaluation, and include in the Vendor Landscape only those solutions that meet all specified requirements.

      Information on vendors and products is gathered in a number of ways via a number of channels.

      Initially, a request package is submitted to vendors to solicit information on a broad range of topics. The request package includes:

      • A detailed survey.
      • A pricing scenario (see Vendor Landscape Methodology: Price Evaluation and Pricing Scenario, below).
      • A request for reference clients.
      • A request for a briefing and, where applicable, guided product demonstration.

      These request packages are distributed approximately eight weeks prior to the initiation of the actual research project to allow vendors ample time to consolidate the required information and schedule appropriate resources.

      During the course of the research project, briefings and demonstrations are scheduled (generally for one hour each session, though more time is scheduled as required) to allow the analyst team to discuss the information provided in the survey, validate vendor claims, and gain direct exposure to the evaluated products. Additionally, an end-user survey is circulated to Info-Tech’s client base and vendor-supplied reference accounts are interviewed to solicit their feedback on their experiences with the evaluated solutions and with the vendors of those solutions.

      These materials are supplemented by a thorough review of all product briefs, technical manuals, and publicly available marketing materials about the product, as well as about the vendor itself.

      Refusal by a vendor to supply completed surveys or submit to participation in briefings and demonstrations does not eliminate a vendor from inclusion in the evaluation. Where analyst and client input has determined that a vendor belongs in a particular evaluation, it will be evaluated as best as possible based on publicly available materials only. As these materials are not as comprehensive as a survey, briefing, and demonstration, the possibility exists that the evaluation may not be as thorough or accurate. Since Info-Tech includes vendors regardless of vendor participation, it is always in the vendor’s best interest to participate fully.

      All information is recorded and catalogued, as required, to facilitate scoring and for future reference.

      Vendor Landscape Methodology:
      Scoring

      Once all information has been gathered and evaluated for all vendors and products, the analyst team moves to scoring. All scoring is performed at the same time so as to ensure as much consistency as possible. Each criterion is scored on a ten-point scale, though the manner of scoring for criteria differs slightly:

      • Features is scored via Cumulative Scoring.
      • Affordability is scored via Scalar Scoring.
      • All other criteria are scored via Base5 Scoring.

      Cumulative Scoring is on a four-point scale. Zero points are awarded to features that are deemed absent or unsatisfactory, one point is assigned to features that are partially present, two points are assigned to features that require an extra purchase in the vendor’s product portfolio or through a third party, three points are assigned to features that are fully present and native to the solution, and four points are assigned to the best-of-breed native feature. The assigned points are summed and normalized to a value out of ten. For example, if a particular Vendor Landscape evaluates eight specific features in the Feature Criteria, the summed score out of eight for each evaluated product would be multiplied by 1.25 to yield a value out of ten to represent in a Harvey Ball format.

      In Scalar Scoring, a score of ten is assigned to the lowest cost solution, and a score of one is assigned to the highest cost solution. All other solutions are assigned a mathematically-determined score based on their proximity to / distance from these two endpoints. For example, in an evaluation of three solutions, where the middle cost solution is closer to the low end of the pricing scale it will receive a higher score, and where it is closer to the high end of the pricing scale it will receive a lower score; depending on proximity to the high or low price it is entirely possible that it could receive either ten points (if it is very close to the lowest price) or one point (if it is very close to the highest price). Where pricing cannot be determined (vendor does not supply price and public sources do not exist), a score of 0 is automatically assigned.

      In Base5 scoring a number of sub-criteria are specified for each criterion (for example, Longevity, Market Presence, and Financials are sub-criteria of the Viability criterion), and each one is scored on the following scale:

      • 5 - The product/vendor is exemplary in this area (nothing could be done to improve the status).
      • 4 - The product/vendor is good in this area (small changes could be made that would move things to the next level).
      • 3 - The product/vendor is adequate in this area (small changes would make it good, more significant changes required to be exemplary).
      • 2 - The product/vendor is poor in this area (this is a notable weakness and significant work is required).
      • 1 - The product/vendor fails in this area (this is a glaring oversight and a serious impediment to adoption).

      The assigned points are summed and normalized to a value out of ten as explained in Cumulative Scoring above.

      Scores out of ten, known as Raw scores, are transposed as is into Info-Tech’s Vendor Landscape Shortlist Tool, which automatically determines Vendor Landscape positioning (see Vendor Landscape Methodology: Information Presentation – Vendor Landscape, below), Criteria Score (see Vendor Landscape Methodology: Information Presentation – Criteria Score, below), and Value Index (see Vendor Landscape Methodology: Information Presentation – Value Index, below).

      Vendor Landscape Methodology:
      Information Presentation – Criteria Scores (Harvey Balls)

      Info-Tech’s criteria scores are visual representations of the absolute score assigned to each individual criterion, as well as of the calculated overall vendor and product scores. The visual representation used is Harvey Balls.

      Harvey Balls are calculated as follows:

      1. Raw scores are transposed into the Info-Tech Vendor Landscape Shortlist Tool (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).
      2. Each individual criterion raw score is multiplied by a pre-assigned weighting factor for the Vendor Landscape in question. Weighting factors are determined prior to the evaluation process, based on the expertise of the Senior or Lead Research Analyst, to eliminate any possibility of bias. Weighting factors are expressed as a percentage, such that the sum of the weighting factors for the vendor criteria (Viability, Strategy, Reach, Channel) is 100%, and the sum of the product criteria (Features, Usability, Affordability, Architecture) is 100%.
      3. A sum-product of the weighted vendor criteria scores and of the weighted product criteria scores is calculated to yield an overall vendor score and an overall product score.
      4. Both overall vendor score / overall product score, as well as individual criterion raw scores are converted from a scale of one to ten to Harvey Ball scores on a scale of zero to four, where exceptional performance results in a score of four and poor performance results in a score of zero.
      5. Harvey Ball scores are converted to Harvey Balls as follows:
        • A score of four becomes a full Harvey Ball.
        • A score of three becomes a three-quarter full Harvey Ball.
        • A score of two becomes a half-full Harvey Ball.
        • A score of one becomes a one-quarter full Harvey Ball.
        • A score of zero becomes an empty Harvey Ball.
      6. Harvey Balls are plotted by solution in a chart where rows represent individual solutions and columns represent overall vendor / overall product, as well as individual criteria. Solutions are ordered in the chart alphabetically by vendor name.
      Harvey Balls
      Overall Harvey Balls represent weighted aggregates. Example of Harvey Balls with 'Overall' balls at the beginning of each category followed by 'Criteria' balls for individual raw scores. Criteria Harvey Balls represent individual raw scores.

      Vendor Landscape Methodology:
      Use-Case Scoring

      Within each Vendor Landscape a set of use-case scenarios are created by the analysts by considering the different outcomes and purposes related to the technology being evaluated. To generate the custom use-case vendor performances, the feature and Harvey Ball scoring performed in the Vendor Landscapes are set with custom weighting configurations.

      Calculations

      Each product has a vendor multiplier calculated based on its weighted performance, considering the different criteria scored in the Harvey Ball evaluations.

      To calculate each vendor’s performance, the advanced feature scores are multiplied against the weighting for the feature in the use-case scenario’s configuration.

      The weighted advanced feature score is then multiplied against the vendor multiplier.

      The sum of each vendor’s total weighted advanced features is calculated. This sum is used to identify the vendor’s qualification and relative rank within the use case.

      Example pie charts.

      Each use case’s feature weightings and vendor/product weighting configurations are displayed within the body of slide deck.

      Use-Case Vendor Performance

      Example stacked bar chart of use-case vendor performance.

      Vendors who qualified for each use-case scenario are ranked from first to last in a weighted bar graph based on the features considered.

      Vendor Landscape Methodology:
      Information Presentation – Feature Ranks (Stoplights)

      Advanced features are determined by analyst expertise, leveraging information gained from conversations with clients. Advanced features chosen as part of the evaluation are representative of what Info-Tech clients have indicated are of importance to their vendor solution. Advanced features are evaluated through a series of partial marks, dedicated to whether the solution performs all aspects of the Info-Tech definition of the feature and whether the feature is provided within the solution. Analysts hold the right to determine individual, unique scoring criteria for each evaluation. If a feature does not meet the criteria, Info-Tech holds the right to score the feature accordingly.

      Use cases use features as a baseline of the inclusion and scoring criteria.

      'Stoplight Legend' with green+star 'Feature category is present: best in class', green 'Feature category is present: strong', yellow 'Feature category is present: average', orange 'Feature category is partially present: weak', and red 'Feature category is absent or near-absent'.

      Vendor Landscape Methodology:
      Information Presentation – Value Index

      Info-Tech’s Value Index is an indexed ranking of solution value per dollar as determined by the raw scores assigned to each criteria (for information on how raw scores are determined, see Vendor Landscape Methodology: Scoring, above).

      Value scores are calculated as follows:

      1. The TCO Affordability criterion is removed from the Affordability score and the remaining product score criteria (Features, Usability, Architecture). Affordability scoring is adjusted with the TCO weighting distributed in proportion to the use case’s weighting for Affordability. Weighting is adjusted as to retain the same weightings relative to one another, while still summing to 100%.
      2. An adjusted multiplier is determined for each vendor using the recalculated Affordability scoring.
      3. The multiplier vendor score and vendor’s weighted feature score (based on the use-case scenario’s weightings), are summed. This sum is multiplied by the TCO raw score to yield an interim Value Score for each solution.
      4. All interim Value Scores are then indexed to the highest performing solution by dividing each interim Value Score by the highest interim Value Score. This results in a Value Score of 100 for the top solution and an indexed Value Score relative to the 100 for each alternate solution.
      5. Solutions are plotted according to Value Score, with the highest score plotted first, and all remaining scores plotted in descending numerical order.

      Where pricing is not provided by the vendor and public sources of information cannot be found, an Affordability raw score of zero is assigned. Since multiplication by zero results in a product of zero, those solutions for which pricing cannot be determined receive a Value Score of zero. Since Info-Tech assigns a score of zero where pricing is not available, it is always in the vendor’s best interest to provide accurate and up-to-date pricing. In the event that insufficient pricing is available to accurately calculate a Value Index, Info-Tech will omit it from the Vendor Landscape.

      Value Index

      Vendors are arranged in order of Value Score. The Value Score each solution achieved is displayed, and so is the average score.

      Example bar chart indicating the 'Value Score' vs the 'Average Score'.

      Those solutions that are ranked as Champions are differentiated for point of reference.

      Vendor Landscape Methodology:
      Information Presentation – Price Evaluation: Mid-Market

      Info-Tech’s Price Evaluation is a tiered representation of the three-year Total Cost of Ownership (TCO) of a proposed solution. Info-Tech uses this method of communicating pricing information to provide high-level budgetary guidance to its end-user clients while respecting the privacy of the vendors with whom it works. The solution TCO is calculated and then represented as belonging to one of ten pricing tiers.

      Pricing tiers are as follows:

      1. Between $1 and $2,500
      2. Between $2,500 and $10,000
      3. Between $10,000 and $25,000
      4. Between $25,000 and $50,000
      5. Between $50,000 and $100,000
      6. Between $100,000 and $250,000
      7. Between $250,000 and $500,000
      8. Between $500,000 and $1,000,000
      9. Between $1,000,000 and $2,500,000
      10. Greater than $2,500,000

      Where pricing is not provided, Info-Tech makes use of publicly available sources of information to determine a price. As these sources are not official price lists, the possibility exists that they may be inaccurate or outdated, and so the source of the pricing information is provided. Since Info-Tech publishes pricing information regardless of vendor participation, it is always in the vendor’s best interest to supply accurate and up to date information.

      Info-Tech’s Price Evaluations are based on pre-defined pricing scenarios (see Product Pricing Scenario, below) to ensure a comparison that is as close as possible between evaluated solutions. Pricing scenarios describe a sample business and solicit guidance as to the appropriate product/service mix required to deliver the specified functionality, the list price for those tools/services, as well as three full years of maintenance and support.

      Price Evaluation

      Call-out bubble indicates within which price tier the three-year TCO for the solution falls, provides the brackets of that price tier, and links to the graphical representation.

      Example price evaluation with a '3 year TCO...' statement, a visual gauge of bars, and a statement on the source of the information.

      Scale along the bottom indicates that the graphic as a whole represents a price scale with a range of $1 to $2.5M+, while the notation indicates whether the pricing was supplied by the vendor or derived from public sources.

      Vendor Landscape Methodology:
      Information Presentation – Vendor Awards

      At the conclusion of all analyses, Info-Tech presents awards to exceptional solutions in three distinct categories. Award presentation is discretionary; not all awards are extended subsequent to each Vendor Landscape and it is entirely possible, though unlikely, that no awards may be presented.

      Awards categories are as follows:

      • Champion Awards are presented to the top performing solution in a particular use-case scenario. As a result, only one Champion Award is given for each use case, and the entire Vendor Landscape will have the same number of Champion Awards as the number of evaluated use cases.
      • Leader Awards are presented to top performing solutions for each use-case scenario. Depending on the use-case scenario and the number of solutions being evaluated, a variable number of leader awards will be given. This number is at the discretion of the analysts, but is generally placed at two, and given to the solutions ranking second and third respectively for the use case.
      • Best Overall Value Awards are presented to the solution for each use-case scenario that ranked the highest in the Info-Tech Value Index for each evaluated scenario (see Vendor Landscape Methodology: Information Presentation – Value Index, above). If insufficient pricing information is made available for the evaluated solutions, such that a Value Index cannot be calculated, no Best Overall Value Award will be presented. Only one Best Overall Value Award is available for each use-case scenario.

      Vendor Awards for Use-Case Performance

      Vendor Award: 'Champion'. Info-Tech’s Champion Award is presented to solutions that placed first in an use-case scenario within the Vendor Landscape.
      Vendor Award: 'Leader'. Info-Tech Leader Award is given to solutions who placed in the top segment of a use-case scenario.
      Vendor Award: 'Best Overall Value'. Info-Tech’s Best Overall Value Award is presented to the solution within each use-case scenario with the highest Value Index score.

      Vendor Landscape Methodology:
      Fact Check & Publication

      Info-Tech takes the factual accuracy of its Vendor Landscapes, and indeed of all of its published content, very seriously. To ensure the utmost accuracy in its Vendor Landscapes, we invite all vendors of evaluated solutions (whether the vendor elected to provide a survey and/or participate in a briefing or not) to participate in a process of fact check.

      Once the research project is complete and the materials are deemed to be in a publication ready state, excerpts of the material specific to each vendor’s solution are provided to the vendor. Info-Tech only provides material specific to the individual vendor’s solution for review encompassing the following:

      • All written review materials of the vendor and the vendor’s product that comprise the evaluated solution.
      • Info-Tech’s Criteria Scores / Harvey Balls detailing the individual and overall vendor / product scores assigned.
      • Info-Tech’s Feature Rank / stoplights detailing the individual feature scores of the evaluated product.
      • Info-Tech’s Raw Pricing for the vendor either as received from the vendor or as collected from publicly available sources.
      • Info-Tech’s Scenario ranking for all considered scenarios for the evaluated solution.

      Info-Tech does not provide the following:

      • Info-Tech’s Vendor Landscape placement of the evaluated solution.
      • Info-Tech’s Value Score for the evaluated solution.
      • End-user feedback gathered during the research project.
      • Info-Tech’s overall recommendation in regard to the evaluated solution.

      Info-Tech provides a one-week window for each vendor to provide written feedback. Feedback must be corroborated (be provided with supporting evidence), and where it does, feedback that addresses factual errors or omissions is adopted fully, while feedback that addresses opinions is taken under consideration. The assigned analyst team makes all appropriate edits and supplies an edited copy of the materials to the vendor within one week for final review.

      Should a vendor still have concerns or objections at that time, they are invited to a conversation, initially via email, but as required and deemed appropriate by Info-Tech, subsequently via telephone, to ensure common understanding of the concerns. Where concerns relate to ongoing factual errors or omissions, they are corrected under the supervision of Info-Tech’s Vendor Relations personnel. Where concerns relate to ongoing differences of opinion, they are again taken under consideration with neither explicit not implicit indication of adoption.

      Publication of materials is scheduled to occur within the six weeks following the completion of the research project, but does not occur until the fact check process has come to conclusion, and under no circumstances are “pre-publication” copies of any materials made available to any client.

      Pricing Scenario

      Info-Tech Research Group is providing each vendor with a common pricing scenario to enable normalized scoring of Affordability, calculation of Value Index rankings, and identification of the appropriate solution pricing tier as displayed on each vendor scorecard.

      Vendors are asked to provide list costs for SMMP software licensing to address the needs of a reference organization described in the pricing scenario. Please price out the lowest possible 3-year total cost of ownership (TCO) including list prices for software and licensing fees to meet the requirements of the following scenario.

      Three-year total acquisition costs will be normalized to produce the Affordability raw scores and calculate Value Index ratings for each solution.

      The pricing scenario:

      • Enterprise Name: Imperial Products Incorporated
      • Enterprise Size: SMB
      • Enterprise Vertical: Consumer packaged goods
      • Total Number of Sites: Three office locations
      • Total Number of Employees: 500
      • Total Number SMMP End Users: 50
        • 20 dedicated CSRs who are handling all customer service issues routed to them
        • 5 PR managers who need the ability to monitor the social cloud
        • 24 brand portfolio managers – each portfolio has 5 products (25 total)
        • Each product has its own Facebook and Twitter presence
        • 1 HR manager (using social media for recruiting)
      • Total Number of IT Staff: 20
      • Operating System Environment: Windows 7
      • Functional Requirements and Additional Information: Imperial Products Incorporated is a mid-sized consumer packaged goods firm operating in the United States. The organization is currently looking to adopt a platform for social media monitoring and management. Functional requirements include the ability to monitor and publish to Facebook, Twitter, YouTube, and blogs. The platform must have the ability to display volume trends, show follower demographics, and conduct sentiment analysis. It must also provide tools for interacting in-platform with social contacts, provide workflow management capabilities, and offer the ability to manage specific social properties (e.g. Facebook Pages). Additional features that are desirable are the ability to archive social interactions, and a dedicated mobile application for one of the major smartphone/tablet operating systems (iOS, Android etc.).

      Measure IT Project Value

      • Buy Link or Shortcode: {j2store}431|cart{/j2store}
      • member rating overall impact: 9.5/10 Overall Impact
      • member rating average dollars saved: $5,549 Average $ Saved
      • member rating average days saved: 6 Average Days Saved
      • Parent Category Name: Portfolio Management
      • Parent Category Link: /portfolio-management
      • People treat benefits as a box to tick on the business case, deflating or inflating them to facilitate project approval.
      • Even if benefits are properly defined, they are usually forgotten once the project is underway.
      • Subsequent changes to project scope may impact the viability of the project’s business benefits, resulting in solutions that do not deliver expected value.

      Our Advice

      Critical Insight

      • It is rare for project teams or sponsors to be held accountable for managing and/or measuring benefits. The assumption is often that no one will ask if benefits have been realized after the project is closed.
      • The focus is largely on the project’s schedule, budget, and scope, with little attention paid to the value that the project is meant to deliver to the organization.
      • Without an objective stakeholder to hold people accountable for defining benefits and demonstrating their delivery, benefits will continue to be treated as red tape.
      • Sponsors will not take the time to define benefits properly, if at all. The project team will not take the time to ensure they are still achievable as the project progresses. When the project is complete, no one will investigate actual project success.

      Impact and Result

      • The project sponsor and business unit leaders must own project benefits; IT is only accountable for delivering the solution.
      • IT can play a key role in this process by establishing and supporting a benefits realization process. They can help business unit leaders and sponsors define benefits properly, identify meaningful metrics, and report on benefits realization effectively.
      • The project management office is ideally suited to facilitate this process by providing tools and templates, and a consistent and comparable view across projects.
      • Project managers are accountable for delivering the project, not for delivering the benefits of the project itself. However, they must ensure that changes to project scope are assessed for impact on benefits viability.

      Measure IT Project Value Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should establish a benefits legitimacy practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Establish benefits legitimacy during portfolio Intake

      This phase will help you define a benefits management process to help support effective benefits definition during portfolio intake.

      • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 1: Establish Benefits Legitimacy During Portfolio Intake
      • Project Sponsor Role Description Template
      • Benefits Commitment Form Template
      • Right-Sized Business Case Template

      2. Maintain benefits legitimacy throughout project planning and execution

      This phase will help you define a process for effective benefits management during project planning and the execution intake phase.

      • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 2: Maintain Benefits Legitimacy Throughout Project Planning and Execution
      • Project Benefits Documentation Workbook
      • Benefits Legitimacy Workflow Template (PDF)
      • Benefits Legitimacy Workflow Template (Visio)

      3. Close the deal on project benefits

      This phase will help you define a process for effectively tracking and reporting on benefits realization post-project.

      • Deliver Project Value With a Benefits Legitimacy Initiative – Phase 3: Close the Deal on Project Benefits
      • Portfolio Benefits Tracking Tool
      • Benefits Lag Report Template
      • Benefits Legitimacy Handbook Template
      [infographic]

      Workshop: Measure IT Project Value

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Analyze the Current State of Benefits Management

      The Purpose

      Assess the current state of benefits management at your organization and establish a realistic target state.

      Establish project and portfolio baselines for benefits management.

      Key Benefits Achieved

      Set achievable workshop goals and align stakeholder expectations.

      Establish a solid foundation for benefits management success.

      Activities

      1.1 Introductions and overview.

      1.2 Discuss attendee expectations and goals.

      1.3 Complete Info-Tech’s PPM Current State Scorecard.

      1.4 Perform right-wrong-confusing-missing analysis.

      1.5 Define target state for benefits management.

      1.6 Refine project levels.

      Outputs

      Info-Tech’s PPM Current State Scorecard report

      Right-wrong-confusing-missing analysis

      Stakeholder alignment around workshop goals and target state

      Info-Tech’s Project Intake Classification Matrix

      2 Establish Benefits Legitimacy During Portfolio Intake

      The Purpose

      Establish organizationally specific benefit metrics and KPIs.

      Develop clear roles and accountabilities for benefits management.

      Key Benefits Achieved

      An articulation of project benefits and measurements.

      Clear checkpoints for benefits communication during the project are defined.

      Activities

      2.1 Map the current portfolio intake process.

      2.2 Establish project sponsor responsibilities and accountabilities for benefits management.

      2.3 Develop organizationally specific benefit metrics and KPIs.

      2.4 Integrate intake legitimacy into portfolio intake processes.

      Outputs

      Info-Tech’s Project Sponsor Role Description Template

      Info-Tech’s Benefits Commitment Form Template

      Intake legitimacy process flow and RASCI chart

      Intake legitimacy SOP

      3 Maintain Benefits Legitimacy Throughout Project Planning and Execution

      The Purpose

      Develop a customized SOP for benefits management during project planning and execution.

      Key Benefits Achieved

      Ensure that all changes to the project have been recorded and benefits have been updated in preparation for deployment.

      Updated benefits expectations are included in the final sign-off package.

      Activities

      3.1 Map current project management process and audit project management documentation.

      3.2 Identify appropriate benefits control points.

      3.3 Customize project management documentation to integrate benefits.

      3.4 Develop a deployment legitimacy process flow.

      Outputs

      Customized project management toolkit

      Info-Tech’s Project Benefits Documentation Workbook

      Deployment of legitimacy process flow and RASCI chart

      Deployment of legitimacy SOP

      4 Close the Deal on Project Benefits

      The Purpose

      Develop a post-project benefits realization process.

      Key Benefits Achieved

      Clear project sponsorship accountabilities for post-project benefits tracking and reporting.

      A portfolio level benefits tracking tool for reporting on benefits attainment.

      Activities

      4.1 Identify appropriate benefits control points in the post-project process.

      4.2 Configure Info-Tech’s Portfolio Benefits Tracking Tool.

      4.3 Define a post-project benefits reporting process.

      4.4 Formalize protocol for reporting on, and course correcting, benefit lags.

      4.5 Develop a post-project legitimacy process flow.

      Outputs

      Info-Tech’s Portfolio Benefits Tracking Tool

      Post-Project legitimacy process flow and RASCI chart

      Post-Project Legitimacy SOP

      Info-Tech’s Benefits Legitimacy Handbook

      Info-Tech’s Benefits Legitimacy Workflow Template

      Improve Service Desk Ticket Intake

      • Buy Link or Shortcode: {j2store}481|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Service Desk
      • Parent Category Link: /service-desk

      • Customers expect a consumer experience with IT. It won’t be long until this expectation expands to IT service support.
      • Messaging and threads are becoming central to how businesses organize information and conversations, but voice isn’t going away. It is still by far people’s favorite channel.
      • Tickets are becoming more complicated. BYOD, telework, and SaaS products present a perfect storm.
      • Traditional service metrics are not made for self service. Your mean-time-to-resolve will increase and first-contact resolution will decrease.

      Our Advice

      Critical Insight

      • Bring the service desk to the people. Select channels that are most familiar to your users, and make it as easy possible to talk to a human.
      • Integrate channels. Users should have a consistent experience, and technicians should know user history.
      • Don’t forget the human aspect. People aren’t always good with technology. Allow them to contact a person if they are struggling.

      Impact and Result

      • Define which channels will be prioritized.
      • Identify improvements to these channels based on best practices and our members’ experiences.
      • Streamline your ticket intake process to remove unnecessary steps.
      • Prioritize improvements based on their value. Implement a set of improvements every quarter.

      Improve Service Desk Ticket Intake Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should improve your ticket intake, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Define and prioritize ticket channels

      Align your improvements with business goals and the shift-left strategy.

      • Improve Service Desk Ticket Intake – Phase 1: Define and Prioritize Ticket Channels
      • Service Desk Maturity Assessment
      • Service Desk Improvement Presentation Template

      2. Improve ticket channels

      Record potential improvements in your CSI Register, as you review best practices for each channel.

      • Improve Service Desk Ticket Intake – Phase 2: Improve Ticket Channels
      • Service Desk Continual Improvement Roadmap
      • Service Desk Ticket Intake Workflow Samples (Visio)
      • Service Desk Ticket Intake Workflow Samples (PDF)
      • Service Definition Checklist
      • Service Desk Site Visit Checklist Template

      3. Define next steps

      Streamline your ticket intake process and prioritize opportunities for improvement.

      • Improve Service Desk Ticket Intake – Phase 3: Define Next Steps
      [infographic]

      Workshop: Improve Service Desk Ticket Intake

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Optimize Ticket Channels

      The Purpose

      Brainstorm improvements to your systems and processes that will help you optimize.

      Key Benefits Achieved

      Develop a single point of contact.

      Reduce the time before a technician can start productively working on a ticket.

      Enable Tier 1 and end users to complete more tickets.

      Activities

      1.1 Prioritize channels for improvement.

      1.2 Optimize the voice channel.

      1.3 Identify improvements for self service.

      1.4 Improve Tier 1 agents’ access to information.

      1.5 Optimize supplementary ticket channels.

      Outputs

      Action items to improve the voice channel.

      Populated CSI Register for self-service channels.

      Identified action items for the knowledgebase.

      Populated CSI Register for additional ticket channels.

      2 Streamline Ticket Intake

      The Purpose

      Create long-term growth by taking a sustainable approach to improvements.

      Key Benefits Achieved

      Streamline your overall ticket intake process for incidents and service requests.

      Activities

      2.1 Map out the incident intake processes.

      2.2 Identify opportunities to streamline the incident workflow.

      2.3 Map out the request processes.

      2.4 Identify opportunities to streamline the request workflow.

      Outputs

      Streamlined incident intake process.

      Streamlined request intake process.

      Populated CSI Register for request intake.

      Make the Case for Enterprise Business Analysis

      • Buy Link or Shortcode: {j2store}509|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Requirements & Design
      • Parent Category Link: /requirements-and-design
      • It can be difficult to secure alignment between the many lines of business, IT included, in your organization.
      • Historically, we have drawn a dividing line between IT and "the business.”
      • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed to make way for the loudest voice’s option.

      Our Advice

      Critical Insight

      • Enterprise business analysis can help you stop the debate between IT and “the business,” as it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove the bias and politics in decision making all too common in organizations.
      • The business analyst is the only role that can connect the strategic with the tactical, the systems, and the operations and do so objectively. It is the one source to show how people, process, and technology connect and relate, and the most skilled can remove bias and politics from their lens of view.
      • Maturity can’t be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

      Impact and Result

      Let’s make the case for enterprise business analysis!

      • Organizations that have higher business analysis maturity and deploy enterprise analysis deliver better quality outcomes, with higher value, lower cost, and higher user satisfaction.
      • Business analysts should be contributing at the strategic level, as they need to understand multiple horizons simultaneously and be able to zoom in and out as the context calls for it. Business analysts aren’t only for projects.

      Make the Case for Enterprise Business Analysis Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Make the Case for Enterprise Business Analysis Storyboard – Take your business analysis from tactics to strategy.

      • Make the Case for Enterprise Business Analysis Storyboard

      2. Communicate the Case for Enterprise Business Analysis Template – Make the case for enterprise business analysis.

      • Communicate the Case for Enterprise Business Analysis
      [infographic]

      Further reading

      Make the Case for Enterprise Business Analysis

      Putting the strategic and tactical puzzle together.

      Analyst Perspective

      We commonly recognize the value of effective business analysis at a project or tactical level. A good business analysis professional can support the business by identifying its needs and recommending solutions to address them.
      Now, wouldn't it be great if we could do the same thing at a higher level?
      Enterprise (or strategic) business analysis is all about seeing that bigger picture, an approach that makes any business analysis professional a highly valuable contributor to their organization. It focuses on the enterprise, not a specific project or line of business.
      Leading the business analysis effort at an enterprise level ensures that your business is not only doing things right, but also doing the right things; aligned with the strategic vision of your organization to improve the way decisions are made, options are analyzed, and successful results are realized.

      Vincent Mirabelli

      Vincent Mirabelli
      Principal Research Director, Applications Delivery and Management
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      • Difficulty properly aligning between the many lines of business in your organization.
      • Historically, we have drawn a dividing line between IT and the business.
      • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed in favor of the loudest voice.

      Common Obstacles

      • Difficulty aligning an ever-changing backlog of projects, products, and services while simultaneously managing risks, external threats, and stakeholder expectations.
      • Many organizations have never heard of enterprise business analysis and only see the importance of business analysts at the project and delivery level.
      • Business analysis professionals rarely do enough to advocate for a seat at the strategic tables in their organizations.

      Info-Tech's Approach

      Let's make the case for enterprise business analysis!

      • Organizations that have higher business analysis maturity and deploy enterprise business analysis deliver better quality outcomes with higher value, lower cost, and higher user satisfaction.
      • Business analysts aren't only for projects. They should contribute at the strategic level, since they need to understand multiple horizons simultaneously and be able to zoom in and out as the context requires.

      Info-Tech Insight

      Enterprise business analysis can help you reframe the debate between IT and the business, since it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove bias and politics from decision making.

      Phase 1

      Build the case for enterprise business analysis

      Phase 1

      Phase 2

      1.1 Define enterprise business analysis

      1.2 Identify your pains and opportunities

      2.1 Set your vision

      2.2 Define your roadmap and next steps

      2.3 Complete your executive communications deck

      This phase will walk you through the following activities:

      • 1.1.1 Discuss how business analysis is used in our organization
      • 1.1.2 Discuss your disconnects between strategy and tactics
      • 1.2.1 Identify your pains and opportunities

      This phase involves the following participants:

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      How business analysis supports our success today

      Delivering value at the tactical level

      Effective business analysis helps guide an organization through improvements to processes, products, and services. Business analysts "straddle the line between IT and the business to help bridge the gap and improve efficiency" in an organization (CIO, 2019).
      They are most heavily involved in:

      • Defining needs
      • Modeling concepts, processes, and solutions
      • Conducting analysis
      • Maintaining and managing requirements
      • Managing stakeholders
      • Monitoring progress
      • Doing business analysis planning
      • Conducting elicitation

      In a survey, business analysts indicated that of their total working time, they spend 31% performing business analysis planning and 41% performing elicitation and analysis (PMI, 2017).

      By including a business analyst in a project, organizations benefit by:
      (IAG, 2009)

      87%

      Reduced time overspending

      75%

      Prevented budget overspending

      78%

      Reduction in missed functionality

      1.1.1 Discuss how business analysis is used in your organization

      15-30 minutes

      1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives on business analysis. This should relate to their experience and not a future or aspirational usage.
      2. Have a team member facilitate the session.
      3. Brainstorm and document all shared thoughts and perspectives.
      4. Synthesize those thoughts and perspectives and record the results for the group to review and discuss.
      5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template

      Input

      • Stakeholder knowledge and experience

      Output

      • A shared understanding of how your organization leverages its business analysis function

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Download the Communicate the Case for Enterprise Business Analysis template

      Executives and leadership are satisfied with IT when there is alignment between tactics and goals

      Info-Tech's CIO Business Vision Survey data highlights the importance of IT projects in supporting the business to achieve its strategic goals.

      However, Info-Tech's CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT as poorly aligned with the business' strategic goals.

      Info-Tech's CIO-CEO Alignment Diagnostics

      43%

      of CEOs believe that business goals are going unsupported by IT.

      60%

      of CEOs believe that IT must improve understanding of business goals.

      80%

      of CIOs/CEOs are misaligned on the target role of IT.

      30%

      of business stakeholders support their IT departments.

      Addressing problems solely with tactics does not always have the desired effect

      94%

      Source: "Out of the Crisis", Deming (via Harvard Business Review)

      According to famed management and quality thought leader and pioneer W. Edwards Deming, 94% of issues in the workplace are systemic cause significant organizational pain.

      Yet we continue to address them on the surface, rather than acknowledge how ingrained they are in our culture, systems, and processes.

      For example, we:

      • Create workarounds to address process and solution constraints
      • Expect that poor (or lack of ) leadership can be addressed in a course or seminar
      • Expect that "going Agile" will resolve our problems, and that decision making, governance, and organizational alignment will happen organically.

      Band-aid solutions rarely have the desired effect, particularly in the long-term.

      Our solutions should likewise focus on the systemic/macro environment. We can do this via projects, products and services, but those don't always address the larger issues.

      If we take the work our business analysis currently does in defining needs and solutions, and elevate this to the strategic level, the results can be impactful.

      Many organizations would benefit from enhancing their business analysis maturity

      The often-overlooked strategic value of the role comes with maturing your practices.

      Only 18% of organizations have mature (optimized or established) business analysis practices.

      With that higher level of maturity comes increased levels of capability, efficiency, and effectiveness in delivering value to people, processes, and technology. Through such efforts, they're better equipped and able to connect the strategy of their organization to the projects, processes, and products they deliver.

      They shift focus from "figuring business analysis out" to truly unleashing its potential, with business analysts contributing in strategic and tactical ways.

      an image showing the following data: Optimized- 5; Established- 13; Improving- 37; Starting- 25; Ad hoc- 21

      (Adapted from PMI, 2017)

      Info-Tech Insight

      Business analysts are best suited to connect the strategic with the tactical, the systems, and the operations. They maintain the most objective lens regarding how people, process, and technology connect and relate, and the most skilled of them can remove bias and politics from their perspective.

      1.1.2 Discuss your disconnects between strategy and tactics

      30-60 minutes

        1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives regarding failures that resulted from disconnects between strategy and tactics.
        2. Have a team member facilitate the session.
        3. Brainstorm and document all shared thoughts and perspectives.
        4. Synthesize those thoughts and perspectives and record the results.
        5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

      Input

      • Stakeholder knowledge and experience

      Output

      • A shared understanding and list of failures due to disconnects between strategy and tactics

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Download the Communicate the Case for Enterprise Business Analysis template

      Defining enterprise business analysis

      Terms may change, but the function remains the same.

      Enterprise business analysis (sometimes referred to as strategy analysis) "…focuses on defining the future and transition states needed to address the business need, and the work required is defined both by that need and the scope of the solution space. It covers strategic thinking in business analysis, as well as the discovery or imagining of possible solutions that will enable the enterprise to create greater value for stakeholders and/or capture more value for itself."
      (Source: "Business Analysis Body of Knowledge," v3)

      Define the function of enterprise business analysis

      This is a competitive advantage for mature organizations.

      Organizations with high-performing business analysis programs experience an enhanced alignment between strategy and operations. This contributes to improved organizational performance. We see this in financial (69% vs. 45%) and strategic performance (66% vs. 21%), also organizational agility (40% vs. 14%) and management of operational projects (62% vs. 29%). (PMI, 2017)

      When comparing enterprise with traditional business analysis, we see stark differences in the size and scope of their view, where they operate, and the role they play in organizational decision making.

      Enterprise Traditional
      Decision making Guides and influences Executes
      Time horizon 2-10 years 0-2 years
      Focus Strategy, connecting the strategic to the operational Operational, optimizing how business is done, and keeping the lights on
      Domain

      Whole organization

      Broader marketplace

      Only stakeholder lines of business relevant to the current project, product or service
      Organizational Level Executive/Leadership Project

      (Adapted from Schulich School of Business)

      Info-Tech Insight

      Maturity can't be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

      An image showing the percentages of high- and low- maturity organizations, for the following categories: Financial performance; Strategy implementation; Organizational agility; Management of projects.

      (Adapted from PMI, 2017)

      How enterprise business analysis is used to improve organizations

      The biggest sources of project failure include:

      • Wrong (or poor) requirements
      • Unrealistic (or incomplete) business case
      • Lack of appropriate governance and oversight
      • Poor implementation
      • Poor benefits management
      • Environmental changes

      Source: MindTools.com, 2023.

      Enterprise business analysis addresses these sources and more.

      It brings a holistic view of the organization, improving collaboration and decision making across the many lines of business, effectively breaking down silos.

      In addition to ensuring we're doing the right things, not just doing things right in the form of improved requirements and more accurate business cases, or ensuring return on investment (ROI) and monitoring the broader landscape, enterprise business analysis also supports:

      • Reduced rework and waste
      • Understanding and improving operations
      • Making well-informed decisions through improved objectivity/reduced bias
      • Identifying new opportunities for growth and expansion
      • Identifying and mitigating risk
      • Eliminating projects and initiatives that do not support organizational goals or objectives
      • A career-pathing option for business analysts

      Identify your pains and opportunities

      There are many considerations in enterprise business analysis.

      Pains, gains, threats, and opportunities can come at your organization from anywhere. Be it a new product launch, an international expansion, or a new competitor, it can be challenging to keep up.

      This is where an enterprise business analyst can be the most helpful.

      By keeping a pulse on the external and internal environments, they can support growth, manage risks, and view your organization through multiple lenses and perspectives to get a single, complete picture.

      External

      Internal

      Identifying competitive forces

      In the global environment

      Organizational strengths and weaknesses

      • Monitoring and maintaining your competitive advantage.
      • Understanding trends, risks and threats in your business domain, and how they affect your organization.
      • Benchmarking performance against like and unlike organizations, to realize where you stand and set a baseline for continuous improvement and business development.
      • Leveraging tools and techniques to scan the broader landscape on an ongoing basis. Using PESTLE analysis, they can monitor the political, economic, social, technological, legal, and environmental factors that impact when, where, how, and with who you conduct your business and IT operations.
      • Supporting alignment between a portfolio or program of projects and initiatives.
      • Improving alignment between the various lines of business, who often lack full visibility outside of their silo, and can find themselves clashing over time, resources, and attention from leaders.
      • Improving solutions and outcomes through objective option selection.

      1.2.1 Identify your pains and opportunities

      30-60 minutes

      1. As a group, generate a list of the current pains and opportunities facing your organization. You can focus on a particular type (competitive, market, or internal) or leave it open. You can also focus on pains or opportunities separately, or simultaneously.
      2. Have a team member facilitate the session.
      3. Record the results for the group to review, discuss, and prioritize.
        1. Discuss the impact and likelihood of each item. This can be formally ranked and quantified if there is data to support the item or leveraging the wisdom of the group.
        2. Prioritize the top three to five items of each type, as agreed by the group, and document the results.
      4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

      Download the Communicate the Case for Enterprise Business Analysis template

      Input

      • Attendee knowledge
      • Supporting data, if available

      Output

      • A list of identified organizational pains and opportunities that has been prioritized by the group

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Phase 2

      Prepare the foundations for your enterprise business analysis program

      Phase 1

      Phase 2

      1.1 Define enterprise business analysis

      1.2 Identify your pains and opportunities

      2.1 Set your vision

      2.2 Define your roadmap and next steps

      2.3 Complete your executive communications deck

      This phase will walk you through the following activities:

      • 2.1.1 Define your vision and goals
      • 2.1.2 Identify your enterprise business analysis inventory
      • 2.2.1 Now, Next, Later

      This phase involves the following participants:

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Set your vision

      Your vision becomes your "north star," guiding your journey and decisions.

      When thinking about a vision statement for enterprise business analysis, think about:

      • Who are we doing this for? Who will benefit?
      • What do our business partners need? What do our customers need?
      • What value do we provide them? How can we best support them?
      • Why is this special/different from how we usually do business?

      Always remember: Your goal is not your vision!

      Not knowing the difference will prevent you from both dreaming big and achieving your dream.

      Your vision represents where you want to go. It's what you want to do.

      Your goals represent how you want to achieve your vision.

      • They are a key element of operationalizing your vision.
      • Your strategy, initiatives, and features will align with one or more goals.

      Info-Tech Best Practice

      Your vision shouldn't be so far out that it doesn't feel real, nor so short term that it gets bogged down in details. Finding balance will take some trial and error and will be different depending on your organization.

      2.1.1 Define your vision and goals

      1-2 hours

      1. Gather the appropriate stakeholders to discuss their vision for enterprise business analysis. It should address the questions used in framing your vision statement.
      2. Have a team member facilitate the session.
      3. Review your current organizational vision and goals.
      4. Discuss and document all shared thoughts and perspectives on how enterprise business analysis can align with the organizational vision.
      5. Synthesize those thoughts and perspectives to create a vision statement.
      6. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

      Download the Communicate the Case for Enterprise Business Analysis template

      Input

      • Stakeholder vision, knowledge, and experience
      • Current organizational vision and goals

      Output

      • A documented vision and goals for your enterprise business analysis program

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Components of successful enterprise business analysis programs

      Ensure you're off to the best start by examining where you are and where you want to go.

      Training

      • Do the current team members have the right level of training?
      • Can we easily obtain training to close any gaps?

      Competencies and capabilities

      • Do our business analysts have the right skills, attributes, and behaviors to be successful?

      Structure and alignment

      • Would the organizational culture support enterprise business analysis (EBA)?
      • How might we structure the EBA unit to maximize effectiveness?
      • How can we best support the organization's goals and objectives?

      Methods and processes

      • How do we plan on managing the work to be done?
      • Can we define our processes and workflows?

      Tools, techniques, and templates

      • Do we have the most effective tools, techniques, and templates?

      Governance

      • How will we make decisions?
      • How will the program be managed?

      2.1.2 Identify your enterprise business analysis inventory

      30-60 minutes

      1. Gather the appropriate stakeholders to discuss the current business analysis assets, which could be leveraged for enterprise business analysis. This includes people, processes, and technologies which cover skills, knowledge, resources, experience, knowledge, and competencies. Focus on what the organization currently has, and not what it needs.
      2. Have a team member facilitate the session.
      3. Record the results for the group to review and discuss.
      4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

      Download the Communicate the Case for Enterprise Business Analysis template

      Input

      • Your current business analysis assets and resources Stakeholder knowledge and experience

      Output

      • A list of assets and resources to enable enterprise business analysis

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      Define your roadmap and next steps

      What do we have? What do we need?

      From completing the enterprise business analysis inventory, you will have a comprehensive list of all available assets.

      The next question is, how can this be leveraged to start building for the future?

      To operationalize enterprise business analysis, consider:

      • What do we still need to do?
      • How important are the identified gaps? Can we still operate?
      • What decisions do we need to make?
      • What stakeholders do we need to involve? Have we engaged them all?

      Lay out your roadmap

      Taking steps to mature your enterprise business analysis practice.

      The Now, Next, Later technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

      • Now tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
      • Next tasks are those that should be completed soon. These tasks are not as critical as Now tasks, but they are still important and should be tackled relatively soon.
      • Later tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

      By using this technique, you can prioritize and plan the most important tasks, while allowing the flexibility to adjust as necessary.

      This technique also helps clarify what must be done first vs. what can wait. This prioritizes the most important things while keeping track of what must be done next, maintaining a smooth development/improvement process.

      An image of the now - next - later roadmap technique.

      2.2.1 Now, Next, Later

      1-2 hours

      1. Use the list of items created in 2.1.2 (Identify your enterprise business analysis inventory). Add any you feel are missing during this exercise.
      2. Have a team member facilitate the session.
      3. In the Communicate the Case for Enterprise Business Analysis template, categorize these items according to Now, Next and Later, where:
        1. Now = Critically important items that may require little effort to complete. These must be done within the next six months.
        2. Next = Important items that may require more effort or depend on other factors. These must be done in six to twelve months.
        3. Later = Less important items that may require significant effort to complete. These must be done at some point within twelve months.

      Ultimately, the choice of priority and timing is yours. Recognize that items may change categories as new information arises.

      Download the Communicate the Case for Enterprise Business Analysis template

      Input

      • Your enterprise business analysis inventory and gaps
      • Stakeholder knowledge and experience

      Output

      • A prioritized list of items to enable enterprise business analysis

      Materials

      • Whiteboard/Flip charts
      • Collaborative whiteboard
      • Communicate the Case for Enterprise Business Analysis template

      Participants

      • Business analyst(s)
      • Organizational business leaders
      • Any other relevant stakeholders

      2.3 Complete your executive communication deck

      Use the results of your completed exercises to build your executive communication slide deck, to make the case for enterprise business analysis

      Slide Header Associated Exercise Rationale
      Pains and opportunities

      1.1.2 Discuss your disconnects between strategy and tactics

      1.2.1 Identify your pains and opportunities

      This helps build the case for enterprise business analysis (EBA), leveraging the existing pains felt in the organization. This will draw the connection for your stakeholders.
      Our vision and goals 2.1.1 Define your vision and goals Defines where you want to go and what effort will be required.
      What is enterprise business analysis

      1.1.1 How is BA being used in our organization today?
      Pre-populated supporting content

      Defines the discipline of EBA and how it can support and mature your organization.
      Expected benefits Pre-populated supporting content What's in it for us? This section helps answer that question. What benefits can we expect, and is this worth the investment of time and effort?
      Making this a reality 2.1.2 Identify your EBA inventory Identifies what the organization presently has that makes the effort easier. It doesn't feel as daunting if there are existing people, processes, and technologies in place and in use today.
      Next steps 2.2.1 Now, Next, Later A prioritized list of action items. This will demonstrate the work involved, but broken down over time, into smaller, more manageable pieces.

      Track metrics

      Track metrics throughout the project to keep stakeholders informed.

      As the project nears completion:

      1. You will have better-aligned and more satisfied stakeholders.
      2. You will see fewer projects and initiatives that don't align with the organizational goals and objectives.
      3. There will be a reduction in costs attributed to misaligned projects and initiatives (as mentioned in #2) and the opportunity to allocate valuable time and resources to other, higher-value work.
      Metric Description Target Improvement/Reduction
      Improved stakeholder satisfaction Lines of business and previously siloed departments/divisions will be more satisfied with time spent on solution involvement and outcomes. 10% year 1, 20% year 2
      Reduction in misaligned/non-priority project work Reduction in projects, products, and services with no clear alignment to organizational goals. With that, resource costs can be allocated to other, higher-value solutions. 10% year 1, 25% year 2
      Improved delivery agility/lead time With improved alignment comes reduced conflict and political infighting. As a result, the velocity of solution delivery will increase. 10%

      Bibliography

      Bossert, Oliver and Björn Münstermann. "Business's 'It's not my problem' IT problem." McKinsey Digital. 30 March, 2023.
      Brule, Glenn R. "The Lay of the Land: Enterprise Analysis." Modern Analyst.
      "Business Analysis: Leading Organizations to Better Outcomes." Project Management Institute (PMI), 2017
      Corporate Finance Institute. "Strategic Analysis." Updated 14 March 2023
      IAG Consulting. Business Analysis Benchmark Report, 2009.
      International Institute of Business Analysis. "A Guide to the Business Analysis Body of Knowledge" (BABOK Guide) version 3.
      Mirabelli, Vincent. "Business Analysis Foundations: Enterprise" LinkedIn Learning, February 2022.
      - - "Essential Techniques in Enterprise Analysis" LinkedIn Learning, September 2022.
      - - "The Essentials of Enterprise Analysis" Love the Process Academy. May 2020.
      - - "The Value of Enterprise Analysis." VincentMirabelli.com
      Praslova, Ludmila N. "Today's Most Critical Workplace Challenges Are About Systems." Harvard Business Review. 10 January 2023.
      Pratt, Mary K. and Sarah K. White. "What is a business analyst? A key role for business-IT efficiency." CIO. 17 April, 2019.
      Project Management Institute. "Business Analysis: Leading Organizations to Better Outcomes." October 2017.
      Sali, Sema. "The Importance of Strategic Business Analysis in Successful Project Outcomes." International Institute of Business Analysis. 26 May 2022.
      - - "What Does Enterprise Analysis Look Like? Objectives and Key Results." International Institute of Business Analysis. 02 June 2022.
      Shaker, Kareem. "Why do projects really fail?" Project Management Institute, PM Network. July 2010.
      "Strategic Analysis: Definition, Types and Benefits" Voxco. 25 February 2022.
      "The Difference Between Enterprise Analysis and Business Analysis." Schulich School of Business, Executive Education Center. 24 September 2018 (Updated June 2022)
      "Why Do Projects Fail: Learning How to Avoid Project Failure." MindTools.com. Accessed 24 April 2023.

      Hire or Develop a World-Class CISO

      • Buy Link or Shortcode: {j2store}243|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Security Strategy & Budgeting
      • Parent Category Link: /security-strategy-and-budgeting
      • It is difficult to find a “unicorn”: a candidate who is already fully developed in all areas.
      • The role of the CISO has changed so much in the past three years, it is unclear what competencies are most important.
      • Current CISOs need to scope out areas of future development.

      Our Advice

      Critical Insight

      The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

      Impact and Result

      • Clarify the competencies that are important to your organizational needs and use them to find a candidate with those specific strengths.
      • If you are a current CISO, complete a self-assessment and identify your high-priority competency gaps so you can actively work to develop those areas.
      • Create an actionable plan to develop the CISO’s capabilities and regularly reassess these items to ensure constant improvement.

      Hire or Develop a World-Class CISO Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Hire of Develop a World-Class CISO Deck – A step-by-step guide on finding or developing the CISO that best fits your organization.

      Use this blueprint to hire or develop a world-class Chief Information Security Officer (CISO) with the competencies that suit your specific organizational needs. Once you have identified the right candidate, create a plan to develop your CISO.

      • Hire or Develop a World-Class CISO – Phases 1-4

      2. CISO Core Competency Evaluation Tool – Determine which competencies your organization needs and which competencies your CISO needs to work on.

      This tool will help you determine which competencies are a priority for your organizational needs and which competencies your CISO needs to develop.

      • CISO Core Competency Evaluation Tool

      3. CISO Stakeholder Power Map Template – Visualize stakeholder and CISO relationships.

      Use this template to identify stakeholders who are key to your security initiatives and to understand your relationships with them.

      • CISO Stakeholder Power Map Template

      4. CISO Stakeholder Management Strategy Template – Develop a strategy to improve stakeholder and CISO relationships.

      Create a strategy to cultivate your stakeholder relationships and manage each relationship in the most effective way.

      • CISO Stakeholder Management Strategy Template

      5. CISO Development Plan Template – Develop a plan to support a world-class CISO.

      This tool will help you create and implement a plan to remediate competency gaps.

      • CISO Development Plan Template

      Infographic

      Further reading

      Hire or Develop a World-Class CISO

      Find a strategic and security-focused champion for your business.

      Analyst Perspective

      Create a plan to become the security leader of tomorrow

      The days are gone when the security leader can stay at a desk and watch the perimeter. The rapidly increasing sophistication of technology, and of attackers, has changed the landscape so that a successful information security program must be elastic, nimble, and tailored to the organization’s specific needs.

      The Chief Information Security Officer (CISO) is tasked with leading this modern security program, and this individual must truly be a Chief Officer, with a finger on the pulses of the business and security processes at the same time. The modern, strategic CISO must be a master of all trades.

      A world-class CISO is a business enabler who finds creative ways for the business to take on innovative processes that provide a competitive advantage and, most importantly, to do so securely.

      Cameron Smith, Research Lead, Security and Privacy

      Cameron Smith
      Research Lead, Security & Privacy
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      • CEOs/CXOs are looking to hire or develop a senior security leader and aren’t sure where to start.
      • Conversely, security practitioners are looking to upgrade their skill set and are equally stuck in terms of what an appropriate starting point is.
      • Organizations are looking to optimize their security plans and move from a tactical position to a more strategic one.

      Common Obstacles

      • It is difficult to find a “unicorn”: a candidate who is already fully developed in all areas.
      • The role of the CISO has changed so much in the past three years, it is unclear what competencies are most important.
      • You are a current CISO and need to scope out your areas of future development.

      Info-Tech’s Approach

      • Clarify the competencies that are important to your organizational needs and use them to find a candidate with those specific strengths.
      • If you are a current CISO, complete a self-assessment and identify your high-priority competency gaps so you can actively work to develop those areas.
      • Create an actionable plan to develop the CISO’s capabilities and regularly reassess these items to ensure constant improvement.

      Info-Tech Insight
      The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

      Your challenge

      This Info-Tech blueprint will help you hire and develop a strategic CISO

      • Security without strategy is a hacker’s paradise.
      • The outdated model of information security is tactical, where security acts as a watchdog and responds.
      • The new security leader must be strategic, striking a balance between being tactical and taking a proactive security stance. They must incorporate security into business practices from day one and enable secure adoption of new technologies and business practices.

      Around one in five organizations don’t have an individual with the sole responsibility for security1

      1 Navisite

      Info-Tech Insight
      Assigning security responsibilities to departments other than security can lead to conflicts of interest.

      Common obstacles

      It can be difficult to find the right CISO for your organization

      • The smaller the organization, the less likely it will have a CISO or equivalent position.
      • Because there is a shortage of qualified candidates, qualified CISOs can demand high salaries and many CISO positions will go unfilled.
      • It is easier for larger companies to attract top CISO talent, as they generally have more resources available.

      Source: Navisite

      Only 36% of small businesses have a CISO (or equivalent position).

      48% of mid-sized businesses have a CISO.

      90% of large organizations have a CISO.

      Source: Navisite

      Strategic versus tactical

      CISOs should provide leadership based on a strategic vision 1

      Strategic CISO Tactical CISO

      Proactive

      Focus is on protecting hyperdistributed business processes and data

      Elastic, flexible, and nimble

      Engaged in business design decisions

      Speaks the language of the audience (e.g. business, financial, technical)

      Reactive

      Focus is on protecting current state

      Perimeter and IT-centric approach

      Communicates with technical jargon

      1 Journal of Computer Science and Information Technology

      Info-Tech has identified three key behaviors of the world-class CISO

      To determine what is required from tomorrow’s security leader, Info-Tech examined the core behaviors that make a world-class CISO. These are the three areas that a CISO engages with and excels in.

      Later in this blueprint, we will review the competencies and skills that are required for your CISO to perform these behaviors at a high level.

      Align

      Aligning security enablement with business requirements

      Enable

      Enabling a culture of risk management

      Manage

      Managing talent and change

      Info-Tech Insight
      Through these three overarching behaviors, you can enable a security culture that is aligned to the business and make security elastic, flexible, and nimble to maintain the business processes.

      Info-Tech’s approach

      Understand what your organization needs in a CISO: Consider the core competencies of a CISO. Assess: Assess candidates' core competencies and the CISO's stakeholder relationships. Plan improvements: Identify resources to close competency gaps and an approach to improve stakeholder relationships. Executive development: Decide next steps to support your CISO moving forward and regularly reassess to measure progress.

      Info-Tech’s methodology to Develop or Hire a World-Class CISO

      1. Launch 2. Assess 3. Plan 4. Execute
      Phase Steps
      1. Understand the core competencies
      2. Measure security and business satisfaction and alignment
      1. Assess stakeholder relationships
      2. Assess core competencies
      1. Identify resources to address your CISO’s competency gaps
      2. Plan an approach to improve stakeholder relationships
      1. Decide next actions and support your CISO moving forward
      2. Regularly reassess to measure development and progress
      Phase Outcomes

      At the end of this phase, you will have:

      • Determined the current gaps in satisfaction and business alignment for your IT security program.
      • Identified the desired qualities in a security leader, specific to your current organizational needs.

      At the end of this phase, you will have:

      • Used the core competencies to help identify the ideal candidate.
      • Identified areas for development in your new or existing CISO.
      • Determined stakeholder relationships to cultivate.

      At the end of this phase, you will have:

      • Created a high-level plan to address any deficiencies.
      • Improved stakeholder relations.

      At the end of this phase, you will have:

      • Created an action-based development plan, including relevant metrics, due dates, and identified stakeholders. This plan is the beginning, not the end. Continually reassessing your organizational needs and revisiting this blueprint’s method will ensure ongoing development.

      Blueprint deliverables

      Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

      CISO Core Competency Evaluation Tool

      Assess the competency levels of a current or prospective CISO and identify areas for improvement.

      Stakeholder Power Map Template

      Visualize the importance of various stakeholders and their concerns.

      Stakeholder Management Strategy Template

      Document a plan to manage stakeholders and track actions.

      Key deliverable:

      CISO Development Plan Template

      The CISO Development Plan Template is used to map specific activities and time frames for competency development to address gaps and achieve your goal.

      Strategic competencies will benefit the organization and the CISO

      Career development should not be seen as an individual effort. By understanding the personal core competencies that Info-Tech has identified, the individual wins by developing relevant new skills and the organization wins because the CISO provides increased value.

      Organizational Benefits Individual Benefits
      • Increased alignment between security and business objectives
      • Development of information security that is elastic, nimble, and flexible for the business
      • Reduction in wasted efforts and resources, and improvement in efficiency of security and the organization as a whole
      • True synergy between security and business stakeholders, where the goals of both groups are being met
      • Increased opportunity as you become a trusted partner within your organization
      • Improved relationships with peers and stakeholders
      • Less resistance and more support for security initiatives
      • More involvement and a stronger role for security at all levels of the organization

      Measured value of a world-class CISO

      Organizations with a CISO saw an average of $145,000 less in data breach costs.1

      However, we aren’t talking about hiring just any CISO. This blueprint seeks to develop your CISO’s competencies and reach a new level of effectiveness.

      Organizations invest a median of around $375,000 annually in their CISO.2 The CISO would have to be only 4% more effective to represent $15,000 more value from this position. This would offset the cost of an Info-Tech workshop, and this conservative estimate pales in comparison to the tangible and intangible savings as shown below.

      Your specific benefits will depend on many factors, but the value of protecting your reputation, adopting new and secure revenue opportunities, and preventing breaches cannot be overstated. There is a reason that investment in information security is on the rise: Organizations are realizing that the payoff is immense and the effort is worthwhile.

      Tangible cost savings from having a world-class CISO Intangible cost savings from having a world-class CISO
      • Cost savings from incident reduction.
      • Cost savings achieved through optimizing information security investments, resulting in savings from previously misdiagnosed issues.
      • Cost savings from ensuring that dollars spent on security initiatives support business strategy.
      • More opportunities to create new business processes through greater alignment between security and business.
      • Improved reputation and brand equity achieved through a proper evaluation of the organization’s security posture.
      • Continuous improvement achieved through a good security assessment and measurement strategy.
      • Ability to plan for the future since less security time will be spent firefighting and more time will be spent engaged with key stakeholders.

      1 IBM Security
      2 Heidrick & Struggles International, Inc.

      Case Study

      In the middle of difficulty lies opportunity

      SOURCE
      Kyle Kennedy
      CISO, CyberSN.com

      Challenge
      The security program identified vulnerabilities at the database layer that needed to be addressed.

      The decision was made to move to a new vendor. There were multiple options, but the best option in the CISO’s opinion was a substantially more expensive service that provided more robust protection and more control features.

      The CISO faced the challenge of convincing the board to make a financial investment in his IT security initiative to implement this new software.

      Solution
      The CISO knew he needed to express this challenge (and his solution!) in a way that was meaningful for the executive stakeholders.

      He identified that the business has $100 million in revenue that would move through this data stream. This new software would help to ensure the security of all these transactions, which they would lose in the event of a breach.

      Furthermore, the CISO identified new business plans in the planning stage that could be protected under this initiative.

      Results
      The CISO was able to gain support for and implement the new database platform, which was able to protect current assets more securely than before. Also, the CISO allowed new revenue streams to be created securely.

      This approach is the opposite of the cautionary tales that make news headlines, where new revenue streams are created before systems are put in place to secure them.

      This proactive approach is the core of the world-class CISO.

      Info-Tech offers various levels of support to best suit your needs

      Guided Implementation

      What does a typical GI on this topic look like?

      Launch Assess Plan Execute

      Call #1: Review and discuss CISO core competencies.

      Call #2: Discuss Security Business Satisfaction and Alignment diagnostic results.

      Call #3: Discuss the CISO Stakeholder Power Map Template and the importance of relationships.

      Call #4: Discuss the CISO Core Competency Evaluation Tool.

      Call #5: Discuss results of the CISO Core Competency Evaluation and identify resources to close gaps.

      Call #6: Review organizational structure and key stakeholder relationships.

      Call #7: Discuss and create your CISO development plan and track your development

      A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      A typical GI is 6 to 10 calls over the course of 3 to 6 months.

      Phase 1

      Launch

      Phase 1
      1.1 Understand Core Competencies
      1.2 Measure Security and Business Satisfaction and Alignment

      Phase 2
      2.1 Assess Stakeholder Relationships
      2.2 Assess the Core Competencies

      Phase 3
      3.1 Identify Resources to Address Competency Gaps
      3.2 Plan Approach to Improve Stakeholder Relationships

      Phase 4
      4.1 Decide Next Actions and Support Your CISO Moving Forward
      4.2 Regularly Reassess to Measure Development and Progress

      This phase will walk you through the following activities:

      • Review and understand the core competencies of a world-class CISO.
      • Launch your diagnostic survey.
      • Evaluate current business satisfaction with IT security.
      • Determine the competencies that are valuable to your IT security program’s needs.

      Hire or Develop a World-Class CISO

      Case study

      Mark Lester
      InfoSec Manager, SC Ports Authority

      An organization hires a new Information Security Manager into a static and well-established IT department.

      Situation: The organization acknowledges the need for improved information security, but there is no framework for the Security Manager to make successful changes.

      Challenges Next Steps
      • The Security Manager is an outsider in a company with well-established habits and protocols. He is tasked with revamping the security strategy to create unified threat management.
      • Initial proposals for information security improvements are rejected by executives. It is a challenge to implement changes or gain support for new initiatives.
      • The Security Manager will engage with individuals in the organization to learn about the culture and what is important to them.
      • He will assess existing misalignments in the business so that he can target problems causing real pains to individuals.

      Follow this case study throughout the deck to see this organization’s results

      Step 1.1

      Understand the Core Competencies of a World-Class CISO

      Activities

      Review core competencies the security leader must develop to become a strategic business partner

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step
      Analysis and understanding of the eight strategic CISO competencies required to become a business partner

      Launch

      Core competencies

      Info-Tech has identified eight core competencies affecting the CISO’s progression to becoming a strategic business partner.

      Business Acumen
      A CISO must focus primarily on the needs of the business.

      Leadership
      A CISO must be a security leader and not simply a practitioner.

      Communication
      A CISO must have executive communication skills

      Technical Knowledge
      A CISO must have a broad technical understanding.

      Innovative Problem Solving
      A good CISO doesn’t just say “no,” but rather finds creative ways to say “yes.”

      Vendor Management
      Vendor and financial management skills are critical to becoming a strategic CISO.

      Change Management
      A CISO improves security processes by being an agent of change for the organization.

      Collaboration
      A CISO must be able to use alliances and partnerships strategically.

      1.1 Understand the core competencies a CISO must focus on to become a strategic business partner

      < 1 hour

      Over the next few slides, review each world-class CISO core competency. In Step 1.2, you will determine which competencies are a priority for your organization.

      CISO Competencies Description
      Business Acumen

      A CISO must focus primarily on the needs of the business and how the business works, then determine how to align IT security initiatives to support business initiatives. This includes:

      • Contributing to business growth with an understanding of the industry, core functions, products, services, customers, and competitors.
      • Understanding the business’ strategic direction and allowing it to securely capitalize on opportunities.
      • Understanding the key drivers of business performance and the use of sound business practice.
      Leadership

      A CISO must be a security leader, and not simply a practitioner. This requires:

      • Developing a holistic view of security, risk, and compliance for the organization.
      • Fostering a culture of risk management.
      • Choosing a strong team. Having innovative and reliable employees who do quality work is a critical component of an effective department.
        • This aspect involves identifying talent, engaging your staff, and managing their time and abilities.

      1.1 Understand the core competencies (continued)

      CISO Competencies Description
      Communication

      Many CISOs believe that using technical jargon impresses their business stakeholders – in fact, it only makes business stakeholders become confused and disinterested. A CISO must have executive communication skills. This involves:

      • Clearly communicating with business leaders in meaningful language (i.e. business, financial, social) that they understand by breaking down the complexities of IT security into simple and relatable concepts.
      • Not using acronyms or technological speak. Easy-to-understand translations will go a long way.
      • Strong public speaking and presentation abilities.
      Technical Knowledge

      A CISO must have a broad technical understanding of IT security to oversee a successful security program. This includes:

      • Understanding key security and general IT technologies and processes.
      • Assembling a complementary team, because no individual can have deep knowledge in all areas.
      • Maintaining continuing education to stay on top of emerging technologies and threats.

      1.1 Understand the core competencies (continued)

      CISO Competencies Description
      Innovative Problem Solving

      A good CISO doesn’t just say “no,” but rather finds creative ways to say “yes.” This can include:

      • Taking an active role in seizing opportunities created by emerging technologies.
      • Facilitating the secure implementation of new, innovative revenue models.
      • Developing solutions for complex business problems that require creativity and ingenuity.
      • Using information and technology to drive value around the customer experience.
      Vendor Management

      With the growing use of “anything as a service,” negotiation, vendor, and financial management skills are critical to becoming a strategic CISO.

      • The CISO must be able to evaluate service offerings and secure favorable contracts with the right provider. It is about extracting the maximum value from vendors for the dollars you are spending.
      • Vendor products must be aligned with future business plans to create maximum ongoing value.
      • The CISO must develop financial management skills. This includes the ability to calculate total cost of ownership, return on investment, and project spending over multiyear business plans.

      1.1 Understand the core competencies (continued)

      CISO Competencies Description
      Change Management

      A world-class CISO improves security processes by being an agent of change for the organization. This involves:

      • Leading, guiding, and motivating teams to adopt a responsible risk management culture.
      • Communicating important and complex ideas in a persuasive way.
      • Demonstrating an ability to change themselves and taking the initiative in adopting more efficient behaviors.
      • Handling unplanned change, such as unforeseen attacks or personnel changes, in a professional and proactive manner.
      Collaboration

      A CISO must be able to use alliances and partnerships strategically to benefit both the business and themselves. This includes:

      • Identifying formal and informal networks and constructive relationships to enable security development.
      • Leveraging stakeholders to influence positive outcomes for the organization.
      • Getting out of the IT or IT security sphere and engaging relationships in diverse areas of the organization.

      Step 1.2

      Evaluate satisfaction and alignment between the business and IT security

      Activities

      • Conduct the Information Security Business Satisfaction and Alignment diagnostic
      • Use your results as input into the CISO Core Competency Evaluation Tool

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step
      Determine current gaps in satisfaction and alignment between information security and your organization.

      If seeking to hire/develop a CISO: Your diagnostic results will help develop a profile of the ideal CISO candidate to use as a hiring and interview guide.

      If developing a current CISO, use your diagnostic results to identify existing competency gaps and target them for improvement.

      For the CISO seeking to upgrade capabilities: Use the core competencies guide to self-assess and identify competencies that require improvement.

      Launch

      1.2 Get started by conducting Info-Tech’s Information Security Business Satisfaction and Alignment diagnostic

      Suggested Time: One week for distribution, completion, and collection of surveys
      One-hour follow-up with an Info-Tech analyst

      The primary goal of IT security is to protect the organization from threats. This does not simply mean bolting everything down, but it means enabling business processes securely. To do this effectively requires alignment between IT security and the overall business.

      • Once you have completed the diagnostic, call Info-Tech to review your results with one of our analysts.
      • The results from this assessment will provide insights to inform your entries in the CISO Core Competency Evaluation Tool.

      Call an analyst to review your results and provide you with recommendations.

      Info-Tech Insight
      Focus on the high-priority competencies for your organization. You may find a candidate with perfect 10s across the board, but a more pragmatic strategy is to find someone with strengths that align with your needs. If there are other areas of weakness, then target those areas for development.

      1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

      After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

      • Your diagnostic results will indicate where your information security program is aligned well or poorly with your business.
      • For example, the diagnostic may show significant misalignment between information security and executives over the level of external compliance. The CISO behavior that would contribute to solving this is aligning security enablement with business requirements.
        • This misalignment may be due to a misunderstanding by either party. The competencies that will contribute to resolving this are communication, technical knowledge, and business acumen.
        • This mapping method is what will be used to determine which competencies are most important for your needs at the present moment.

      Download the CISO Core Competency Evaluation Tool

      1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

      After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

      1. Starting on Tab 2: CISO Core Competencies, use your understanding of each competency from section 1.1 along with the definitions described in the tool.
        • For each competency, assign a degree of importance using the drop-down menu in the second column from the right.
        • Importance ratings will range from not at all important at the low end to critically important at the high end.
        • Your importance score will be influenced by several factors, including:
          • The current alignment of your information security department.
          • Your organizational security posture.
          • The size and structure of your organization.
          • The existing skills and maturity within your information security department.

      Download the CISO Core Competency Evaluation Tool

      1.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to understand your organizational needs

      After completing the Info-Tech diagnostic, use the CISO Core Competency Evaluation Tool to determine which CISO competencies are a priority for your organization.

      1. Still on Tab 2. CISO Core Competencies, you will now assign a current level of effectiveness for each competency.
        • This will range from foundational at a low level of effectiveness up to capable, then inspirational, and at the highest rating, transformational.
        • Again, this rating will be very specific to your organization, depending on your structure and your current employees.
        • Fundamentally, these scores will reflect what you want to improve in the area of information security. This is not an absolute scale, and it will be influenced by what skills you want to support your goals and direction as an organization.

      Download the CISO Core Competency Evaluation Tool

      Phase 2

      Assess

      Phase 1
      1.1 Understand Core Competencies
      1.2 Measure Security and Business Satisfaction and Alignment

      Phase 2
      2.1 Assess Stakeholder Relationships
      2.2 Assess the Core Competencies

      Phase 3
      3.2 Plan Approach to Improve Stakeholder Relationships

      Phase 4
      4.1 Decide Next Actions and Support Your CISO Moving Forward
      4.2 Regularly Reassess to Measure Development and Progress

      This phase will walk you through the following activities:

      • Use the CISO Core Competency Evaluation Tool to create and implement an interview guide.
      • Assess and analyze the core competencies of your prospective CISOs. Or, if you are a current CISO, use the CISO Core Competency Evaluation Tool as a self-analysis and identify areas for personal development.
      • Evaluate the influence, impact, and support of key executive business stakeholders using the CISO Stakeholder Power Map Template.

      Hire or Develop a World-Class CISO

      Case study

      Mark Lester
      InfoSec Manager, SC Ports Authority

      The new Security Manager engages with employees to learn the culture.

      Outcome: Understand what is important to individuals in order to create effective collaboration. People will engage with a project if they can relate it to something they value.

      Actions Next Steps
      • The Security Manager determines that he must use low-cost small wins to integrate with the organizational culture and create trust and buy-in and investment will follow.
      • The Security Manager starts a monthly newsletter to get traction across the organization, create awareness of his mandate to improve information security, and establish himself as a trustworthy partner.
      • The Security Manager will identify specific ways to engage and change the culture.
      • Create a persuasive case for investing in information security based on what resonates with the organization.

      Follow this case study throughout the deck to see this organization’s results

      Step 2.1

      Identify key stakeholders for the CISO and assess current relationships

      Activities

      Evaluate the power, impact, and support of key stakeholders

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step

      • Power map of executive business stakeholders
      • Evaluation of each stakeholder in terms of influence, impact, and current level of support

      Assess

      Identify key stakeholders who own business processes that intersect with security processes

      Info-Tech Insight
      Most organizations don’t exist for the sole purpose of doing information security. For example, if your organization is in the business of selling pencils, then information security is in business to enable the selling of pencils. All the security in the world is meaningless if it doesn’t enable your primary business processes. The CISO must always remember the fundamental goals of the business.

      The above insight has two implications:

      1. The CISO needs to understand the key business processes and who owns them, because these are the people they will need to collaborate with. Like any C-level, the CISO should be one of the most knowledgeable people in the organization regarding business processes.
      2. Each of these stakeholders stands to win or lose depending on the performance of their process, and they can act to either block or enable your progress.
        • To work effectively with these stakeholders, you must learn what is important to them, and pose your initiatives so that you both benefit.

      When people are not receptive to the CISO, it’s usually because the CISO has not been part of the discussion when plans were being made. This is the heart of proactivity.

      You need to be involved from the start … from the earliest part of planning.

      The job is not to come in late and say “No” ... the job is to be involved early and find creative and intelligent ways to say “Yes.”

      The CISO needs to be the enabling security asset that drives business.

      – Elliot Lewis, CEO at Keyavi Data

      Evaluate the importance of business stakeholders and the support necessary from them

      The CISO Stakeholder Power Map Template is meant to provide a visualization of the CISO’s relationships within the organization. This should be a living document that can be updated throughout the year as relationships develop and the structure of an organization changes.

      At a glance, this tool should show:

      • How influential each stakeholder is within the company.
      • How supportive they currently are of the CISO’s initiatives.
      • How strongly each person is impacted by IT security activities.

      Once this tool has been created, it provides a good reference as the CISO works to develop lagging relationships. It shows the landscape of influence and impact within the organization, which may help to guide the CISO’s strategy in the future.

      Evaluate the importance of business stakeholders and the support necessary from them

      Download the CISO Stakeholder Power Map Template

      Evaluate the importance of business stakeholders and the support necessary from them

      1. Identify key stakeholders.
        1. Focus on owners of important business processes.
      2. Evaluate and map each stakeholder in terms of:
        1. Influence (up/down)
        2. Support (left/right)
        3. Impact (size of circle)
        4. Involvement (color of circle)
      3. Decide whether the level of support from each stakeholder needs to change to facilitate success.

      Evaluate the importance of business stakeholders and the support necessary from them

      Info-Tech Insight
      Some stakeholders must work closely with your incoming CISO. It is worth consideration to include these individuals in the interview process to ensure you will have partners that can work well together. This small piece of involvement early on can save a lot of headache in the future.

      Where can you find your desired CISO?

      Once you know which competencies are a priority in your new CISO, the next step is to decide where to start looking. This person may already exist in your company.

      Internal

      Take some time to review your current top information security employees or managers. It may be immediately clear that certain people will or will not be suitable for the CISO role. For those that have potential, proceed to Step 2.2 to map their competencies.

      Recruitment

      If you do not have any current employees that will fit your new CISO profile, or you have other reasons for wanting to bring in an outside individual, you can begin the recruitment process. This could start by posting the position for applications or by identifying and targeting specific candidates.

      Ready to start looking for your ideal candidate? You can use Info-Tech’s Chief Information Security Officer job description template.

      Use the CISO job description template

      Alternatives to hiring a CISO

      Small organizations are less able to muster the resources required to find and retain a CISO,

      Technical Counselor Seat

      In addition to having access to our research and consulting services, you can acquire a Technical Counselor Seat from our Security & Risk practice, where one of our senior analysts would serve with you on a retainer. You may find that this option saves you the expense of having to hire a new CISO altogether.

      Virtual CISO

      A virtual CISO, or vCISO, is essentially a “CISO as a service.” A vCISO provides an organization with an experienced individual that can, on a part-time basis, lead the organization’s security program through policy and strategy development.

      Why would an organization consider a vCISO?

      • A vCISO can provide services that are flexible, technical, and strategic and that are based on the specific requirements of the organization.
      • They can provide a small organization with program maturation within the organization’s resources.
      • They can typically offer depth of experience beyond what a small business could afford if it were to pursue a full-time CISO.

      Source: InfoSec Insights by Sectigo Store

      Why would an organization not consider a vCISO?

      • The vCISO’s attention is divided among their other clients.
      • They won’t feel like a member of your organization.
      • They won’t have a deep understanding of your systems and processes.

      Source: Georgia State University

      Step 2.2

      Assess CISO candidates and evaluate their current competency

      Activities

      Assess CISO candidates in terms of desired core competencies

      or

      Self-assess your personal core competencies

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO

      or

      • Current CISO seeking to upgrade capabilities

      and

      • Any key stakeholders or collaborators you choose to include in the assessment process

      Outcomes of this step

      • You have assessed your requirements for a CISO candidate.
      • The process of hiring is under way, and you have decided whether to hire a CISO, develop a CISO, or consider a Counselor Seat as another option.

      Assess

      2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to assess your CISO candidate

      Use Info-Tech’s CISO Core Competency Evaluation Tool to assess your CISO candidate

      Download the CISO Core Competency Evaluation Tool

      Info-Tech Insight
      The most important competencies should be your focus. Unless you are lucky enough to find a candidate that is perfect across the board, you will see some areas that are not ideal. Don’t forget the importance you assigned to each competency. If a candidate is ideal in the most critical areas, you may not mind that some development is needed in a less important area.

      2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to evaluate your candidates

      After deciding the importance of and requirements for each competency in Phase 1, assess your CISO candidates.

      Your first pass on this tool will be to look at internal candidates. This is the develop a CISO option.

      1. In the previous phase, you rated the Importance and Current Effectiveness for each competency in Tab 2. CISO Core Competencies. In this step, use Tab 3. Gap Analysis to enter a Minimum Level and a Desired Level for each competency. Keep in mind that it may be unrealistic to expect a candidate to be fully developed in all aspects.
      2. Next, enter a rating for your candidate of interest for each of the eight competencies.
      3. This scorecard will generate an overall suitability score for the candidate. The color of the output (from red to green) indicates the suitability, and the intensity of the color indicates the importance you assigned to that competency.

      Download the CISO Core Competency Evaluation Tool

      2.2 Use Info-Tech’s CISO Core Competency Evaluation Tool to evaluate your candidates

      • If the internal search does not identify a suitable candidate, you will want to expand your search.
      • Repeat the scoring process for external candidates until you find your new CISO.
      • You may want to skip your external search altogether and instead contact Info-Tech for more information on our Counselor Seat options.

      Download the CISO Core Competency Evaluation Tool

      Phase 3

      Plan

      Phase 1
      1.1 Understand Core Competencies
      1.2 Measure Security and Business Satisfaction and Alignment

      Phase 2
      2.1 Assess Stakeholder Relationships
      2.2 Assess the Core Competencies

      Phase 3
      3.1 Identify Resources to Address Competency Gaps
      3.2 Plan Approach to Improve Stakeholder Relationships

      Phase 4
      4.1 Decide Next Actions and Support Your CISO Moving Forward
      4.2 Regularly Reassess to Measure Development and Progress

      This phase will walk you through the following activities:

      • Create a plan to develop your competency gaps.
      • Construct and consider your organizational model.
      • Create plan to cultivate key stakeholder relationships.

      Hire or Develop a World-Class CISO

      Case study

      Mark Lester
      InfoSec Manager, SC Ports Authority

      The new Security Manager changes the security culture by understanding what is meaningful to employees.

      Outcome: Engage with people on their terms. The CISO must speak the audience’s language and express security terms in a way that is meaningful to the audience.

      Actions Next Steps
      • The Security Manager identifies recent events where ransomware and social engineering attacks were successful in penetrating the organization.
      • He uses his newsletter to create organization-wide discussion on this topic.
      • This very personal example makes employees more receptive to the Security Manager’s message, enabling the culture of risk management.
      • The Security Manager will leverage his success in improving the information security culture and awareness to gain support for future initiatives.

      Follow this case study throughout the deck to see this organization’s results

      Step 3.1

      Identify resources for your CISO to remediate competency gaps

      Activities

      Create a plan to remediate competency gaps

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO
      • The newly hired CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step

      • Identification of core competency deficiencies
      • A plan to close the gaps

      Plan

      3.1 Close competency gaps with Info-Tech’s Cybersecurity Workforce Development Training

      Resources to close competency gaps

      Info-Tech’s Cybersecurity Workforce Training develops critical cybersecurity skills missing within your team and organization. The leadership track provides the same deep coverage of technical knowledge as the analyst track but adds hands-on support and has a focus on strategic business alignment, program management, and governance.

      The program builds critical skills through:

      • Standardized curriculum with flexible projects tailored to business needs
      • Realistic cyber range scenarios
      • Ready-to-deploy security deliverables
      • Real assurance of skill development

      Info-Tech Insight
      Investing in a current employee that has the potential to be a world-class CISO may take less time, effort, and money than finding a unicorn.

      Learn more on the Cybersecurity Workforce Development webpage

      3.1 Identify resources for your CISO to remediate competency gaps

      < 2 hours

      CISO Competencies Description
      Business Acumen

      Info-Tech Workshops & Blueprints

      Actions/Activities

      • Take a business acumen course: Acumen Learning, What the CEO Wants You to Know: Building Business Acumen.
      • Meet with business stakeholders. Ask them to take you through the strategic plan for their department and then identify opportunities where security can provide support to help drive their initiatives.
      • Shadow another C-level executive. Understand how they manage their business unit and demonstrate an eagerness to learn.
      • Pursue an MBA or take a business development course.

      3.1 Identify resources for your CISO to remediate competency gaps (continued)

      < 2 hours

      CISO Competencies Description
      Leadership

      Info-Tech Training and Blueprints

      Action/Activities

      • Communicate your vision for security to your team. You will gain buy-in from your employees by including them in the creation of your program, and they will be instrumental to your success.

      Info-Tech Insight
      Surround yourself with great people. Insecure leaders surround themselves with mediocre employees that aren’t perceived as a threat. Great leaders are supported by great teams, but you must choose that great team first.

      3.1 Identify resources for your CISO to remediate competency gaps (continued)

      < 2 hours

      CISO Competencies Description
      Communication

      Info-Tech Workshops & Blueprints

      Build and Deliver an Optimized IT Update Presentation: Show IT’s value and relevance by dropping the technical jargon and speaking to the business in their terms.

      Master Your Security Incident Response Communications Program: Learn how to talk to your stakeholders about what’s going on when things go wrong.

      Develop a Security Awareness and Training Program That Empowers End Users: Your weakest link is between the keyboard and the chair, so use engaging communication to create positive behavior change.

      Actions/Activities

      Learn to communicate in the language of your audience (whether business, finance, or social), and frame security solutions in terms that are meaningful to your listener.

      Technical Knowledge

      Actions/Activities

      • In many cases, the CISO is progressing from a strong technical background, so this area is likely a strength already.
      • However, as the need for executive skills are being recognized, many organizations are opting to hire a business or operations professional as a CISO. In this case, various Info-Tech blueprints across all our silos (e.g. Security, Infrastructure, CIO, Apps) will provide great value in understanding best practices and integrating technical skills with the business processes.
      • Pursue an information security leadership certification: GIAC, (ISC)², and ISACA are a few of the many organizations that offer certification programs.

      3.1 Identify resources for your CISO to remediate competency gaps (continued)

      < 2 hours

      CISO Competencies Description
      Innovative Problem Solving

      Info-Tech Workshops & Blueprints

      Actions/Activities

      Vendor Management

      Info-Tech Blueprints & Resources

      Actions/Activities

      3.1 Identify resources for your CISO to remediate competency gaps (continued)

      < 2 hours

      CISO Competencies Description
      Change Management

      Info-Tech Blueprints

      Actions/Activities

      • Start with an easy-win project to create trust and support for your initiatives.
      Collaboration

      Info-Tech Blueprints

      Actions/Activities

      • Get out of your office. Have lunch with people from all areas of the business. Understanding the goals and the pains of employees throughout your organization will help you to design effective initiatives and cultivate support.
      • Be clear and honest about your goals. If people know what you are trying to do, then it is much easier for them to work with you on it. Being ambiguous or secretive creates confusion and distrust.

      3.1 Create the CISO’s personal development plan

      • Use Info-Tech’s CISO Development Plan Template to document key initiatives that will close previously identified competency gaps.
      • The CISO Development Plan Template is used to map specific actions and time frames for competency development, with the goal of addressing competency gaps and helping you become a world-class CISO. This template can be used to document:
        • Core competency gaps
        • Security process gaps
        • Security technology gaps
        • Any other career/development goals
      • If you have a coach or mentor, you should share your plan and report progress to that person. Alternatively, call Info-Tech to speak with an executive advisor for support and advice.
        • Toll-Free: 1-888-670-8889

      What you will need to complete this exercise

      • CISO Core Competency Evaluation Tool results
      • Information Security Business Satisfaction and Alignment diagnostic results
      • Insights gathered from business stakeholder interviews

      Step 3.2

      Plan an approach to improve your relationships

      Activities

      • Review engagement strategies for different stakeholder types
      • Create a stakeholder relationship development plan

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO
      • The newly hired CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step

      • Stakeholder relationship strategy deliverable

      Plan

      Where should the CISO sit?

      Where the CISO sits in the organization can have a big impact on the security program.

      • Organizations with CISOs in the C-suite have a fewer security incidents.1
      • Organizations with CISOs in the C-suite generally have better IT ability.1
      • An organization whose CISO reports to the CIO risks conflict of interest.1
      • 51% of CISOs believe their effectiveness can be hampered by reporting lines.2
      • Only half of CISOs feel like they are in a position to succeed.2

      A formalized security organizational structure assigns and defines the roles and responsibilities of different members around security. Use Info-Tech’s blueprint Implement a Security Governance and Management Program to determine the best structure for your organization.

      Who the CISO reports to, by percentage of organizations3

      Who the CISO reports to, by percentage of organizations

      Download the Implement a Security Governance and Management Program blueprint

      1. Journal of Computer Science and Information
      2. Proofpoint
      3. Heidrick & Struggles International, Inc

      3.2 Make a plan to manage your key stakeholders

      Managing stakeholders requires engagement, communication, and relationship management. To effectively collaborate and gain support for your initiatives, you will need to build relationships with your stakeholders. Take some time to review the stakeholder engagement strategies for different stakeholder types.

      Influence Mediators
      (Satisfy)
      Key Players
      (Engage)
      Spectators
      (Monitor)
      Noisemakers
      (Inform)
      Support for you

      When building relationships, I find that what people care about most is getting their job done. We need to help them do this in the most secure way possible.

      I don’t want to be the “No” guy, I want to enable the business. I want to find to secure options and say, “Here is how we can do this.”

      – James Miller, Information Security Director, Xavier University

      Download the CISO Stakeholder Management Strategy Template

      Key players – Engage

      Goal Action
      Get key players to help champion your initiative and turn your detractors into supporters. Actively involve key players to take ownership.
      Keep It Positive Maintain a Close Relationship
      • Use their positive support to further your objectives and act as your foundation of support.
      • Key players can help you build consensus among other stakeholders.
      • Get supporters to be vocal in your town halls.
      • Ask them to talk to other stakeholders over whom they have influence.
      • Get some quick wins early to gain and maintain stakeholder support and help convert them to your cause.
      • Use their influence and support to help persuade blockers to see your point of view.
      • Collaborate closely. Key players are tuned in to information streams that are important. Their advice can keep you informed and save you from being blindsided.
      • Keep them happy. By definition, these individuals have a stake in your plans and can be affected positively or negatively. Going out of your way to maintain relationships can be well worth the effort.

      Info-Tech Insight
      Listen to your key players. They understand what is important to other business stakeholders, and they can provide valuable insight to guide your future strategy.

      Mediators – Satisfy

      Goal Action
      Turn mediators into key players Increase their support level.
      Keep It Positive Maintain a Close Relationship
      • Make stakeholders part of the conversation by consulting them for input on planning and strategy.
      • Sample phrases:
        • “I’ve heard you have experience in this area. Do you have time to answer a few questions?”
        • “I’m making some decisions and I would value your thoughts. Can I get your perspective on this?”
      • Enhance their commitment by being inclusive. Encourage their support whenever possible.
      • Make them feel acknowledged and solicit feedback.
      • Listen to blockers with an open mind to understand their point of view. They may have valuable insight.
      • Approach stakeholders on their individual playing fields.
        • They want to know that you understand their business perspective.
      • Stubborn mediators might never support you. If consulting doesn’t work, keep them informed of important decision-making points and give them the opportunity to be involved if they choose to be.

      Info-Tech Insight
      Don’t dictate to stakeholders. Make them feel like valued contributors by including them in development and decision making. You don’t have to incorporate all their input, but it is essential that they feel respected and heard.

      Noisemakers – Inform

      Goal Action
      Have noisemakers spread the word to increase their influence. Encourage noisemakers to influence key stakeholders.
      Keep It Positive Maintain a Close Relationship
      • Identify noisemakers who have strong relationships with key stakeholders and focus on them.
        • These individuals may not have decision-making power, but their opinions and advice may help to sway a decision in your favor.
      • Look for opportunities to increase their influence over others.
      • Put effort into maintaining the positive relationship so that it doesn’t dwindle.
      • You already have this group’s support, but don’t take it for granted.
      • Be proactive, pre-emptive, and transparent.
      • Address issues or bad news early and be careful not to exaggerate their significance.
      • Use one-on-one meetings to give them an opportunity to express challenges in a private setting.
      • Show individuals in this group that you are a problem-solver:
        • “The implementation was great, but we discovered problems afterward. Here is what we’re doing about it.”

      Spectators – Monitor

      Goal Action
      Keep spectators content and avoid turning them into detractors. Keep them well informed.
      Keep It Positive Maintain a Close Relationship
      • A hands-on approach is not required with this group.
      • Keep them informed with regular, high-altitude communications and updates.
      • Use positive, exciting announcements to increase their interest in your initiatives.
      • Select a good venue for generating excitement and assessing the mood of spectators.
      • Spectators may become either supporters or blockers. Monitor them closely and keep in touch with them to stop these individuals from becoming blockers.
      • Listen to questions from spectators carefully. View any engagement as an opportunity to increase participation from this group and generate a positive shift in interest.

      3.2 Create the CISO’s stakeholder management strategy

      Develop a strategy to manage key stakeholders in order to drive your personal development plan initiatives.

      • The purpose of the CISO Stakeholder Management Strategy Template is to document the results of the power mapping exercise, create a plan to proactively manage stakeholders, and track the actions taken.
      • Use this in concert with Info-Tech’s CISO Stakeholder Power Map Template to help visualize the importance of key stakeholders to your personal development. You will document:
        • Stakeholder role and type.
        • Current relationship with the stakeholder.
        • Level of power/influence and degree of impact.
        • Current and desired level of support.
        • Initiatives that require the stakeholder’s engagement.
        • Actions to be taken – along with the status and results.

      What you will need to complete this exercise

      • Completed CISO Stakeholder Power Map
      • Security Business Satisfaction and Alignment Diagnostic results

      Download the CISO Stakeholder Management Strategy Template

      Phase 4

      Execute

      Phase 1
      1.1 Understand Core Competencies
      1.2 Measure Security and Business Satisfaction and Alignment

      Phase 2
      2.1 Assess Stakeholder Relationships
      2.2 Assess the Core Competencies

      Phase 3
      3.1 Identify Resources to Address Competency Gaps
      3.2 Plan Approach to Improve Stakeholder Relationships

      Phase 4
      4.1 Decide Next Actions and Support Your CISO Moving Forward
      4.2 Regularly Reassess to Measure Development and Progress

      This phase will walk you through the following activities:

      • Populate the CISO Development Plan Template with appropriate targets and due dates.
      • Set review and reassess dates.
      • Review due dates with CISO.

      Hire or Develop a World-Class CISO

      Case study

      Mark Lester
      InfoSec Manager, SC Ports Authority

      The new Security Manager leverages successful cultural change to gain support for new security investments.

      Outcome: Integrating with the business on a small level and building on small successes will lead to bigger wins and bigger change.

      Actions Next Steps
      • By fostering positive relationships throughout the organization, the Security Manager has improved the security culture and established himself as a trusted partner.
      • In an organization that had seen very little change in years, he has used well developed change management, business acumen, leadership, communication, collaboration, and innovative problem-solving competencies to affect his initiatives.
      • He can now return to the board with a great deal more leverage in seeking support for security investments.
      • The Security Manager will leverage his success in improving the information security culture and awareness to gain support for future initiatives.

      Step 4.1

      Decide next actions and support your CISO moving forward

      Activities

      • Complete the Info-Tech CISO Development Plan Template
      • Create a stakeholder relationship development plan

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO
      • The newly hired CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step

      Next actions for each of your development initiatives

      Execute

      Establish a set of first actions to set your plan into motion

      The CISO Development Plan Template provides a simple but powerful way to focus on what really matters to execute your plan.

      • By this point, the CISO is working on the personal competency development while simultaneously overseeing improvements across the security program, managing stakeholders, and seeking new business initiatives to engage with. This can be a lot to juggle effectively.
      • Disparate initiatives like these can hinder progress by creating confusion.
      • By distilling your plan down to Subject > Action > Outcome, you immediately restore focus and turn your plans into actionable items.
      • The outcome is most valuable when it is measurable. This makes progress (or lack of it) very easy to track and assess, so choose a meaningful metric.
      Item to Develop
      (competency/process/tech)
      First Action Toward Development
      Desired Outcome, Including a Measurable Indicator

      Download the CISO Development Plan Template

      4.1 Create a CISO development plan to keep all your objectives in one place

      Use Info-Tech’s CISO Development Plan Template to create a quick and simple yet powerful tool that you can refer to and update throughout your personal and professional development initiatives. As instructed in the template, you will document the following:

      Your Item to Develop The Next Action Required The Target Outcome
      This could be a CISO competency, a security process item, a security technology item, or an important relationship (or something else that is a priority). This could be as simple as “schedule lunch with a stakeholder” or “email Info-Tech to schedule a Guided Implementation call.” This part of the tool is meant to be continually updated as you progress through your projects. The strength of this approach is that it focuses your project into simple actionable steps that are easily achieved, rather than looking too far down the road and seeing an overwhelming task ahead. This will be something measurable like “reduce spending by 10%” or “have informal meeting with leaders from each department.”

      Info-Tech Insight
      A good plan doesn’t require anything that is outside of your control. Good measurable outcomes are behavior based rather than state based.
      “Increase the budget by 10%” is a bad goal because it is ultimately reliant on someone else and can be derailed by an unsupportive executive. A better goal is “reduce spending by 10%.” This is something more within the CISO’s control and is thus a better performance indicator and a more achievable goal.

      4.1 Create a CISO development plan to keep all your objectives in one place

      Below you will find sample content to populate your CISO Development Plan Template. Using this template will guide your CISO in achieving the goals identified here.

      The template itself is a metric for assessing the development of the CISO. The number of targets achieved by the due date will help to quantify the CISO’s progress.

      You may also want to include improvements to the organization’s security program as part of the CISO development plan.

      Area for Development Item for Development Next Action Required Key Stakeholders/ Owners Target Outcome Due Date Completed
      Core Competencies:
      Communication
      Executive
      communication
      Take economics course to learn business language Course completed [Insert date] [Y/N]
      Core Competencies:
      Communication
      Improve stakeholder
      relationships
      Email Bryce from finance to arrange lunch Improved relationship with finance department [Insert date] [Y/N]
      Technology Maturity: Security Prevention Identity and access management (IAM) system Call Info-Tech to arrange call on IAM solutions 90% of employees entered into IAM system [Insert date] [Y/N]
      Process Maturity: Response & Recovery Disaster recovery Read Info-Tech blueprint on disaster recovery Disaster recovery and backup policies in place [Insert date] [Y/N]

      Check out the First 100 Days as CISO blueprint for guidance on bringing improvements to the security program

      4.1 Use your action plan to track development progress and inform stakeholders

      • As you progress toward your goals, continually update the CISO development plan. It is meant to be a living document.
      • The Next Action Required should be updated regularly as you make progress so you can quickly jump in and take meaningful actions without having to reassess your position every time you open the plan. This is a simple but very powerful method.
      • To view your initiatives in customizable ways, you can use the drop-down menu on any column header to sort your initiatives (i.e. by due date, completed status, area for development). This allows you to quickly and easily see a variety of perspectives on your progress and enables you to bring upcoming or incomplete projects right to the top.
      Area for Development Item for Development Next Action Required Key Stakeholders/ Owners Target Outcome Due Date Completed
      Core Competencies:
      Communication
      Executive
      communication
      Take economics course to learn business language Course completed [Insert date] [Y/N]
      Core Competencies:
      Communication
      Improve stakeholder
      relationships
      Email Bryce from finance to arrange lunch Improved relationship with finance department [Insert date] [Y/N]
      Technology Maturity: Security Prevention Identity and access management (IAM) system Call Info-Tech to arrange call on IAM solutions 90% of employees entered into IAM system [Insert date] [Y/N]
      Process Maturity: Response & Recovery Disaster recovery Read Info-Tech blueprint on disaster recovery Disaster recovery and backup policies in place [Insert date] [Y/N]

      Step 4.2

      Regularly reassess to track development and progress

      Activities

      Create a calendar event for you and your CISO, including which items you will reassess and when

      This step involves the following participants:

      • CEO or other executive seeking to hire/develop a CISO
      • The newly hired CISO

      or

      • Current CISO seeking to upgrade capabilities

      Outcomes of this step

      Scheduled reassessment of the CISO’s competencies

      Execute

      4.2 Regularly evaluate your CISO’s progress

      < 1 day

      As previously mentioned, your CISO development plan is meant to be a living document. Your CISO will use this as a companion tool throughout project implementation, but periodically it will be necessary to re-evaluate the entire program to assess your progress and ensure that your actions are still in alignment with personal and organizational goals.

      Info-Tech recommends performing the following assessments quarterly or twice yearly with the help of our executive advisors (either over the phone or onsite).

      1. Sit down and re-evaluate your CISO core competencies using the CISO Core Competency Evaluation Tool.
      2. Analyze your relationships using the CISO Stakeholder Power Map Template.
      3. Compare all of these against your previous results to see what areas you have strengthened and decide if you need to focus on a different area now.
      4. Consider your CISO Development Plan Template and decide whether you have achieved your desired outcomes. If not, why?
      5. Schedule your next reassessment, then create a new plan for the upcoming quarter and get started.
      Materials
      • Laptop
      • CISO Development Plan Template
      Participants
      • CISO
      • Hiring executive (possibly)
      Output
      • Complete CISO and security program development plan

      Summary of Accomplishment

      Knowledge Gained

      • Understanding of the competencies contributing to a successful CISO
      • Strategic approach to integrate the CISO into the organization
      • View of various CISO functions from a variety of business and executive perspectives, rather than just a security view

      Process Optimized

      • Hiring of the CISO
      • Assessment and development of stakeholder relationships for the CISO
      • Broad planning for CISO development

      Deliverables Completed

      • IT Security Business Satisfaction and Alignment Diagnostic
      • CISO Core Competency Evaluation Tool
      • CISO Stakeholder Power Map Template
      • CISO Stakeholder Management Strategy Template
      • CISO Development Plan Template

      If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation

      Contact your account representative for more information

      workshop@infotech.com
      1-888-670-8889

      Related Info-Tech Research

      Build an Information Security Strategy
      Your security strategy should not be based on trying to blindly follow best practices but on a holistic risk-based assessment that is risk aware and aligns with your business context.

      The First 100 Days as CISO
      Every CISO needs to follow Info-Tech’s five-step approach to truly succeed in their new position. The meaning and expectations of a CISO role will differ from organization to organization and person to person, but the approach to the new position will be relatively the same.

      Implement a Security Governance and Management Program
      Business and security goals should be the same. Businesses cannot operate without security, and security's goal is to enable safe business operations.

      Research Contributors

      • Mark Lester, Information Security Manager, South Carolina State Ports Authority
      • Kyle Kennedy, CISO, CyberSN.com
      • James Miller, Information Security Director, Xavier University
      • Elliot Lewis, Vice President Security & Risk, Info-Tech Research Group
      • Andrew Maroun, Enterprise Security Lead, State of California
      • Brian Bobo, VP Enterprise Security, Schneider National
      • Candy Alexander, GRC Security Consultant, Towerall Inc.
      • Chad Fulgham, Chairman, PerCredo
      • Ian Parker, Head of Corporate Systems Information Security Risk and Compliance, Fujitsu EMEIA
      • Diane Kelly, Information Security Manager, Colorado State Judicial Branch
      • Jeffrey Gardiner, CISO, Western University
      • Joey LaCour, VP & Chief Security, Colonial Savings
      • Karla Thomas, Director IT Global Security, Tower Automotive
      • Kevin Warner, Security and Compliance Officer, Bridge Healthcare Providers
      • Lisa Davis, CEO, Vicinage
      • Luis Brown, Information Security & Compliance Officer, Central New Mexico Community College
      • Peter Clay, CISO, Qlik
      • Robert Banniza, Senior Director IT Center Security, AMSURG
      • Tim Tyndall, Systems Architect, Oregon State

      Bibliography

      Dicker, William. "An Examination of the Role of vCISO in SMBs: An Information Security Governance Exploration." Dissertation, Georgia State University, May 2, 2021. Accessed 30 Sep. 2022.

      Heidrick & Struggles. "2022 Global Chief Information Security Officer (CISO) Survey" Heidrick & Struggles International, Inc. September 6, 2022. Accessed 30 Sep. 2022.

      IBM Security. "Cost of a Data Breach Report 2022" IBM. August 1, 2022. Accessed 9 Nov. 2022.

      Mehta, Medha. "What Is a vCISO? Are vCISO Services Worth It?" Infosec Insights by Sectigo, June 23, 2021. Accessed Nov 22. 2022.

      Milica, Lucia. “Proofpoint 2022 Voice of the CISO Report” Proofpoint. May 2022. Accessed 6 Oct. 2022.

      Navisite. "The State of Cybersecurity Leadership and Readiness" Navisite. November 9, 2021. Accessed 9 Nov. 2022.

      Shayo, Conrad, and Frank Lin. “An Exploration of the Evolving Reporting Organizational Structure for the Chief Information Security Officer (CISO) Function” Journal of Computer Science and Information Technology, vol. 7, no. 1, June 2019. Accessed 28 Sep. 2022.

      Define Your Cloud Vision

      • Buy Link or Shortcode: {j2store}448|cart{/j2store}
      • member rating overall impact: 9.5/10 Overall Impact
      • member rating average dollars saved: $182,333 Average $ Saved
      • member rating average days saved: 28 Average Days Saved
      • Parent Category Name: Cloud Strategy
      • Parent Category Link: /cloud-strategy

      The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.

      Our Advice

      Critical Insight

      Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

      Impact and Result

      • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
      • Codify risks tied to workloads’ cloud suitability and plan mitigations.
      • Build a roadmap of initiatives for actions by workload and risk mitigation.
      • Define a cloud vision to share with stakeholders.

      Define Your Cloud Vision Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Define Your Cloud Vision – A step-by-step guide to generating, validating, and formalizing your cloud vision.

      The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.

      • Define Your Cloud Vision – Phases 1-4

      2. Cloud Vision Executive Presentation – A document that captures the results of the exercises, articulating use cases for cloud/non-cloud, risks, challenges, and high-level initiative items.

      The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.

      • Cloud Vision Executive Presentation

      3. Cloud Vision Workbook – A tool that facilitates the assessment of workloads for appropriate service model, delivery model, support model, and risks and roadblocks.

      The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.

      • Cloud Vision Workbook
      [infographic]

      Workshop: Define Your Cloud Vision

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Understand the Cloud

      The Purpose

      Align organizational goals to cloud characteristics.

      Key Benefits Achieved

      An understanding of how the characteristics particular to cloud can support organizational goals.

      Activities

      1.1 Generate corporate goals and cloud drivers.

      1.2 Identify success indicators.

      1.3 Explore cloud characteristics.

      1.4 Explore cloud service and delivery models.

      1.5 Define cloud support models and strategy components.

      1.6 Create state summaries for the different service and delivery models.

      1.7 Select workloads for further analysis.

      Outputs

      Corporate cloud goals and drivers

      Success indicators

      Current state summaries

      List of workloads for further analysis

      2 Assess Workloads

      The Purpose

      Evaluate workloads for cloud value and action plan.

      Key Benefits Achieved

      Action plan for each workload.

      Activities

      2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.

      2.2 Discuss assessments and make preliminary determinations about the workloads.

      Outputs

      Completed workload assessments

      Workload summary statements

      3 Identify and Mitigate Risks

      The Purpose

      Identify and plan to mitigate potential risks in the cloud project.

      Key Benefits Achieved

      A list of potential risks and plans to mitigate them.

      Activities

      3.1 Generate a list of risks and potential roadblocks associated with the cloud.

      3.2 Sort risks and roadblocks and define categories.

      3.3 Identify mitigations for each identified risk and roadblock

      3.4 Generate initiatives from the mitigations.

      Outputs

      List of risks and roadblocks, categorized

      List of mitigations

      List of initiatives

      4 Bridge the Gap and Create the Strategy

      The Purpose

      Clarify your vision of how the organization can best make use of cloud and build a project roadmap.

      Key Benefits Achieved

      A clear vision and a concrete action plan to move forward with the project.

      Activities

      4.1 Review and assign work items.

      4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.

      4.3 Create a cloud vision statement

      Outputs

      Cloud roadmap

      Finalized task list

      Formal cloud decision rubric

      Cloud vision statement

      5 Next Steps and Wrap-Up

      The Purpose

      Complete your cloud vision by building a compelling executive-facing presentation.

      Key Benefits Achieved

      Simple, straightforward communication of your cloud vision to key stakeholders.

      Activities

      5.1 Build the Cloud Vision Executive Presentation

      Outputs

      Completed cloud strategy executive presentation

      Completed Cloud Vision Workbook.

      Further reading

      Define Your Cloud Vision

      Define your cloud vision before it defines you

      Analyst perspective

      Use the cloud’s strengths. Mitigate its weaknesses.

      The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.

      Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?

      Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.

      Jeremy Roberts

      Research Director, Infrastructure and Operations

      Info-Tech Research Group

      Executive Summary

      Your Challenge

      • You are both extrinsically motivated to move to the cloud (e.g. by vendors) and intrinsically motivated by internal digital transformation initiatives.
      • You need to define the cloud’s true value proposition for your organization without assuming it is an outsourcing opportunity or will save you money.
      • Your industry, once cloud-averse, is now normalizing the use of cloud services, but you have not established a basic cloud vision from which to develop a strategy at a later point.

      Common Obstacles

      • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
      • Many organizations have a foot in the cloud already, but these decisions have been made in an ad hoc rather than systematic fashion.
      • You lack a consistent framework to assess your workloads’ suitability for the cloud.

      Info-Tech's Approach

      • Evaluate workloads’ suitability for the cloud using Info-Tech’s methodology to select the optimal migration (or non-migration) path based on the value of cloud characteristics.
      • Codify risks tied to workloads’ cloud suitability and plan mitigations.
      • Build a roadmap of initiatives for actions by workload and risk mitigation.
      • Define a cloud vision to share with stakeholders.

      Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.

      Your challenge

      This research is designed to help organizations who need to:

      • Identify workloads that are good candidates for the cloud.
      • Develop a consistent, cost-effective approach to cloud services.
      • Outline and mitigate risks.
      • Define your organization’s cloud archetype.
      • Map initiatives on a roadmap.
      • Communicate your cloud vision to stakeholders so they can understand the reasons behind a cloud decision and differentiate between different cloud service and deployment models.
      • Understand the risks, roadblocks, and limitations of the cloud.

      “We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker

      Common obstacles

      These barriers make this challenge difficult to address for many organizations:

      • Organizations jump to the cloud before defining their cloud vision and without any clear plan for realizing the cloud’s benefits.
      • Many organizations already have a foot in the cloud, but the choice to explore these solutions was made in an ad hoc rather than systematic fashion. The cloud just sort of happened.
      • The lack of a consistent assessment framework means that some workloads that probably belong in the cloud are kept on premises or with hosted services providers – and vice versa.
      • Securing cloud expertise is remarkably difficult – especially in a labor market roiled by the global pandemic and the increasing importance of cloud services.

      Standard cloud challenges

      30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)

      44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)

      Info-Tech’s approach

      Goals and drivers

      • Service model
        • What type of cloud makes the most sense for workload archetypes? When does it make sense to pick SaaS over IaaS, for example?
      • Delivery model
        • Will services be delivered over the public cloud, a private cloud, or a hybrid cloud? What challenges accompany this decision?
      • Migration Path
        • What does the migration path look like? What does the transition to the cloud look like, and how much effort will be required? Amazon’s 6Rs framework captures migration options: rehosting, repurchasing, replatforming, and refactoring, along with retaining and retiring. Each workload should be assessed for its suitability for one or more of these paths.
      • Support model
        • How will services be provided? Will staff be trained, new staff hired, a service provider retained for ongoing operations, or will a consultant with cloud expertise be brought on board for a defined period? The appropriate support model is highly dependent on goals along with expected outcomes for different workloads.

      Highlight risks and roadblocks

      Formalize cloud vision

      Document your cloud strategy

      The Info-Tech difference:

      1. Determine the hypothesized value of cloud for your organization.
      2. Evaluate workloads with 6Rs framework.
      3. Identify and mitigate risks.
      4. Identify cloud archetype.
      5. Plot initiatives on a roadmap.
      6. Write action plan statement and goal statement.

      What is the cloud, how is it deployed, and how is service provided?

      Cloud Characteristics

      1. On-demand self-service: the ability to access reosurces instantly without vendor interaction
      2. Broad network access: all services delivered over the network
      3. Resource pooling: multi-tenant environment (shared)
      4. Rapid elasticity: the ability to expand and retract capabilities as needed
      5. Measured service: transparent metering

      Service Model:

      1. Software-as-a-Service: all but the most minor configuration is done by the vendor
      2. Platform-as-a-Service: customer builds the application using tools provided by the provider
      3. Infrastructure-as-a-Service: the customer manages OS, storage, and the application

      Delivery Model

      1. Public cloud: accessible to anyone over the internet; multi-tenant environment
      2. Private cloud: provisioned for a single organization with multiple units
      3. Hybrid cloud: two or more connected clouds; data is portage across them
      4. Community cloud: provisioned for a specific group of organizations

      (National Institute of Standards and Technology)

      A workload-first approach will allow you to take full advantage of the cloud’s strengths

      • Under all but the most exceptional circumstances, good cloud strategies will incorporate different service models. Very few organizations are “IaaS shops” or “SaaS shops,” even if they lean heavily in one direction.
      • These different service models (including non-cloud options like colocation and on-premises infrastructure) each have different strengths. Part of your cloud strategy should involve determining which of the services makes the most sense for you.
      • Own the cloud by understanding which cloud (or non-cloud!) offering makes the most sense for you given your unique context.

      Migration paths

      In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.

      These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.

      In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.

      Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.

      Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.

      Migration Paths

      Retain (Revisit)

      • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

      Relocate

      • Move the workload between datacenters or to a hosted software/colocation provider.

      Rehost

      • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

      Replatform

      • Move the application to the cloud and perform a few changes for cloud optimizations.

      Refactor

      • Rewrite the application, taking advantage of cloud-native architectures.

      Repurchase

      • Replace with an alternative, cloud-native application and migrate the data.

      Support model

      Support models by characteristic

      Duration of engagement Specialization Flexibility
      Internal IT Indefinite Varies based on nature of business Fixed, permanent staff
      Managed Service Provider Contractually defined General, some specialization Standard offering
      Consultant Project-based Specific, domain-based Entirely negotiable

      IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.

      By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.

      There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.

      Risks, roadblocks, and strategy components

      No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.

      Component Description Component Description
      Monitoring What will system owners/administrators need visibility into? How will they achieve this? Vendor Management What practices must change to ensure effective management of cloud vendors?
      Provisioning Who will be responsible for deploying cloud workloads? What governance will this process be subject to? Finance Management How will costs be managed with the transition away from capital expenditure?
      Migration How will cloud migrations be conducted? What best practices/standards must be employed? Security What steps must be taken to ensure that cloud services meet security requirements?
      Operations management What is the process for managing operations as they change in the cloud? Data Controls How will data residency, compliance, and protection requirements be met in the cloud?
      Architecture What general principles must apply in the cloud environment? Skills and roles What skills become necessary in the cloud? What steps must be taken to acquire those skills?
      Integration and interoperability How will services be integrated? What standards must apply? Culture and adoption Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance?
      Portfolio Management Who will be responsible for managing the growth of the cloud portfolio? Governing bodies What formal governance must be put in place? Who will be responsible for setting standards?

      Cloud archetypes – a cloud vision component

      Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.

      Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.

      After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.

      The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.

      We can best support the organization's goals by:

      More Cloud

      Less Cloud

      Cloud Focused Cloud-Centric Providing all workloads through cloud delivery.
      Cloud-First Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?”
      Cloud Opportunistic Hybrid Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads.
      Integrated Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware.
      Split Using the cloud for some workloads and traditional infrastructure resources for others.
      Cloud Averse Cloud-Light Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary.
      Anti-Cloud Using traditional infrastructure resources and avoiding use of the cloud wherever possible.

      Info-Tech’s methodology for defining your cloud vision

      1. Understand the Cloud 2. Assess Workloads 3. Identify and Mitigate Risks 4. Bridge the Gap and Create the Vision
      Phase Steps
      1. Generate goals and drivers
      2. Explore cloud characteristics
      3. Create a current state summary
      4. Select workloads for analysis
      1. Conduct workload assessments
      2. Determine workload future state
      1. Generate risks and roadblocks
      2. Mitigate risks and roadblocks
      3. Define roadmap initiatives
      1. Review and assign work items
      2. Finalize cloud decision framework
      3. Create cloud vision
      Phase Outcomes
      1. List of goals and drivers
      2. Shared understanding of cloud terms
      3. Current state of cloud in the organization
      4. List of workloads to be assessed
      1. Completed workload assessments
      2. Defined workload future state
      1. List of risks and roadblocks
      2. List of mitigations
      3. Defined roadmap initiatives
      1. Cloud roadmap
      2. Cloud decision framework
      3. Completed Cloud Vision Executive Presentation

      Insight summary

      The cloud may not be right for you – and that’s okay!

      Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.

      Not all clouds are equal

      It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).

      Bottom-up is best

      A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.

      Your accountability doesn’t change

      You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.

      Don’t customize for the sake of customization

      SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.

      Best of both worlds, worst of both worlds

      Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.

      The journey matters as much as the destination

      How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.

      Blueprint benefits

      Cloud Vision Executive Presentation

      This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.

      Cloud Vision Workbook

      This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.

      Blueprint benefits

      IT Benefits

      • A consistent approach to the cloud takes the guesswork out of deployment decisions and makes it easier for IT to move on to the execution stage.
      • When properly incorporated, cloud services come with many benefits, including automation, elasticity, and alternative architectures (micro-services, containers). The cloud vision project will help IT readers articulate expected benefits and work towards achieving them.
      • A clear framework for incorporating organizational goals into cloud plans.

      Business benefits

      • Simple, well-governed access to high-quality IT resources.
      • Access to the latest and greatest in technology to facilitate remote work.
      • Framework for cost management in the cloud that incorporates OpEx and chargebacks/showbacks. A clear understanding of expected changes to cost modeling is also a benefit of a cloud vision.
      • Clarity for stakeholders about IT’s response (and contribution to) IT strategic initiatives.

      Measure the value of this blueprint

      Don’t take our word for it:

      • The cloud vision material in various forms has been offered for several years, and members have generally benefited substantially, both from cloud vision workshops and from guided implementations led by analysts.
      • After each engagement, we send a survey that asks members how they benefited from the experience. Of 30 responses, the cloud vision research has received an average score of 9.8/10. Real members have found significant value in the process.
      • Additionally, members reported saving between 2 and 120 days (for an average of 17), and financial savings ranged from $1,920 all the way up to $1.27 million, for an average of $170,577.90! If we drop outliers on both ends, the average reported value of a cloud vision engagement is $37, 613.
      • Measure the value by calculating the time saved from using Info-Tech’s framework vs. a home-brewed cloud strategy alternative and by comparing the overall cost of a guided implementation or workshop with the equivalent offering from another firm. We’re confident you’ll come out ahead.

      9.8/10 Average reported satisfaction

      17 Days Average reported time savings

      $37, 613 Average cost savings (adj.)

      Executive Brief Case Study

      Industry: Financial

      Source: Info-Tech workshop

      Anonymous financial institution

      A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.

      The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.

      Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.

      Results

      The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.

      Bank cloud vision

      [Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.

      Bank cloud decision workflow

      • SaaS
        • Platform?
          • Yes
            • PaaS
          • No
            • Hosted
          • IaaS
            • Other

      Non-cloud

      Cloud

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      "Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."

      Guided Implementation

      "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

      Workshop

      "We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."

      Consulting

      "Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."

      Diagnostics and consistent frameworks are used throughout all four options.

      Guided Implementation

      What does a typical GI on this topic look like?

      A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      A typical GI is between 8 to 12 calls over the course of 4 to 6 months.

      Phase 1

      • Call #1: Discuss current state, challenges, etc.
      • Call #2: Goals, drivers, and current state.

      Phase 2

      • Call #3: Conduct cloud suitability assessment for selected workloads.

      Phase 3

      • Call #4: Generate and categorize risks.
      • Call #5: Begin the risk mitigation conversation.

      Phase 4

      • Call #6: Complete the risk mitigation process
      • Call #7: Finalize vision statement and cloud decision framework.

      Workshop Overview

      Contact your account representative for more information.

      workshops@infotech.com 1-888-670-8889

      Day 1 Day 2 Day 3 Day 4 Offsite day
      Understand the cloud Assess workloads Identify and mitigate risks Bridge the gap and create the strategy Next steps and wrap-up (offsite)
      Activities

      1.1 Introduction

      1.2 Generate corporate goals and cloud drivers

      1.3 Identify success indicators

      1.4 Explore cloud characteristics

      1.5 Explore cloud service and delivery models

      1.6 Define cloud support models and strategy components

      1.7 Create current state summaries for the different service and delivery models

      1.8 Select workloads for further analysis

      2.1 Conduct workload assessments using the cloud strategy workbook tool

      2.2 Discuss assessments and make preliminary determinations about workloads

      3.1 Generate a list of risks and potential roadblocks associated with the cloud

      3.2 Sort risks and roadblocks and define categories

      3.3 Identify mitigations for each identified risk and roadblock

      3.4 Generate initiatives from the mitigations

      4.1 Review and assign work items

      4.2 Finalize the decision framework for each of the following areas:

      • Service model
      • Delivery model
      • Support model

      4.3 Create a cloud vision statement

      5.1 Build the Cloud Vision Executive Presentation
      Deliverables
      1. Corporate goals and cloud drivers
      2. Success indicators
      3. Current state summaries
      4. List of workloads for further analysis
      1. Completed workload assessments
      2. Workload summary statements
      1. List of risks and roadblocks, categorized
      2. List of mitigations
      3. List of initiatives
      1. Finalized task list
      2. Formal cloud decision rubric
      3. Cloud vision statement
      1. Completed cloud strategy executive presentation
      2. Completed cloud vision workbook

      Understand the cloud

      Build the foundations of your cloud vision

      Phase 1

      Phase 1

      Understand the Cloud

      Phase 1

      1.1 Generate goals and drivers

      1.2 Explore cloud characteristics

      1.3 Create a current state summary

      1.4 Select workloads for analysis

      Phase 2

      2.1 Conduct workload assessments

      2.2 Determine workload future states

      Phase 3

      3.1 Generate risks and roadblocks

      3.2 Mitigate risks and roadblocks

      3.3 Define roadmap initiatives

      Phase 4

      4.1 Review and assign work items

      4.2 Finalize cloud decision framework

      4.3 Create cloud vision

      This phase will walk you through the following activities:

      1.1.1 Generate organizational goals

      1.1.2 Define cloud drivers

      1.1.3 Define success indicators

      1.3.1 Record your current state

      1.4.1 Select workloads for further assessment

      This phase involves the following participants:

      IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.

      It starts with shared understanding

      Stakeholders must agree on overall goals and what “cloud” means

      The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.

      This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.

      Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.

      This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.

      Step 1.1

      Generate goals and drivers

      Activities

      1.1.1 Define organizational goals

      1.1.2 Define cloud drivers

      1.1.3 Define success indicators

      Generate goals and drivers

      Explore cloud characteristics

      Create a current state summary

      Select workloads for analysis

      This step involves the following participants:

      • IT management
      • Core working group
      • Security
      • Applications
      • Infrastructure
      • Service management
      • Leadership

      Outcomes of this step

      • List of organizational goals
      • List of cloud drivers
      • Defined success indicators

      What can the cloud do for you?

      The cloud is not valuable for its own sake, and not all users derive the same value

      • The cloud is characterized by on-demand self-service, broad network access, resource pooling, rapid elasticity, and measured service. Any or all of those characteristics might be enough to make the cloud appealing, but in most cases, there is an overriding driver.
      • Multiple paths may lead to the cloud. Consider an organization with a need to control costs by showing back to business units, or perhaps by reducing capital expenditure – the cloud may be the most appropriate way to effect these changes. Conversely, an organization expanding rapidly and with a need to access the latest and greatest technology might benefit from the elasticity and pooled resources that major cloud providers can offer.
      • In these cases, the destination might be the same (a cloud solution) but the delivery model – public, private, or hybrid – and the decisions made around the key strategy components, including architecture, provisioning, and cost management, will almost certainly be different.
      • Defining goals, understanding cloud drivers, and – crucially – understanding what success means, are all therefore essential elements of the cloud vision process.

      1.1.1 Generate organizational goals

      1-3 hours

      Input

      • Strategy documentation

      Output

      • Organizational goals

      Materials

      • Whiteboard (digital/physical)

      Participants

      • IT leadership
      • Infrastructure
      • Applications
      • Security
      1. As a group, brainstorm organizational goals, ideally based on existing documentation
        • Review relevant corporate and IT strategies.
        • If you do not have access to internal documentation, review the standard goals on the next slide and select those that are most relevant for you.
      2. Record the most important business goals in the Cloud Vision Executive Presentation. Include descriptions where possible to ensure wide readability.
      3. Make note of these goals. They should inform the answers to prompts offered in the Cloud Vision Workbook and should be a consistent presence in the remainder of the visioning exercise. If you’re conducting the session in person, leave the goals up on a whiteboard and make reference to them throughout the workshop.

      Cloud Vision Executive Presentation

      Standard COBIT 19 enterprise goals

      1. Portfolio of competitive products and services
      2. Managed business risk
      3. Compliance with external laws and regulations
      4. Quality of financial information
      5. Customer-oriented service culture
      6. Business service continuity and availability
      7. Quality of management information
      8. Optimization of internal business process functionality
      9. Optimization of business process costs
      10. Staff skills, motivation, and productivity
      11. Compliance with internal policies
      12. Managed digital transformation programs
      13. Product and business innovation

      1.1.2 Define cloud drivers

      30-60 minutes

      Input

      • Organizational goals
      • Strategy documentation
      • Management/staff perspective

      Output

      • List of cloud drivers

      Materials

      • Sticky notes
      • Whiteboard
      • Markers

      Participants

      • IT leadership
      • Infrastructure
      • Applications
      • Security
      1. Cloud drivers sit at a level of abstraction below organizational goals. Keeping your organizational goals in mind, have each participant in the session write down how they expect to benefit from the cloud on a sticky note.
      2. Solicit input one at a time and group similar responses. Encourage participants to bring forward their cloud goals even if similar goals have been mentioned previously. The number of mentions is a useful way to gauge the relative weight of the drivers.
      3. Once this is done, you should have a few groups of similar drivers. Work with the group to name each category. This name will be the driver reported in the documentation.
      4. Input the results of the exercise into the Cloud Vision Executive Presentation, and include descriptions based on the constituent drivers. For example, if a driver is titled “do more valuable work,” the constituent drivers might be “build cloud skills,” “focus on core products,” and “avoid administration work where possible.” The description would be based on these components.

      Cloud Vision Executive Presentation

      1.1.3 Define success indicators

      1 hour

      Input

      • Cloud drivers
      • Organizational goals

      Output

      • List of cloud driver success indicators

      Materials

      • Whiteboard
      • Markers

      Participants

      • IT leadership
      • Infrastructure
      • Applications
      • Security
      1. On a whiteboard, draw a table with each of the cloud drivers (identified in 1.1.2) across the top.
      2. Work collectively to generate success indicators for each cloud driver. In this case, a success indicator is some way you can report your progress with the stated driver. It is a real-world proxy for the sometimes abstract phenomena that make up your drivers. Think about what would be true if your driver was realized.
        1. For example, if your driver is “faster access to resources,” you might consider indicators like developer satisfaction, project completion time, average time to provision, etc.
      3. Once you are satisfied with your list of indicators, populate the slide in the Cloud Vision Executive Presentation for validation from stakeholders.

      Cloud Vision Executive Presentation

      Step 1.2

      Explore cloud characteristics

      Activities

      Understand the value of the cloud:

      • Review delivery models
      • Review support models
      • Review service models
      • Review migration paths

      Understand the Cloud

      Generate goals and drivers

      Explore cloud characteristics

      Create a current state summary

      Select workloads for analysis

      This step involves the following participants:

      • Core working group
      • Architecture
      • Engineering
      • Security

      Outcomes of this step

      • Understanding of cloud service models and value

      Defining the cloud

      Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.

      Cloud characteristics

      On-demand self-service

      Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.

      Broad network access

      Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).

      Resource pooling

      Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.

      Rapid elasticity

      Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.

      Measured service

      Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.

      Cloud delivery models

      The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.

      Public

      The cloud service is provisioned for access by the general public (customers).

      Private

      A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.

      Hybrid

      Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).

      Multi

      A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).

      Public cloud

      This is what people generally think about when they talk about cloud

      • The public cloud is, well, public! Anyone can make use of its resources, and in the case of the major providers, capacity is functionally unlimited. Need to store exabytes of data in the cloud? No problem! Amazon will drive a modified shipping container to your datacenter, load it up, and “migrate” it to a datacenter.
      • Public clouds offer significant variety on the infrastructure side. Major IaaS providers, like Microsoft and Amazon, offer dozens of services across many different categories including compute, networking, and storage, but also identity, containers, machine learning, virtual desktops, and much, much more. (See a list from Microsoft here, and Amazon here)
      • There are undoubtedly strengths to the public cloud model. Providers offer the “latest and greatest” and customers need not worry about the details, including managing infrastructure and physical locations. Providers offer built-in redundancy, multi-regional deployments, automation tools, management and governance solutions, and a variety of leading-edge technologies that would not be feasible for organizations to run in-house, like high performance compute, blockchain, or quantum computing.
      • Of course, the public cloud is not all sunshine and rainbows – there are downsides as well. It can be expensive; it can introduce regulatory complications to have to trust another entity with your key information. Additionally, there can be performance hiccups, and with SaaS products, it can be difficult to monitor at the appropriate (per-transaction) level.

      Prominent examples include:

      AWS

      Microsoft

      Azure

      Salesforce.com

      Workday

      SAP

      Private cloud

      A lower-risk cloud for cloud-averse customers?

      • A cloud is a cloud, no matter how small. Some IT shops deploy private clouds that make use of the five key cloud characteristics but provisioned for the exclusive use of a single entity, like a corporation.
      • Private clouds have numerous benefits. Some potential cloud customers might be uncomfortable with the shared responsibility that is inherent in the public cloud. Private clouds allow customers to deliver flexible, measured services without having to surrender control, but they require significant overhead, capital expenditure, administrative effort, and technical expertise.
      • According to the 2021 State of the Cloud Report, private cloud use is common, and the most frequently cited toolset is VMware vSphere, followed by Azure Stack, OpenStack, and AWS Outposts. Private cloud deployments are more common in larger organizations, which makes sense given the overhead required to manage such an environment.

      Private cloud adoption

      The images shows a graph titled Private Cloud Adoption for Enterprises. It is a horizontal bar graph, with three segments in each bar: dark blue marking currently use; mid blue marking experimenting; and light blue marking plan to use.

      VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.

      Hybrid cloud

      The best of both worlds?

      Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.

      This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.

      But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).

      Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.

      Amazon, Microsoft, and Google dominate public cloud IaaS, but IBM is betting big on hybrid cloud:

      The image is a screencap of a tweet from IBM News. The tweet reads: IBM CEO Ginni Rometty: Hybrid cloud is a trillion dollar market and we'll be number one #Think2019.

      With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:

      “Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).

      Multi-cloud

      For most organizations, the multi-cloud is the most realistic option.

      Multi-cloud is popular!

      The image shows a graph titled Multi-Cloud Architectures Used, % of all Respondents. The largest percentage is Apps siloed on different clouds, followed by DAta integration between clouds.

      Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.

      Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).

      If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.

      NIST cloud service models

      Software as a service

      SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.

      Platform as a service

      PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.

      Infrastructure as a service

      IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.

      Cloud service models

      • This research focuses on five key service models, each of which has its own strengths and weaknesses. Moving right from “on-prem,” customers gradually give up more control over their environments to cloud service providers.
      • An entirely premises-based environment means that the customer is responsible for everything ranging from the dirt under the datacenter to application-level configurations. Conversely, in a SaaS environment, the provider is responsible for everything but those top-level application configurations.
      • A managed service provider or other third party can manage any or of the components of the infrastructure stack. A service provider may, for example, build a SaaS solution on top of another provider’s IaaS, or might offer configuration assistance with a commercially available SaaS.

      Info-Tech Insight

      Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.

      On-prem Co-Lo IaaS PaaS SaaS
      Application Application Application Application Application
      Database Database Database Database Database
      Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware Runtime/ Middleware
      OS OS OS OS OS
      Hypervisor Hypervisor Hypervisor Hypervisor Hypervisor
      Server Network Storage Server Network Storage Server Network Storage Server Network Storage Server Network Storage
      Facilities Facilities Facilities Facilities Facilities

      Organization has control

      Organization or vendor may control

      Vendor has control

      Analytics folly

      SaaS is good, but it’s not a panacea

      Industry: Healthcare

      Source: Info-Tech workshop

      Situation

      A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.

      The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.

      Complication

      Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.

      That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).

      Results

      The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.

      The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.

      Migration paths

      In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:

      1. Value: does the workload stand to benefit from unique cloud characteristics? To what degree?
      2. Effort: how much work would be required to make the transition?
      3. Cost: how much money is the migration expected to cost?
      4. Time: how long will the migration take?
      5. Skills: what skills must be brought to bear to complete the migration?

      Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.

      As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.

      Retain (Revisit)

      • Keep the application in its current form, at least for now. This doesn’t preclude revisiting it in the future.

      Retire

      • Get rid of the application completely.

      Rehost

      • Move the application to the cloud (IaaS) and continue to run it in more or less the same form as it currently runs.

      Replatform

      • Move the application to the cloud and perform a few changes for cloud optimizations.

      Refactor

      • Rewrite the application, taking advantage of cloud native architectures.

      Repurchase

      • Replace with an alternative, cloud-native application and migrate the data.

      Migration paths – relative value

      Migration path Value Effort Cost Time Skills
      Retain No real change in the absolute value of the workload if it is retained. No effort beyond ongoing workload maintenance. No immediate hard dollar costs, but opportunity costs and technical debt abound. No time required! (At least not right away…) Retaining requires the same skills it has always required (which may be more difficult to acquire in the future).
      Rehire A retired workload can provide no value, but it is not a drain! Spinning a service down requires engaging that part of the lifecycle. N/A Retiring the service may be simple or complicated depending on its current role. N/A
      Rehost Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. Relatively cheap compared to other options. Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS.

      Replatform

      Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). Replatforming is more effortful than rehosting, but less effortful than refactoring. Moderate cost – does not require fundamental rearchitecture, just some tweaking. Relatively more complicated than a simple rehost, but less demanding than a refactor. Platform and workload expertise is required; more substantial than a simple rehost.
      Refactor A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. Significant effort required based on the requirement to engage the full SDLC. Significant cost required to engage SDLC and rebuild the application/service. The most complicated and time-consuming. The most complicated and time-consuming.
      Repurchase Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. Buying software does require knowledge of requirements and integrations, but is otherwise quite simple.

      Where should you get your cloud skills?

      Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.

      Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?

      Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:

      1. Train or hire internal resources: This might be easier said than done, especially for more niche skills, but makes sense for workloads that are critical to operations for the long term.
      2. Engage a managed service provider: MSPs are often engaged to manage services where internal IT lacks bandwidth or expertise.
      3. Hire a consultant: Consultants are great for time-bound implementation projects where highly specific expertise is required, such as a migration or implementation project.

      Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?

      Cloud decisions – summary

      A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.

      Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.

      Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.

      The image is a Venn diagram, with the left side titled Workload level, and the right side titled Environment Level. In the left section are: service model and migration path. On the right section are: Overall vision and Delivery model. In the centre section are: support model and Risks and roadblocks.

      Step 1.3

      Create a current state summary

      Activities

      1.3.1 Record your current state

      Understand the Cloud

      Generate goals and drivers

      Explore cloud characteristics

      Create a current state summary

      Select workloads for analysis

      This step involves the following participants: Core working group

      Outcomes of this step

      • Current state summary of cloud solutions

      1.3.1 Record your current state

      30 minutes

      Input

      • Knowledge of existing cloud workloads

      Output

      • Current state cloud summary for service, delivery, and support models

      Materials

      • Whiteboard

      Participants

      • Core working group
      • Infrastructure team
      • Service owners
      1. On a whiteboard (real or virtual) draw a table with each of the cloud service models across the top. Leave a cell below each to list examples.
      2. Under each service model, record examples present in your environment. The purpose of the exercise is to illustrate the existence of cloud services in your environment or the lack thereof, so there is no need to be exhaustive. Complete this in turn for each service model until you are satisfied that you have created an effective picture of your current cloud SaaS state, IaaS state, etc.
      3. Input the results into their own slide titled “current state summary” in the Cloud Vision Executive Presentation.
      4. Repeat for the cloud delivery models and support models and include the results of those exercises as well.
      5. Create a short summary statement (“We are primarily a public cloud consumer with a large SaaS footprint and minimal presence in PaaS and IaaS. We retain an MSP to manage our hosted telephony solution; otherwise, everything is handled in house.”

      Cloud Vision Executive Presentation

      Step 1.4

      Select workloads for current analysis

      Activities

      1.4.1 Select workloads for assessment

      This step involves the following participants:

      • Core working group

      Outcomes of this step

      • List of workloads for assessment

      Understand the cloud

      Generate goals and drivers

      Explore cloud characteristics

      Create a current state summary

      Select workloads for analysis

      1.4.1 Select workloads for assessment

      30 minutes

      Input

      • Knowledge of existing cloud workloads

      Output

      • List of workloads to be assessed

      Materials

      • Whiteboard
      • Cloud Vision Workbook

      Participants

      • Core working group
      • IT management
      1. In many cases, the cloud project is inspired by a desire to move a particular workload or set of workloads. Solicit feedback from the core working group about what these workloads might be. Ask everyone in the meeting to suggest a workload and record each one on a sticky note or white board (virtual or physical).
      2. Discuss the results with the group and begin grouping similar workloads together. They will be subject to the assessments in the Cloud Vision Workbook, so try to avoid selecting too many workloads that will produce similar answers. It might not be obvious, but try to think about workloads that have similar usage patterns, risk levels, and performance requirements, and select a representative group.
      3. You should embrace counterintuition by selecting a workload that you think is unlikely to be a good fit for the cloud if you can and subjecting it to the assessment as well for validation purposes.
      4. When you have a list of 4-6 workloads, record them on tab 2 of the Cloud Vision Workbook.

      Cloud Vision Workbook

      Assess your cloud workloads

      Build the foundations of your cloud vision

      Phase 2

      Phase 2

      Evaluate Cloud Workloads

      Phase 1

      1.1 Generate goals and drivers

      1.2 Explore cloud characteristics

      1.3 Create a current state summary

      1.4 Select workloads for analysis

      Phase 2

      2.1 Conduct workload assessments

      2.2 Determine workload future states

      Phase 3

      3.1 Generate risks and roadblocks

      3.2 Mitigate risks and roadblocks

      3.3 Define roadmap initiatives

      Phase 4

      4.1 Review and assign work items

      4.2 Finalize cloud decision framework

      4.3 Create cloud vision

      This phase will walk you through the following activities:

      • Conduct workload assessments
      • Determine workload future state

      This phase involves the following participants:

      • Subject matter experts
      • Core working group
      • IT management

      Define Your Cloud Vision

      Work from the bottom up and assess your workloads

      A workload-first approach will help you create a realistic vision.

      The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.

      It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.

      That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.

      It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.

      Introducing the Cloud Vision Workbook

      • The Cloud Vision Workbook is an Excel tool that answers the age old question: “What should I do with my workloads?”
      • It is divided into eight tabs, each of which offers unique value. Start by reading the introduction and inputting your list of workloads. Work your way through tabs 3-6, completing the suitability, migration, management, and risk and roadblock assessments, and review the results on tab 7.
      • If you choose to go through the full battery of assessments for each workload, expect to answer and weight 111 unique questions across the four assessments. This is an intensive exercise, so carefully consider which assessments are valuable to you, and what workloads you have time to assess.
      • Tab 8 hosts the milestone timeline and captures the results of the phase 3 risk and mitigation exercise.

      Understand Cloud Vision Workbook outputs

      The image shows a graphic with several graphs and lists on it, with sections highlighted with notes. At the top, there's the title Database with the note Workload title (populated from tab 2). Below that, there is a graph with the note Relative suitability of the five service models. The Risks and roadblocks section includes the note: The strategy components – the risks and roadblocks – are captured relative to one another to highlight key focus areas. To the left of that, there is a Notes section with the note Notes populated based on post-assessment discussion. At the bottom, there is a section titled Where should skills be procured?, with the note The radar diagram captures the recommended support model relative to the others (MSP, consultant, internal IT). To the right of that, there is a section titled Migration path, with the note that Ordered list of migration paths. Note: a disconnect here with the suggested service model may indicate an unrealistic goal state.

      Step 2.1

      Conduct workload assessments

      Activities

      2.1.1 Conduct workload assessments

      2.1.2 Interpret your results

      Phase Title

      Conduct workload assessments

      Determine workload future state

      This step involves the following participants:

      • Core working group
      • Workload subject matter experts

      Outcomes of this step

      • Completed workload assessments

      2.1.1 Conduct workload assessments

      2 hours per workload

      Input

      • List of workloads to be assessed

      Output

      • Completed cloud vision assessments

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      • Service owners/workload SMEs
      1. The Cloud Vision Workbook is your one stop shop for all things workload assessment. Open the tool to tab 2 and review the workloads you identified at the end of phase 1. Ensure that these are correct. Once satisfied, project the tool (virtually, if necessary) so that all participants can see the assessment questions.
      2. Work through tabs 3-6, answering the questions and assigning a multiplier for each one. A higher multiplier increases the relative weight of the question, giving it a greater impact on the overall outcome.
      3. Do your best to induce participants to offer opinions. Consensus is not absolutely necessary, but it is a good goal. Ask your participants if they agree with initial responses and occasionally take the opposite position (“I’m surprised you said agree – I would have thought we didn’t care about CapEx vs. OpEx”). Stimulate discussion.
      4. Highlight any questions that you will need to return to or run by someone not present. Include a placeholder answer, as the tool requires all cells to be filled for computation.

      Cloud Vision Workbook

      2.1.2 Interpret your results

      10 minutes

      Input

      • Completed cloud vision assessments

      Output

      • Shared understanding of implications

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      • Service owners/workload SMEs
      1. Once you’ve completed all 111 questions for each workload, you can review your results on tab 7. On tab 7, you will see four populated graphics: cloud suitability, migration path, “where should skills be procured?”, and risks and roadblocks. These represent the components of the overall cloud vision that you will present to stakeholders.
      2. The “cloud suitability” chart captures the service model that the assessment judges to be most suitable for the workload. Ask those present if any are surprised by the output. If there is any disagreement, discuss the source of the surprise and what a more realistic outcome would be. Revisit the assessment if necessary.
      3. Conduct a similar exercise with each of the other outputs. Does it make sense to refactor the workload based on its cloud suitability? Does the fact that we scored so highly on the “consultant” support model indicate something about how we handle upskilling internally? Does the profile of risks and roadblocks identified here align with expectations? What should be ranked higher? What about lower?
      4. Once everyone is generally satisfied with the results, close the tool and take a break! You’ve earned it.

      Cloud Vision Workbook

      Understand the cloud strategy components

      Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.

      People

      • Skills and roles
      • Culture and adoption
      • Governing bodies

      Governance

      • Architecture
      • Integration and interoperability
      • Operations management
      • Cloud portfolio management
      • Cloud vendor management
      • Finance management
      • Security
      • Data controls

      Technology

      • Monitoring
      • Provisioning
      • Migration

      Strategy component: People

      People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.

      Component Description Challenges
      Skills and roles The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration.
      Culture and adoption If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil.
      Governing bodies A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy.

      Strategy component: Governance

      Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.

      Component Description Challenges
      Architecture Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures.
      Integration and interoperability Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform.
      Operations management Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back.

      Strategy component: Governance (cont.)

      Component Description Challenges
      Cloud portfolio management This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy.
      Cloud vendor management Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor.
      Finance management Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”).
      Security The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy.

      Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology.

      Data controls Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud.

      Strategy component: Technology

      Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.

      Component Description Challenges
      Monitoring The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required.
      Provisioning How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation.
      Migration The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise.

      Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!).

      Step 2.2

      Determine workload future state

      Activities

      2.2.1 Determine workload future state

      Conduct workload assessments

      Determine workload future state

      This step involves the following participants:

      • IT management
      • Core working group

      Outcomes of this step

      • Completed workload assessments
      • Defined workload future state

      2.2.1 Determine workload future state

      1-3 hours

      Input

      • Completed workload assessments

      Output

      • Preliminary future state outputs

      Materials

      • Cloud Vision Workbook
      • Cloud Vision Executive Presentation

      Participants

      • Core working group
      • Service owners
      • IT management
      1. After you’ve had a chance to validate your results, refer to tab 7 of the tool, where you will find a blank notes section.
      2. With the working group, capture your answers to each of the following questions:
        1. What service model is the most suitable for the workload? Why?
        2. How will we conduct the migration? Which of the six models makes the most sense? Do we have a backup plan if our primary plan doesn’t work out?
        3. What should the support model look like?
        4. What are some workload-specific risks and considerations that must be taken into account for the workload?
      3. Once you’ve got answers to each of these questions for each of the workloads, include your summary in the “notes” section of tab 7.

      Cloud Vision Executive Presentation

      Paste the output into the Cloud Vision Executive Presentation

      • The Cloud Vision Workbook output is a compact, consumable summary of each workload’s planned future state. Paste each assessment in as necessary.
      • There is no absolutely correct way to present the information, but the output is a good place to start. Do note that, while the presentation is designed to lead with the vision statement, because the process is workload-first, the assessments are populated prior to the overall vision in a bottom-up manner.
      • Be sure to anticipate the questions you are likely to receive from any stakeholders. You may consider preparing for questions like: “What other workloads fit this profile?” “What do we expect the impact on the budget to be?” “How long will this take?” Keep these and other questions in mind as you progress through the vision definition process.

      The image shows the Cloud Vision Workbook output, which was described in an annotated version in an earlier section.

      Info-Tech Insight

      Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.

      Identify and Mitigate Risks

      Build the foundations of your cloud vision

      PHASE 3

      Phase 3

      Identify and Mitigate Risks

      Phase 1

      1.1 Generate goals and drivers

      1.2 Explore cloud characteristics

      1.3 Create a current state summary

      1.4 Select workloads for analysis

      Phase 2

      2.1 Conduct workload assessments

      2.2 Determine workload future states

      Phase 3

      3.1 Generate risks and roadblocks

      3.2 Mitigate risks and roadblocks

      3.3 Define roadmap initiatives

      Phase 4

      4.1 Review and assign work items

      4.2 Finalize cloud decision framework

      4.3 Create cloud vision

      This phase will walk you through the following activities:

      • Generate risks and roadblocks
      • Mitigate risks and roadblocks
      • Define roadmap initiatives

      This phase involves the following participants:

      • Core working group
      • Workload subject matter experts

      You know what you want to do, but what do you have to do?

      What questions remain unanswered?

      There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.

      Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.

      Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.

      Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.

      Step 3.1

      Generate risks and roadblocks

      Activities

      3.1.1 Generate risks and roadblocks

      3.1.2 Generate mitigations

      Identify and mitigate risks

      Generate risks and roadblocks

      Mitigate risks and roadblocks

      Define roadmap initiatives

      This step involves the following participants:

      • Core working group
      • IT management
      • Infrastructure
      • Applications
      • Security
      • Architecture

      Outcomes of this step

      • List of risks and roadblocks

      Understand risks and roadblocks

      Risk

      • Something that could potentially go wrong.
      • You can respond to risks by mitigating them:
        • Eliminate: take action to prevent the risk from causing issues.
        • Reduce: take action to minimize the likelihood/severity of the risk.
        • Transfer: shift responsibility for the risk away from IT, towards another division of the company.
        • Accept: where the likelihood or severity is low, it may be prudent to accept that the risk could come to fruition.

      Roadblock

      • There are things that aren’t “risks” that we care about when migrating to the cloud.
      • We know, for example, that a complicated integration situation will create work items for any migration – this is not an “unknown.”
      • We respond to roadblocks by generating work items.

      3.1.1 Generate risks and roadblocks

      1.5 hours

      Input

      • Completed cloud vision assessments

      Output

      • List of risks and roadblocks

      Materials

      • Whiteboard
      • Sticky notes

      Participants

      • Core working group
      • Service owners/workload SMEs
      • Anyone with concerns about the cloud
      1. Gather your core working group – and really anyone with an intelligent opinion on the cloud – into a single meeting space. Give the group 5-10 minutes to list anything they think could present a difficulty in transitioning workloads to the cloud. Write each risk/roadblock on its own sticky note. You will never be 100% exhaustive, but don’t let anything your users care about go unaddressed.
      2. Once everyone has had time to write down their risks and roadblocks, have everyone share one by one. Make sure you get them all. Overlap in risks and roadblocks is okay! Group similar concerns together to give a sort of heat map of what your participants are concerned about. (This is called “affinity diagramming.”)
      3. Assign names to these categories. Many of these categories will align with the strategy components discussed in the previous phase (governance, security, etc.) but some will be specific whether by nature or by degree.
      4. Sort each of the individual risks into its respective category, collapsing any exact duplicates, and leaving room for notes and mitigations (see the next slide for a visual).

      Understand risks and roadblocks

      The image is two columns--on the left, the column is titled Affinity Diagramming. Below the title, there are many colored blocks, randomly arranged. There is an arrow pointing right, to the same coloured blocks, now sorted by colour. In the right column--titled Categorization--each colour has been assigned a category, with subcategories.

      Step 3.2

      Mitigate risks and roadblocks

      Activities

      3.2.1 Generate mitigations

      Identify and mitigate risks

      Generate risks and roadblocks

      Mitigate risks and roadblocks

      Define roadmap initiatives

      This step involves the following participants:

      • Core working group

      Outcomes of this step

      • List of mitigations

      Is the public cloud less secure?

      This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?

      As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:

      1. Misconfiguration: An error grants access to unauthorized parties (as happened to Capital One in 2019). This can be mitigated by careful configuration management and third-party tooling.
      2. Unauthorized access by cloud provider/partner employees: Though rare, it is possible that a cloud provider or partner can be a vector for a breach. Careful contract language, choosing to own your own encryption keys, and a hybrid approach (storing data on-premises) are some possible ways to address this problem.
      3. Unauthorized access to systems: Cloud services are designed to be accessed from anywhere and may be accessed by malicious actors. Possible mitigations include risk-based conditional access, careful identity access management, and logging and detection.

      “The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud

      Breach bests bank

      No cloud provider can protect against every misconfiguration

      Industry: Finance

      Source: The New York Times, CNET

      Background

      Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”

      Complication

      The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.

      According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.

      Results

      Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”

      It was a bad few months for IT at Capital One.

      3.2.1 Generate mitigations

      3-4.5 hours

      Input

      • Completed cloud vision assessments

      Output

      • List of risks and roadblocks

      Materials

      • Whiteboard
      • Sticky notes

      Participants

      • Core working group
      • Service owners/workload SMEs
      • Anyone with concerns about the cloud
      1. Recall the four mitigation strategies: eliminate, reduce, transfer, or accept. Keep these in mind as you work through the list of risks and roadblocks with the core working group. For every individual risk or roadblock raised in the initial generation session, suggest a specific mitigation. If the concern is “SaaS providers having access to confidential information,” a mitigation might be encryption, specific contract language, or proof of certifications (or all the above).
      2. Work through this for each of the risks and roadblocks, identifying the steps you need to take that would satisfy your requirements as you understand them.
      3. Once you have gone through the whole list – ideally with input from SMEs in particular areas like security, engineering, and compliance/legal – populate the Cloud Vision Workbook (tab 8) with the risks, roadblocks, and mitigations (sorted by category). Review tab 8 for an example of the output of this exercise.

      Cloud Vision Workbook

      Cloud Vision Workbook – mitigations

      The image shows a large chart titled Risks, roadblocks, and mitigations, which has been annotated with notes.

      Step 3.3

      Define roadmap initiatives

      Activities

      3.3.1 Generate roadmap initiatives

      Identify and mitigate risks

      Generate risks and roadblocks

      Mitigate risks and roadblocks

      Define roadmap initiatives

      This step involves the following participants:

      • Core working group

      Outcomes of this step

      • Defined roadmap initiatives

      3.3.1 Generate roadmap initiatives

      1 hour

      Input

      • List of risk and roadblock mitigations

      Output

      • List of cloud initiatives

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      1. Executing on your cloud vision will likely require you to undertake some key initiatives, many of which have already been identified as part of your mitigation exercise. On tab 8 of the Cloud Vision Workbook, review the mitigations you created in response to the risks and roadblocks identified. Initiatives should generally be assignable to a party and should have a defined scope/duration. For example, “assess all net new applications for cloud suitability” might not be counted as an initiative, but “design a cloud application assessment” would likely be.
      2. Design a timeline appropriate for your specific needs. Generally short-term (less than 3 months), medium-term (3-6 months), and long-term (greater than 6 months) will work, but this is entirely based on preference.
      3. Review and validate the parameters with the working group. Consider creating additional color-coding (highlighting certain tasks that might be dependent on a decision or have ongoing components).

      Cloud Vision Workbook

      Bridge the gap and create the vision

      Build the foundations of your cloud vision

      Phase 4

      Phase 4

      Bridge the Gap and Create the Vision

      Phase 1

      1.1 Generate goals and drivers

      1.2 Explore cloud characteristics

      1.3 Create a current state summary

      1.4 Select workloads for analysis

      Phase 2

      2.1 Conduct workload assessments

      2.2 Determine workload future states

      Phase 3

      3.1 Generate risks and roadblocks

      3.2 Mitigate risks and roadblocks

      3.3 Define roadmap initiatives

      Phase 4

      4.1 Review and assign work items

      4.2 Finalize cloud decision framework

      4.3 Create cloud vision

      This phase will walk you through the following activities:

      • Assign initiatives and propose timelines
      • Build a delivery model rubric
      • Build a service model rubric
      • Built a support model rubric
      • Create a cloud vision statement
      • Map cloud workloads
      • Complete the Cloud Vision presentation

      This phase involves the following participants:

      • IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders

      Step 4.1

      Review and assign work items

      Activities

      4.1.1 Assign initiatives and propose timelines

      Bridge the gap and create the vision

      Review and assign work items

      Finalize cloud decision framework

      Create cloud vision

      This step involves the following participants:

      • Core working group
      • IT management

      Outcomes of this step

      • Populated cloud vision roadmap

      4.1.1 Assign initiatives and propose timelines

      1 hour

      Input

      • List of cloud initiatives

      Output

      • Initiatives assigned by responsibility and timeline

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      1. Once the list is populated, begin assigning responsibility for execution. This is not a RACI exercise, so focus on the functional responsibility. Once you have determined who is responsible, assign a timeline and include any notes. This will form the basis of a more formal project plan.
      2. To assign the initiative to a party, consider 1) who will be responsible for execution and 2) if that responsibility will be shared. Be as specific as possible, but be sure to be consistent to make it easier for you to sort responsibility later on.
      3. When assigning timelines, we suggest including the end date (when you expect the project to be complete) rather than the start date, though whatever you choose, be sure to be consistent. Make use of the notes column to record anything that you think any other readers will need to be aware of in the future, or details that may not be possible to commit to memory.

      Cloud Vision Workbook

      Step 4.2

      Finalize cloud decision framework

      Activities

      4.2.1 Build a delivery model rubric

      4.2.2 Build a service model rubric

      4.2.3 Build a support model rubric

      Bridge the gap and create the vision

      Review and assign work items

      Finalize cloud decision framework

      Create cloud vision

      This step involves the following participants:

      • Core working group

      Outcomes of this step

      • Cloud decision framework

      4.2.1 Build a delivery model rubric

      1 hour

      Input

      • List of cloud initiatives

      Output

      • Initiatives assigned by responsibility and timeline

      Materials

      Participants

      • Core working group
      1. Now that we have a good understanding of the cloud’s key characteristics, the relative suitability of different workloads for the cloud, and a good understanding of some of the risks and roadblocks that may need to be overcome if a cloud transition is to take place, it is time to formalize a delivery model rubric. Start by listing the delivery models on a white board vertically – public, private, hybrid, and multi-cloud. Include a community cloud option as well if that is feasible for you. Strike any models that do not figure into your vision.
      2. Create a table style rubric for each delivery model. Confer with the working group to determine what characteristics best define workloads suitable for each model. If you have a hybrid cloud option, you may consider workloads that are highly dynamic; a private cloud hosted on-premises may be more suitable for workloads that have extensive regulatory requirements.
      3. Once the table is complete, include it in the Cloud Vision Executive Presentation.

      Cloud Vision Executive Presentation

      Vision for the cloud future state (example)

      Delivery model Decision criteria
      Public cloud
      • Public cloud is the primary destination for all workloads as the goal is to eliminate facilities and infrastructure management
      • Offers features, broad accessibility, and managed updates along with provider-managed facilities and hardware
      Legacy datacenter
      • Any workload that is not a good fit for the public cloud
      • Dependency (like a USB key for license validation)
      • Performance requirements (e.g. workloads highly sensitive to transaction thresholds)
      • Local infrastructure components (firewall, switches, NVR)

      Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.

      4.2.2 Build a service model rubric

      1 hour

      Input

      • Output of workload assessments
      • Output of risk and mitigation exercise

      Output

      • Service model rubric

      Materials

      • Whiteboard
      • Cloud Vision Executive Presentation

      Participants

      • Core working group
      1. This next activity is like the delivery model activity, but covers the relevant cloud service models. On a whiteboard, make a vertical list of the cloud service models (SaaS, PaaS, IaaS, etc.) that will be considered for workloads. If you have an order of preference, place your most preferred at the top, your least preferred at the bottom.
      2. Describe the circumstances under which you would select each service model. Do your best to focus on differentiators. If a decision criterion appears for multiple service models, consider refining or excluding it. (For additional information, check out Info-Tech’s Reimagine IT Operations for a Cloud-First World blueprint.)
      3. Create a summary statement to capture your overall service model position. See the next slide for an example. Note: this can be incorporated into your cloud vision statement, so be sure that it reflects your genuine cloud preferences.
      4. Record the results in the Cloud Vision Executive Presentation.

      Cloud Vision Executive Presentation

      Vision for the cloud future state (example)

      Service model Decision criteria
      SaaS

      SaaS first; opt for SaaS when:

      • A SaaS option exists that meets all key business requirements
      • There is a strong desire to have someone else (the vendor) manage infrastructure components/the platform
      • Not particularly sensitive to performance thresholds
      • The goal is to transition management of the workload outside of IT
      • SaaS is the only feasible way to consume the desired service
      PaaS
      • Highly customized service/workload – SaaS not feasible
      • Still preferable to offload as much management as possible to third parties
      • Customization required, but not at the platform level
      • The workload is built using a standard framework
      • We have the time/resources to replatform
      IaaS
      • Service needs to be lifted and shifted out of the datacenter quickly
      • Customization is required at the platform level/there is value in managing components
      • There is no need to manage facilities
      • Performance is not impacted by hosting the workload offsite
      • There is value in right-sizing the workload over time
      On-premises Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key)

      Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.

      4.2.3 Build a support model rubric

      1 hour

      Input

      • Results of the cloud workload assessments

      Output

      • Support model rubric

      Materials

      • Whiteboard
      • Cloud Vision Executive Presentation

      Participants

      • Core working group
      1. The final rubric covered here is that for the support model. Where will you procure the skills necessary to ensure the vision’s proper execution? Much like the other rubric activities, write the three support models vertically (in order of preference, if you have one) on a whiteboard.
      2. Next to each model, describe the circumstances under which you would select each support model. Focus on the dimensions: the duration of the engagement, specialization required, and flexibility required. If you have existing rules/practices around hiring consultants/MSPs, consider those as well.
      3. Once you have a good list of decision criteria, form a summary statement. This should encapsulate your position on support models and should mention any notable criteria that will contribute to most decisions.
      4. Record the results in the Cloud Vision Executive Presentation.

      Cloud Vision Executive Presentation

      Vision for the cloud future state (example)

      Support model Decision criteria
      Internal IT

      The primary support model will be internal IT going forward

      • Chosen where the primary work required is administrative
      • Where existing staff can manage the service in the cloud easily and effectively
      • Where the chosen solution fits the SaaS service model
      Consultant
      • Where the work required is time-bound (e.g. a migration/refactoring exercise)
      • Where the skills do not exist in house, and where the skills cannot easily be procured (specific technical expertise required in areas of the cloud unfamiliar to staff)
      • Where opportunities for staff to learn from consultant SMEs are valuable
      • Where ongoing management and maintenance can be handled in house
      MSP
      • Where an ongoing relationship is valued
      • Where ongoing administration and maintenance are disproportionately burdensome on IT staff (or where this administration and maintenance is likely to be burdensome)
      • Where the managed services model has already been proven out
      • Where specific expertise in an area of technology is required but this does not rise to the need to hire an FTE (e.g. telephony)

      Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.

      Step 4.3

      Create cloud vision

      Activities

      4.3.1 Create a cloud vision statement

      4.3.2 Map cloud workloads

      4.3.3 Complete the Cloud Vision Presentation

      Review and assign work items

      Finalize cloud decision framework

      Create cloud vision

      This step involves the following participants:

      • Core working group
      • IT management

      Outcomes of this step

      Completed Cloud Vision Executive Presentation

      4.3.1 Create a cloud vision statement

      1 hour

      Input

      • List of cloud initiatives

      Output

      • Initiatives assigned by responsibility and timeline

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      1. Now that you know what service models are appropriate, it’s time to summarize your cloud vision in a succinct, consumable way. A good vision statement should have three components:
        • Scope: Which parts of the organization will the strategy impact?
        • Goal: What is the strategy intended to accomplish?
        • Key differentiator: What makes the new strategy special?
      2. On a whiteboard, make a chart with three columns (one column for each of the features of a good mission statement). Have the group generate a list of words to describe each of the categories. Ideally, the group will produce multiple answers for each category.
      3. Once you’ve gathered a few different responses for each category, have the team put their heads down and generate pithy mission statements that capture the sentiments underlying each category.
      4. Have participants read their vision statements in front of the group. Use the rest of the session to produce a final statement. Record the results in the Cloud Strategy Executive Presentation.

      Example vision statement outputs

      “IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”

      “At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”

      As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”

      Scope

      Goal

      Key differentiator

      4.3.2 Map cloud workloads

      1 hour

      Input

      • List of workloads
      • List of acceptable service models
      • List of acceptable migration paths

      Output

      • Workloads mapped by service model/migration path

      Materials

      • Whiteboard
      • Sticky notes

      Participants

      • Core working group
      1. Now that you have defined your overall cloud vision as well as your service model options, consider aligning your service model preferences with your migration path preferences. Draw a table with your expected migration strategies across the top (retain, retire, rehost, replatform, refactor, repurchase, or some of these) and your expected service models across the side.
      2. On individual sticky notes, write a list of workloads in your environment. In a smaller environment, this list can be exhaustive. Otherwise take advantage of the list you created as part of phase 1 along with any additional workloads that warrant discussion.
      3. As a group, go through the list, placing the sticky notes first in the appropriate row based on their characteristics and the decision criteria that have already been defined, and then in the appropriate column based on the appropriate migration path. (See the next slide for an example of what this looks like.)
      4. Record the results in the Cloud Vision Executive Presentation. Note: not every cell will be filled; some migration path/service model combinations are impossible or otherwise undesirable.

      Cloud Vision Executive Presentation

      Example cloud workload map

      Repurchase Replatform Rehost Retain
      SaaS

      Office suite

      AD

      PaaS SQL Database
      IaaS File Storage DR environment
      Other

      CCTV

      Door access

      4.3.3 Complete the Cloud Vision Presentation

      1 hour

      Input

      • List of cloud initiatives

      Output

      • Initiatives assigned by responsibility and timeline

      Materials

      • Cloud Vision Workbook

      Participants

      • Core working group
      1. Open the Cloud Vision Executive Presentation to the second slide and review the templated executive brief. This comprises several sections (see the next slide). Populate each one:
        • Summary of the exercise
        • The cloud vision statement
        • Key cloud drivers
        • Risks and roadblocks
        • Top initiatives and next steps
      2. Review the remainder of the presentation. Be sure to elaborate on any significant initiatives and changes (where applicable) and to delete any slides that you no longer require.

      Cloud Vision Workbook

      Sample cloud vision executive summary

      • From [date to date], a cross-functional group representing IT and its constituents met to discuss the cloud.
      • Over the course of the week, the group identified drivers for cloud computing and developed a shared vision, evaluated several workloads through an assessment framework, identified risks, roadblocks, and mitigations, and finally generated initiatives and next steps.
      • From the process, the group produced a summary and a cloud suitability assessment framework that can be applied at the level of the workload.

      Cloud Vision Statement

      [Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.

      Cloud Drivers Retire the datacenter Do more valuable work
      Right-size the environment Reduce CapEx
      Facilitate ease of mgmt. Work from anywhere
      Reduce capital expenditure Take advantage of elasticity
      Performance and availability Governance Risks and roadblocks
      Security Rationalization
      Cost Skills
      Migration Remaining premises resources
      BC, backup, and DR Control

      Initiatives and next steps

      • Close the datacenter and colocation site in favor of a SaaS-first cloud approach.
      • Some workloads will migrate to infrastructure-as-a-service in the short term with the assistance of third-party consultants.

      Document your cloud strategy

      You did it!

      Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.

      How do you fix this?

      First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.

      The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.

      A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).

      Appendix

      Summary of Accomplishment

      Additional Support

      Research Contributors

      Related Info-Tech Research

      Vendor Resources

      Bibliography

      Summary of Accomplishment

      Problem Solved

      You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.

      You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!

      If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

      Contact your account representative for more information.

      workshops@infotech.com

      1-888-670-8889

      Additional Support

      If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

      Contact your account representative for more information.

      workshops@infotech.com 1-888-670-8889

      To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

      Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      Generate drivers for cloud adoption

      Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.

      Conduct workload assessments

      Assess your individual cloud workloads for their suitability as candidates for the cloud migration.

      Bibliography

      “2021 State of the Cloud Report.” Flexera, 2021. Web.

      “2021 State of Upskilling Report.” Pluralsight, 2021. Web.

      “AWS Snowmobile.” Amazon Web Services, n.d. Web.

      “Azure products.” Microsoft, n.d. Web.

      “Azure Migrate Documentation.” Microsoft, n.d. Web.

      Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.

      “Cloud Products.” Amazon Web Services, n.d. Web.

      “COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.

      Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.

      Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.

      Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.

      “’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.

      “IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.

      Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.

      Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.

      Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.

      Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.

      “What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.

      Build Your Enterprise Innovation Program

      • Buy Link or Shortcode: {j2store}104|cart{/j2store}
      • member rating overall impact: 10.0/10 Overall Impact
      • member rating average dollars saved: $100,000 Average $ Saved
      • member rating average days saved: 10 Average Days Saved
      • Parent Category Name: Innovation
      • Parent Category Link: /innovation
      • You don’t know where to start when it comes to building an innovation program for your organization.
      • You need to create a culture of innovation in your business, department, or team.
      • Past innovation efforts have been met with resistance and cynicism.
      • You don’t know what processes you need to support business-led innovation.

      Our Advice

      Critical Insight

      Innovation is about people, not ideas or processes. Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and taking smart risks are most likely to see the benefits of innovation.

      Impact and Result

      • Outperform your peers by 30% by adopting an innovative approach to your business.
      • Move quickly to launch your innovation practice and beat the competition.
      • Develop the skills and capabilities you need to sustain innovation over the long term.

      Build Your Enterprise Innovation Program Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Build Your Enterprise Innovation Program Storyboard – A step-by-step process to create the innovation culture, processes, and tools you need for business-led innovation.

      This storyboard includes three phases and nine activities that will help you define your purpose, align your people, and build your practice.

      • Build Your Enterprise Innovation Program – Phases 1-3

      2. Innovation Program Template – An executive communication deck summarizing the outputs from this research.

      Use this template in conjunction with the activities in the main storyboard to create and communicate your innovation program. This template uses sample data from a fictional retailer, Acme Corp, to illustrate an ideal innovation program summary.

      • Innovation Program Template

      3. Job Description – Chief Innovation Officer

      This job description can be used to hire your Chief Innovation Officer. There are many other job descriptions available on the Info-Tech website and referenced within the storyboard.

      • Chief Innovation Officer

      4. Innovation Ideation Session Template – Use this template to facilitate innovation sessions with the business.

      Use this framework to facilitate an ideation session with members of the business. Instructions for how to customize the information and facilitate each section is included within the deck.

      • Innovation Ideation Session Template

      5. Initiative Prioritization Workbook – Use this spreadsheet template to easily and transparently prioritize initiatives for pilot.

      This spreadsheet provides an analytical and transparent method to prioritize initiatives based on weighted criteria relevant to your business.

      • Initiative Prioritization Workbook

      Infographic

      Workshop: Build Your Enterprise Innovation Program

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Define Your Ambitions

      The Purpose

      Define your innovation ambitions.

      Key Benefits Achieved

      Gain a better understanding of why you are innovating and what your organization will gain from an innovation program.

      Activities

      1.1 Understand your innovation mandate.

      1.2 Define your innovation ambitions.

      1.3 Determine value proposition & metrics.

      Outputs

      Complete the "Our purpose" section of the Innovation Program Template

      Complete "Vision and guiding principles" section

      Complete "Scope and value proposition" section

      Success metrics

      2 Align Your People

      The Purpose

      Build a culture, operating model, and team that support innovation.

      Key Benefits Achieved

      Develop a plan to address culture gaps and identify and implement your operating model.

      Activities

      2.1 Foster a culture of innovation.

      2.2 Define your operating model.

      Outputs

      Complete "Building an innovative culture" section

      Complete "Operating model" section

      3 Develop Your Capabilities

      The Purpose

      Create the capability to facilitate innovation.

      Key Benefits Achieved

      Create a resourcing plan and prioritization templates to make your innovation program successful.

      Activities

      3.1 Build core innovation capabilities.

      3.2 Develop prioritization criteria.

      Outputs

      Team structure and resourcing requirements

      Prioritization spreadsheet template

      4 Build Your Program

      The Purpose

      Finalize your program and complete the final deliverable.

      Key Benefits Achieved

      Walk away with a complete plan for your innovation program.

      Activities

      4.1 Define your methodology to pilot projects.

      4.2 Conduct a program retrospective.

      Outputs

      Complete "Operating model" section in the template

      Notable wins and goals

      Further reading

      Build Your Enterprise Innovation Program

      Transform your business by adopting the culture and practices that drive innovation.

      Analyst Perspective

      Innovation is not about ideas, it's about people.

      Many organizations stumble when implementing innovation programs. Innovation is challenging to get right, and even more challenging to sustain over the long term.

      One of the common stumbling blocks we see comes from organizations focusing more on the ideas and the process than on the culture and the people needed to make innovation a way of life. However, the most successful innovators are the ones which have adopted a culture of innovation and reinforce innovative behaviors across their organization. Organizational cultures which promote growth mindset, trust, collaboration, learning, and a willingness to fail are much more likely to produce successful innovators.

      This research is not just about culture, but culture is the starting point for innovation. My hope is that organizations will go beyond the processes and methodologies laid out here and use this research to dramatically improve their organization's performance.

      Kim Rodriguez

      Kim Osborne Rodriguez
      Research Director, CIO Advisory
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      As a leader in your organization, you need to:

      • Understand your organization's innovation goals.
      • Create an innovation program or structure.
      • Develop a culture of innovation across your team or organization.
      • Demonstrate an ability to innovate and grow the business.

      Common Obstacles

      In the past, you might have experienced one or more of the following:

      • Innovation initiatives lose momentum.
      • Cynicism and distrust hamper innovation.
      • Innovation efforts are unfocused or don't provide the anticipated value.
      • Bureaucracy has created a bottleneck that stifles innovation.

      Info-Tech's Approach

      This blueprint will help you:

      • Understand the different types of innovation.
      • Develop a clear vision, scope, and focus.
      • Create organizational culture and behaviors aligned with your innovation ambitions.
      • Adopt an operational model and methodologies best suited for your culture, goals, and budget.
      • Successfully run a pilot program.

      Info-Tech Insight

      There is no single right way to approach innovation. Begin with an understanding of your innovation ambitions, your existing culture, and the resources available to you, then adopt the innovation operating model that is best suited to your situation.

      Note: This research is written for the individual who is leading the development of the innovation. This role is referred to as the Chief Innovation Officer (CINO) throughout this research but could be the CIO, CTO, IT director, or another business leader.

      Why is innovation so challenging?

      Most organizations want to be innovative, but very few succeed.

      • Bureaucracy slows innovation: Innovation requires speed – it is important to fail fast and early so you can iterate to improve the final solution. Small, agile organizations like startups tend to be more risk tolerant and can move more quickly to iterate on new ideas compared to larger organizations.
      • Change is uncomfortable: Most people are profoundly uncomfortable with failure, risk, and unknowns – three critical components of innovation. Humans are wired to think efficiently rather than innovatively, which leads to confirmation bias and lack of ingenuity.
      • You will likely fail: Innovation initiatives rarely succeed on the first try – Harvard Business Review estimates between 70% and 90% of innovation efforts fail. Organizations which are more tolerant of failure tend to be significantly more innovative than those which are not (Review of Financial Studies, 2014).

      Based on a survey of global innovation trends and practices:

      75%

      Three-quarters of companies say innovation is a top-three priority.
      Source: BCG, 2021

      30%

      But only 30% of executives say their organizations are doing it well.
      Source: BCG, 2019

      The biggest obstacles to innovation are cultural

      The biggest obstacles to innovation in large companies

      Based on a survey of 270 business leaders.
      Source: Harvard Business Review, 2018

      A bar graph from the Harvard Business Review

      The most common challenges business leaders experience relate to people and culture. Success is based on people, not ideas.

      Politics, turf wars, and a lack of alignment: territorial departments, competition for resources, and unclear roles are holding back the innovation efforts of 55% of respondents.

      FIX IT
      Senior leadership needs to be clear on the innovation goals and how business units are expected to contribute to them.

      Cultural issues: many large companies have a culture that rewards operational excellence and disincentivizes risk. A history of failed innovation attempts may result in significant resistance to new change efforts.

      FIX IT
      Cultural change takes time. Ensure you are rewarding collaboration and risk-taking, and hire people with fresh new perspectives.

      Inability to act on signals crucial to the future of the business: only 18% of respondents indicated their organization was unaware of disruptions, but 42% said they struggled with acting on leading indicators of change.

      FIX IT
      Build the ability to quickly run pilots or partner with startups and incubators to test out new ideas without lengthy review and approval processes.
      Source: Harvard Business Review, 2018

      Build Your Enterprise Innovation Program

      Define your purpose, assess your culture, and build a practice that delivers true innovation.

      An image summarizing how to define your purpose, align your people, and Build your Practice.
      1 Source: Boston Consulting Group, 2021
      2 Source: Boston Consulting Group, 2019
      3 Source: Harvard Business Review, 2018

      Use this research to outperform your peers

      A seven-year review showed that the most innovative companies outperformed the market by upwards of 30%.

      A line graph showing the Normalized Market Capitalization for 2020.

      Innovators are defined as companies that were listed on Fast Company World's 50 Most Innovative Companies for 2+ years.

      Innovation is critical to business success.

      A 25-year study by Business Development Canada and Statistics Canada showed that innovation was more important to business success than management, human resources, marketing, or finance.

      Executive brief case study

      INDUSTRY: Healthcare
      SOURCE: Interview

      Culture is critical

      This Info-Tech member is a nonprofit, community-based mental health organization located in the US. It serves about 25,000 patients per year in community, school, and clinic settings.

      This organization takes its innovation culture very seriously and has developed methodologies to assess individual and team innovation readiness as well as innovation types, which it uses to determine everyone's role in the innovation process. These assessments look at knowledge of and trust in the organization, its innovation profile, and its openness to change. Innovation enthusiasts are involved early in the process when it's important to dream big, while more pragmatic perspectives are incorporated later to improve the final solution.

      Results

      The organization has developed many innovative approaches to delivering healthcare. Notably, they have reimagined patient scheduling and reduced wait times to the extent that some patients can be seen the same day. They are also working to improve access to mental health care despite a shortage of professionals.

      Developing an Innovative Culture

      • Innovation Readiness Assessment
      • Coaching Specific to Innovation Profile
      • Innovation Enthusiasts Involved Early
      • Innovation Pragmatists Involved Later
      • High Success Rate of Innovation

      Define innovation roles and responsibilities

      A table showing key innovation roles and responsibilities.

      Info-Tech's methodology for building your enterprise innovation program

      1. Define Your Purpose

      2. Align Your People

      3. Build Your Practice

      Phase Steps

      1. Understand your mandate
      2. Define your innovation ambitions
      3. Determine value proposition and metrics
      1. Foster a culture of innovation
      2. Define your operating model
      3. Build core innovation capabilities
      1. Build your ideation and prioritization methodologies
      2. Define your pilot project methodology
      3. Conduct a program retrospective

      Phase Outcomes

      Understand where the mandate for innovation comes from, and what the drivers are for pursuing innovation. Define what innovation means to your organization, and set the vision, mission, and guiding principles. Articulate the value proposition and key metrics for measuring success.

      Understand what it takes to build an innovative culture, and what types of innovation structure are most suited to your innovation goals. Define an innovation methodology and build your core innovation capabilities and team.

      Gather ideas and understand how to assess and prioritize initiatives based on standardized metrics. Develop criteria for tracking and measuring the success of pilot projects and conduct a program retrospective.

      Innovation program taxonomy

      This research uses the following common terms:

      Innovation Operating Model
      The operating model describes how the innovation program delivers value to the organization, including how the program is structured, the steps from idea generation to enterprise launch, and the methodologies used.
      Examples: Innovation Hub, Grassroots Innovation.

      Innovation Methodology
      Methodologies describe the ways the operating model is carried out, and the approaches used in the innovation practice.
      Examples: Design Thinking, Weighted Criteria Scoring

      Chief Innovation Officer
      This research is written for the person or team leading the innovation program – this might be a CINO, CIO, or other leader in the organization.

      Innovation Team
      The innovation team may vary depending on the operating model, but generally consists of the individuals involved in facilitating innovation across the organization. This may be, but does not have to be, a dedicated innovation department.

      Innovation Program
      The program for generating ideas, running pilot projects, and building a business case to implement across the enterprise.

      Pilot Project
      A way of testing and validating a specific concept in the real world through a minimum viable product or small-scale implementation. The pilot projects are part of the overall pilot program.

      Insight summary

      Innovation is about people, not ideas or processes
      Innovation does not require a formal process, a dedicated innovation team, or a large budget; the most important success factor for innovation is culture. Companies that facilitate innovative behaviors like growth mindset, collaboration, and the ability to take smart risk are most likely to see the benefits of innovation.

      Very few are doing innovation well
      Only 30% of companies consider themselves innovative, and there's a good reason: innovation involves unknowns, risk, and failure – three situations that people and organizations typically do their best to avoid. Counter this by removing the barriers to innovation.

      Culture is the greatest barrier to innovation
      In a survey of 270 business leaders, the top three most common obstacles were politics, turf wars, and alignment; culture issues; and inability to act on signals crucial to the business (Harvard Business Review, 2018). If you don't have a supportive culture, your ability to innovate will be significantly reduced.

      Innovation is a means to an end
      It is not the end itself. Don't get caught up in innovation for the sake of innovation – make sure you are getting the benefits from your investments. Measurable success factors are critical for maintaining the long-term success of your innovation engine.

      Tackle wicked problems
      Innovative approaches are better at solving complex problems than traditional practices. Organizations that prioritize innovation during a crisis tend to outperform their peers by over 30% and improve their market position (McKinsey, 2020).

      Innovate or die
      Innovation is critical to business growth. A 25-year study showed that innovation was more important to business success than management, human resources, marketing, or finance (Statistics Canada, 2006).

      Blueprint deliverables

      Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

      Sample Job Descriptions and Organization Charts

      Determine the skills, knowledge, and structure you need to make innovation happen.

      Sample Job Descriptions and Organization Charts

      Ideation Session Template

      Facilitate an ideation session with your staff to identify areas for innovation.

      Ideation Session Template

      Initiative Prioritization Workbook

      Evaluate ideas to identify those which are most likely to provide value.

      Prioritization Workbook

      Key deliverable:

      Enterprise Innovation Program Summary

      Communicate how you plan to innovate with a report summarizing the outputs from this research.

      Enterprise Innovation Program Summary

      Measure the value of this research

      US businesses spend over half a trillion dollars on innovation annually. What are they getting for it?

      • The top innovators(1) typically spend 5-15% of their budgets on innovation (including R&D).
      • This research helps organizations develop a successful innovation program, which delivers value to the organization in the form of new products, services, and methods.
      • Leverage this research to:
        • Get your innovation program off the ground quickly.
        • Increase internal knowledge and expertise.
        • Generate buy-in and excitement about innovation.
        • Develop the skills and capabilities you need to drive innovation over the long term.
        • Validate your innovation concept.
        • Streamline and integrate innovation across the organization.

      (1) based on BCG's 50 Most Innovative Companies 2022

      30%

      The most innovative companies outperform the market by 30%.
      Source: McKinsey & Company, 2020

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

      Workshop

      “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

      Consulting

      “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

      Diagnostics and consistent frameworks used throughout all four options

      Guided implementation

      What does a typical guided implementation (GI) on this topic look like?

      Phase 0 Phase 1 Phase 2 Phase 3 Finish

      Call #1: Scope requirements, objectives, and your specific challenges.

      Call #2: Understand your mandate.
      (Activity 1.1)

      Call #3: Innovation vision, guiding principles, value proposition, and scope.
      (Activities 1.2 and 1.3)

      Call #4: Foster a culture of innovation. (Activity 2.1)

      Call #5: Define your methodology. (Activity 2.2)

      Call #6: Build core innovation capabilities. (Activity 2.3)

      Call #7: Build your ideation and pilot programs. (Activities 3.1 and 3.2)

      Call #8: Identify success metrics and notable wins. (Activity 3.3)

      Call #9: Summarize results and plan next steps.

      A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      A typical GI is 8 to 12 calls over the course of three to six months.

      Workshop overview

      Contact your account representative for more information.
      workshops@infotech.com 1-888-670-8889

      Session 1 Session 2 Session 3 Session 4

      Wrap Up

      Activities

      Define Your Ambitions

      Align Your People

      Develop Your Capabilities

      Build Your Program

      Next Steps and
      Wrap Up (offsite)

      1. Understand your innovation mandate (complete activity prior to workshop)
      2. Define your innovation ambitions
      3. Determine value proposition and metrics
      1. Foster a culture of innovation
      2. Define your operating model
      1. Build core innovation capabilities
      2. Develop prioritization criteria
      1. Define your methodology to pilot projects
      2. Conduct a program retrospective
      1. Complete in-progress deliverables from previous four days
      2. Set up review time for workshop deliverables and to discuss next steps

      Deliverables

      1. Our purpose
      2. Message from the CEO
      3. Vision and guiding principles
      4. Scope and value proposition
      5. Success metrics
      1. Building an innovative culture
      2. Operating model
      1. Core capabilities and structure
      2. Idea evaluation prioritization criteria
      1. Program retrospective
      2. Notable wins
      3. Executive summary
      4. Next steps
      1. Completed enterprise innovation program
      2. An engaged and inspired team

      Phase 1: Define Your Purpose

      Develop a better understanding of the drivers for innovation and what success looks like.

      Purpose

      People

      Practice

      1. Understand your mandate
      2. Define your innovation ambitions
      3. Determine value proposition and metrics
      1. Foster a culture of innovation
      2. Define your operating model
      3. Build core innovation capabilities
      1. Build your ideation and prioritization methodologies
      2. Define your pilot project methodology
      3. Conduct a program retrospective

      This phase will walk you through the following activities:

      • Understand your innovation mandate, including its drivers, scope, and focus.
      • Define what innovation means to your organization.
      • Develop an innovation vision and guiding principles.
      • Articulate the value proposition and proposed metrics for evaluating program success.

      This phase involves the following participants:

      • CINO
      • Business executives

      Case study

      INDUSTRY: Transportation
      SOURCE: Interview

      ArcBest
      ArcBest is a multibillion-dollar shipping and logistics company which leverages innovative technologies to provide reliable and integrated services to its customers.

      An Innovative Culture Starts at the Top
      ArcBest's innovative culture has buy-in and support from the highest level of the company. Michael Newcity, ArcBest's CEO, is dedicated to finding better ways of serving their customers and supports innovation across the company by dedicating funding and resources toward piloting and scaling new initiatives.
      Having a clear purpose and mandate for innovation at all levels of the organization has resulted in extensive grassroots innovation and the development of a formalized innovation program.

      Results
      ArcBest has a legacy of innovation, going back to its early days when it developed a business intelligence solution before anything else existed on the market. It continues to innovate today and is now partnering with start-ups to further expand its innovation capabilities.

      "We don't micromanage or process-manage incremental innovation. We hire really smart people who are inspired to create new things and we let them run – let them create – and we celebrate it.
      Our dedication to innovation comes from the top – I am both the President and the Chief Innovation Officer, and innovation is one of my top priorities."

      Michael Newcity

      Michael Newcity
      President and Chief Innovation Officer ArcBest

      1.1 Understand your innovation mandate

      Before you can act, you need to understand the following:

      • Where is the drive for innovation coming from?
        The source of your mandate dictates the scope of your innovation practice – in general, innovating outside the scope of your mandate (i.e. trying to innovate on products when you don't have buy-in from the product team) will not be successful.
      • What is meant by "innovation"?
        There are many different definitions for innovation. Before pursuing innovation at your organization, you need to understand how it is defined. Use the definition in this section as a starting point, and craft your own definition of innovation.
      • What kind of innovation are you targeting?
        Innovation can be internal or external, emergent or deliberate, and incremental or radically transformative. Understanding what kind of innovation you want is the starting point for your innovation practice.

      The source of your mandate dictates the scope of your influence

      You can only influence what you can control.

      Unless your mandate comes from the CEO or Board of Directors, driving enterprise-wide innovation is very difficult. If you do not have buy-in from senior business leaders, use lighthouse projects and a smaller innovation practice to prove the value of innovation before taking on enterprise innovation.

      In order to execute on a mandate to build innovation, you don't just need buy-in. You need support in the form of resources and funding, as well as strong leadership who can influence culture and the authority to change policies and practices that inhibit innovation.

      For more resources on building relationships in your organization, refer to Info-Tech's Become a Transformational CIO blueprint.

      What is "innovation"?

      Innovation is often easier to recognize than define.

      Align on a useful definition of innovation for your organization before you embark on a journey of becoming more innovative.

      Innovation is the practice of developing new methods, products or services which provide value to an organization.

      Practice
      This does not have to be a formal process – innovation is a means to an end, not the end itself.

      New
      What does "new" mean to you?

      • New application of an existing method
      • Developing a completely original product
      • Adopting a service from another industry

      Value
      What does value mean to you? Look to your business strategy to understand what goals the organization is trying to achieve, then determine how "value" will be measured.

      Info-Tech Insight

      Some innovations are incremental, while some are radically transformative. Decide what kind of innovation you want to cultivate before developing your strategy.

      We can categorize innovation in three ways

      Evaluate your goals with respect to innovation: focus, strategy, and potential to transform.

      Focus: Where will you innovate?

      Focus

      Strategy: To what extent will you guide innovation efforts?

      Strategy

      Potential: How radical will your innovations be?

      Potential

      What are your ambitions?

      1. Develop a better understanding of what type of innovation you are trying to achieve by plotting out your goals on the categories on the left.
      2. All categories are independent of one another, so your goals may fall anywhere on the scales for each category.
      3. Understanding your innovation ambitions helps establish the operating model best suited for your innovation practice.
      4. In general, innovation which is more external, deliberate, and radical tends to be more centralized.

      Activity 1.1 Understand your innovation mandate

      1 hour

      1. Schedule a 30-minute discussion with the person (i.e. CEO) or group (i.e. Board of Directors) ultimately requesting the shift toward innovation. If there is no external party, then conduct this assessment yourself.
      2. Facilitate a discussion that addresses the following questions:
      • What is meant by "innovation"?
      • What are they hoping to achieve through innovation?
      • What is the innovation scope? Are any areas off-limits (i.e. org structure, new products, certain markets)?
      • What is the budget (i.e. people, money) they are willing to commit to innovation?
      • What type of innovation are they pursuing?
      1. Record this information and complete the "Our Purpose" section of the Innovation Program Template.

      Download the Innovation Program Template.

      Input

      • Knowledge of the key decision maker/sponsor for innovation

      Output

      • Understanding of the mandate for innovation, including definition, value, scope, budget, and type of innovation

      Materials

      • Innovation Program Template

      Participants

      • CINO
      • CEO, CTO, or Board of Directors (whoever is requesting/sponsoring the pursuit of innovation)

      1.2 Define your innovation ambitions

      Articulate your future state through a vision and guiding principles.

      • Vision and purpose make up the foundation on which all other design aspects will be based. These aspects should not be taken lightly, but rather they should be the force that aligns everyone to work toward a common outcome. It is incumbent on leaders to make them part of the DNA of the organization – to drive organization, structure, culture, and talent strategy.
      • Your vision statement is a future-focused statement that summarizes what you hope to achieve. It should be inspirational, ambitious, and concise.
      • Your guiding principles outline the guardrails for your innovation practice. What will your focus be? How will you approach innovation? What is off-limits?
      • Define the scope and focus for your innovation efforts. This includes what you can innovate on and what is off limits.

      Your vision statement is your North Star

      Articulate an ambitious, inspirational, and concise vision statement for your innovation efforts.

      A strong vision statement:

      • Is future-focused and outlines what you want to become and what you want to achieve.
      • Provides focus and direction.
      • Is ambitious, focused, and concise.
      • Answers: What problems are we solving? Who and what are we changing?

      Examples:

      • "We create radical new technologies to solve some of the world's hardest problems." – Google X, the Moonshot Factory
      • "To be the most innovative enterprise in the world." – 3M
      • "To use our imagination to bring happiness to millions of people." – Disney

      "Good business leaders create a vision, articulate the vision, passionately own the vision, and relentlessly drive it to completion." – Jack Welch, Former Chairman and CEO of GE

      Your guiding principles are the guardrails for creativity

      Strong guiding principles give your team the freedom and direction to innovate.

      Strong guiding principles:

      • Focus on the approach, i.e. how things are done, as opposed to what needs to be done.
      • Are specific to the organization.
      • Inform and direct decision making with actionable statements. Avoid truisms, general statements, and observations.
      • Are long-lasting and based on values, not solutions.
      • Are succinct and easily digestible.
      • Can be measured and verified.
      • Answers: How do we approach innovation? What are our core values

      Craft your guiding principles using these examples

      Encourage experimentation and risk-taking
      Innovation often requires trying new things, even if they might fail. We encourage experimentation and learn from failure, so that new ideas can be tested and refined.

      Foster collaboration and cross-functional teams
      Innovation often comes from the intersection of different perspectives and skill sets.

      Customer-centric
      Focus on creating value for the end user. This means understanding their needs and pain points, and using that knowledge to develop new methods, products, or services.

      Embrace diversity and inclusivity
      Innovation comes from a variety of perspectives, backgrounds, and experiences. We actively seek out and encourage diversity and inclusivity among our team members.

      Foster a culture of learning and continuous improvement
      Innovation requires continuous learning, development, and growth. We facilitate a culture that encourages learning and development, and that seeks feedback and uses it to improve.

      Flexible and adaptable
      We adapt to changes in the market, customer needs, and new technologies, so that it can continue to innovate and create value over time.

      Data-driven
      We use performance metrics and data to guide our innovation efforts.

      Transparency
      We are open and transparent in our processes and let the business needs guide our innovation efforts. We do not lead innovation, we facilitate it.

      Activity 1.2 Craft your vision statement and guiding principles

      1-2 hours

      1. Gather your innovation team and key program sponsors. Review the guidelines for creating vision statements and guiding principles, as well as your mandate and focus for innovation.
      2. As a group, discuss what you hope to achieve through your innovation efforts.
      3. Separately, have each person write down their ideas for a vision statement. Bring the group back together and share ideas. Group the concepts together and construct a single statement which outlines your aspirational vision.
      4. As a group, review the example guiding principles.
      5. Separately, have each person write down three to five guiding principles. Bring the group back together and share ideas. Group similar concepts together and consolidate duplicate ideas. From this list, construct six to eight guiding principles.
      6. Document your vision and guiding principles in the appropriate sections of the Innovation Program Template.

      Input

      • Understanding of your innovation mandate
      • Business vision, mission, and values
      • Sample vision statements and guiding principles

      Output

      • Vision statement
      • Guiding principles

      Materials

      • In person: Whiteboard/flip charts, sticky notes, pens, and notepads
      • Virtual: Consider using a shared document, virtual whiteboard, or online facilitation tool like MURAL
      • Innovation Program Template

      Participants

      • CINO
      • Innovation sponsors
      • Business leaders
      • Innovation team

      1.3 Determine your value proposition and metrics

      Justify the existence of the innovation program with a strong value proposition.

      • The value proposition for developing an innovation program will be different for each organization, depending on what the organization hopes to achieve. Consider your mandate for innovation as well as the type of innovation you are pursuing when crafting the value proposition.
      • Some of the reasons organizations may pursue innovation:
        • Business growth: Respond to market disruption; create new customers; take advantage of opportunities.
        • Branding: Create market differentiation; increase customer satisfaction and retention; adapt to customer needs.
        • Profitability: Improve products, services, or operations to increase competitiveness and profitability; develop more efficient processes.
        • Culture: Foster a culture of creativity and experimentation within the organization, encouraging employees to think outside the box.
        • Positive impact: Address social challenges such as poverty and climate change.

      Develop a strong value proposition for your innovation program

      Demonstrate the value to the business.

      A strong value proposition not only articulates the value that the business will derive from the innovation program but also provides a clear focus, helps to communicate the innovation goals, and ultimately drives the success of the program.

      Focus
      Prioritize and focus innovation efforts to create solutions that provide real value to the organization

      Communicate
      Communicate the mandate and benefits of innovation in a clear and compelling way and inspire people to think differently

      Measure Success
      Measure the success of your program by evaluating outcomes based on the value proposition

      Track appropriate success metrics for your innovation program

      Your success metrics should link back to your organizational goals and your innovation program's value proposition.

      Revenue Growth: Increase in revenue generated by new products or services.

      Market Share: Percentage of total market that the business captures as a result of innovation.

      Customer Satisfaction: Reviews, customer surveys, or willingness to recommend the company.

      Employee Engagement: Engagement surveys, performance, employee retention, or turnover.

      Innovation Output: The number of new products, services, or processes that have been developed.

      Return on Investment: Financial return on the resources invested in the innovation process.

      Social Impact: Number of people positively impacted, net reduction in emissions, etc.

      Time to Launch: The time it takes for a new product or service to go from idea to launch.

      Info-Tech Insight

      The total impact of innovation is often intangible and extremely difficult to capture in performance metrics. Focus on developing a few key metrics rather than trying to capture the full value of innovation.

      How much does innovation cost?

      Company Industry Revenue(2)
      (USD billions)
      R&D Spend
      (USD billions)
      R&D Spend
      (% of revenue)
      Apple Technology $394.30 $26.25 6.70%
      Microsoft Technology $203.10 $25.54 12.50%
      Amazon.com Retail $502.20 $67.71 13.40%
      Alphabet Technology $282.10 $37.94 13.40%
      Tesla Manufacturing $74.90 $3.01 4.00%
      Samsung Technology $244.39 (2021)(3) $19.0 (2021) 7.90%
      Moderna Pharmaceuticals $23.39 $2.73 11.70%
      Huawei Technology $99.9 (2021)4 Not reported -
      Sony Technology $83.80 Not reported -
      IBM Technology $60.50 $1.61 2.70%
      Meta Software $118.10 $32.61 27.60%
      Nike Commercial goods $49.10 Not reported -
      Walmart Retail $600.10 Not reported -
      Dell Technology $105.30 $2.60 2.50%
      Nvidia Technology $28.60 $6.85 23.90%


      The top innovators(1) in the world spend 5% to 15% of their revenue on innovation.

      Innovation requires a dedicated investment of time, money, and resources in order to be successful. The most innovative companies, based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, spend significant portions of their revenue on research and development.

      Note: This data uses research and development as a proxy for innovation spending, which may overestimate the total spend on what this research considers true innovation.

      (1) Based on Boston Consulting Group's ranking of the 50 most innovative companies in the world, 2022
      (2) Macrotrends, based on the 12 months ending Sept 30, 2022
      (3) Statista
      (4) CNBC, 2022

      Activity 1.3 Develop your value proposition and performance metrics

      1 hour

      1. Review your mandate and vision statement. Write down your innovation goals and desired outcomes from pursuing innovation, prioritize the desired outcomes, and select the top five.
      2. For each desired outcome, develop one to two metrics which could be used to track its success. Some outcomes are difficult to track, so get creative when it comes to developing metrics. If you get stuck, think about what would differentiate a great outcome from an unsuccessful one.
      3. Once you have developed a list of three to five key metrics, read over the list and ensure that the metrics you have developed don't negatively influence your innovation. For example, a metric of the number of successful launches may drive people toward launching before a product is ready.
      4. For each metric, develop a goal. For example, you may target 1% revenue growth over the next fiscal year or 20% energy use reduction.
      5. Document your value proposition and key performance metrics in the appropriate sections of the Innovation Program Template.

      Input

      • Understanding of your innovation mandate
      • Vision statement

      Output

      • Value proposition
      • Performance metrics

      Materials

      • Innovation Program Template

      Participants

      • CINO

      Phase 2: Align Your People

      Create a culture that fosters innovative behaviors and puts processes in place to support them.

      Purpose

      People

      Practice

      1. Understand your mandate
      2. Define your innovation ambitions
      3. Determine value proposition and metrics
      1. Foster a culture of innovation
      2. Define your operating model
      3. Build core innovation capabilities
      1. Build your ideation and prioritization methodologies
      2. Define your pilot project methodology
      3. Conduct a program retrospective

      This phase will walk you through the following activities:

      • Understand the key aspects of innovative cultures, and the behaviors associated with innovation.
      • Assess your culture and identify gaps.
      • Define your innovation operating model based on your organizational culture and the focus for innovation.
      • Build your core innovation capabilities, including an innovation core team (if required based on your operating model).

      This phase involves the following participants:

      • CINO
      • Innovation team

      2.1 Foster a culture of innovation

      Culture is the most important driver of innovation – and the most challenging to get right.

      • Fostering a culture of innovation requires a broad approach which considers the perspectives of individuals, teams, leadership, and the overall organization.
      • If you do not have support from leadership, it is very difficult to change organizational culture. It may be more effective to start with an innovation pilot or lighthouse project in order to gain support before addressing your culture.
      • Rather than looking to change outcomes, focus on the behaviors which lead to innovation – such as growth mindset and willingness to fail. If these aren't in place, your ability to innovate will be limited.
      • This section focuses on the specific behaviors associated with increased innovation. For additional resources on implementing these changes, refer to Info-Tech's other research:

      Info-Tech's Fix Your IT Culture can help you promote innovative behaviors

      Refer to Improve IT Team Effectiveness to address team challenges

      Build a culture of innovation

      Focus on behaviors, not outcomes.

      The following behaviors and key indicators either stifle or foster innovation.

      Stifles Innovation Key Indicators Fosters Innovation Key Indicators
      Fixed mindset "It is what it is" Growth mindset "I wonder if there's a better way"
      Performance focused "It's working fine" Learning focused "What can we learn from this?"
      Fear of reprisal "I'll get in trouble" Psychological safety "I can disagree"
      Apathy "We've always done it this way" Curiosity "I wonder what would happen if…"
      Cynicism "It will never work" Trust "You have good judgement"
      Punishing failure "Who did this?" Willingness to fail "It's okay to make mistakes"
      Individualism "How does this benefit me?" Collaboration "How does this benefit us?"
      Homogeneity "We never disagree" Diversity and inclusion "We appreciate different views"
      Excessive bureaucracy "We need approval" Autonomy "I can do this"
      Risk avoidance "We can't try that" Appropriate risk-taking "How can we do this safely?"

      Ensure you are not inadvertently stifling innovation.
      Review the following to ensure that the desired behaviors are promoted:

      • Hiring practices
      • Performance evaluation metrics
      • Rewards and incentives
      • Corporate policies
      • Governance structures
      • Leadership behavior

      Case study

      INDUSTRY: Commercial Real Estate and Retail
      SOURCE: Interview

      How not to approach innovation.

      This anonymous national organization owned commercial properties across the country and had the goal of becoming the most innovative real estate and retail company in the market.

      The organization pursued innovation in the digital solutions space across its commercial and retail properties. Within this space, there were significant differences in risk tolerance across teams, which resulted in the more risk-tolerant teams excluding the risk-averse members from discussions in order to circumvent corporate policies on risk tolerance. This resulted in an adversarial and siloed culture where each group believed they knew better than the other, and the more risk-averse teams felt like they were policing the actions of the risk-tolerant group.

      Results

      Morale plummeted, and many of the organization's top people left. Unfortunately, one of the solutions did not meet regulatory requirements, and the company faced negative media coverage and legal action. There was significant reputational damage as a result.

      Lessons Learned

      Considering differences in risk tolerance and risk appetite is critical when pursuing innovation. While everyone doesn't have to agree, leadership needs to understand the different perspectives and ensure that no one party is dominating the conversation over the others. An understanding of corporate risk tolerance and risk appetite is necessary to drive innovation.

      All perspectives have a place in innovation. More risk tolerant perspectives should be involved early in the ideas-generation phase, and risk-averse perspectives should be considered later when ideas are being refined.

      Speed should not override safety or circumvent corporate policies.

      Understand your risk tolerance and risk appetite

      Evaluate and align the appetite for risk.

      • It is important to understand the organization's risk tolerance as well as the desire for risk. Consider the following risk categories when investigating the organization's views on risk:
        • Financial risk: the potential for financial or property loss.
        • Operational risk: the potential for disruptions to operations.
        • Reputational risk: the potential for negative impact to brand or reputation.
        • Compliance risk: the potential for loss due to non-compliance with laws and regulations.
      • Greater risk tolerance typically enables greater innovation. Understand the varying levels of risk tolerance across your organization, and how these differences might impact innovation efforts.

      An arrow showing the directions of risk tolerance.

      It is more important to match the level of risk tolerance to the degree of innovation required. Not all innovation needs to be (or can feasibly be) disruptive.
      Many factors impact risk tolerance including:

      • Regulation
      • Organization size
      • Country
      • Industry
      • Personal experience
      • Type of risk

      Use Info-Tech's Security Risk Management research to better understand risk tolerance

      Activity 2.1 Assess your innovation culture

      1-3 hours

      1. Review the behaviors which support and stifle innovation and give each behavior a score from 1 (stifling innovation) to 5 (fostering innovation). Any behaviors which fall below a 4 on this scale should be prioritized in your efforts to create an innovative culture.
      2. Review the following policies and practices to determine how they may be contributing to the behaviors you see in your organization:
        1. Hiring practices
        2. Performance evaluation metrics
        3. Rewards, recognition, and incentives
        4. Corporate policies
        5. Governance structures
        6. Leadership behavior
      3. Identify three concrete actions you can take to correct any behaviors which are stifling innovation. Examples might be revising a policy which punishes failure or changing performance incentives to reward appropriate risk taking.
      4. Summarize your findings in the appropriate section of the Innovation Program Template.

      Input

      • Innovation behaviors

      Output

      • Understanding of your organization's culture
      • Concrete actions you can take to promote innovation

      Materials

      • List of innovative behaviors
      • Relevant policies and documents to review
      • Innovation Program Template

      Participants

      • CINO

      2.2 Define your innovation model

      Set up your innovation practice for success using proven models and methodologies.

      • There are many ways to approach innovation, from highly distributed forms where it's just part of everyone's job to very centralized and arm's-length innovation hubs or even outsourced innovation via startups. You can combine different approaches to create your own approach.
      • You may or may not have a formal innovation team, but if you do, their role is to facilitate innovation – not lead it. Innovation is most effective when it is led by the business.
      • There are many tools and methodologies you can use to facilitate innovation. Choose the one (or combination) that best suits your needs.

      Select the right model

      There is no one right way to pursue innovation, but some methods are better than others for specific situations and goals. Consider your existing culture, your innovation goals, and your budget when selecting the right methodology for your innovation.

      Model Description Advantages Disadvantages Good when…
      Grassroots Innovation Innovation is the responsibility of everyone, and there is no centralized innovation team. Ideas are piloted and scaled by the person/team which produces it.
      • Can be used in any organization or team
      • Can support low or high degree of structure
      • Low funding requirement
      • Requires a strong innovation culture
      • Often does not produce results since people don't have time to focus on innovation
      • Innovation culture is strong
      • Funding is limited
      • Goal is internal, incremental innovation
      Community of Practice Innovation is led by a cross-divisional Community of Practice (CoP) which includes representation from across the business. Champions consult with their practice areas and bring ideas forward.
      • Bringing people together can help stimulate and share ideas
      • Low funding requirement
      • Able to support many types of innovation
      • Some people may feel left out if they can't be involved
      • May not produce results if people are too busy to dedicate time to innovate
      • Innovation culture is present
      • Funding is limited
      • Goal is incremental or disruptive innovation
      Innovation Enablement
      *Most often recommended*
      A dedicated innovation team with funding set aside to support pilots with a high degree of autonomy, with the role of facilitating business-led innovation.
      • Most flexible of all options
      • Supports business-led innovation
      • Can deliver results quickly
      • Can enable a higher degree of innovation
      • Requires dedicated staff and funding
      • Innovation culture is present
      • Funding is available
      • Goal is internal or external, incremental or radical innovation
      Center of Excellence Dedicated team responsible for leading innovation on behalf of the organization. Generally, has business relationship managers who gather ideas and liaise with the business.
      • Can deliver results quickly
      • Can offer a fresh perspective
      • Can enable a higher degree of innovation
      • Requires dedicated staff and funding
      • Is typically separate from the business
      • Results may not align with the business needs or have adequate input
      • Innovation culture is weak
      • Funding is significant
      • Goal is external, disruptive innovation
      Innovation Hub An arm's length innovation team is responsible for all or much of the innovation and may not interact much with the core business.
      • Can deliver results quickly
      • Can be extremely innovative
      • Expensive
      • Results may not align with the business needs or have adequate/any input
      • Innovation culture is weak
      • Funding is very significant
      • Goal is external, radical innovation
      Outsourced Innovation Innovation is outsourced to an external organization which is not linked to the primary organization. This can take the form of working with or investing in startups.
      • Can lead to more innovative ideas than internal innovation
      • Investments can become a diverse revenue stream if startups are successful
      • Innovation does not rely on culture
      • Higher risk of failure
      • Less control over goals or focus
      • Results may not align with the business needs or have any input from users
      • Innovation does not rely on culture
      • Funding is significant
      • Goal is external or internal, radical innovation

      Use the right methodologies to support different stages of your innovation process

      A chart showing methodologies to support different stages of the integration process.

      Adapted from Niklaus Gerber via Medium, 2022

      Methodologies are most useful when they are aligned with the goals of the innovation organization.

      For example, design thinking tends to be excellent for earlier innovation planning, while Agile can allow for faster implementation and launch of initiatives later in the process.

      Consider combining two or more methodologies to create a custom approach that best suits your organization's capabilities and goals.

      Sample methodologies

      A robust innovation methodology ensures that the process for developing, prioritizing, selecting, implementing, and measuring initiatives is aligned with the results you are hoping to achieve.

      Different types of problems (drivers for innovation) may necessitate different methodologies, or a combination of methodologies.

      Hackathon: An event which brings people together to solve a well-defined problem.

      Design Thinking: Creative approach that focuses on understanding the needs of users.

      Lean Startup: Emphasizes rapid experimentation in order to validate business hypotheses.

      Design Sprint: Five-day process for answering business questions via design, prototyping, and testing.

      Agile: Iterative design process that emphasizes project management and retrospectives.

      Three Horizons: Framework that looks at opportunities on three different time horizons.

      Innovation Ambition Matrix: Helps organizations categorize projects as part of the core offering, an adjacent offering, or completely new.

      Global Innovation Management: A process of identifying, developing and implementing new ideas, products, services, or processes using alternative thinking.

      Blue Ocean Strategy: A methodology that helps organizations identify untapped market space and create new markets via unique value propositions.

      Activity 2.2 Design your innovation model

      1-2 hours

      1. Think about the following factors which influence the design of your innovation practice:
        1. Existing organizational culture
        2. Available funding to support innovation
        3. Type of innovation you are targeting
      2. Review the innovation approaches, and identify which approach is most suitable for your situation. Note why this approach was selected.
      3. Review the innovation methodologies and research those of interest. Select two to five methodologies to use for your innovation practice.
      4. Document your decisions in the Innovation Program Template.

      Input

      • Understanding of your mandate and existing culture

      Output

      • Innovation approach
      • Selected methodologies

      Materials

      • Innovation Program Template

      Participants

      • CINO
      • Innovation team

      2.3 Build your core innovation capabilities

      Develop the skills, knowledge, and experience to facilitate successful innovation.

      • Depending on the approach you selected in step 2.2, you may or may not require a dedicated innovation team. If you do, use the job descriptions and sample organization charts to build it. If not, focus on developing key capabilities which are needed to facilitate innovation.
      • Diversity is key for successful innovation – ensure your team (formal or otherwise) includes diverse perspectives and backgrounds.
      • Use your guiding principles when hiring and training your team.
      • Focus on three core roles: evangelists, enablers, and experts.

      Focus on three key roles when building your innovation team

      Types of roles will depend on the purpose and size of the innovation team.

      You don't need to grow them all internally. Consider partnering with vendors and other organizations to build capabilities.

      Evangelists

      Visionaries who inspire, support, and facilitate innovation across the business. Their responsibilities are to drive the culture of innovation.

      Key skills and knowledge:

      • Strong communication skills
      • Relationship-building
      • Consensus-building
      • Collaboration
      • Growth mindset

      Sample titles:

      • CINO
      • Chief Transformation Officer
      • Chief Digital Officer
      • Innovation Lead
      • Business Relationship Manager

      Enablers

      Translate ideas into tangible business initiatives, including assisting with business cases and developing performance metrics.

      Key skills and knowledge:

      • Critical thinking skills
      • Business knowledge
      • Facilitation skills
      • Consensus-building
      • Relationship-building

      Sample titles:

      • Product Owner
      • Design Thinking Lead
      • Data Scientist
      • Business Analyst
      • Human Factors Engineer
      • Digital Marketing Specialist

      Experts

      Provide expertise in product design, delivery and management, and responsible for supporting and executing on pilot projects.

      Key skills and knowledge:

      • Project management skills
      • Technical expertise
      • Familiarity with emerging technologies
      • Analytical skills
      • Problem-solving skills

      Sample titles:

      • Product Manager
      • Scrum Master/Agile Coach
      • Product Engineer/DevOps
      • Product Designer
      • Emerging tech experts

      Sample innovation team structure (large enterprise)

      Visualize the whole value delivery process end-to-end to help identify the types of roles, resources, and capabilities required. These capabilities can be sourced internally (i.e. grow and hire internally) or through collaboration with centers of excellence, commercial partners, etc.

      A flow chart of a sample innovation team structure.

      Streamline your process by downloading Info-Tech's job description templates:

      Activity 2.3 Build your innovation team

      2-3 hours

      1. Review your work from the previous activities as well as the organizational structure and the job description templates.
      2. Start a list with two columns: currently have and needed. Start listing some of the key roles and capabilities from earlier in this step, categorizing them appropriately.
      3. If you are using an organizational structure for your innovation process, start to frame out the structure and roles for your team.
      4. Develop a list of roles you need to hire, and the key capabilities you need from candidates. Using the job descriptions, write job postings for each role.
      5. Record your work in the appropriate section of the Innovation Program Template.

      Input

      • Previous work
      • Info-Tech job description templates

      Output

      • List of capabilities required
      • Org chart
      • Job postings for required roles

      Materials

      • Note-taking capability
      • Innovation Program Template

      Participants

      • CINO

      Related Info-Tech Research

      Fix Your IT Culture

      • Promote psychological safety and growth mindset within your organization.
      • Develop the organizational behaviors that lead to innovation.

      Improve IT Team Effectiveness

      • Address behaviors, processes, and cultural factors which impact team effectiveness.
      • Grow the team's ability to address challenges and navigate volatile, uncertain, complex and ambiguous environments.

      Master Organizational Change Management Practices

      • Transformation and change are increasingly becoming the new normal. While this normality may help make people more open to change in general, specific changes still need to be planned, communicated, and managed. Agility and continuous improvement are good but can degenerate into volatility if change isn't managed properly.

      Phase 3: Build Your Practice

      Define your innovation process, streamline pilot projects, and scale for success.

      Purpose

      People

      Practice

      1. Understand your mandate
      2. Define your innovation ambitions
      3. Determine value proposition and metrics
      1. Foster a culture of innovation
      2. Define your operating model
      3. Build core innovation capabilities
      1. Build your ideation and prioritization methodologies
      2. Define your pilot project methodology
      3. Conduct a program retrospective

      This phase will walk you through the following activities:

      • Build the methodologies needed to elicit ideas from the business.
      • Develop criteria to evaluate and prioritize ideas for piloting.
      • Define your pilot program methodologies and processes, including criteria to assess and compare the success of pilot projects.
      • Conduct an end-of-year program retrospective to evaluate the success of your innovation program.

      This phase involves the following participants:

      • CINO
      • Innovation team

      Case study

      INDUSTRY: Government
      SOURCE: Interview

      Confidential US government agency

      The business applications group at this government agency strongly believes that innovation is key to progress and has instituted a formal innovation program as part of their agile operations. The group uses a Scaled Agile Framework (SAFe) with 2-week sprints and a 12-week program cycle.

      To support innovation across the business unit, the last sprint of each cycle is dedicated toward innovation and teams do not commit to any other during these two weeks. At the end of each innovation sprint, ideas are presented to leadership and the valuable ones were either implemented initially or were given time in the next cycle of sprints for further development. This has resulted in a more innovative culture across the practice.

      Results

      There have been several successful innovations since this process began. Notably, the agency had previously purchased a robotic process automation platform which was only being used for a few specific applications. One team used their innovation sprint to expand the use cases for this solution and save nearly 10,000 hours of effort.

      Standard 12-week Program Cycle
      An image of a standard 12-week program

      Design your innovation operating model to maximize value and learning opportunities

      Pilots are an iterative process which brings together innovators and business teams to test and evaluate ideas.

      Your operating model should include several steps including ideation, validation, evaluation and prioritization, piloting, and a retrospective which follows the pilot. Use the example on this slide when designing your own innovation operating model.

      An image of the design process for innovation operation model.

      3.1 Build your ideation and prioritization methodologies

      Engage the business to generate ideas, then prioritize based on value to the business.

      • There are many ways of generating ideas, from informal discussion to formal ideation sessions or submission forms. Whatever you decide to use, make sure that you're getting the right information to evaluate ideas for prioritization.
      • Use quantitative and qualitative metrics to evaluate ideas generated during the ideation process.
        • Quantitative metrics might include potential return on investment (ROI) or effort and resources required to implement.
        • Qualitative metrics might include alignment with the organizational strategy or the level of risk associated with the idea.

      Engage the business to generate ideas

      There are many ways of generating innovative ideas. Pick the methods that best suit your organization and goals.

      Design Thinking
      A structured approach that encourages participants to think creatively about the needs of the end user.

      An image including the following words: Empathize, Define; Ideate; Test.

      Ideation Workshop
      A formal session that is used to understand a problem then generate potential solutions. Workshops can incorporate the other methodologies (such as brainstorming, design thinking, or mind mapping) to generate ideas.

      • Define the problem
      • Generate ideas
      • Capture ideas
      • Evaluate and prioritize
      • Assign next steps

      Crowdsourcing
      An informal method of gathering ideas from a large group of people. This can be a great way to generate many ideas but may lack focus.

      Value Proposition Canvas
      A visual tool which helps to identify customer (or user) needs and design products and services that meet those needs.

      an image of the Value Proposition Canvas

      Evaluate ideas and focus on those with the greatest value

      Evaluation should be transparent and use both quantitative and qualitative metrics. The exact metrics used will depend on your organization and goals.

      It is important to include qualitative metrics as these dimensions are better suited to evaluating highly innovative ideas and can capture important criteria like alignment with overall strategy and feasibility.

      Develop 5 to 10 criteria that you can use to evaluate and prioritize ideas. Some criteria may be a pass/fail (for example, minimum ROI) and some may be comparative.

      Evaluate
      The first step is to evaluate ideas to determine if they meet the minimum criteria. This might include quantitative criteria like ROI as well as qualitative criteria like strategic alignment and feasibility.

      Prioritize
      Ideas that pass the initial evaluation should be prioritized based on additional criteria which might include quantitative criteria such as potential market size and cost to implement, and qualitative criteria such as risk, impact, and creativity.

      Quantitative Metrics

      Quantitative metrics are objective and easily comparable between initiatives, providing a transparent and data-driven process for evaluation and prioritization.
      Examples:

      • Potential market size
      • ROI
      • Net present value
      • Payback period
      • Number of users impacted
      • Customer acquisition cost
      • Customer lifetime value
      • Breakeven analysis
      • Effort required to implement
      • Cost to implement

      Qualitative Metrics

      Qualitative metrics are less easily comparable but are equally important when it comes to evaluating ideas. These should be developed based on your organization strategy and innovation goals.
      Examples:

      • Strategy alignment
      • Impact on users
      • Uncertainty and risk
      • Innovation potential
      • Culture impact
      • Feasibility
      • Creativity and originality
      • Type of innovation

      Activity 3.1 Develop prioritization metrics

      1-3 hours

      1. Review your mandate, purpose, innovation goals and the sample prioritization and evaluation metrics.
      2. Write down a list of your goals and their associated metrics, then prioritize which are the most important.
      3. Determine which metrics will be used to evaluate ideas before they move on to the prioritization stage, and which metrics will be used to compare initiatives in order to determine which will receive further investment.
      4. For each evaluation metric, determine the minimum threshold required for an idea to move forward. For each prioritization metric identify the definition and how it will be evaluated. Qualitative metrics may require more precise definitions than quantitative metrics.
      5. Enter your metrics into the Initiative Prioritization Template.

      Input

      • Innovation mandate
      • Innovation goals
      • Sample metrics

      Output

      • Evaluation and prioritization metrics for ideas

      Materials

      • Whiteboard/Flip charts
      • Innovation Program Template

      Participants

      • Innovation leader

      Download the Initiative Prioritization Template

      3.2 Build your program to pilot initiatives

      Test and refine ideas through real-world pilot projects.

      • The purpose of your pilot is to test and refine ideas in the real world. In order to compare pilot projects, it's important to track key performance indicators throughout the pilot. Measurements should be useful and comparable.
      • Innovation facilitators are responsible for supporting pilot projects, including designing the pilot, setting up metrics, tracking outcomes, and facilitating retrospectives.
      • Pilots generally follow an Agile methodology where ideas may be refined as the pilot proceeds, and the process iterates until either the idea is discarded or it has been refined into an initiative which can be scaled.
      • Expect that most pilots will fail the first time, and many will fail completely. This is not a loss; lessons learned from the retrospective can be used to improve the process and later pilots.

      Use pilot projects to test and refine initiatives before scaling to the rest of the organization

      "Learning is as powerful as the outcome." – Brett Trelfa, CIO, Arkansas Blue Cross

      1. Clearly define the goals and objectives of the pilot project. Goals and objectives ensure that the pilot stays on track and can be measured.
      2. Your pilot group should include a variety of participants with diverse perspectives and skill sets, in order to gather unique insights.
      3. Continuously track the progress of the pilot project. Regularly identify areas of improvement and implement changes as necessary to refine ideas.
      4. Regularly elicit feedback from participants and iterate in order to improve the final innovation. Not all pilots will be successful, but every failure can help refine future solutions.
      5. Consider scalability. If the pilot project is successful, it should be scalable and the lessons learned should be implemented in the larger organization.

      Sample pilot metrics

      Metrics are used to validate and test pilot projects to ensure they deliver value. This is an important step before scaling to the rest of the organization.

      Adoption: How many end users have adopted the pilot solution?

      Utilization: Is the solution getting utilized?

      Support Requests: How many support requests have there been since the pilot was initiated?

      Value: Is the pilot delivering on the value that it proposed? For example, time savings.

      Feasibility: Has the feasibility of the solution changed since it was first proposed?

      Satisfaction: Focus groups or surveys can provide feedback on user/customer satisfaction.

      A/B Testing: Compare different methods, products or services.

      Info-Tech Insight

      Ensure standard core metrics are used across all pilot projects so that outcomes can be compared. Additional metrics may be used to refine and test hypotheses through the pilot process.

      Activity 3.2 Build your program to pilot initiatives

      1-2 hours

      1. Gather the innovation team and review your mandate, purpose, goals, and the sample innovation operating model and metrics.
      2. As a group, brainstorm the steps needed from idea generation to business case. Use sticky notes if in person, or a collaboration tool if remote.
      3. Determine the metrics that will be used to evaluate ideas at each decision step (for example, prior to piloting). Outline what the different decisions might be (for example, proceed, refine or discard) and what happens as a result of each decision.
      4. Document your final steps and metrics in the Innovation Program Template.

      Input

      • Innovation mandate
      • Innovation goals
      • Sample metrics

      Output

      • Pilot project methodology
      • Pilot project metrics

      Materials

      • Innovation Program Template
      • Sticky notes (in person) or digital collaboration tool (if remote)

      Participants

      • Innovation leader
      • Innovation team

      3.3 Conduct a program retrospective

      Generate value from your successful pilots by scaling ideas across the organization.

      • The final step in the innovation process is to scale ideas to the enterprise in order to realize the full potential.
      • Keeping track of notable wins is important for showing the value of the innovation program. Track performance of initiatives that come out of the innovation program, including their financial, cultural, market, and brand impacts.
      • Track the success of the innovation program itself by evaluating the number of ideas generated, the number of pilots run and the success of the pilots. Keep in mind that many failed pilots is not a failure of the program if the lessons learned were valuable.
      • Complete an innovation program retrospective every 6 to 12 months in order to adjust and make any changes if necessary to improve your process.

      Retrospectives should be objective, constructive, and action-oriented

      A retrospective is a review of your innovation program with the aim of identifying lessons learned, areas for improvement, and opportunities for growth.

      During a retrospective, the team will reflect on past experiences and use that information to inform future decision making and improve outcomes.

      The goal of a retrospective is to learn from the past and use that knowledge to improve in the future.

      Objective

      Ensure that the retrospective is based on facts and objective data, rather than personal opinions or biases.

      Constructive

      Ensure that the retrospective is a positive and constructive experience, with a focus on finding solutions rather than dwelling on problems.

      Action-Oriented

      The retrospective should result in a clear action plan with specific steps to improve future initiatives.

      Activity 3.3 Conduct a program retrospective

      1-2 hours

      1. Post a large piece of paper on the wall with a timeline from the last year. Include dates and a few key events, but not much more. Have participants place sticky notes in the spots to describe notable wins or milestones that they were proud of. This can be done as part of a formal meeting or asynchronously outside of meetings.
      2. Bring the innovation team together and review the poster with notable wins. Do any themes emerge? How does the team feel the program is doing? Are there any changes needed?
      3. Consider the metrics you use to track your innovation program success. Did the scaled projects meet their targets? Is there anything that could be refined about the innovation process?
      4. Evaluate the outcomes of your innovation program. Did it meet the targets set for it? Did the goals and innovation ambitions come to fruition?
      5. Complete this step every 6 to 12 months to assess the success of your program.
      6. Complete the "Notable Wins" section of the Innovation Program Template.

      Input

      • Innovation mandate
      • Innovation goals
      • Sample metrics

      Output

      • Notable wins
      • Action items for refining the innovation process

      Materials

      • Innovation Program Template
      • Sticky notes (in person) or digital collaboration tool (if remote)

      Participants

      • CIO
      • Innovation team
      • Others who have participated in the innovation process

      Related Info-Tech Research

      Adopt Design Thinking in Your Organization

      • A user's perspective while interacting with the products and services is very different from the organization's internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.

      Prototype With an Innovation Design Sprint

      • Build and test a prototype in four days using Info-Tech's Innovation Design Sprint Methodology.
      • Create an environment for co-creation between IT and the business.

      Fund Innovation With a Minimum Viable Business Case

      • Our approach guides you through effectively designing a solution, de-risking a project through impact reduction techniques, building and pitching the case for your project, and applying the business case as a mechanism to ensure that benefits are realized.

      Summary of Accomplishment

      Congratulations on launching your innovation program!

      You have now completed your innovation strategy, covering the following topics:

      • Executive Summary
      • Our Purpose
      • Scope and Value Proposition
      • Guiding Principles
      • Building an Innovative Culture
      • Program Structure
      • Success Metrics
      • Notable Wins

      If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.

      Contact your account representative for more information.
      workshops@infotech.com 1-888-670-8889

      Related Info-Tech Research

      Accelerate Digital Transformation With a Digital Factory

      • Understand the foundations of good design: purpose, organizational support, and leadership.
      • Understand the design of the operating model: structure and organization, management practices, culture, environment, teams, technology platforms, and meaningful metrics and KPIs.

      Sustain and Grow the Maturity of Innovation in Your Enterprise

      • Unlock your innovation potential by looking at your innovation projects on both a macro and micro level.
      • Innovation capacity is directly linked with creativity; allow your employees' creativity to flourish using Info-Tech's positive innovation techniques.

      Define Your Digital Business Strategy

      • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
      • Create a balanced roadmap that improves digital maturity and prepares you for long-term success in a digital economy.

      Research Contributors and Experts

      Kim Osborne Rodriguez

      Kim Osborne Rodriguez
      Research Director, CIO Advisory
      Info-Tech Research Group

      Kim is a professional engineer and Registered Communications Distribution Designer with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects.
      Kim holds a Bachelor's degree in Mechatronics Engineering from University of Waterloo.

      Joanne Lee

      Joanne Lee
      Principal Research Director, CIO Advisory
      Info-Tech Research Group

      Joanne is an executive with over 25 years of experience in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.
      Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG's CIO management consulting services and the Western Canadas Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.
      Joanne holds a Master's in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

      Jack Hakimian

      Jack Hakimian
      Senior Vice President
      Info-Tech Research Group

      Jack has more than 25 years of technology and management consulting experience. He has served multi-billion-dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
      He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master's degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

      Michael Tweedie

      Michael Tweedie
      Practice Lead, CIO Strategy
      Info-Tech Research Group

      Mike Tweedie brings over 25 years as a technology executive. He's led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.
      Mike holds a Bachelor's degree in Architecture from Ryerson University.

      Mike Schembri

      Mike Schembri
      Senior Executive Advisor
      Info-Tech Research Group

      Mike is the former CIO of Fuji Xerox Australia and has 20+ years' experience serving IT and wider business leadership roles. Mike has led technical and broader business service operations teams to value and growth successfully in organizations ranging from small tech startups through global IT vendors, professional service firms, and manufacturers.
      Mike has passion for strategy and leadership and loves working with individuals/teams and seeing them grow.

      John Leidl

      John Leidl
      Senior Director, Member Services
      Info-Tech Research Group

      With over 35 years of IT experience, including senior-level VP Technology and CTO leadership positions, John has a breadth of knowledge in technology innovation, business alignment, IT operations, and business transformation. John's experience extends from start-ups to corporate enterprise and spans higher education, financial services, digital marketing, and arts/entertainment.

      Joe Riley

      Joe Riley
      Senior Workshop Director
      Info-Tech Research Group

      Joe ensures our members get the most value out of their Info-Tech memberships by scoping client needs, current state and desired business outcomes, and then drawing upon his extensive experience, certifications, and degrees (MBA, MS Ops/Org Mgt, BS Eng/Sci, ITIL, PMP, Security+, etc.) to facilitate our client's achievement of desired and aspirational business outcomes. A true advocate of ITSM, Joe approaches technology and technology practices as a tool and enabler of people, core business, and competitive advantage activities.

      Denis Goulet

      Denis Goulet
      Senior Workshop Director
      Info-Tech Research Group

      Denis is a transformational leader and experienced strategist who has worked with 100+ organizations to develop their digital, technology, and governance strategies.
      He has held positions as CIO, Chief Administrative Office (City Manager), General Manager, Vice President of Engineering, and Management Consultant, specializing in enterprise and technology strategy.

      Cole Cioran

      Cole Cioran
      Managing Partner
      Info-Tech Research Group

      I knew I wanted to build great applications that would delight their users. I did that over and over. Along the way I also discovered that it takes great teams to deliver great applications. Technology only solves problems when people, processes, and organizations change as well. This helped me go from writing software to advising some of the largest organizations in the world on how to how to build a digital delivery umbrella of Product, Agile, and DevOps and create exceptional products and services powered by technology.

      Carlene McCubbin

      Carlene McCubbin
      Research Lead, CIO Practice
      Info-Tech Research Group

      During her tenure at Info-Tech, Carlene has led the development of Info-Tech's Organization and Leadership practice and worked with multiple clients to leverage the methodologies by creating custom programs to fit each organization's needs.
      Before joining Info-Tech, Carlene received her Master of Communications Management from McGill University, where she studied development of internal and external communications, government relations, and change management.

      Isabelle Hertanto

      Isabelle Hertanto
      Principal Research Director
      Info-Tech Research Group

      Isabelle Hertanto has over 15 years of experience delivering specialized IT services to the security and intelligence community. As a former federal officer for Public Safety Canada, Isabelle trained and led teams on data exploitation and digital surveillance operations in support of Canadian national security investigations. Since transitioning into the private sector, Isabelle has held senior management and consulting roles across a variety of industry sectors, including retail, construction, energy, healthcare, and the broader Canadian public sector.

      Hans Eckman

      Hans Eckman
      Principal Research Director
      Info-Tech Research Group

      Hans Eckman is a business transformation leader helping organizations connect business strategy and innovation to operational excellence. He supports Info-Tech members in SDLC optimization, Agile and DevOps implementation, CoE/CoP creation, innovation program development, application delivery, and leadership development. Hans is based out of Atlanta, Georgia.

      Valence Howden

      Valence Howden
      Principal Research Director
      Info-Tech Research Group

      With 30 years of IT experience in the public and private sector, Valence has developed experience in many Information Management and Technology domains, with a particular focus in the areas of Service Management, Enterprise and IT Governance, Development and Execution of Strategy, Risk Management, Metrics Design and Process Design, and Implementation and Improvement. Prior to joining Info-Tech, he served in technical and client-facing roles at Bell Canada and CGI Group Inc., as well as managing the design, integration, and implementation of services and processes in the Ontario Public Sector.

      Clayton Gillett

      Clayton Gillett
      Managing Partner
      Info-Tech Research Group

      Clayton Gillett is a Managing Partner for Info-Tech, providing technology management advisory services to healthcare clients. Clayton joined Info-Tech with more than 28 years of experience in health care information technology. He has held senior IT leadership roles at Group Health Cooperative of Puget Sound and OCHIN, as well as advisory or consulting roles at ECG Management Consultants and Gartner.

      Donna Bales

      Donna Bales
      Principal Research Director
      Info-Tech Research Group

      Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multi-stakeholder industry initiatives.

      Igor Ikonnikov

      Igor Ikonnikov
      Research Director
      Info-Tech Research Group

      Igor Ikonnikov is a Research and Advisory Director in the Data and Analytics practice. Igor has extensive experience in strategy formation and execution in the information management domain, including master data management, data governance, knowledge management, enterprise content management, big data, and analytics.
      Igor has an MBA from the Ted Rogers School of Management (Toronto, Canada) with a specialization in Management of Technology and Innovation.

      Research Contributors and Experts

      Michael Newcity

      Michael Newcity
      Chief Innovation Officer
      ArcBest

      Kevin Yoder

      Kevin Yoder
      Vice President, Innovation
      ArcBest

      Gary Boyd

      Gary Boyd
      Vice President, Information Systems & Digital Transformation
      Arkansas Blue Cross and Blue Shield

      Brett Trelfa

      Brett Trelfa
      Chief Information Officer
      Arkansas Blue Cross and Blue Shield

      Kristen Wilson-Jones

      Kristen Wilson-Jones
      Chief Technology & Product Officer
      Medcurio

      Note: additional contributors did not wish to be identified

      Bibliography

      Altringer, Beth. "A New Model for Innovation in Big Companies" Harvard Business Review. 19 Nov. 2013. Accessed 30 Jan. 2023. https://hbr.org/2013/11/a-new-model-for-innovation-in-big-companies
      Arpajian, Scott. "Five Reasons Why Innovation Fails" Forbes Magazine. 4 June 2019. Accessed 31 Jan. 2023. https://www.forbes.com/sites/forbestechcouncil/2019/06/04/five-reasons-why-innovation-fails/?sh=234e618914c6
      Baldwin, John & Gellatly, Guy. "Innovation Capabilities: The Knowledge Capital Behind the Survival and Growth of Firms" Statistics Canada. Sept. 2006. Accessed 30 Jan. 2023. https://www.bdc.ca/fr/documents/other/innovation_capabilities_en.pdf
      Bar Am, Jordan et al. "Innovation in a Crisis: Why it is More Critical Than Ever" McKinsey & Company, 17 June 2020. Accessed 12 Jan. 2023. <https://www.mckinsey.com/capabilities/strategy-and-corporate-finance/our-insights/innovation-in-a-crisis-why-it-is-more-critical-than-ever >
      Boston Consulting Group, "Most Innovative Companies 2021" BCG, April 2021. Accessed 30 Jan. 2023. https://web-assets.bcg.com/d5/ef/ea7099b64b89860fd1aa3ec4ff34/bcg-most-innovative-companies-2021-apr-2021-r.pdf
      Boston Consulting Group, "Most Innovative Companies 2022" BGC, 15 Sept. 2022. Accessed 6 Feb. 2023. https://www.bcg.com/en-ca/publications/2022/innovation-in-climate-and-sustainability-will-lead-to-green-growth
      Christensen, Clayton M. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business Review Press, 2016.
      Gerber, Niklaus. "What is innovation? A beginner's guide into different models, terminologies and methodologies" Medium. 20 Sept 2022. Accessed 7 Feb. 2023. https://world.hey.com/niklaus/what-is-innovation-a-beginner-s-guide-into-different-models-terminologies-and-methodologies-dd4a3147
      Google X, Homepage. Accessed 6 Feb. 2023. https://x.company/
      Harnoss, Johann D. & Baeza, Ramón. "Overcoming the Four Big Barriers to Innovation Success" Boston Consulting Group, 24 Sept. 2019. Accessed 30 Jan 2023. https://www.bcg.com/en-ca/publications/2019/overcoming-four-big-barriers-to-innovation-success
      Jaruzelski, Barry et al. "Global Innovation 1000 Study" Pricewaterhouse Cooper, 30 Oct. 2018. Accessed 13 Jan. 2023. <https://www.strategyand.pwc.com/gx/en/insights/innovation1000.html>
      Kharpal, Arjun. "Huawei posts first-ever yearly revenue decline as U.S. sanctions continue to bite, but profit surges" CNBC. 28 March 2022. Accessed 7 Feb. 2023. https://www.cnbc.com/2022/03/28/huawei-annual-results-2021-revenue-declines-but-profit-surges.html
      Kirsner, Scott. "The Biggest Obstacles to Innovation in Large Companies" Harvard Business Review, 30 July 2018. Accessed 12 Jan. 2023. <https://hbr.org/2018/07/the-biggest-obstacles-to-innovation-in-large-companies>
      Macrotrends. "Apple Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AAPL/apple/revenue
      Macrotrends. "Microsoft Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MSFT/microsoft/revenue
      Macrotrends. "Amazon Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/AMZN/amazon/revenue
      Macrotrends. "Alphabet Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/GOOG/alphabet/revenue
      Macrotrends. "Tesla Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/TSLA/tesla/revenue
      Macrotrends. "Moderna Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/MRNA/moderna/revenue
      Macrotrends. "Sony Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/SONY/sony/revenue
      Macrotrends. "IBM Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/IBM/ibm/revenue
      Macrotrends. "Meta Platforms Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/META/meta-platforms/revenue
      Macrotrends. "NIKE Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NKE/nike/revenue
      Macrotrends. "Walmart Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/WMT/walmart/revenue
      Macrotrends. "Dell Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/DELL/dell/revenue
      Macrotrends. "NVIDIA Revenue 2010-2022" Macrotrends. Accessed 23 Jan. 2023. https://www.macrotrends.net/stocks/charts/NVDA/nvidia/revenue
      Sloan, Paul. "How to Develop a Vision for Innovation" Innovation Management, 10 Aug. 2009. Accessed 7 Feb. 2023. https://innovationmanagement.se/2009/08/10/how-to-develop-a-vision-for-innovation/
      Statista. "Samsung Electronics' global revenue from 2005 to 2021" Statista. Accessed 7 Feb. 2023. https://www.statista.com/statistics/236607/global-revenue-of-samsung-electronics-since-2005/
      Tichy, Noel & Ram Charan. "Speed, Simplicity, Self-Confidence: An Interview with Jack Welch" Harvard Business Review, 2 March 2020. Accessed 7 Feb. 2023. https://hbr.org/1989/09/speed-simplicity-self-confidence-an-interview-with-jack-welch
      Weick, Karl and Kathleen Sutcliffe. Managing the Unexpected: Sustained Performance in a Complex World, Third Edition. John Wiley & Sons, 2015.
      Xuan Tian, Tracy Yue Wang, Tolerance for Failure and Corporate Innovation, The Review of Financial Studies, Volume 27, Issue 1, 2014, Pages 211–255, Accessed https://doi.org/10.1093/rfs/hhr130

      Demystify Blockchain: How Can It Bring Value to Your Organization?

      • Buy Link or Shortcode: {j2store}96|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Innovation
      • Parent Category Link: /innovation
      • Most leaders have an ambiguous understanding of blockchain and its benefits, let alone how it impacts their organization.
      • At the same time, with bitcoin drawing most of the media attention, organizations are finding it difficult to translate cryptocurrency usage to business case.

      Our Advice

      Critical Insight

      • Cut through the hype associated with blockchain by focusing on what is relevant to your organization. You have been hearing about blockchain for some time now and want to better understand it. While it is complex, you can beat the learning curve by analyzing its key benefits and purpose. Features such as transparency, efficiency, and security differentiate blockchain from existing technologies and help explain why it has transformative potential.
      • Ensure your use case is actually useful by first determining whether blockchain aligns with your organization. CIOs must take a practical approach to blockchain in order to avoid wasting resources (both time and money) and hurting IT’s image in the eyes of the business. While is easy to get excited and invest in a new technology to help maintain your image as a thought leader, you must ensure that your use case is fully developed prior to doing so.

      Impact and Result

      • Follow Info-Tech’s methodology for simplifying an otherwise complex concept. By focusing on its benefits and how they directly relate to a use case, blockchain technology is made easy to understand for business and IT professionals.
      • Our program will help you understand if blockchain is the optimal solution for your organization by mapping its key benefits (i.e. transparency, integrity, efficiency, and security) to your needs and capabilities.
      • Leverage a repeatable framework for brainstorming blockchain use case ideas and communicate your findings to business stakeholders who may otherwise be confused about the transformative potential of blockchain.

      Demystify Blockchain: How Can It Bring Value to Your Organization? Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why your organization should care about determining whether blockchain aligns with your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. What exactly is blockchain?

      Understand blockchain’s unique feature, benefits, and business use cases.

      • Demystify Blockchain – Phase 1: What Is Blockchain?
      • Blockchain Glossary

      2. What can blockchain do for your organization?

      Envision blockchain’s transformative potential for your organization by brainstorming and validating a use case.

      • Demystify Blockchain – Phase 2: What Can Blockchain Do for Your Organization?
      • Blockchain Alignment Tool
      • Blockchain Alignment Presentation
      [infographic]

      Organizational Change Management

      • Buy Link or Shortcode: {j2store}35|cart{/j2store}
      • Related Products: {j2store}35|crosssells{/j2store}
      • member rating overall impact: 9.6/10
      • member rating average dollars saved: $19,055
      • member rating average days saved: 24
      • Parent Category Name: Project Portfolio Management and Projects
      • Parent Category Link: /ppm-and-projects
      If you don't know who is responsible for organizational change, it's you.

      The ESG Imperative and Its Impact on Organizations

      • Buy Link or Shortcode: {j2store}196|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: IT Governance, Risk & Compliance
      • Parent Category Link: /it-governance-risk-and-compliance
      • Global regulatory climate disclosure requirements are still evolving and are not consistent.
      • Sustainability is becoming a corporate imperative, but IT’s role is not fully clear.
      • The environmental, social, and governance (ESG) data challenge is large and continually expanding in scope.
      • Collecting the necessary data and managing ethical issues across supply chains is a daunting task.
      • Communicating long-term value is difficult when customer and employee expectations are shifting.

      Our Advice

      Critical Insight

      • An organization's approach to ESG cannot be static or tactical. It is a moving landscape that requires a flexible, holistic approach across the organization. Cross-functional coordination is essential in order to be ready to respond to changing conditions.
      • Even though the ESG data requirements are large and continually expanding in scope, many organizations have well-established data frameworks and governance practices in place to meet regulatory obligations such as Sarbanes–Oxley that should used as a starting point.

      Impact and Result

      • Organizations will have greater success if they focus their ESG program efforts on the ESG factors that will have a material impact on their company performance and their key stakeholders.
      • Continually evaluating the evolving ESG landscape and its impact on key stakeholders will enable organizations to react quickly to changing conditions.
      • A successful ESG program requires a collaborative and integrated approach across key business stakeholders.
      • Delivering high-quality metrics and performance indicators requires a flexible and digital data approach, where possible, to enable data interoperability.

      The ESG Imperative and Its Impact on Organizations Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. The ESG Imperative and Its Impact on Organizations Deck – Learn why sustainability is becoming a key measurement of corporate performance and how to set your organization up for success.

      Understand the foundational components and drivers of the broader concept of sustainability: environmental, social, and governance (ESG) and IT’s roles within an organization’s ESG program. Learn about the functional business areas involved, the roles they play and how they interact with each other to drive program success.

      • The ESG Imperative and Its Impact on Organizations Storyboard

      Infographic

      Further reading

      The ESG Imperative and Its Impact on Organizations

      Design to enable an active response to changing conditions.

      Analyst Perspective

      Environmental, social, and governance (ESG) is a corporate imperative that is tied to long-term value creation. An organization's social license to operate and future corporate performance depends on managing ESG factors well.

      Central to an ESG program is having a good understanding of the ESG factors that may have a material impact on enterprise value and key internal and external stakeholders. A comprehensive ESG strategy supported by strong governance and risk management is also essential to success.

      Capturing relevant data and applying it within risk models, metrics, and internal and external reports is necessary for sharing your ESG story and measuring your progress toward meeting ESG commitments. Consequently, the data challenges have received a lot of attention, and IT leaders have a role to play as strategic partner and enabler to help address these challenges. However, ESG is more than a data challenge, and IT leaders need to consider the wider implications in managing third parties, selecting tools, developing supporting IT architecture, and ensuring ethical design.

      For many organizations, the ESG program journey has just begun, and collaboration between IT and risk, procurement, and compliance will be critical in shaping program success.

      This is a picture of Donna Bales, Principal Research Director, Info-Tech Research Group

      Donna Bales
      Principal Research Director
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      • Global regulatory climate disclosure requirements are still evolving and are not consistent.
      • Sustainability is becoming a corporate imperative, but IT's role is not fully clear.
      • The ESG data challenge is large and continually expanding in scope.
      • Collecting the necessary data and managing ethical issues across supply chains is a daunting task.
      • Communicating long-term value is difficult when customer and employee expectations are shifting.

      Common Obstacles

      • The data necessary for data-driven insights and accurate disclosure is often hampered by inaccurate and incomplete primary data.
      • Other challenges include:
        • Approaching ESG holistically and embedding it into existing governance, risk, and IT capabilities.
        • Building knowledge and adapting culture throughout all levels of the organization.
        • Monitoring stakeholder sentiment and keeping strategy aligned to expectations.

      Info-Tech's Approach

      • Use this blueprint to educate yourself on ESG factors and the broader concept of sustainability.
      • Learn about Info-Tech's ESG program approach and use it as a framework to begin your ESG program journey.
      • Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach.
      • Discover areas of IT that may need to be prioritized and resourced.

      Info-Tech Insight

      An organization's approach to ESG cannot be static or tactical. ESG is a moving landscape that requires a flexible, holistic approach across the organization. It must become part of the way you work and enable an active response to changing conditions.

      This is an image of Info-Tech's thoughtmap for eight steps of the ESG Program Journey

      Putting ESG in context

      ESG has moved beyond the tipping point to corporate table stakes

      • In recent years, ESG issues have moved from voluntary initiatives driven by corporate responsibility teams to an enterprise-wide strategic imperative.
      • Organizations are no longer being measured by financial performance but by how they contribute to a sustainable and equitable future, such as how they support sustainable innovation through their business models and their focus on collaboration and inclusion.
      • A corporation's efforts toward sustainability is measured by three components: environmental, social, and governance.

      Sustainability

      The ability of a corporation and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.

      This is an image of the United Nation's 17 sustainable goals.

      Source: United Nations

      Putting "E," "S," and "G" in context

      Corporate sustainability depends on managing ESG factors well

      • Environmental, social, and governance are the component pieces of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.
      • Human activities, particularly fossil fuel burning since the mid twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere.
      • The E in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.
      • The S in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also prosocial behaviour. It's the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.
      • The G in ESG is foundational to the realization of S and E. It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.

      Common examples of ESG issues include: Environmental: Climate change, greenhouse gas emissions (CHG), deforestation, biodiversity, pollution, water, waste, extended producer responsibility, etc. Social: Customer relations, employee relations, labor, human rights, occupational health and safety, community relations, supply chains, etc. Governance: Board management practices, succession planning, compensation, diversity, equity and inclusion, regulatory compliance, corruption, fraud, data hygiene and security, etc. Source: Getting started with ESG - Sustainalytics

      Understanding the drivers behind ESG

      $30 trillion is expected to be transferred from the baby boomers to Generation Z and millennials over the next decade
      – Accenture

      Drivers

      • The rapid rise of ESG investing
      • The visibility of climate change is driving governments, society, and corporations to act and to initiate and support net zero goals.
      • A younger demographic that has strong convictions and financial influence
      • A growing trend toward mandatory climate and diversity, equity, and inclusion (DEI) disclosures required by global regulators
      • Recent emphasis by regulators on board accountability and fiduciary duty
      • Greater societal awareness of social issues and sustainability
      • A new generation of corporate leadership that is focused on sustainable innovation

      The evolving regulatory landscape

      Global regulators are mobilizing toward mandatory regulatory climate disclosure

      Canada

      • Canadian Securities Administrators (CSA) NI 51-107 Disclosure of Climate-related Matters

      Europe

      • European Commission, Sustainable Finance Disclosure Regulation (SFDR)
      • European Commission, EU Supply Chain Act
      • Germany – The German Supply Chain Act (GSCA)
      • Financial Conduct Authority UK, Proposal (DP 21/4) Sustainability Disclosure Requirements and investment labels
      • UK Modern Slavery Act, 2015

      United States

      • Securities and Exchange Commission (SEC) 33-11042– The Enhancement and Standardization of Climate-Related Disclosures for Investors
      • SEC 33-11038 Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
      • Nasdaq Board Diversity Rule (5605(f))

      New Zealand

      • New Zealand, The Financial Sector (Climate-related Disclosures and Other Matters) Amendment Act 2021

      Begin by setting your purpose

      Consider your role as a corporation in society and your impact on key stakeholders

      • The impact of a corporation can no longer be solely measured by financial impact but also its impact on social good. Corporations have become real-world actors that impact and are affected by the environment, people, and society.
      • An ESG program should start with defining your organization's purpose in terms of corporate responsibility, the role it will play, and how it will endure over time through managing adverse impacts and promoting positive impacts.
      • Corporations should look inward and outward to assess the material impact of ESG factors on their organization and key internal and external stakeholders.
      • Once stakeholders are identified, consider how the ESG factors might be perceived by delving into what matters to stakeholders and what drives their behavior.

      Understanding your stakeholder landscape is essential to achieving ESG goals

      Internal Stakeholders: Board; Management; Employees. External Stakeholders: Activists; Regulators; Customers; Lenders; Government; Investors; Stakeholders; Community; Suppliers

      Assess ESG impact

      Materiality assessments help to prioritize your ESG strategy and enable effective reporting

      • The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.
      • The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.
      • It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.
      • Organizations can leverage assessment tools from Sustainalytics or SASB Standards to help assess ESG risks or use guidance or benchmarking information from industry associations.

      Info-Tech Insight

      Survey key stakeholders to obtain a more holistic viewpoint of expectations and the industry landscape and gain credibility through the process.

      Use a materiality matrix to understand ESG exposure

      This is an image of a materiality matrix used to understand ESG exposure.

      Example: Beverage Company

      Follow a holistic approach

      To deliver on your purpose, sustainability must be integrated throughout the organization

      • An ESG program cannot be implemented in a silo. It must be anchored on its purpose and supported by a strong governance structure that is intertwined with other functional areas.
      • Effective governance is essential to instill trust, support sound decision making, and manage ESG.
      • Governance extends beyond shareholder rights to include many other factors, such as companies' interactions with competitors, suppliers, and governments. More transparency is sought on:
        • Corporate behavior, executive pay, and oversight of controls.
        • Board diversity, compensation, and skill set.
        • Oversight of risk management, particularly risks related to fraud, product, data, and cybersecurity

      "If ESG is the framework of non-financial risks that may have a material impact on the company's stakeholders, corporate governance is the process by which the company's directors and officers manage those risks."
      – Zurich Insurance

      A pyramid is depicted. The top of the pyramid is labeled Continual Improvement, and the following terms are inside this box. Governance: Strategy; Risk Management; Metrics & Targets. At the bottom of the pyramid is a box with right facing arrows, labeled Transparency and Disclosure. This is Informed by the TCFD Framework

      Governance and organization approach

      There is no one-size-fits-all approach

      47% of companies reported that the full board most commonly oversees climate related risks and opportunities while 20% delegate to an existing board governance committee (EY Research, 2021).

      • The organizational approach to ESG will differ across industry segments and corporations depending on material risks and their upstream and downstream value change. However, the accountability for ESG sits squarely at the CEO and board level.
      • Some organizations have taken the approach of hiring a Chief Sustainability Officer to work alongside the CEO on execution of ESG goals and stakeholder communication, while others use other members of the strategic leadership to drive the desired outcomes.
      Governance Layer Responsibilities
      Board
      • Overall accountability lies with the full board. Some responsibilities may be delegated to newly formed dedicated ESG governance committee.
      Oversight
      Executive leadership
      • Accountable for sustainability program success and will work with CEO to set ESG purpose and goals.
      Oversight and strategic direction
      Management
      • Senior management drives execution; sometimes led by a cross-functional committee.
      Execution

      Strategy alignment

      "74% of finance leaders say that investors increasingly use nonfinancial information in their decision-making."

      – "Aligning nonfinancial reporting..." EY, 2020

      • Like any journey, the ESG journey requires knowing where you are starting from and where you are heading to.
      • Once your purpose is crystalized, identify and surface gaps between where you want to go as an organization (your purpose and goals) and what you need to deliver as an organization to meet the expectations of your internal and external stakeholders (your output).
      • Using the results of the materiality assessment, weigh the risk, opportunities, and financial impact to help prioritize and determine vulnerabilities and where you might excel.
      • Finally, evaluate and make changes to areas of your business that need development to be successful (culture, accountability and board structure, ethics committee, etc.)

      Gap analysis example for delivering reporting requirements

      Organizational Goals

      • Regulatory Disclosure
        • Climate
        • DEI
        • Cyber governance
      • Performance Tracking/Annual Reporting
        • Corporate transparency on ESG performance via social, annual circular
      • Evidence-Based Business Reporting
        • Risk
        • Board
        • Suppliers

      Risk-size your ESG goals

      When integrating ESG risks, stick with a proven approach

      • Managing ESG risks is central to making sound organizational decisions regarding sustainability but also to anticipating future risks.
      • Like any new risk type, ESG risk should be interwoven into your current risk management and control framework via a risk-based approach.
      • Yet ESG presents some new risk challenges, and some risk areas may need new control processes or enhancements.
      NET NEW ENHANCEMENT
      Climate disclosure Data quality management
      Assurance specific to ESG reporting Risk sensing and assessment
      Supply chain transparency tied back to ESG Managing interconnections
      Scenario analysis
      Third-party ratings and monitoring

      Info-Tech Insight

      Integrate ESG risks early, embrace uncertainty by staying flexible, and strive for continual improvement.

      A funnel chart is depicted. The inputs to the funnel are: Strategy - Derive ESG risks from strategy, and Enterprise Risk Appetite. Inside the funnel, are the following terms: ESG; Data; Cyber. The output of the funnel is: Evidence based reporting ESG Insights & Performance metrics

      Managing supplier risks

      Suppliers are a critical input into an organization's ESG footprint

      "The typical consumer company's supply chain ... [accounts] for more than 80% of greenhouse-gas emissions and more than 90% of the impact on air, land, water, biodiversity, and geological resources."
      – McKinsey & Company, 2016

      • Although companies are accustomed to managing third parties via procurement processes, voluntary due-diligence, and contractual provisions, COVID-19 surfaced fragility across global supply chains.
      • The mismanagement of upstream and downstream risks of supply chains can harm the reputation, operations, and financial performance of businesses.
      • To build resiliency to and visibility of supply chain risk, organizations need to adapt current risk management programs, procurement practices, and risk assessment tools and techniques.
      • Procurement departments have an enhanced function, effectively acting as gatekeepers by performing due diligence, evaluating performance, and strengthening the supplier relationship through continual feedback and dialogue.
      • Technologies such as blockchain and IoT are starting to play a more dominant role in supply chain transparency.

      Raw materials are upstream and consumers are downstream.

      "Forty-five percent of survey respondents say that they either have no visibility into their upstream supply chain or that they can see only as far as their first-tier suppliers."
      – "Taking the pulse of shifting supply chains," McKinsey & Company, 2022

      Metrics and targets

      Metrics are key to stakeholder transparency, measuring performance against goals, and surfacing organizational blind spots

      • ESG metrics are qualitative or quantitative insights that measure organizations' performance against ESG goals. Along with traditional business metrics, they assist investors with assessing the long-term performance of companies based on non-financial ESG risks and opportunities.
      • Metrics, key performance indicators (KPIs), and key risk indicators (KRIs) are used to measure how ESG factors affect an organization and how an organization may impact any of the underlying issues related to each ESG factor.
      • There are several reporting standards that offer specific ESG performance metrics, such as the Global Reporting Institute (GRI), Sustainability Accounting Standards Board (SASB), and World Economic Forum (WEF).
      • For climate-related disclosures, global regulators are converging on the Task Force for Climate-related Disclosures (TCFD) and the International Sustainability Standards Board (ISSB).

      Example metrics for ESG factors

      Example metrics for environment include greenhouse gas emissions, water footprint, renewable energy share, and % of recycled material. Example social metrics include rates of injury, proportion of spend on local supplies, and percentage of gender or ethnic groups in management roles. Example governance metrics include annual CEO compensation compared to median, number of PII data breaches, and completed number of supplier assessments.

      The impact of ESG on IT

      IT plays a critical role in achieving ESG goals

      • IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.
      • IT's involvement extends from the CIO providing input at a strategic level to leading the charge within IT to instill new goals and adapt the culture toward one focused on sustainability.
      • To set the tone, CIOs should begin by updating their IT governance structure and setting ESG goals for IT.
      • IT leaders will need to think about resource use and efficiency and incorporate this into their IT strategy.

      Info-Tech Insight

      IT leaders need to work collaboratively with risk management to optimize decision making and continually improve ESG performance and disclosure.

      "A great strategy meeting is a meeting of the minds."
      – Max McKeown

      The data challenge

      The ESG data requirement is large and continually expanding in scope

      • To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.
      • One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.
      • The data challenge is compounded by the availability and usability of data, immature and fragmented standards that hinder comparability, and workflow integration.

      Info-Tech Insight

      Keep your data model flexible and digital where possible to enable data interoperability.

      A flow chart is depicted. the top box is labeled ESG Program. Below that are Boxes labeled Tactical and Strategic. Below the Tactical Box, is a large X showing a lack of connection to the following points: Duplicative; Inefficient/Costly. Below the box labeled Strategic are the following terms: Data-Driven; Reusable; Digital.

      "You can have data without information, but you cannot have information without data."
      – Daniel Keys Moran

      It's more than a data challenge

      Organizations will rely on IT for execution, and IT leaders will need to be ready

      Data Management: Aggregated Reporting; Supplier Management; Cyber Management; Operational Management; Ethical Design(AI, Blockchain); IT Architecture; Resource Efficiency; Processing & Tooling; Supplier Assessment.

      Top impacts on IT departments

      1. ESG requires corporations to keep track of ESG-related risks of third parties. This will mean more robust assessments and monitoring.
      2. Many areas of ESG are new and will require new processes and tools.
      3. The SEC has upped the ante recently, requiring more rigorous accountability and reporting on cyber incidents.
      4. New IT systems and architecture may be needed to support ESG programs.
      5. Current reporting frameworks may need updating as regulators move to digital.
      6. Ethical design will need to be considered when AI is used to support risk/data management and when it is used as part of product solutions.

      Key takeaways

      • It's critical for organizations to look inward and outward to assess the material impact of ESG factors on their organization and key internal and external stakeholders.
      • ESG requires a flexible, holistic approach across the organization. It must become part of the way you work and enable an active response to changing conditions.
      • ESG introduces new risks that should not be viewed in isolation but interwoven into your current risk management and control framework via a risk-based approach.
      • Identify and integrate risks early, embrace uncertainty by staying flexible, and strive for continual improvement.
      • Metrics are key to telling your ESG story. Place the appropriate importance on the information that will be reported.
      • Recognize that the data challenge is complex and evolving and design your data model to be flexible, interoperable, and digital.
      • IT's role is far reaching, and IT will have a critical part in managing third parties, selecting tools, developing supporting IT architecture, and using ethical design.

      Definitions

      TERM DEFINITON
      Corporate Social Responsibility Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders.
      Chief Sustainability Officer Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery.
      ESG An acronym that stands for environment, social, and governance. These are the three components of a sustainability program.
      ESG Standard Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process.
      ESG Framework A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards.
      ESG Factors The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization.
      ESG Rating An aggregated score based on the magnitude of an organization's unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc.
      ESG Questionnaire ESG surveys or questionnaires are administered by third parties and used to assess an organization's sustainability performance. Participation is voluntary.
      Key Risk Indicator (KRI) A measure to indicate the potential presence, level, or trend of a risk.
      Key Performance Indicator (KPI) A measure of deviation from expected outcomes to help a firm see how it is performing.
      Materiality Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environment and social impact for itself and its stakeholder and society as a whole
      Materiality Assessment A materiality assessment is a tool to identify and prioritize the ESG issues most critical to the organization.
      Risk Sensing The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening).
      Sustainability The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities.
      Sustainalytics Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies.
      UN Guiding Principles on Business and Human Rights (UNGPs) UN Guiding Principles on Business and Human Rights (UNGPs) provide an essential methodological foundation for how impacts across all dimensions should be assessed.

      Reporting & standard frameworks

      STANDARD DEFINITION AND FOCUS
      CDP CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking.
      (Formally Carbon Disclosure Project) Audience: All stakeholders
      Dow Jones Sustainability Indices (DJSI) Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social.
      Audience: All stakeholders
      Global Reporting Initiative (GRI) International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues.
      Audience: All stakeholders
      International Sustainability Standards Board (ISSB) Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards.
      Audience: Investor-focused
      United Nations Sustainable Development Goals (UNSDG) Global partnership across sectors and industries to achieve sustainable development for all (17 Global Goals)
      Audience: All stakeholders
      Sustainability Accounting Standards Board (SASB) Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance.
      Audience: Investor-focused
      Task Force Of Climate-related Disclosures (TCFD; created by the Financial Stability Board) Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk.
      Audience: Investors, financial stakeholders

      Bibliography

      Anne-Titia Bove and Steven Swartz, McKinsey, "Starting at the source: Sustainability in supply chains", 11 November 2016

      Accenture, "The Greater Wealth Transfer – Capitalizing on the intergenerational shift in wealth", 2012

      Beth Kaplan, Deloitte, "Preparing for the ESG Landscape, Readiness and reporting ESG strategies through controllership playbook", 15 February 2022

      Bjorn Nilsson et al, McKinsey & Company, "Financial institutions and nonfinancial risk: How corporates build resilience," 28 February 2022

      Bolden, Kyle, Ernst and Young, "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value", 18 Dec. 2020

      Canadian Securities Administrators, "Canadian securities regulators seek comment on climate-related disclosure requirements", 18 October 2021

      Carol A. Adams et al., Global Risk Institute, "The double-materiality concept, Application and issues", May 2021

      Dunstan Allison-Hope et al, BSR, "Impact-Based Materiality, Why Companies Should-Focus Their Assessments on Impacts Rather than Perception", 3 February 2022

      EcoVadis, "The World's Most Trusted Business Sustainability Ratings",

      Ernst and Young, "Four opportunities for enhancing ESG oversight", 29 June 2021

      Federal Ministry of Labour and Social Affairs, The Act on Corporate Due Diligence Obligations in Supply Chains (Gesetz über die unternehmerischen Sorgfaltspflichten in Lieferketten)", Published into Federal Law Gazette, 22, July 2021

      "What Every Company Needs to Know", Sustainalytics

      Global Risk Institute, The GRI Perspective, "The materiality madness: why definitions matter", 22 February 2022

      John P Angkaw "Applying ERM to ESG Risk Management", 1 August 2022

      Hillary Flynn et al., Wellington Management, "A guide to ESG materiality assessments", June 2022

      Katie Kummer and Kyle Lawless, Ernst and Young, "Five priorities to build trust in ESG", 14 July 2022

      Knut Alicke et al., McKinsey & Company, "Taking the pulse of shifting supply chains", 26 August 2022

      Kosmas Papadopoulos and Rodolfo Arauj. The Harvard School Forum on Corporate Governance, "The Seven Sins of ESG Management", 23 September 2020

      KPMG, Sustainable Insight, "The essentials of materiality assessment", 2014

      Lorraine Waters, The Stack, "ESG is not an environmental issue, it's a data one", 20 May 2021

      Marcel Meyer, Deloitte, "What is TCFD and why does it matter? Understanding the various layers and implications of the recommendations",

      Michael W Peregnne et al., "The Harvard Law School Forum on Corporate Governance, The Important Legacy of the Sarbanes Oxley Act," 30 August 2022

      Michael Posner, Forbes, "Business and Human Rights: Looking Ahead To The Challenges Of 2022", 15 December 2021

      Myles Corson and Tony Kilmas, Ernst and Young, "How the CFO can balance competing demands and drive future growth", 3 November 2020

      Novisto, "Navigating Climate Data Disclosure", 2022

      Novisto, "XBRL is coming to corporate sustainability reporting", 17 April 2022

      "Official Journal of the European Union, Regulation (EU) 2019/2088 of the European Parliament and of the Council of 27 November 2019 on sustainability-related disclosures in the financial services sector", 9 December 2019

      Osler, "ESG and the future of sustainability", Podcast, 01 June 2022

      Osler, "The Rapidly Evolving World of ESG Disclosure: ISSB draft standards for sustainability and climate related disclosures", 19 May 2022

      Sarwar Choudhury and Zach Johnston, Ernst and Young "Preparing for Sox-Like ESG Regulation", 7 June 2022

      Securities and Exchange Commission, "The Enhancement and Standardization of Climate-related Disclosures for Investors", 12 May 2022

      "Securities and Exchange Commission, SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies, 9 May 2022

      Sean Brown and Robin Nuttall, McKinsey & Company, "The role of ESG and purpose", 4 January 2022

      Statement by Chair Gary Gensler, "Statement on ESG Disclosure Proposal", 25 May 2022

      Svetlana Zenkin and Peter Hennig, Forbes, "Managing Supply Chain Risk, Reap ESG Rewards", 22 June 2022

      Task Force on Climate Related Financial Disclosures, "Final Report, Recommendations of the Task Force on Climate-related Financial Disclosures", June 2017

      World Economic Forum, "Why sustainable governance and corporate integrity are crucial for ESG", 29 July 2022

      World Economic Forum (in collaboration with PwC) "How to Set Up Effective Climate Governance on Corporate Boards, Guiding Principles and questions", January 2019

      World Economic Forum, "Defining the "G" in ESG Governance Factors at the Heart of Sustainable Business", June 2022

      World Economic Forum, "The Risk and Role of the Chief Integrity Officer: Leadership Imperatives in and ESG-Driven World", December 2021

      World Economic Forum, "How to Set Up Effective Climate Governance on Corporate Boards Guiding principles and questions", January 2019

      Zurich Insurance, "ESG and the new mandate for corporate governance", 2022

      Establish Realistic IT Resource Management Practices

      • Buy Link or Shortcode: {j2store}435|cart{/j2store}
      • member rating overall impact: 9.5/10 Overall Impact
      • member rating average dollars saved: $36,337 Average $ Saved
      • member rating average days saved: 28 Average Days Saved
      • Parent Category Name: Portfolio Management
      • Parent Category Link: /portfolio-management
      • As CIO, you oversee a department that lacks the resource capacity to adequately meet organizational demand for new projects and services.
      • More projects are approved by the steering committee (or equivalent) than your department realistically has the capacity for, and you and your staff have little recourse to push back. If you have a PMO – and that PMO is one of the few that provides usable resource capacity projections – that information is rarely used to make strategic approval and prioritization decisions.
      • As a result, project quality and timelines suffer, and service delivery lags. Your staff are overallocated, but you lack statistical evidence because of incomplete estimates, allocations, and very little accurate data.

      Our Advice

      Critical Insight

      • IT’s capacity for new project work is largely overestimated. Much of IT’s time is lost to tasks that go unregulated and untracked (e.g. operations and support work, break-fixes and other reactive work) before project work is ever approved. When projects are approved, it is done so with little insight or concern for IT’s capacity to realistically complete that work.
      • The shift to matrix work structures has strained traditional methods of time tracking. Day-to-day demand is chaotic, and staff are pulled in multiple directions by numerous people. As fast-paced, rapidly changing, interruption-driven environments become the new normal, distractions and inefficiencies interfere with productive project work and usable capacity data.
      • The executive team approves too many projects, but it is not held to account for this malinvestment of time. Instead, it’s up to individual workers to sink or swim, as they attempt to reconcile, day after day, seemingly infinite organizational demand for new services and projects with their finite supply of working hours.

      Impact and Result

      • Instill a culture of capacity awareness. For years, the project portfolio management (PPM) industry has helped IT departments report on demand and usage, but has largely failed to make capacity part of the conversation. This research helps inject capacity awareness into project and service portfolio planning, enabling IT to get proactive about constraints before overallocation spirals, and project and service delivery suffers.
      • Build a sustainable process. Efforts to improve resource management often falter when you try to get too granular too quickly. Info-Tech’s approach starts at a high level, ensuring that capacity data is accurate and usable, and that IT’s process discipline is mature enough to maintain the data, before drilling down into greater levels of precision.
      • Establish a capacity book of record. You will ultimately need a tool to help provide ongoing resource visibility. Follow the advice in this blueprint to help with your tool selection, and ensure you meet the reporting needs of both your team and executives.

      Establish Realistic IT Resource Management Practices Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should develop a resource management strategy, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Take stock of organizational supply and demand

      Set the right resource management approach for your team and create a realistic estimate of your resource supply and organizational demand.

      • Balance Supply and Demand with Realistic Resource Management Practices – Phase 1: Take Stock of Organizational Supply and Demand
      • Resource Management Supply-Demand Calculator
      • Time Audit Workbook
      • Time-Tracking Survey Email Template

      2. Design a realistic resource management process

      Build a resource management process to ensure data accuracy and sustainability, and make the best tool selection to support your processes.

      • Balance Supply and Demand with Realistic Resource Management Practices – Phase 2: Design a Realistic Resource Management Process
      • Resource Management Playbook
      • PPM Solution Vendor Demo Script
      • Portfolio Manager Lite 2017

      3. Implement sustainable resource management practices

      Develop a plan to pilot your resource management processes to achieve maximum adoption, and anticipate challenges that could inhibit you from keeping supply and demand continually balanced.

      • Balance Supply and Demand with Realistic Resource Management Practices – Phase 3: Implement Sustainable Resource Management Practices
      • Process Pilot Plan Template
      • Project Portfolio Analyst / PMO Analyst
      • Resource Management Communications Template
      [infographic]

      Workshop: Establish Realistic IT Resource Management Practices

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Take Stock of Organizational Supply and Demand

      The Purpose

      Obtain a high-level view of current resource management practices.

      Identify current and target states of resource management maturity.

      Perform an in-depth time-tracking audit and gain insight into how time is spent on project versus non-project work to calculate realized capacity.

      Key Benefits Achieved

      Assess current distribution of accountabilities in resource management.

      Delve into your current problems to uncover root causes.

      Validate capacity and demand estimations with a time-tracking survey.

      Activities

      1.1 Perform a root-cause analysis of resourcing challenges facing the organization.

      1.2 Create a realistic estimate of project capacity.

      1.3 Map all sources of demand on resources at a high level.

      1.4 Validate your supply and demand assumptions by directly surveying your resources.

      Outputs

      Root-cause analysis

      Tab 2 of the Resource Management Supply-Demand Calculator, the Time Audit Workbook, and survey templates

      Tabs 3 and 4 of the Resource Management Supply-Demand Calculator

      Complete the Time Audit Workbook

      2 Design a Realistic Resource Management Process

      The Purpose

      Construct a resource management strategy that aligns with your team’s process maturity levels.

      Determine the resource management tool that will best support your processes.

      Key Benefits Achieved

      Activities

      2.1 Action the decision points in Info-Tech’s seven dimensions of resource management.

      2.2 Review resource management tool options, and depending on your selection, prepare a vendor demo script or review and set up Info-Tech’s Portfolio Manager Lite.

      2.3 Customize a workflow and process steps within the bounds of your seven dimensions and informed by your tool selection.

      Outputs

      A wireframe for a right-sized resource management strategy

      A vendor demo script or Info-Tech’s Portfolio Manager Lite.

      A customized resource management process and Resource Management Playbook.

      3 Implement Sustainable Resource Management Practices

      The Purpose

      Develop a plan to pilot your new processes to test whether you have chosen the right dimensions for maintaining resource data.

      Develop a communication plan to guide you through the implementation of the strategy and manage any resistance you may encounter.

      Key Benefits Achieved

      Identify and address improvements before officially instituting the new resource management strategy.

      Identify the other factors that affect resource productivity.

      Implement a completed resource management solution.

      Activities

      3.1 Develop a pilot plan.

      3.2 Perform a resource management start/stop/continue exercise.

      3.3 Develop plans to mitigate executive stakeholder, team, and structural factors that could inhibit your implementation.

      3.4 Finalize the playbook and customize a presentation to help explain your new processes to the organization.

      Outputs

      Process Pilot Plan Template

      A refined resource management process informed by feedback and lessons learned

      Stakeholder management plan

      Resource Management Communications Template

      Further reading

      Establish Realistic IT Resource Management Practices

      Holistically balance IT supply and demand to avoid overallocation.

      Analyst perspective

      Restore the right accountabilities for reconciling supply and demand.

      "Who gets in trouble at the organization when too many projects are approved?

      We’ve just exited a period of about 20-25 years where the answer to the above question was usually “nobody.” The officers of the corporation held nobody to account for the malinvestment of resources that comes from approving too many projects or having systemically unrealistic project due dates. Boards of directors failed to hold the officers accountable for that. And shareholders failed to hold boards of directors accountable for that.

      But this is shifting right under our feet. Increasingly, PMOs are being managed with the mentality previously reserved for those in the finance department. In many cases, the PMOs are now reporting to the CFO! This represents a very simple and basic reversion to the concept of fiduciary duty: somebody will be held to account for the consumption of all those hours, and somebody should be the approver of projects who created the excess demand." – Barry Cousins Senior Director of Research, PMO Practice Info-Tech Research Group

      Our understanding of the problem

      This Research Is Designed For:

      • IT leaders who lack actionable evidence of a resource-supply, work-demand imbalance.
      • CIOs whose departments struggle to meet service and project delivery expectations with given resources.
      • Portfolio managers, PMO directors, and project managers whose portfolio and project plans suffer due to unstable resource availability.

      This Research Will Help You:

      • Build trustworthy resource capacity data to support service and project portfolio management.
      • Develop sustainable resource management practices to help you estimate, and continually validate, your true resource capacity for services and projects.
      • Identify the demands that deplete your resource capacity without creating value for IT.

      This Research Will Also Assist:

      • Steering committee and C-suite management who want to improve IT’s delivery of projects.
      • Project sponsors that want to ensure their projects get the promised resource time by their project managers.

      This Research Will Help Them:

      • Ensure sufficient supply of time for projects to be successfully completed with high quality.
      • Communicate the new resource management practice and get stakeholder buy-in.

      Executive summary

      Situation

      • As CIO, you oversee a department that lacks the resource capacity to adequately meet organizational demand for new projects and services. As a result, project quality and timelines suffer, and service delivery lags.
      • You need a resource management strategy to help bring balance to supply and demand in order to improve IT’s ability to deliver.

      Complication

      • The shift to matrix work structures has strained traditional methods of time tracking. Day-to-day demand is chaotic; staff are pulled in multiple directions by numerous people, making usable capacity data elusive.
      • The executive team approves too many projects, but is not held to account for the overspend on time. Instead, the IT worker is made liable, expected to simply get things done under excessive demands.

      Resolution

      • Instill a culture of capacity awareness. For years, the project portfolio management (PPM) industry has helped IT departments report on demand and usage, but it has largely failed to make capacity part of the conversation. This research helps inject capacity awareness into project and service portfolio planning, enabling IT to get proactive about constraints before overallocation spirals, and project and service delivery suffers.
      • Build a sustainable process. Efforts to get better at resource management often falter when you try to get too granular too quickly. Info-Tech’s approach starts at a high level, ensuring that capacity data is accurate and usable, and that IT’s process discipline is mature enough to maintain the data, before drilling down into greater levels of precision.
      • Establish a capacity hub. You will ultimately need a tool to help provide ongoing resource visibility. Follow the advice in this blueprint to help with your tool selection and ensure the reporting needs of both your team and executives are met.

      Info-Tech Insight

      1. Take a realistic approach to resource management. New organizational realities have made traditional, rigorous resource projections impossible to maintain. Accept reality and get realistic about where IT’s time goes.
      2. Make IT’s capacity perpetually transparent. The best way to ensure projects are approved and scheduled based upon the availability of the right teams and skills is to shine a light into IT’s capacity and hold decision makers to account with usable capacity reports.

      The availability of staff time is rarely factored into IT project and service delivery commitments

      As a result, a lot gets promised and worked on, and staff are always busy, but very little actually gets done – at least not within given timelines or to expected levels of quality.

      Organizations tend to bite off more than they can chew when it comes to project and service delivery commitments involving IT resources.

      While the need for businesses to make an excess of IT commitments is understandable, the impacts of systemically overallocating IT are clearly negative:

      • Stakeholder relations suffer. Promises are made to the business that can’t be met by IT.
      • IT delivery suffers. Project timelines and quality frequently suffer, and service support regularly lags.
      • Employee engagement suffers. Anxiety and stress levels are consistently high among IT staff, while morale and engagement levels are low.

      76% of organizations say they have too many projects on the go and an unmanageable and ever-growing backlog of things to get to. (Cooper, 2014)

      Almost 70% of workers feel as though they have too much work on their plates and not enough time to do it. (Reynolds, 2016)

      Resource management can help to improve workloads and project results, but traditional approaches commonly fall short

      Traditional approaches to resource management suffer from a fundamental misconception about the availability of time in 2017.

      The concept of resource management comes from a pre-World Wide Web era, when resource and project plans could be based on a relatively stable set of assumptions.

      In the old paradigm, the availability of time was fairly predictable, as was the demand for IT services, so there was value to investing time into rigorous demand forecasts and planning.

      Resource projections could be based in a secure set of assumptions – i.e. 8 hour days, 40 hour weeks – and staff had the time to support detailed resource management processes that provided accurate usage data.

      Old Realities

      • Predictability. Change tended to be slow and deliberate, providing more stability for advanced, rigorous demand forecasts and planning.
      • Fixed hierarchy. Tasks, priorities, and decisions were communicated through a fixed chain of command.
      • Single-task focus. The old reality was more accommodating to sustained focus on one task at a time.

      96% of organizations report problems with the accuracy of information on employee timesheets. (Dimensional, 2013)

      Old reality resource forecasting inevitably falters under the weight of unpredictable demands and constant distractions

      New realities are causing demands on workers’ time to be unpredictable and unrelenting, making a sustained focus on a specific task for any length of time elusive.

      Part of the old resource management mythology is the idea that a person can do (for example) eight different one-hour tasks in eight hours of continuous work. This idea has gone from harmlessly mistaken to grossly unrealistic.

      The predictability and focus have given way to more chaotic workplace realities. Technology is ubiquitous, and the demand for IT services is constant.

      A day in IT is characterized by frequent task-switching, regular interruptions, and an influx of technology-enabled distractions.

      Every 3 minutes and 5 seconds: How often the typical office worker switches tasks, either through self-directed or other-directed interruptions. (Schulte, 2015)

      12 minutes, 40 seconds: The average amount of time in-between face-to-face interruptions in matrix organizations. (Anderson, 2015)

      23 minutes, 15 seconds: The average amount of time it takes to become on task, productive, and focused again after an interruption. (Schulte, 2015)

      759 hours: The average number of hours lost per employee annually due to distractions and interruptions. (Huth, 2015)

      The validity of traditional, rigorous resource planning has long been an illusion. New realities are making the sustained focus and stable assumptions that old reality projections relied on all but impossible to maintain.

      For resource management practices to be effective, they need to evolve to meet new realities

      New organizational realities have exacerbated traditional approaches to time tracking, making accurate and usable resource data elusive.

      The technology revolution that began in the 1990s ushered in a new paradigm in organizational structures. Matrix reporting structures, diminished supervision of knowledge workers, massive multi-tasking, and a continuous stream of information and communications from the outside world have smashed the predictability and stability of the old paradigm.

      The resource management industry has largely failed to evolve. It remains stubbornly rooted in old realities, relying on calculations and rollups that become increasingly unsustainable and irrelevant in our high-autonomy staff cultures and interruption-driven work days.

      New Realities

      • Unpredictable. Technologies and organizational strategies change before traditional IT demand forecasts and project plans can be realized.
      • Matrix management. Staff can be accountable to multiple project managers and functional managers at any given time.
      • Multi-task focus. In the new reality, workers’ attentions are scattered across multiple tasks and projects at any given time.

      87% of organizations report challenges with traditional methods of time tracking and reporting. (Dimensional, 2013)

      40% of working time is not tracked or tracked inaccurately by staff. (actiTIME, 2016)

      Poor resource management practices cost organizations dearly

      While time is money, the statistics around resource visibility and utilization suggest that the vast majority of organizations don’t spend their available time all that wisely.

      Research shows that ineffective resource management directly impacts an organization’s bottom line, contributing to such cost drains as the systemic late delivery of projects and increased project costs.

      Despite this, the majority of organizations fail to treat staff time like the precious commodity it is.

      As the results of a 2016 survey show, the top three pain points for IT and PMO leaders all revolve around a wider cultural negligence concerning staff time (Alexander, TechRepublic, 2016):

      • Overcommitted resources
      • Constant change that affects staff assignments
      • An inability to prioritize shared resources

      Top risks associated with poor resource management

      Inability to complete projects on time – 52%

      Inability to innovate fast enough – 39%

      Increased project costs – 38%

      Missed business opportunities – 34%

      Dissatisfied customers or clients – 32%

      12 times more waste – Organizations with poor resource management practices waste nearly 12 times more resource hours than high-performing organizations. (PMI, 2014)

      The concept of fiduciary duty represents the best way to bring balance to supply and demand, and improve project outcomes

      Unless someone is accountable for controlling the consumption of staff hours, too much work will get approved and committed to without evidence of sufficient resourcing.

      Who is accountable for controlling the consumption of staff hours?

      In many ways, no question is more important to the organization’s bottom line – and certainly, to the effectiveness of a resource management strategy.

      Historically, the answer would have been the executive layer of the organization. However, in the 1990s management largely abdicated its obligation to control resources and expenditures via “employee empowerment.”

      Controls on approvals became less rigid, and accountability for choosing what to do (and not do) shifted onto the shoulders of the individual worker. This creates a current paradigm where no one is accountable for the malinvestment…

      …of resources that comes from approving too many projects. Instead, it’s up to individual workers to sink-or-swim, as they attempt to reconcile, day after day, seemingly infinite organizational demand with their finite supply of working hours.

      If your organization has higher demand (i.e. approved project work) than supply (i.e. people’s time), your staff will be the final decision makers on what does and does NOT get worked on.

      Effective time leadership distinguishes top performing senior executives

      "Everything requires time… It is the one truly universal condition. All work takes place in time and uses up time. Yet most people take for granted this unique, irreplaceable and necessary resource. Nothing else, perhaps, distinguishes effective executives as much as their tender loving care of time." – Peter Drucker (quoted in Frank)

      67% of employees surveyed believe their CEOs focus too much on decisions based in short-term financial results and not enough time on decisions that create a stable, positive workplace for staff. (2016 Edelman Trust Barometer)

      Bring balance to supply and demand with realistic resource management practices

      Use Info-Tech’s approach to resource management to capture an accurate view of where your time goes and achieve sustained visibility into your capacity for new projects.

      Realistic project resource management starts by aligning demand with capacity, and then developing tactics to sustain alignment, even in the chaos of our fast-paced, rapidly changing, interruption-driven project environments.

      This blueprint will help you develop practices to promote and maintain accurate resourcing data, while developing tactics to continually inform decision makers’ assumptions about how much capacity is realistically available for project work.

      This research follows a three-phase approach to sustainable practices:

      1. Take Stock of Organizational Supply and Demand
      2. Design a Realistic Resource Management Process
      3. Implement Sustainable Resource Management Practices

      Info-Tech’s three-phase framework is structured around a practical, tactical approach to resource management. It’s not about what you put together as a one-time snapshot. It’s about what you can and will maintain every week, even during a crisis. When you stop maintaining resource management data, it’s nearly impossible to catch up and you’re usually forced to start fresh.

      Info-Tech’s approach is rooted in our seven dimensions of resource management

      Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

      Default project vs. non-project ratio

      How much time is available for projects once non-project demands are factored in?

      Reporting frequency

      How often is the allocation data verified, reconciled, and reported for use?

      Forecast horizon

      How far into the future can you realistically predict resource supply?

      Scope of allocation

      To whom is time allocated?

      Allocation cadence

      How long is each allocation period?

      Granularity of time allocation

      What’s the smallest unit of time to allocate?

      Granularity of work assignment

      What is time allocated to?

      This blueprint will help you make the right decisions for your organization across each of these dimensions to ensure your resource management practices match your current process maturity levels.

      Once your framework is defined, we’ll equip you with a tactical plan to help keep supply and demand continually balanced

      This blueprint will help you customize a playbook to ensure your allocations are perpetually balanced week after week, month after month.

      Developing a process is one thing, sustaining it is another.

      The goal of this research isn’t just to achieve a one-time balancing of workloads and expect that this will stand the test of time.

      The true test of a resource management process is how well it facilitates the flow of accurate and usable data as workloads become chaotic, and fires and crises erupt.

      • Info-Tech’s approach will help you develop a playbook and a “rebalancing routine” that will help ensure your allocations remain perpetually current and balanced.
      • The sample routine to the right shows you an example of what this rebalancing process will look like (customizing this process is covered in Phase 3 of the blueprint).

      Sample “rebalancing” routine

      • Maintain a comprehensive list of the sources of demand (i.e. document the matrix).
      • Catalog the demand.
      • Allocate the supply.
      • Forecast the capacity to your forecast horizon.
      • Identify and prepare work packages or tasks for unsatisfied demand to ensure that supply can be utilized if it becomes free.
      • Reconcile any imbalance by repeating steps 1-5 on update frequency, say, weekly or monthly.

      Info-Tech’s method is complemented by a suite of resource management tools and templates

      Each phase of this blueprint is accompanied by supporting deliverables to help plan your resource management strategy and sustain your process implementation.

      Resource management depends on the flow of information and data from the project level up to functional managers, project managers, and beyond – CIOs, steering committees, and senior executives.

      Tools are required to help plan, organize, and facilitate this flow, and each phase of this blueprint is centered around tools and templates to help you successfully support your process implementation.

      Take Stock of Organizational Supply and Demand

      Tools and Templates:

      Design a Realistic Resource Management Process

      Tools and Templates:

      Implement Sustainable Resource Management Practices

      Tools and Templates:

      Use Info-Tech’s Portfolio Manager Lite to support your new process without a heavy upfront investment in tools

      Spreadsheets can provide a viable alternative for organizations not ready to invest in an expensive tool, or for those not getting what they need from their commercial selections.

      While homegrown solutions like spreadsheets and intranet sites lack the robust functionality of commercial offerings, they have dramatically lower complexity and cost-in-use.

      Info-Tech’s Portfolio Manager Lite is a sophisticated, scalable, and highly customizable spreadsheet-based solution that will get your new resource management process up and running, without a heavy upfront cost.

      Kinds of PPM solutions used by Info-Tech clients

      Homemade – 46%

      Commercial – 33%

      No Solution – 21%

      (Info-Tech Research Group (2016), N=433)

      The image shows 3 sheets with charts and graphs.

      Samples of Portfolio Manager Lite's output and reporting tabs

      Info-Tech’s approach to resource management is part of our larger project portfolio management framework

      This blueprint will help you master the art of resource management and set you up for greater success in other project portfolio management capabilities.

      Resource management is one capability within Info-Tech’s larger project portfolio management (PPM) framework.

      Resource visibility and capacity awareness permeates the whole of PPM, helping to ensure the right intake decisions get made, and projects are scheduled according to resource and skill availability.

      Whether you have an existing PPM strategy that you are looking to optimize or you are just starting on your PPM journey, this blueprint will help you situate your resource management processes within a larger project and portfolio framework.

      Info-Tech’ s PPM framework is based on extensive research and practical application, and complements industry standards such as those offered by PMI and ISACA.

      Project Portfolio Management
      Status & Progress Reporting
      Intake, Approval, & Prioritization Resource Management Project Management Project Closure Benefits Tracking
      Organizational Change Management
      Intake → Execution→ Closure

      Realize the value that improved resource management practices could bring to your organization

      Spend your company’s HR dollars more efficiently.

      Improved resource management and capacity awareness will allow your organization to improve resource utilization and increase project throughput.

      CIOs, PMOs, and portfolio managers can use this blueprint to improve the alignment between supply and demand. You should be able to gauge the value through the following metrics:

      Near-Term Success Metrics (6 to 12 months)

      • Increased frequency of currency (i.e. more accurate and usable resource data and reports).
      • Improved job satisfaction from project resources due to more even workloads.
      • Better ability to schedule project start dates and estimate end dates due to recourse visibility.

      Long-Term Success Metrics (12 to 24 months)

      • More projects completed on time.
      • Reclaimed capacity for project work.
      • A reduction in resource waste and increased resource utilization on productive project work.
      • Ability to track estimated vs. actual budget and work effort on projects.

      In the past 12 months, Info-Tech clients have reported an average measured value rating of $550,000 from the purchase of workshops based on this research.

      Info-Tech client masters resource management by shifting the focus to capacity forecasting

      CASE STUDY

      Industry Education

      Source Info-Tech Client

      Situation

      • There are more than 200 people in the IT organization.
      • IT is essentially a shared services environment with clients spanning multiple institutions across a wide geography.
      • The PMO identified dedicated resources for resource management.

      Complication

      • The definition of “resource management” was constantly shifting between accounting the past (i.e. time records), the present (i.e. work assignments), and the future (i.e. long term project allocations).
      • The task data set (i.e. for current work assignments) was not aligned to the historic time records or future capacity.
      • It was difficult to predict or account for the spend, which exceeded 30,000 hours per month.

      “We’re told we can’t say NO to projects. But this new tool set and approach allows us to give an informed WHEN.” – Senior PMO Director, Education

      Resolution

      • The leadership decided to forecast and communicate their resource capacity on a 3-4 month forecast horizon using Info-Tech’s Portfolio Manager 2017.
      • Unallocated resource capacity was identified within certain skill sets that had previously been assessed as fully allocated. While some of the more high-visibility staff were indeed overallocated, other more junior personnel had been systemically underutilized on projects.
      • The high demand for IT project resourcing was immediately placed in the context of a believable, credible expression of supply.

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

      Workshop

      “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

      Consulting

      “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

      Diagnostics and consistent frameworks used throughout all four options

      Establish Realistic IT Resource Management Practices – project overview

      1. Take Stock of Organizational Supply and Demand 2. Design a Realistic Resource Management Process 3. Implement Sustainable Resource Management Practices
      Best-Practice Toolkit

      1.1 Set a resource management course of action

      1.2 Create realistic estimates of supply and demand

      2.1 Customize the seven dimensions of resource management

      2.2 Determine the resource management tool that will best support your process

      2.3 Build process steps to ensure data accuracy and sustainability

      3.1 Pilot your resource management process to assess viability

      3.2 Plan to engage your stakeholders with your playbook

      Guided Implementations
      • Scoping call
      • Assess how accountability for resource management is currently distributed
      • Create a realistic estimate of project capacity
      • Map all sources of demand on resources at a high level
      • Set your seven dimensions of resource management
      • Jump-start spreadsheet-based resource management with Portfolio Manager Lite
      • Build on the workflow to determine how data will be collected and who will support the process
      • Define the scope of a pilot and determine logistics
      • Finalize resource management roles and responsibilities
      • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
      Onsite Workshop

      Module 1:

      • Take Stock of Organizational Supply and Demand

      Module 2:

      • Design a Realistic Resource Management Process

      Module 3:

      • Implement Sustainable Resource Management Practices

      Phase 1 Outcome:

      • Resource Management Supply-Demand Calculator

      Phase 2 Outcome:

      • Resource Management Playbook

      Phase 3 Outcome:

      • Resource Management Communications Template

      Workshop overview

      Contact your account representative or email Workshops@InfoTech.com for more information.

      Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4 Workshop Day 5
      Activities

      Introduction to PPM and resource management

      1.1 Complete and review PPM Current State Scorecard Assessment

      1.2 Perform root cause analysis of resource management challenges

      1.3 Initiate time audit survey of management and staff

      Take stock of supply and demand

      2.1 Review the outputs of the time audit survey and analyze the data

      2.2 Analyze project and non-project demands, including the sources of those demands

      2.3 Set the seven dimensions of resource management

      Design a resource management process

      3.1 Review resource management tool options

      3.2 Prepare a vendor demo script or review Portfolio Manager Lite

      3.3 Build process steps to ensure data accuracy and sustainability

      Pilot and refine the process

      4.1 Define methods for piloting the strategy (after the workshop)

      4.2 Complete the Process Pilot Plan Template

      4.3 Conduct a mock resource management meeting

      4.4 Perform a RACI exercise

      Communicate and implement the process

      5.1 Brainstorm potential implications of the new strategy and develop a plan to manage stakeholder and staff resistance to the strategy

      5.2 Customize the Resource Management Communications Template

      5.3 Finalize the playbook

      Deliverables
      1. PPM Current State Scorecard Assessment
      2. Root cause analysis
      3. Time Audit Workbook and survey templates
      1. Resource Management Supply-Demand Calculator
      1. Portfolio Manager Lite
      2. PPM Solution Vendor Demo Script
      3. Tentative Resource Management Playbook
      1. Process Pilot Plan Template
      2. RACI chart
      1. Resource Management Communications Template
      2. Finalized Resource Management Playbook

      Phase 1

      Take Stock of Organizational Resource Supply and Demand

      Phase 1 Outline

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 1: Take Stock of Organizational Resource Supply and Demand

      Proposed Time to Completion (in weeks): 1-2 weeks

      Step 1.1: Analyze the current state

      Start with an analyst kick-off call:

      • Discuss the goals, aims, benefits, and challenges of resource management
      • Identify who is currently accountable for balancing resource supply and demand

      Then complete these activities…

      • Assess the current distribution of accountabilities in resource management
      • Delve into your current problems to uncover root causes
      • Make a go/no-go decision on developing a new resource management practice
      Step 1.2: Estimate your supply and demand

      Review findings with analyst:

      • Root causes of resource management
      • Your current impression about the resource supply-demand imbalance

      Then complete these activities…

      • Estimate your resource capacity for each role
      • Estimate your project/non-project demand on resources
      • Validate the findings with a time-tracking survey

      With these tools & templates:

      • Resource Management Supply-Demand Calculator
      • Time-Tracking Survey Email Template

      Phase 1 Results & Insights:

      A matrix organization creates many small, untraceable demands that are often overlooked in resource management efforts, which leads to underestimating total demand and overcommitting resources. To capture them and enhance the success of your resource management effort, focus on completeness rather than precision. Precision of data will improve over time as your process maturity grows.

      Step 1.1: Set a resource management course of action

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:
      • Determine your resource management process capability level
      • Assess how accountability for resource management is currently distributed
      This step involves the following participants:
      • CIO / IT Director
      • PMO Director/ Portfolio Manager
      • Functional / Resource Managers
      • Project Managers
      Outcomes of this step
      • Current distribution of accountability for resource management practice
      • Root-cause analysis of resourcing challenges facing the organization
      • Commitment to implementing a right-sized resource management practice

      “Too many projects, not enough resources” is the reality of most IT environments

      A profound imbalance between demand (i.e. approved project work and service delivery commitments) and supply (i.e. people’s time) is the top challenge IT departments face today..

      In today’s organizations, the desires of business units for new products and enhancements, and the appetites of senior leadership to approve more and more projects for those products and services, far outstrip IT’s ability to realistically deliver on everything.

      The vast majority of IT departments lack the resourcing to meet project demand – especially given the fact that day-to-day operational demands frequently trump project work.

      As a result, project throughput suffers – and with it, IT’s reputation within the organization.

      Info-Tech Insight

      Where does the time go? The portfolio manager (or equivalent) should function as the accounting department for time, showing what’s available in IT’s human resources budget for projects and providing ongoing visibility into how that budget of time is being spent.

      Resource management can help to even out staff workloads and improve project and service delivery results

      As the results of a recent survey* show, the top three pain points for IT and PMO leaders all revolve around a wider cultural negligence concerning staff time:

      • Overcommitted resources
      • Constant change that affects staff assignments
      • An inability to prioritize shared resources

      A resource management strategy can help to alleviate these pain points and reconcile the imbalance between supply and demand by achieving the following outcomes:

      • Improving resource visibility
      • Reducing overallocation, and accordingly, resource stress
      • Reducing project delay
      • Improving resource efficiency and productivity

      Top risks associated with poor resource management

      Inability to complete projects on time – 52%

      Inability to innovate fast enough – 39%

      Increased project costs – 38%

      Missed business opportunities – 34%

      Dissatisfied customers or clients – 32%

      12 times more waste – Organizations with poor resource management practices waste nearly 12 times more resource hours than high-performing organizations. (PMI, 2014)

      Resource management is a core process in Info-Tech’s project portfolio management framework

      Project portfolio management (PPM) creates a stable and secure infrastructure around projects.

      PPM’s goal is to maximize the throughput of projects that provide strategic and operational value to the organization. To do this, a PPM strategy must help to:

      Info-Tech's Project Portfolio Management Process Model
      3. Status & Progress Reporting [make sure the projects are okay]
      1. Intake, Approval, & Prioritization [select the right projects] 2. Resource Management [Pick the right time and people to execute the projects Project Management

      4. Project Closure

      [make sure the projects get done]

      5. Benefits Tracking

      [make sure they were worth doing]

      Organizational Change Management
      Intake → Execution→ Closure

      If you don’t yet have a PPM strategy in place, or would like to revisit your existing PPM strategy before implementing resource management practices, see Info-Tech’s blueprint, Develop a Project Portfolio Management Strategy.

      Effective resource management is rooted in a relatively simple set of questions

      However, while the questions are rather simple, the answers become complicated by challenges unique to matrix organizations and other workplace realities in 2017.

      To support the goals of PPM more generally, resource management must (1) supply quality work-hours to approved and ongoing projects, and (2) supply reliable data with which to steer the project portfolio.

      To do this, a resource management strategy must address a relatively straightforward set of questions.

      Key Questions

      • Who assigns the resources?
      • Who feeds the data on resources?
      • How do we make sure it’s valid?
      • How do we handle contingencies when projects are late or when availability changes?

      Challenges

      • Matrix organizations require project workers to answer to many masters and balance project work with “keep the lights on” activities and other administrative work.
      • Interruptions, distractions, and divided attention create consistent challenges for workplace productivity.

      "In matrix organizations, complicated processes and tools get implemented to answer the deceptively simple question “what’s Bob going to work on over the next few months?” Inevitably, the data captured becomes the focus of scrutiny as functional and project managers complain about data inaccuracy while simultaneously remaining reluctant to invest the effort necessary to improve quality." – Kiron Bondale

      Determine your organization’s resource management capability level with a maturity assessment

      1.1.1
      10 minutes

      Input

      • Organizational strategy and culture

      Output

      • Resource management capability level

      Materials

      • N/A

      Participants

      • PMO Director/ Portfolio Manager
      • Project Managers
      • Resource Managers

      Kick-off the discussion on the resource management process by deciding which capability level most accurately describes your organization’s current state.

      Capability Level Descriptions
      Capability Level 5: Optimized Our organization has an accurate picture of project versus non-project workloads and allocates resources accordingly. We periodically reclaim lost capacity through organizational and behavioral change.
      Capability Level 4: Aligned We have an accurate picture of how much time is spent on project versus non-project work. We allocate resources to these projects accordingly. We are checking in on project progress bi-weekly.
      Capability Level 3: Pixelated We are allocating resources to projects and tracking progress monthly. We have a rough estimate of how much time is spent on project versus non-project work.
      Capability Level 2: Opaque We match resource teams to projects and check in annually, but we do not forecast future resource needs or track project versus non-project work.
      Capability Level 1: Unmanaged Our organization expects projects to be finished, but there is no process in place for allocating resources or tracking project progress.

      If resources are poorly managed, they prioritize work based on consequences rather than on meeting demand

      As a result, matrix organizations are collectively steered by each resource and its individual motives, not by managers, executives, or organizational strategy.

      In a matrix organization, demands on a resource’s time come from many directions, each demand unaware of the others. Resources are expected to prioritize their work, but they typically lack the authority to formally reject demand, so demand frequently outstrips the supply of work-hours the resource can deliver.

      When this happens, the resource has three options:

      1. Work more hours, typically without compensation.
      2. Choose tasks not to do in a way that minimizes personal consequences.
      3. Diminish work quality to meet quantity demands.

      The result is an unsustainable system for those involved:

      1. Resources cannot meet expectations, leading to frustration and disengagement.
      2. Managers cannot deliver on the projects or services they manage and struggle to retain skilled resources who are looking elsewhere for “greener pastures.”
      3. Executives cannot execute strategic plans as they lose decision-making power over their resources.

      Scope your resource management practices within a matrix organization by asking “who?”

      Resource management boils down to a seemingly simple question: how do we balance supply and demand? Balancing requires a decision maker to make choices; however, in a matrix organization, identifying this decision maker is not straightforward:

      Balance

      • Who decides how much capacity should be dedicated to project work versus administrative or operational work?
      • Who decides how to respond to unexpected changes in supply or demand?

      Supply

      • Who decides how much total capacity we have for each necessary skill set?
      • Who manages the contingency, or redundancy, of capacity?
      • Who validates the capacity supply as a whole?
      • Who decides what to report as unexpected changes in supply (and to whom)?

      Demand

      • Who generates demand on the resource that can be controlled by their manager?
      • Who generates demand on the capacity that cannot be controlled by their manager?
      • Who validates the demand on capacity as a whole?
      • Who decides what to report as unexpected changes in demand (and to whom)?

      The individual who has the authority to make choices, and who is ultimately liable for those decisions, is an accountable person. In a matrix organization, accountability is dispersed, sometimes spilling over to those without the necessary authority.

      To effectively balance supply and demand, senior management must be held accountable

      Differentiate between responsibility and accountability to manage the organization’s project portfolio effectively.

      Responsibility

      The responsible party is the individual (or group) who actually completes the task.

      Responsibility can be shared.

      VS.

      Accountability

      The accountable person is the individual who has the authority to make choices, and is ultimately answerable for the decision.

      Accountability cannot be shared.

      Resources often do not have the necessary scope of authority to make resource management choices, so they can never be truly accountable for the project portfolio. Instead, resources are accountable for making available trustworthy data, so the right people can make choices driven by organizational strategy.

      The next activity will assess how accountability for resource management is currently distributed in your organization.

      Assess the current distribution of accountability for resource management practice

      1.1.2
      15 minutes

      Input

      • Organizational strategy and culture

      Output

      • Current distribution of accountabilities for resource management

      Materials

      • Whiteboard/flip chart
      • Markers

      Participants

      • CIO
      • PMO Director/ Portfolio Manager

      Below is a list of tasks in resource management that require choices. Discuss who is currently accountable and whether they have the right authority and ability to deliver on that accountability.

      Resource management tasks that require choices Accountability
      Current Effective?
      Identify all demands on resources
      Prioritize identified project demands
      Prioritize identified operational demands
      Prioritize identified administrative demands
      Prioritize all of the above demands
      Enumerate resource supply
      Validate resource supply
      Collect and validate supply and demand data
      Defer or reject work beyond available supply
      Adjust resource supply to meet demand

      Develop coordination between project and functional managers to optimize resource management

      Because resources are invariably responsible for both project and non-project work, efforts to procure capacity for projects cannot exist in isolation.

      IT departments need many different technical skill sets at their disposal for their day-to-day operations and services, as well as for projects. A limited hiring budget for IT restricts the number of hires with any given skill, forcing IT to share resources between service and project portfolios.

      This resource sharing produces a matrix organization divided along the lines of service and projects. Functional and project managers provide respective oversight for services and projects. Resources split their available work-hours toward service and project tasks according to priority – in theory.

      However, in practice, two major challenges exist:

      1. Poor coordination between functional and project managers causes commitments beyond resource capacity, disputes about resource oversight, and animosity among management, all while resources struggle to balance unclear priorities.
      2. Resources have a “third boss,” namely uncontrolled demands from the rest of the business, which lack both visibility and accountability.

      The image shows a board balanced on a ball (labelled Resource Management), with two balls on either end of it (Capacity Supply on the left, and Demand on the right), and another board balanced on top of the right ball, with two more balls balanced on either side of it (Projects on the left and Operational, Administrative, Etc. on the right).

      Resource management processes must account for the numerous small demands generated in a matrix organization

      Avoid going bankrupt $20 at a time: small demands add up to a significant chunk of work-hours.

      Because resource managers must cover both projects and services within IT, the typical solution to allocation problems in matrix organizations is to escalate the urgency and severity of demands by involving the executive steering committee. Unfortunately, the steering committee cannot expend time and resources on all demands. Instead, they often set a minimum threshold for cases – 100-1,000 work-hours depending on the organization.

      Under this resource management practice, small demands – especially the quick-fixes and little projects from “the third boss” – continue to erode project capacity. Eventually, projects fail to get resources because pesky small demands have no restrictions on the resources they consumed.

      Realistic resource management needs to account for demand from all three bosses; however…

      Info-Tech Insight

      Excess project or service request intake channels lead to the proliferation of “off-the-grid” projects and tasks that lack visibility from the IT leadership. This can indicate that there may be too much red tape: that is, the request process is made too complex or cumbersome. Consider simplifying the request process and bring IT’s visibility into those requests.

      Interrogate your resource management problems to uncover root causes

      1.1.3
      30 minutes to 1 hour

      Input

      • Organizational strategy and culture

      Output

      • Root causes of resource management failures

      Materials

      • Whiteboard/flip chart
      • Sticky notes
      • Markers

      Participants

      • CIO
      • PMO Director/ Portfolio Manager
      • Functional Managers
      • Project Managers
      1. Pick a starting problem statement in resource management. e.g. projects can’t get resource work-hours.
      2. Ask the participants “why”? Use three generic headings – people, processes, and technology – to keep participants focused. Keep the responses solution-agnostic: do not jump to solutions. If you have a large group, divide into smaller groups and use sticky notes to encourage more participation in this brainstorming step.
      People Processes Technology
      • We don’t have enough people/skills.
      • People are tied up on projects that run late.
      • Functional and project managers appear to hoard resources.
      • Resources cannot prioritize work.
      • Resources are too busy responding to 911s from the business.
      • Resources cannot prioritize projects vs. operational tasks.
      • “Soft-closed” projects do not release resources for other work.
      • We don’t have tools that show resource availability.
      • Tools we have for showing resource availability are not being used.
      • Data is inaccurate and unreliable.
      1. Determine the root cause by iteratively asking “why?” up to five times, or until the chain of whys comes full circle. (i.e. Why A? B. Why B? C. Why C? A.) See below for an example.

      1.1.2 Example of a root-cause analysis: people

      The following is a non-exhaustive example:

      The image shows an example of a root-cause analysis. It begins on the left with the header People, and then lists a series of challenges below. Moving toward the right, there are a series of headers that read Why? at the top of the chart, and listing reasons for the challenges below each one. As you read through the chart from left to right, the reasons for challenges become increasingly specific.

      Right-size your resource management strategy with Info-Tech’s realistic resource management practice

      If precise, accurate, and complete data on resource supply and demand was consistently available, reporting on project capacity would be easy. Such data would provide managers complete control over a resource’s time, like a foreman at a construction site. However, this theoretical scenario is incompatible with today’s matrixed workplace:

      • Sources of demand can lie outside IT’s control.
      • Demand is generated chaotically, with little predictability.
      • Resources work with minimal supervision.

      Collecting and maintaining resource data is therefore nearly impossible:

      • Achieving perfect data accuracy creates unnecessary overhead.
      • Non-compliance by one project or resource makes your entire data set unusable for resource management.

      This blueprint will guide you through right-sizing your resource management efforts to achieve maximum value-to-effort ratio and sustainability.


      The image shows a graph with Quality, Value on the Y axis, and Required Effort on the X-Axis. The graph is divided into 3 categories, based on the criteria: Value-to-effort Ratio and Sustainability. The three sections are labelled at the top of the graph as: Reactive, “gut feel”-driven; Right-sized resource management; Full control, complete data. The 2nd section is bolded. The line in the graph starts low, rising through the 2nd section, and is stable at the top of the chart in the final section.

      Choose your resource management course of action

      Portfolio managers looking for a resource management solution have three mutually exclusive options:

      Option A: Do Nothing

      • Rely on expert judgment and intuition to make portfolio choices.
      • Allow the third boss to dictate the demands of your resources.

      Option B: Get Precise

      • Aim for granularity and precision of data with a solution that may demand more capacity than is realistically available by hiring, outsourcing, or over-allocating people’s time.
      • Require detailed, accurate time sheets for all project tasks.
      • For those choosing this option, proceed to Info-Tech’s Select and Implement a PPM Solution.

      Option C: Get Realistic

      • Balance capacity supply and demand using abstraction.
      • Implement right-sized resource management practices that rely on realistic, high-level capacity estimates.
      • Reduce instability in data by focusing on resource capacity, rather than granular project demands and task level details.

      This blueprint takes you through the steps necessary to accomplish Option C, using Info-Tech’s tools and templates for managing your resources.

      Step 1.2: Create realistic estimates of supply and demand

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:
      • Create a realistic estimate of project capacity
      • Map all sources of demand on resources at a high level
      • Validate your supply and demand assumptions by directly surveying your resources
      This step involves the following participants:
      • PMO Director / Portfolio Manager
      • Project Managers (optional)
      • Functional / Resource Managers (optional)
      • Project Resources (optional)
      Outcomes of this step
      • A realistic estimate of your total and project capacity, as well as project and non-project demand on their time
      • Quantitative insight into the resourcing challenges facing the organization
      • Results from a time-tracking survey, which are used to validate the assumptions made for estimating resource supply and demand

      Create a realistic estimate of your project capacity with Info-Tech’s Resource Management Supply-Demand Calculator

      Take an iterative approach to capacity estimates: use your assumptions to create a meaningful estimate, and then validate with your staff to improve its accuracy.

      Use Info-Tech’s Resource Management Supply-Demand Calculator to create a realistic estimate of your project capacity.

      The calculator tool requires minimal upfront staff participation: you can obtain meaningful results with participation from even a single person, with insight on the distribution of your resources and their average work week or month. As the number of participants increases, the quality of analysis will improve.

      The first half of this step guides you through how to use the calculator. The second half provides tactical advice on how to gather additional data and validate your resourcing data with your staff.

      Download Info-Tech’s Resource Management Supply-Demand Calculator

      Info-Tech Insight

      What’s first, process or tools? Remember that process determines the quality of your data while data quality limits the tool’s utility. Without quality data, you cannot evaluate the success of the tool, so nail down your collection process first.

      Break down your resource capacity into high-level buckets of time for each role

      1.2.1
      30 minutes - 1 hour

      Input

      • Staff resource types
      • Average work week
      • Estimated allocations

      Output

      A realistic estimate of project capacity

      Materials

      Resource Management Supply-Demand Calculator

      Participants

      • PMO Director
      • Resource/Functional Managers (optional)

      We define four high-level buckets of resource time:

      • Absence: on average, a resource spends 14% of the year on vacation, statutory holidays, business holidays and other forms of absenteeism.
      • Administrative: time spent on meetings, recordkeeping, etc.
      • Operational: keeping the lights on; reactive work.
      • Projects: time to work on projects; typically, this bucket of time is whatever’s left from the above.

      The image shows a pie chart with four sections: Absence - 6,698 14%; Admin - 10,286 22%; Keep the Lights On - 15, 026 31%; Project Capacity 15, 831 33%.

      Instructions for working through Tab 2 of the Resource Management Supply-Demand Calculator are provided in the next two sections. Follow along to obtain your breakdown of annual resource capacity in a pie chart.

      Break down your resource capacity into high-level buckets of time for each role

      1.2.1
      Resource Management Supply-Demand Calculator, Tab 2: Capacity Supply

      Discover how many work-hours are at your disposal by first accounting for absences.

      The image shows a section of the Resource Management Supply-Demand Calculator, for calculating absences, with sample information filled in.

      1. Compile a list of each of the roles within your department.
      2. Enter the number of staff currently performing each role.
      3. Enter the number of hours in a typical work week for each role.
      4. Enter the foreseeable out-of-office time (vacation, sick time, etc.) Typically, this value is 12-16% depending on the region.

      Hours per Year represents your total resource capacity for each role, as well as the entire department. This column is automatically calculated.

      Working Time per Year represents your total resource capacity minus time employees are expected to spend out of office. This column is automatically calculated.

      Info-Tech Insight

      Example for a five-day work week:

      • 2 weeks (10 days) of statutory holidays
      • 3 weeks of vacation
      • 1.4 weeks (7 days) of sick days on average
      • 1 week (5 days) for company holidays

      Result: 7.4/52 weeks’ absence = 14.2%

      Break down your resource capacity into high-level buckets of time for each role (continued)

      1.2.1
      Resource Management Supply-Demand Calculator, Tab 2: Capacity Supply

      Determine the current distribution of your resources’ time and your confidence in whether the resources indeed supply those times.

      The image is a screen capture of the Working Time section of the calculator, with sample information filled in.

      5. Enter the percentage of working time across each role that, on an annual basis, goes toward administrative duties (non-project meetings, training, time spent checking email, etc.) and keep-the-lights-on work (e.g. support and maintenance work).

      While these percentages will vary by individual, a high-level estimate across each role will suffice for the purposes of this activity.

      6. Express how confident you are in each resource being able to deliver the calculated project work hours in percentages.

      Another interpretation for supply confidence is “supply control”: estimate your current ability to control this distribution of working time to meet the changing needs in percentages.

      Percentage of your working time that goes toward project work is calculated based upon what’s left after your non-project working time allocations have been subtracted.

      Create a realistic estimate of the demand from your project portfolio with the T-shirt sizing technique

      1.2.2
      15 minutes - 30 minutes

      Input

      • Average work-hours for a project
      • List of projects
      • PPM Current State Scorecard

      Output

      A realistic estimate of resource demand from your project portfolio

      Materials

      Resource Management Supply-Demand Calculator

      Participants

      • PMO Director
      • Project Managers (optional)

      Quickly re-express the size of your project portfolio in resource hours required.

      Estimating the resources required for a project in a project backlog can take a lot of effort. Rather than trying to create an accurate estimate for each project, a set of standard project sizes (often referred to as the “T-shirt sizing” technique) will be sufficiently accurate for estimating your project backlog’s overall demand.

      Instructions for working through Tab 3 of the tool are provided here and in the next section.

      1. For each type of project, enter the average number for work-hours.

      Project Types Average Number of Work Hours for a Project
      Small 80
      Medium 200
      Large 500
      Extra-Large 1000

      Improve your estimate of demand from your project portfolio by accounting for unproductive capacity spending

      1.2.2
      Resource Management Supply-Demand Calculator, Tab 3: Project Demand

      2. Using your list of projects, enter the number of projects for each appropriate field.

      The image shows a screen capture of the number of projects section of the Resource Management Supply-Demand Calculator, with sample information filled in.

      3. Enter your resource waste data from the PPM Current State Scorecard (see next section). Alternatively, enter your best guess on how much project capacity is spent wastefully per category.

      The image shows a screen capture of the Waste Assessment section of the Resource Management Supply-Demand Calculator, with sample information filled in, and a pie chart on the right based on the sample data.

      Info-Tech Insight

      The calculator estimates the project demand by T-shirt-sizing the work-hours required by projects to be delivered within the next 12 months and then adding the corresponding wasted capacity. This may be a pessimistic estimate, but it is more realistic because projects tend to be delivered late more than early.

      Estimate how much project capacity is wasted with Info-Tech’s PPM Current State Scorecard

      Call 1-888-670-8889 or contact your Account Manager for more information.

      This step is highly recommended but not required.

      Info-Tech’s PPM Current State Scorecard diagnostic provides a comprehensive view of your portfolio management strengths and weaknesses, including project portfolio management, project management, customer management, and resource utilization.

      Use the wisdom-of-the-crowd to estimate resource waste in:

      • Cancelled projects
      • Inefficiency
      • Suboptimal assignment of resources
      • Unassigned resources
      • Analyzing, fixing, and redeploying

      50% of PPM resource is wasted on average, effectively halving your available project capacity.

      Estimate non-project demand on your resources by role

      1.2.3
      45 minutes - 1 hour

      Input

      • Organizational chart
      • Knowledge of staff non-project demand

      Output

      Documented non-project demands and their estimated degree of fluctuation

      Materials

      Resource Management Supply-Demand Calculator

      Participants

      • PMO Director
      • Functional Managers (optional)
      Document non-project demand that could eat into your project capacity.

      When discussing project demands, non-project demands (administrative and operational) are often underestimated and downplayed – even though, in reality, they take a de facto higher priority to project work. Use Tab 4 of the tool to document these non-project demands, as well as their sources.

      The image shows a screen capture from Tab 4 of the tool, with sample information filled in.

      1. Choose a role using a drop-down list.

      2. Enter the type and the source of the demand.

      3. Enter the size and the frequency of the demand in hours.

      4. Estimate how stable the non-project demands are for each role.

      Examine and discuss your supply-demand analysis report

      1.2.4
      30 minutes - 1 hour

      Input

      Completed Resource Management Supply-Demand Calculator

      Output

      Supply-Demand Analysis Report

      Materials

      Resource Management Supply-Demand Calculator

      Participants

      • PMO Director
      • Functional Managers
      • Project Managers

      Start a data-driven discussion on resource management using the capacity supply-demand analysis report.

      Tab 5 of the calculator is a report that contains the following analysis:

      1. Overall resource capacity supply and demand gap
      2. Project capacity supply vs. demand gap
      3. Non-project capacity supply vs. demand balance
      4. Resource capacity confidence

      Each analysis is described and explained in the following four sections. Examine the report and discuss the following among the activity participants:

      1. How is your perception of the current resource capacity supply-demand balance affected by this analysis? How is it confirmed? Is it changed?
      2. Perform a root-cause analysis of problems revealed by the report. For each observation, ask “why?” repeatedly – generally, you can arrive at the root cause in four iterations.
      3. Refer back to Activity 1.1.2: current distribution of accountability for resource management. In your situation, how would you prioritize which resource management tasks to improve? Who are the involved stakeholders?

      Examine your supply-demand analysis report: overall resource capacity gap

      1.2.4
      Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

      1. Examine your resource capacity supply and demand gap.

      The top of the report on Tab 5 shows a breakdown of your annual resource supply and demand, with resource capacity shown in both total hours and percentage of the total. For the purposes of the analysis, absence is averaged. If total demand is less than available resource supply, the surplus capacity will be displayed as “Free Capacity” on the demand side.

      The Supply & Demand Analysis table displays the realistic project capacity, which is calculated by subtracting non-project supply deficit from the project capacity. This is based on the assumption that all non-project work must get done. The difference between the project demand and the realistic project capacity is your supply-demand gap, in work-hours.

      If your supply-demand gap is zero, recognize that the project demand does not take into account the project backlog: it only takes into account the projects that are expected to be delivered within the next 12 months.

      Examine your supply-demand analysis report: project capacity gap

      1.2.4
      Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

      2. Examine your project capacity supply vs. demand gap.

      The project capacity supply and demand analysis compares your available annual project capacity with the size of your project portfolio, expressed in work-hours.

      The supply side is further broken down to productive vs. wasted project capacity. The demand side is broken down to three buckets of projects: those that are active, those that sit in the backlog, and those that are expected to be added within 12 months. Percentage values are expressed in terms of total project capacity.

      A key observation here is the limitation to which reducing wasteful spending of resources can get to the project portfolio backlog. In this example, even a theoretical scenario of 100% productive project capacity will not likely result in net shrinkage of the project portfolio backlog. To achieve that, either the total project capacity must be increased, or less projects must be approved.

      Note: the work-hours necessary for delivering projects that are expected to be completed within 12 months is not shown in this visualization, as they should be represented within the other three categories of projects.

      Examine your supply-demand analysis report: non-project capacity gap

      1.2.4
      Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

      3. Drill down on the non-project capacity supply-demand balance by each role.

      The non-project capacity supply and demand analysis compares your available non-project capacity and their demands in a year, for each role, in work-hours.

      With this chart, you can:

      1. Observe which roles are “running hot,” (i.e. they have more demand than available supply).
      2. Verify your non-project/project supply ratio assumptions in Tab 2 of the tool / Activity 1.2.1.

      Tab 5 also provides similar breakdowns for administrative and keep-the-lights-on capacity supply and demand by each role.

      Examine your supply-demand analysis report: resource capacity confidence (RCC)

      1.2.4
      Resource Management Supply-Demand Calculator, Tab 5: Supply-Demand Analysis

      4. Examine your resource capacity confidence.

      In our approach, we introduce a metric called Resource Capacity Confidence (RCC). Conceptually, RCC is defined as follows:

      Resource Capacity Confidence = SC × DS × SDR

      Term Name Description
      SC Supply Control How confident are you that the supply of your resources’ project capacity will be delivered?
      DS Demand Stability How wildly does demand fluctuate? If it cannot be controlled, can it be predicted?
      SDR Supply-Demand Ratio How severely does demand outstrip supply?

      In this context, RCC can be defined as follows:

      "Given the uncertainty that our resources can supply hours according to the assumed project/non-project ratio, the fluctuations in non-project demand, and the overall deficit in project capacity, there is about 50% chance that we will be able to deliver the projects we are expected to deliver within the next 12 months."

      Case study: Non-project work is probably taking far more time than you might like

      CASE STUDY

      Industry Government

      Source Info-Tech Client

      "When our customers get a budget for a project, it’s all in capital. It never occurs to them that IT has a limited number of hours. "

      Challenge

      • A small municipal government was servicing a wide geographic area for information technology and infrastructure services.
      • There was no meaningful division of IT resources between support and project work.
      • Previous IT leadership tried a commercial PPM tool and stopped paying maintenance fees for it because of lack of adoption.
      • Projects were tracked inconsistently in multiple places.

      Solution

      • New project requests were approved with IT involvement.
      • Project approvals were entirely associated with the capital budget required and resourcing was never considered to be a constraint.
      • The broad assumption was that IT time was generally available for project work.
      • In reality, the IT personnel had almost no time for project work.

      Results

      • The organization introduced Info-Tech’s Grow Your Own PPM Solution template with minor modifications.
      • They established delivery dates for projects based on available time.
      • Time was allocated for projects based on person, project, percentage of time, and month.
      • They prioritized project allocations above reactive support work.

      Validate your resourcing assumptions with your staff by surveying their use of time

      Embrace the reality of imperfect IT labor efficiency to improve your understanding of resource time spend.

      Use Info-Tech’s time-tracking survey to validate your resourcing assumptions and get additional information to improve your understanding of resource time spent: imperfect labor efficiency and continuous partial attention.

      Causes of imperfect IT labor inefficiency
      • Most IT tasks are unique to their respective projects and contexts. A component that took 30 minutes to install last year might take two hours to install this year due to system changes that occurred since then.
      • Many IT tasks come up unexpectedly due to the need to maintain and support systems implemented on past projects. This work is unpredictable in terms of specifics (what will break where, when, or how).
      • Task switching slows people down and consumes time.
      • Problem solving and solution design often requires unstructured time to think more openly. Some of the most valuable solutions are conceived or discovered when people aren’t regimented and focused on getting things done.

      Info-Tech Insight

      Part of the old resource management mythology is the idea that a person can do (for example) eight different one-hour tasks in eight hours of continuous work. This idea has gone from harmlessly mistaken to grossly unrealistic.

      Constant interruptions lead to continuous partial attention that threatens real productivity

      There’s a difference between being busy and getting things done.

      “Working” on multiple tasks at once can often feel extremely gratifying in the short term because it distracts people from thinking about work that isn’t being done.

      The bottom line is that continuous partial attention impedes the progress of project work.

      Research on continuous partial attention
      • A study that analyzed interruptions and their effects on individuals in the workplace found that that “41% of the time an interrupted task was not resumed right away” (Mark, 2015).
      • Research has also shown that it can take people an average of 23 minutes to return to a task after being interrupted (Schulte, 2015).
      • Delays following interruptions are typically due to switching between multiple other activities before returning to the original task. In many cases, those tasks are much lower priorities – and in some cases not even work-related.

      Info-Tech Insight

      It may not be possible to minimize interruptions in the workplace, as many of these are considered to be urgent at the time. However, setting guidelines for how and when individuals can be interrupted may help to limit the amount of lost project time.

      "Like so many things, in small doses, continuous partial attention can be a very functional behavior. However, in large doses, it contributes to a stressful lifestyle, to operating in crisis management mode, and to a compromised ability to reflect, to make decisions, and to think creatively."

      – Linda Stone, Continuous Partial Attention

      Define the goals and the scope of the time-tracking survey

      1.2.5
      30 minutes

      Input

      Completed Resource Management Supply-Demand Calculator

      Output

      Survey design for the time-tracking survey

      Materials

      N/A

      Participants

      • PMO Director
      • Functional Managers
      • Project Managers

      Discuss the following with the activity participants:

      1. Define the scope of the survey
        • Respondents: Comprehensive survey of individuals vs. a representative sample using roles.
        • Granularity: decide how in-depth the questions will be and how often the survey will be delivered.
        • Data Collection: what information do you want to collect?
          • Proportion of project vs. non-project work.
          • Time spent on administrative tasks.
          • Prevalence and impact of distractions.
          • Worker satisfaction.
      2. Determine the sample time period covered by the survey
        • Info-Tech recommends 2-4 weeks. Less than 2 weeks might not be a representative sample, especially during vacation seasons.
        • More than 4 weeks will impose unreasonable time and effort for diminishing returns; data quality will begin to deteriorate as participation declines.
      3. Determine the survey method
        • Use your organization’s preferred survey distributor/online survey tool, or conduct one-on-one interviews to capture data.

      1.2.5 continued - Refine the questionnaire to improve the relevance and quality of insights produced by the survey

      Start with Info-Tech’s recommended weekly survey questions:

      1. Estimate your daily average for number of hours spent on:
        1. Total work
        2. Project work
        3. Non-project work
      2. How many times are you interrupted with “urgent” requests requiring immediate response in a given day?
      3. How many people or projects did you complete tasks for this week?
      4. Rate your overall satisfaction with work this week.
      5. Describe any special tasks, interruptions, or requests that took your time and attention away from project work this week.

      Customize these questions to suit your needs.

      Info-Tech Insight

      Maximize the number of survey responses you get by limiting the number of questions you ask. Info-Tech finds that participation drops off rapidly after five questions.

      1.2.5 continued - Communicate the survey goals and steps, and conduct the survey

      1. Communicate the purpose and goals of the survey to maximize participation and satisfaction.
        • Provide background for why the survey is taking place. Clarify that the intention is to improve working conditions and management capabilities, not to play “gotcha” or hold workers accountable.
      2. Provide a timeline so expectations are clear about when possible next steps will occur, such as
        • Sharing and analyzing results
        • Making decisions
        • Taking action
      3. Reiterate what people are required or expected to do and how much effort is required. Provide reasonable and realistic estimates of how much time and effort people should spend on audit participation.
      4. Distribute the survey; collect and analyze the data.

      Info-Tech Insight

      Make sure that employees understand the purpose of the survey. It is important that they give honest responses that reflect the struggles they are encountering with balancing project and non-project work, not simply telling management what they want to hear.

      Ensuring that employees know this survey is being used to help them, rather than scolding them for not completing work, will give you useful, insightful data on employee time.

      Use Info-Tech’s Time-Tracking Survey Email Template for facilitating your communications.

      Info-Tech Best Practice

      Provide guidance to your resources with examples on how to differentiate project work vs. non-project work, administrative vs. keep-the-lights-on work, what counts as interruptions, etc.

      Optimize your project portfolio to maintain continuous visibility into capacity

      Now that you have a realistic picture of your realized project capacity and demand amounts, it’s time to use these values to tailor and optimize your resource management practices.

      Based on desired outcomes for this phase, we have

      1. Determined the correct course of action to resolve your supply/demand imbalances.
      2. Assessed the overall project capacity of your portfolio.
      3. Cataloged sources of project and non-project demands.
      4. Performed a time audit to create an accurate and realistic picture of the time spent on different types of work.

      In the next phase, we will:

      1. Wireframe a resource management process.
      2. Choose a resource management tool.
      3. Define data collection, analysis, and reporting steps within a sustainable resource management process.

      The image is a screenshot from tab 6 of the Time Audit Workbook. The image shows two pie charts.

      The image is a screenshot from tab 6 of the Time Audit Workbook. The image shows a pie chart.

      Screenshots from tab 6 of the Time Audit Workbook.

      Info-Tech Insight

      The validity of traditional, rigorous resource planning has long been an illusion because the resource projections were typically not maintained. New realities such as faster project cycles, matrix organizations, and high-autonomy staff cultures have made the illusion impossible to maintain.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      1.1.2 Assess the current distribution of accountability for resource management practice

      Discuss who is currently accountable for various facets of resource management, and whether they have the right authority and ability to deliver on that accountability.

      1.2.1 Create realistic estimates of supply and demand using Info-Tech’s Supply-Demand Calculator

      Derive actionable, quantitative insight into the resourcing challenges facing the organization by using Info-Tech’s methodology that prioritizes completeness over precision.

      Phase 2

      Design a Realistic Resource Management Process

      Phase 2 Outline

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 2: Draft a Resource Management Process

      Proposed Time to Completion (in weeks): 3-6 weeks

      Step 2.1: Determine the dimensions of resource management

      Start with an analyst kick-off call:

      • Introduce the seven dimensions of resource management
      • Trade-off between granularity and utility of data

      Then complete these activities…

      • Decide on the seven dimensions
      • Examine the strategy’s cost-of-use

      With these tools & templates:

      Resource Management Playbook

      Step 2.2: Support your process with a resource management tool

      Discuss with the analyst:

      • Inventory of available PPM tools
      • Overview of Portfolio Manager Lite 2017

      Then complete these activities…

      • Populate the tool with data
      • Explore portfolio data with the workbook’s output tabs

      With these tools & templates:

      • Portfolio Manager Lite
      • PPM Solution Vendor Demo Script
      Step 2.3: Build process steps

      Discuss with the analyst:

      • Common challenges of resource management practice
      • Recommendations for a pilot initiative

      Then complete these activities…

      • Review and customize contents of the Resource Management Playbook

      With these tools & templates:

      • Resource Management Playbook

      Phase 2 Results & Insights:

      Draft the resource management practice with sustainability in mind. It is about what you can and will maintain every week, even during a crisis: it is not about what you put together as a one-time snapshot. Once you stop maintaining resource data, it's nearly impossible to catch up.

      Step 2.1: Customize the seven dimensions of resource management

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:
      • Establish a default project vs. non-project work ratio
      • Decide the scope of allocation for your strategy
      • Set your allocation cadence
      • Limit the granularity of time allocation
      • Define the granularity of work assignment
      • Apply a forecast horizon
      • Determine the update frequency
      This step involves the following participants:
      • CIO / IT Director
      • PMO Director / Portfolio Manager
      • Functional / Resource Managers
      • Project Managers
      Outcomes of this step
      • Seven dimensions of resource management, chosen to fit the current needs and culture of the organization
      • Parameters for creating a resource management process (downstream)

      There is no one-size-fits-all resource management strategy

      Don’t get boxed into a canned solution that doesn’t make sense for your department’s maturity level and culture.

      Resource management strategies are commonly implemented “out-of-the-box,” via a commercial PPM or time-tracking tool, or an external third-party consultant in partnership with those types of tools.

      While these solutions and best practices have insights to offer – and provide admirable maturity targets – they often outstrip the near-term abilities of IT teams to successfully implement, adopt, and support them.

      Tailor an approach that makes sense for your department and organization. You don’t need complex and granular processes to get usable resourcing data; you just need to make sure that you’ve carved out a process that works in terms of providing data you can use.

      • In this step, we will walk you through Info-Tech’s seven dimensions of resource management to help wireframe your resource management process.
      • In the subsequent steps in this phase, we will develop these dimensions from a wireframe into a functioning process.

      Info-Tech Insight

      Put processes before tools. Most commercial PPM tools include a resource management function that was designed for hourly granularity. This is part of the fallacy of an old reality that was never real. Determine which goals are realistic and fit your solution to your problem.

      Wireframe a strategy that will work for your department using Info-Tech’s seven dimensions of resource management

      Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

      In this step, we will walk you through the decision points in each dimension to determine the departmental specificities of your resource management strategy

      Default project vs. non-project ratio

      How much time is available for projects once non-project demands are factored in?

      Reporting frequency

      How often is the allocation data verified, reconciled, and reported for use?

      Forecast horizon

      How far into the future can you realistically predict resource supply?

      Scope of allocation

      To whom is time allocated?

      Allocation cadence

      How long is each allocation period?

      Granularity of time allocation

      What’s the smallest unit of time to allocate?

      Granularity of work assignment

      What is time allocated to?

      Info-Tech Best Practice

      Ensure that both the functional managers and the project managers participate in the following discussions. Without buy-in from both dimensions of the matrix organization, you will have difficulty making meaningful resource management data and process decisions.

      Establish your default project versus non-project work ratio

      2.1.1
      30 minutes

      Input

      • Completed Resource Management Supply-Demand Calculator

      Output

      • Default organizational P-NP ratio and role-specific P-NP ratios

      Materials

      • Resource Management Supply-Demand Calculator
      • Time Audit Workbook
      • Resource Management Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      How much time is available for projects once non-project demands are factored in?

      The default project vs. non-project work ratio (P-NP Ratio) is a starting point for functional and project managers to budget the work-hours at their disposal as well as for resources to split their time – if not directed otherwise by their managers.

      How to set this dimension. The Resource Management Supply-Demand Calculator from step 1.2 shows the current P-NP ratio for the department, and how the percentages translate into work-hours. The Time Audit Workbook from step 1.2 shows the ratio for specific roles.

      For the work of setting this dimension, you can choose to keep the current ratio from step 1.2 as your default, or choose a new ratio based on the advice below.

      • Discuss and decide how the supply-demand gap should be reconciled from the project side vs. the functional side.
        • Use the current organizational priority as a guide, and keep in mind that the default P-NP ratio is to be adjusted over time to respond to changing needs and priorities of the organization.
        • Once the organizational default P-NP ratio is chosen, defining role-specific ratios may be helpful. A help desk employee may spend only 10% of their time on project work, while an analyst may spend 80% of their time on project work.

      Decide the scope of allocation for your strategy

      2.1.2
      15-30 minutes

      Input

      • Current practices for assigning work and allocating time
      • Distribution of RM accountability (Activity 1.1.2)

      Output

      • Resource management scope of allocation

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      To whom is time allocated?

      Scope of allocation is the “who” of the equation. At the lowest and most detailed level, allocations are made to individual resources. At the highest and most abstract level, though, allocations can be made to a department. Other “whos” in scope of allocation can include teams, roles, or skills.

      How to set this dimension. Consider how much granularity is required for your overall project capacity visibility, and the process overhead you’re willing to commit to support this visibility. The more low-level and detailed the scope of allocation (e.g. skills or individuals) the more data maintenance required to keep it current.

      • Discuss and decide to whom time will be allocated for the purposes of resource management.
        • Recall your prior discussion from activity 1.1.2 on how accountabilities for resource management are distributed within your organization.
        • The benefit of allocating teams to projects is that it is much easier to avoid overallocation. When a team is overallocated, it is visible. Individual overallocations can go unnoticed.
        • Once you have mastered the art of keeping resource data current and accurate at a higher level (e.g. team), it can be easier move lower level and assign and track allocations in a per-role or per-person basis.

      Set your allocation cadence

      2.1.3
      15-30 minutes

      Input

      • Current practices for assigning work and allocating time
      • Scope of allocation (Activity 2.1.2)

      Output

      • Determination of temporal frames over which time will be allotted

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      How long is each allocation period?

      How long is each individual allocation period? In what “buckets of time” do you plan to spend time – week by week, month by month, or quarter by quarter? The typical allocation cadence is monthly; however, depending on the scope of allocation and the nature of work assigned, this cadence can differ.

      How to set this dimension. Allocation cadence can depend on a number of factors. For instance, if you’re allocating time to agile teams, the cadence would most naturally be bi-weekly; if work is assigned via programs, you might allocate time by quarters.

      • Discuss and decide the appropriate allocation cadence for the purposes of resource management. You could even be an environment that currently has different cadences for different teams. If so, it will be helpful to standardize a cadence for the purposes of centralized project portfolio resource management.
        • If the cadence is too short (e.g. days or weeks), it will require a dedicated effort to maintain the data.
        • If the cadence is too long (e.g. quarters or bi-annual), your resource management strategy could fail to produce actionable insight and lack the appropriate agility in being responsive to changes in direction.
        • Ultimately, your allocation cadence may be contingent upon the limitations of your resource management solution (see step 2.2).

      Limit the granularity of time allocation

      2.1.3
      15-30 minutes

      Input

      • Requirements for granularity of data
      • Resource management scope of allocation (Activity 2.1.2)

      Output

      • Determination of lowest level of granularity for time allocation

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      What’s the smallest unit of time that will be allocated?

      Granularity of time allocation refers to the smallest unit of time that can be allocated. You may not need to set firm limits on this, given that it could differ from PM to PM, and resource manager to resource manager. Nevertheless, it can be helpful to articulate an “as-low-as-you’ll-go” limit to help avoid getting too granular too soon in your data aspirations.

      How to set this dimension. At a high level, the granularity of allocation could be as high as a week. At its lowest level, it could be an hour. Other options include a full day (e.g. 8 hours), a half day (4 hours), or 2-hour increments.

      • Discuss and decide the appropriate granularity for all allocations in the new resource management practice.
        • As a guideline, granularity of allocation should be one order of magnitude smaller than the allocation cadence to provide enough precision for meaningfully dividing up each allocation cadence, without imposing an unreasonably rigorous expectation for resources to manage their time.
        • The purpose of codifying this dimension is to help provide a guideline for how granular allocations should be. Hourly granularity can be difficult to maintain, so (for instance) by setting a half-day granularity you can help avoid project managers and resource managers getting too granular.

      Define the granularity of work assignments

      2.1.4
      15-30 minutes

      Input

      • Requirements for granularity of work assignment
      • Resource management scope of allocation (Activity 2.1.2)

      Output

      • Determination of work assignment

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      To what is time allocated?

      Determine a realistic granularity for your allocation. This is the “what” of the equation: what your resources are working on or the size of work for which allocations are managed.

      How to set this dimension. A high level granularity of work assignment would assign an entire program, a mid-level scope would involve allocating a project or a phase of a project, and a low level, rigorous scope would involve allocating an individual task.

      • Discuss and decide the appropriate granularity for all work assignments in the new resource management strategy.
        • The higher granularity that is assigned, the more difficult it becomes to maintain the data. However, assigning at program level might not lead to useful, practical data.
        • Begin by allocating to projects to help you mature your organization, and once you have mastered data maintenance at this level, you can move on to a more granular work assignment.
          • If you are at a maturity level of 1 or 2, Info-Tech recommends beginning by assigning by project. If you are at a maturity level 3-4, it may be time to start allocating by phase or task.

      Apply a forecast horizon

      2.1.5
      15-30 minutes

      Input

      • Current practices for work planning, capacity forecasting
      • Allocation scope, cadence, and granularity (Activities 2.1.2-4)

      Output

      • Resource management forecast horizon

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      How far into the future can you realistically predict resource supply?

      Determine a realistic forecasting horizon for your allocation. At this point you have decided “what” “who” is working on and how frequently this will be updated. Now it is time to decide how far resource needs will be forecasted, e.g. “what will this person be working on in 3 months?”

      How to set this dimension. A high-level forecast horizon would only look forward week-to-week, with little consideration of the long-term future. A mid-level forecast would involve predicting one quarter in advance and a low-level, rigorous scope would involve forecasting one or more years in advance.

      • Discuss and decide the appropriate forecast horizon that will apply to all allocations in the new resource management practice. It’s important that your forecast horizon helps to foster accurate data. If you can’t ensure data accuracy for a set period, make your forecast horizon shorter.
        • If you are at a maturity level of 1 or 2, Info-Tech recommends forecasting one month in advance.
        • If you are already at level 3-4 on the resource management maturity model, Info-Tech recommends forecasting one quarter to one year in advance.

      See the diagram below for further explanation

      2.1.5 Forecast horizon diagram

      Between today and the forecast horizon (“forecast window”), all stakeholders in resource management commit to reasonable accuracy of data. The aim is to create a reliable data set that can be used to determine true resource capacity, as well as the available resource capacity to meet unplanned, urgent demands.

      The image shows a Forecast horizon diagram, with Time on the x-axis and Data completeness on the Y-axis. The time between today and the forecast horizon is labelled as the forecast window. there is a line which descends in small degrees until the Forecast Horizon point, where the line is labelled Reasonable level of completeness.

      The image shows a chart that lines up with the sections before and after the Forecast Horizon. In the accuracy row, Data is accurate before the forecast horizon and a rough estimate after. In the planning row, before the horizon is reliable for planning, and can inform high-level planning after the horizon. In the free capacity row, before the horizon, it can be committed to urgent demands, and after the horizon, negotiate for capacity.

      Info-Tech Insight

      Ensure data accuracy. It is important to note that forecasting a year in advance does not necessarily make your organization more mature, unless you can actually rely on these estimates and use them. It is important to only forecast as far in advance as you can accurately predict.

      Determine the update frequency

      2.1.6
      30 minutes

      Input

      • Current practices for work planning, capacity reporting
      • Current practices for project intake, prioritization, and approval
      • RM core dimensions (Activities 2.1.1)

      Output

      • Resource management update frequency

      Materials

      • RM Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      How often is the allocation data verified, reconciled, and reported for use?

      How often will you reconcile and rebalance your allocations? Your update frequency will determine this. It is very much the heartbeat of resource management, dictating how often reports on allocations will be updated and published for stakeholders’ consumption.

      How to set this dimension. Determine a realistic frequency with which to update project reports. This will be how you determine who is working on what during each measurement period.

      • Discuss and decide how often the supply-demand gap should be reconciled from the project side vs. the functional side.
        • Keep in mind that the more frequent the reporting period, the more time must go into data maintenance. A monthly frequency requires maintenance at the end of the month, while weekly requires it at the end of each week.
        • Also think about how accurately you can maintain the data. Having a quarterly update frequency may require less maintenance time than monthly, but this information may not stay up to date in between these long stretches.
        • Reports generated at each update frequency should both inform resources on what to work on, what not to work on, and how to prioritize tasks if something unexpected comes up, as well as the steering committee, to help inform project approval decisions.

      Finalize the dimensions for your provisional resource management process

      2.1.7
      10 minutes

      Input

      • 7 core dimensions of resource management (Activities 2.1.1-6)

      Output

      • Provisional resource management strategy

      Materials

      • Resource Management Playbook

      Participants

      • CIO
      • PMO Director
      • Project Managers
      • Resource Managers

      Document the outputs from the preceding seven activities. These determinations will form the foundation of your resource management strategy, which we will go on to define in more detail in the subsequent steps of this phase.

      • Keep in mind, at this stage your dimensions are provisional and subject to change, pending the outcomes of steps 2.2 and 2.3.
      RM Core Dimensions Decision
      Default P-NP ratio 40%-60$ + exception by roles
      Scope of allocation Individual resource
      Allocation cadence Monthly
      Granularity of time allocation 4 hours
      Granularity of work assignment Projects
      Forecast horizon 3 months
      Reporting frequency Twice a month

      Document these dimensions in Section 1.1 of Info-Tech’s Resource Management Playbook. We will be further customizing this template in steps 2.3 and 3.1.

      Step 2.2: Determine the resource management tool that will best support your process

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:

      • Consider the pros and cons of commercial tools vs. spreadsheets as a resource management tool
      • Review the PPM Solution Vendor Demo Script to ensure your investment in a commercial tool meets your resource management needs
      • Jump-start spreadsheet-based resource management with Portfolio Manager Lite

      This step involves the following participants:

      • PMO Director / Portfolio Manager
      • Functional / Resource Managers
      • Project Managers

      Outcomes of this step

      • Choice of tool to support the resource management process
      • Examination of the commercial tool’s ability to support the resource management process chosen
      • Set-up and initial use of Portfolio Manager Lite for a spreadsheet-based resource management solution

      Effective resource management practices require an effective resource management tool

      The discipline of resource management has largely become inextricable from the tools that help support it. Ensure that you choose the right tool for your environment.

      Resource management depends on the flow of information and data from the project level up to functional managers, project managers, and beyond.

      Tools are required to help facilitate this flow, and the project portfolio management landscape is littered with endless time-tracking and capacity management options.

      These options can each have their merits and their drawbacks. The success of implementing a resource management strategy very much hinges upon weighing these, and then choosing the right solution for your project eco-system.

      • This first part of this step will help you assess the tool landscape and make the right choice to help support your resource management practices.
      • In the second part of this step, we’ll take a deep-dive into Info-Tech’s Excel-based resource management solution. If you are implementing our solution, these sections will help you understand and set up the tool.

      Info-Tech Insight

      Establish a book of record. While it is possible to succeed using ad hoc tools and data sources, a centralized repository for capacity data works best. Your tool choice should help establish a capacity book of record to help ensure ongoing reconciliation of supply and demand at the portfolio level.

      Get to know your resource management tool options

      At a high level, those looking for a resource management solution have two broad options: a commercial project portfolio management (PPM) or time-tracking software on the one hand, and a spreadsheet-based tool, like Google Sheets or Excel, on the other.

      Obviously, if your team or department already has access to a PPM or time-tracking software, it makes sense to continue using this, as long as it will accommodate the process that was wireframed in the previous step.

      Otherwise, pursue the tool option that makes the most sense given both the strategy that you’ve wireframed and other organizational factors. See the table below and the next section for guidance.

      If you’re planning on doing resource allocation by hand, you’re not going to get very far.”

      Rachel Burger

      Commercial Solutions Spreadsheet-Based Solutions
      Description
      • These highly powerful solutions are purchased from a software/service provider.
      • These can be as simple as a list of current projects on a spreadsheet or a more advanced solution with resource capacity analysis.
      Pros
      • Extraordinary function
      • Potential for automated roll-ups
      • Collaboration functionality
      • Easy to deploy: high process maturity or organization-wide adoption not required.
      • Lower cost-in-use – in many cases, they are free.
      • Highly customizable.
      Cons
      • High process maturity required
      • High cost-in-use
      • Generally expensive to customize
      • Comprehensive, continual, and organization-wide adoption required
      • Easy to break.
      • Typically, they require a centralized deployment with a single administrator responsible for data entry.

      Option A: When pursuing commercial options, don’t bite off more functionality than your people can sustain

      While commercial options offer the most robust functionality for automation, collaboration, and reporting, they are also costly, difficult to implement, and onerous to sustain over the long run.

      It’s not uncommon for organizations to sink vast amounts of money into commercial PPM tools, year after year, and never actually get any usable resource or forecasting data from these tools.

      The reasons for this can vary, but in many cases it is because organizations mistake a tool for a PPM or a resource management strategy.

      A tool is no substitute for having a clearly defined process that staff can support. Be aware of these two factors before investing in a commercial tool:

      • Visibility cannot be automated. It is not uncommon for CIOs to believe that because they’ve invested in a tool, they have an automated portfolio that enables them to sit back and wait for the data to roll in. With many tools, the challenge is that the calculations driving the rollups have become increasingly unsustainable and irrelevant in our high-autonomy staff cultures and interruption-driven work days.
      • Information does not equal knowledge. While commercial tools have robust reporting features, the data outputs can lead to information overload – and, subsequently, disinterest – unless they are curated and filtered to suit your executive’s needs and expectations.

      47%
      Of those companies using automated software to assist in resource management, almost half report that those systems failed to accurately calculate resource forecasts.

      PM Solutions

      Info-Tech Insight

      Put process sustainability before enhanced tool functionality.

      Ensure that you have sustainable processes in place before investing in an expensive commercial tool. Your tool selection should help facilitate capability-matched processes and serve user adoption.

      Trying to establish processes around a tool with a functionality that exceeds your process maturity is a recipe for failure.

      Before jumping into a commercial tool, consider some basic parameters for your selection

      Use the table below as a starting point to help ensure you are pursuing a resource management tool that is right for your organization’s size and process maturity level.

      Tool Category Characteristics # of Users PPM Maturity Sample Vendors
      Enterprise tools
      • Higher professional services requirements for enterprise deployment
      • Larger reference customers
      1,000> High
      • MS Project Server
      • Oracle Primavera
      • Planisware
      Mid-market tools
      • Lower expectation of professional services engaged in initial deployment contract
      • Fewer globally recognizable reference clients
      • Faster deployments
      100> Intermediate-to-High
      • Workfront
      • Project Insight
      • Innotas
      Entry-level tools
      • Lower cost than mid-market and enterprise PPM tools
      • Limited configurability, reporting, and resource management functionalities
      • Compelling solutions to the organizations that want to get a fast start to a trial deployment
      <100 Low-to-Intermediate
      • 5PM
      • AceProject
      • Liquid Planner

      For a more in-depth treatment of choosing and implementing a commercial PPM tool to assist with your resource management practice, see Info-Tech’s blueprint, Select and Implement a PPM Solution.

      Use Info-Tech’s PPM Solution Vendor Demo Script to help ensure you get the functionality you need

      PPM Solution Vendor Demo Script (optional)

      To ensure your investment in a commercial tool meets your resource management needs, use Info-Tech’s PPM Solution Vendor Demo Script to structure your tool demos and interactions with vendors.

      For instance, some important scenarios to consider when looking at potential tools include:

      • How are overallocation and underallocation situations identified and reconciled in the solution?
      • How are users motivated to maintain their own timesheets (beyond simply being mandated as part of their job); how does the solution and timesheet functionality help team members do their job?
      • How will portfolio-level reports remain useful and accurate despite “zero-adoption” scenarios, in which some or all teams do not actively maintain task and timesheet data?

      Any deficiencies in answering these types of questions should alert you to the fact that a potential solution may not adequately meet the needs of your resource management strategy.

      Download Info-Tech’s PPM Solution Vendor Demo Script

      "[H]ow (are PPM solutions) performing in a matrix organization? Well, there are gaps. There will be employees who do not submit timesheets, who share their time between project and operational activities, and whose reporting relationships do not fit neatly into the PPM database structure. This creates exceptions in the PPM application, and you may just have the perfect solution to a small subset of your problems." – Vilmos Rajda

      Option B: When managing resourcing via spreadsheets, you don’t have to feel like you’re settling for the lesser option

      Spreadsheets can provide a viable alternative for organizations not ready to invest in an expensive tool or for those not getting what they need from their commercial selections.

      When it comes to resource management at a portfolio level, spreadsheets can be just as effective as commercial tools for facilitating the flow of accurate and maintainable resourcing data and for communicating resource usage and availability.

      Some of the benefits of spreadsheets over commercials tools include:

      • They are easy to set up and deploy. High process maturity or organization-wide user adoption are not required.
      • They have a low cost-in-use. In the case of Excel, the tool itself comes at no additional cost.
      • They are highly customizable. No development time/costs are required to tweak the solution to suit your needs.

      To be clear: spreadsheets have their drawbacks (for instance, they are easy to break, require a centralized data administrator, and are yours and yours alone to maintain). If your department has the budget and the process maturity to support a commercial tool, you should pursue the options covered in the previous sections.

      However, if you are looking for a viable alternative to an expensive tool, spreadsheets have the ability to support a rigorous resource management practice.

      "Because we already have enterprise licensing for an expensive commercial tool, everyone else thinks it’s logical to start there. I think we’re going to start with something quick and dirty like Excel." – EPMO Director, Law Enforcement Services

      Info-Tech Insight

      Make the choice to ensure adoption.

      When making your selection, the most important consideration across all the solution categories is data maintenance. You must be assured that you and your team can maintain the data.

      As soon as your portfolio data becomes inconsistent and unreliable, decision makers will lose trust in your resource data, and the authority of your resource management strategy will become very tenuous.

      While spreadsheets offer a viable resource management option, not all spreadsheets are created equal

      Lean on Info-Tech’s experience and expertise to get up and running quickly with a superior resource management Excel-based tool: Portfolio Manager Lite 2017.

      Spreadsheets are the most common PPM tool – and it’s not hard to understand why: they can be created with minimal cost and effort.

      But when something is easy to do, it’s important to keep in mind that it’s also easy to do badly. As James Kwak says in his article, “The Importance of Excel,” “The biggest problem is that anyone can create Excel Spreadsheets—badly.”

      • Info-Tech’s Portfolio Manager Lite 2017 offers an antidote to the deficiencies that can haunt home-grown resource management tools.
      • As an easy-to-deploy, highly evolved spreadsheet-based option, Portfolio Manager Lite enables you to mature your resource management processes, and provide effective resource visibility without the costly upfront investment.

      Download Info-Tech’s Portfolio Manager Lite 2017

      Info-Tech Insight

      Balance functionality and adoption. Clients often find it difficult to gain adoption with commercial tools. Though homegrown solutions may have less functionality, the higher adoption level can make up for this and also potentially save your organization thousands a year in licensing fees.

      Determine your resource management solution and revisit your seven dimensions of resource management

      2.2.1
      Times will vary

      Participants

      • PMO Director

      Based on input from the previous slides, determine the resource management solution option you will pursue and implement to help support your resource management strategy. Record this selection in section 1.2 of the Resource Management Playbook.

      • You may need to revisit the decisions made in step 2.1 to consider if the default values for your seven core dimensions of resource management are still sound. Keep these current and relevant as you become more familiar with your resource management solution.
      RM Core Dimensions Default Value
      Default P-NP ratio Role-specific
      Scope of allocation Individual resource
      Allocation cadence Monthly
      Granularity of allocation (not defined)
      Granularity of work assignment Project
      Forecast horizon 6 months
      Reporting frequency (not defined)

      Portfolio Manager Lite has comprehensive sample data to help you understand its functions.

      As you can see in this table, the tool itself assumes five of the seven resource management core dimensions. You will need to determine departmental values for granularity of allocation and reporting frequency. The other dimensions are determined by the tool.

      If you’re piloting Info-Tech’s Portfolio Manager Lite, review the subsequent slides in this step before proceeding to step 2.3. If you are not piloting Portfolio Manager Lite, proceed directly to step 2.3.

      Overview of Portfolio Manager Lite

      Portfolio Manager Lite has two set-up tabs, three data entry tabs, and six output-only tabs. The next 15 slides show how to use them. To use this tool, you need Excel 2013 or 2016. If you’re using Excel 2013, you must download and install Microsoft Power Query version 2.64 or later, available for download from Microsoft.

      The image shows an overview of the Portfolio Manager Lite tool. It shows the Input and Data Tabs on the left, and output tabs on the right. The middle of the graphic includes guidance to ensure that you refresh the outputs after each data entry, by using the Refresh All button

      Observe “table manners” to maintain table integrity and prevent Portfolio Manager Lite malfunctions

      Excel tables enable you to manage and analyze a group of related data. Since Portfolio Manager Lite uses tables extensively, maintaining the table’s integrity is critical. Here are some things to know for working with Excel tables.

      Do not leave empty rows at the end.

      Adjust the sizing handle to eliminate empty rows.

      Always paste values.

      Default pasting behavior can interrupt formula references and introduce unwanted external links. Always right-click and select Paste Values.

      Correctly add/remove rows within a table.

      Do not use row headings; instead, always right-click inside a table to manipulate table rows.

      Set up Portfolio Manager Lite

      2.2.1
      Portfolio Manager Lite, Tab 2a: Org Setup

      The Org Setup tab is divided into two sections, Resources and Projects. Each section contains several categories to group your resources and projects. Items listed under each category will be available via drop-down lists in the data tabs.

      These categorizations will be used later to “slice” your resource allocation data. For example, you’ll be able to visualize the resource allocations for each team, for each division, or for each role.

      The image shows a screenshot of Tab 2a, with sample information filled in.

      1. Role and Default Non-Project Ratio columns: From the Supply-Demand Calculator, copy the list of roles, and how much of each role’s time is spent on non-projects by default (see below; add the values marked with yellow arrows).

      2. Resource Type column: List the type of resource you have available.

      3. Team and Skill columns: List the teams, and skills for your resources.

      In the Resources tab, items in drop-down lists will appear in the same order as shown here. Sort them to make things easy to find.

      Do not delete tables you won’t use. Instead, leave or hide tables.

      Set up Portfolio Manager Lite (continued)

      2.2.1
      Portfolio Manager Lite, Tab 2a: Org Setup

      The projects section of the Org Setup tab contains several categories for entering project data. Items listed under each category will be available via drop-down lists in the Projects tab. These categorizations will be used later to analyze how your resources are allocated.

      The image shows the projects sections of Tab 2a.

      1. Project Type: Enter the names of project types, in which projects will be grouped. All projects must belong to a type. Examples of types may include sub-portfolios or programs.

      2. Project Category: Enter the names of project categories, in which projects will be grouped. Unlike types, category is an optional grouping.

      3. Phase: Enter the project phases. Ensure that your phases list has “In Progress” and “Complete” options. They are needed for the portfolio-wide Gantt chart (the Gantt tab).

      4. Priority and Status: Define the choices for project priorities and statuses if necessary (optional).

      5. Unused: An extra column with predefined choices is left for customization (optional).

      Set up Portfolio Manager Lite (continued)

      2.2.1
      Portfolio Manager Lite, Tab 2b: Calendar Setup

      Portfolio Manager Lite is set up for a monthly allocation cadence out of the box. Use this tab to set up the start date, the default resource potential capacity, and the months to include in your reports.

      The image shows fields in the calendar set-up section of Tab 2a, with a Start Date and Hours Assumed per day.

      1. Enter a start date for the calendar, e.g. start of your fiscal or calendar year.

      2. Enter how many hours are assumed in a working day. It is used to calculate the default maximum available hours in a month.

      The image shows the Calendar section of tab 2a, with sample information filled in.

      Maximum Available Hours, Weekdays, and Business Days are automatically generated.

      The current month is highlighted in green.

      3. Enter the number of holidays to correct the number of business days for each month.

      Year to Date Reporting and Forecast Reporting ranges are controlled by this table. Use the period above Maximum Available Hours.

      The image shows the Year-to-Date and Forecast Reporting sections.

      Info-Tech Best Practice

      Both Portfolio Manager Lite and Portfolio Manager 2017 can be customized for non-monthly resource allocation. Speak to an Info-Tech analyst to ask for more information.

      Enter resource information and their total capacity

      2.2.2
      Portfolio Manager Lite, Tab 3: Resources

      Portfolio Manager Lite is set up for allocating time to individual resources out of the box. Information on these resources is entered in the Resources tab. It has four sections, arranged horizontally.

      1. Enter basic information on your resources. Resource type, team, role, and skill will be used to help you analyze your resource data.

      The image shows a screenshot of the Resources tab with sample information filled in.

      Ensure that the resource names are unique.

      Sort or filter the table using the filter button in the header row.

      2. Their total capacity in work-hours is automatically calculated for each month, using the default numbers from the Calendar Setup tab. If necessary, overwrite the formula and enter in custom values.

      The image shows a screenshot of the total capacity in work-hours, with sample info filled in.

      Cells with less than 120 hours are highlighted in blue.

      Do not add or delete any columns, or modify this header row.

      Enter out-of-office time and non-project time for your resources

      2.2.2
      Portfolio Manager Lite, Tab 3: Resources

      3. Enter the resources’ out-of-office time for each month, as they are reported.

      The image shows the Absence (hours) section, with sample information filled in.

      Do not add or delete any columns, or modify the header row, below the dates.

      4. Resources’ percentages of time spent on non-projects are automatically calculated, based on their roles’ default P-NP ratios. If necessary, overwrite the formula and enter in custom values.

      The image shows the Non-Project Ratio section, with sample information filled in.

      Do not add or delete any columns, or modify the header row, below the dates.

      Populate your project records

      2.2.3
      Portfolio Manager Lite, Tab 4: Projects

      Portfolio Manager Lite is set up for allocating time to projects out of the box. Information on these projects is entered in the Projects tab.

      1. Enter project names and some basic information. These fields are mandatory.

      The image shows the section for filling in project names and basic information in the Projects tab. The image shows the table with sample information.

      Ensure that the project names are unique.

      Do not modify or change the headers of the first seven columns. Do not add to or delete these columns.

      2. Continue entering more information about projects. These fields are optional and can be customized.

      The image shows a section of the Projects tab, where you fill in more information.

      Headers of these columns can be changed. Extra columns can be added to the right of the Status column if desired. However, Info-Tech strongly recommends that you speak to an Info-Tech analyst before customizing.

      The Project Category, Phase, and Priority fields are entered using drop-down lists from the Org Setup tab.

      Allocate your resource project capacity to projects

      2.2.4
      Portfolio Manager Lite, Tab 5: Allocations

      Project capacity for each resource is calculated as follows, using the data from the Resources tab:

      Project capacity = (total project capacity – absence) x (100% – non-project%)

      In the Allocations tab, project capacity is allocated in percentages with 100% representing the allocation of all available project time of a resource to a project.

      This allocation-by-percentage model has some advantages and drawbacks:

      Advantages

      • Allocating all available project capacity to project is straightforward
      • Easy for project managers to coordinate with each other (e.g. “Jon’s project time will be split 50%-50% between two projects” = enter 50% allocation to each project)

      Drawbacks

      • How many hours is represented by a percentage of someone’s capacity is unclear
      • Must check whether enough work-hours are allocated for what’s needed (e.g. “Deliverable A needs 20 hours of work from Jon in November. Is 50% of his project capacity enough?”)

      The Allocations tab has a few features to help you mitigate these disadvantages.

      Info-Tech Best Practice

      For organizations with lower resource management practice maturity, start with percentages. In Portfolio Manager 2017, allocations are entered in work-hours to avoid the above drawbacks altogether, but this may require a higher practice maturity.

      Enter your resource project capacity allocations

      2.2.4
      Portfolio Manager Lite, Tab 5: Allocations

      A line item in the Allocations tab requires three pieces of information: a project, a resource, and the percentage of project capacity for each month.

      The image shows a screenshot from the Allocations tab, with sample information filled in.

      1. Choose a project. Type, Start date, and End date are automatically displayed.

      2. Choose a resource. Team is automatically displayed.

      This image is another screenshot of the Allocations tab, showing the section with dates, with sample information filled in.

      3. Enter the resource’s allocated hours for the project in percentages.

      Built-in functions in the Allocations tab display helpful information for balancing project supply and demand

      2.2.4
      Portfolio Manager Lite, Tab 5: Allocations

      The Allocations tab helps you preview the available project capacity of a resource, as well as the work-hours represented by each allocation line item, to mitigate the drawbacks of percentage allocations.

      In addition, overallocations (allocations for a given month add up to over 100%) are highlighted in red. These functions help resource managers balance the project supply and demand.

      The image shows a screenshot of the Allocations tab, with sample information filled in.

      To preview a resource’s project capacity in work-hours, choose a resource using a drop down. The resource’s available project capacity for each month is displayed to the right.

      Sort or filter the table using the filter button in the header row. Here, the Time table is sorted by Resource.

      The total work-hours for each line item is shown in the Hours column. Here, 25% of Bethel’s project capacity for 4 months adds up to only 16 work-hours for this project.

      A resource is overallocated when project capacity allocations add up to more than 100% for a given month. Overallocations are highlighted in red.

      Get the timeline of your project portfolio with the Gantt chart tab

      2.2.5
      Portfolio Manager Lite, Tab 6: Gantt

      The Gantt tab is a pivot-table-driven chart that graphically represents the start and end dates of projects and their project statuses.

      The image shows a screenshot of the Gantt tab, with sample information filled in.

      Filter entries by project type above the chart.

      The current month (9-17) is highlighted.

      You can filter and sort entries by project name, sponsor, or project manager.

      In progress (under Phase column) projects show the color of their overall status.

      Projects that are neither completed nor in progress are shown in grey.

      Completed (under Phase column) projects are displayed as black.

      Get a bird’s-eye view of your available project capacity with the Resource Load tab

      2.2.6
      Portfolio Manager Lite, Tab 7: Resource Load

      The Resource Load tab is a PivotTable showing the available project capacity for each resource.

      The image is a screenshot of the Resource Load tab, with sample information filled in.

      Change the thresholds for indicating project overallocation at the top right.

      You can filter and sort entries by resource or role.

      Values in yellow and red highlight overallocation.

      Values in green indicate resource availability.

      This table provides a bird’s-eye view of all available project capacity. Highlights for overallocated resources yield a simple heat map that indicates resourcing conflicts that need attention.

      The next two tabs contain graphical dashboards of available capacity.

      Tip: Add more resource information by dragging a column name into the Rows box in the PivotTable field view pane.

      Example: add the Team column by dragging it into the Rows box

      The image shows a screenshot demonstrating that you can add a Team column.

      Analyze your resource allocation landscape with the Capacity Slicer tab

      2.2.7
      Portfolio Manager Lite, Tab 8: Capacity Slicer

      The Capacity Slicer tab is a set of pivot charts showing the distribution of resource allocation and how they compare against the potential capacity.

      The image shows a collection of 5 graphs and charts, showing the distribution of resource allocation, and compared against potential capacity.

      At the top left of each chart, you can turn Forecast Reporting on (true) or off (false). For Year to Date reporting, replace Forecast with YTD in the Field View pane’s Filter field.

      In the Allocated Capacity, in % chart, capacity is shown as a % of total available capacity. Exceeding 100% indicates overallocation.

      In the Realized Project Capacity, in hours chart, the vertical axis is in work-hours. This gap between allocation and capacity represents available project capacity.

      The bottom plots show how allocated project capacity is distributed. If the boxes are empty, no allocation data is available.

      Use the Team slicer to drill down on resource capacity and allocation by groups of resources

      2.2.7
      Portfolio Manager Lite, Tab 8: Capacity Slicer

      A slicer filters the data shown in a PivotTable, a PivotChart, or other slicers. In this tab, the team slicer enables you to view resource capacity and allocation by each team or for multiple teams.

      The image shows a sample graph.

      The button next to the Team header enables multiple selection.

      The next button to the right clears the filter set by this slicer.

      All teams with capacity or allocation data are listed in the slicers.

      For example, if you select "App Dev":

      The image shows the same graph as previously shown, but this time with only App Dev selected in the left-hand column.

      The vertical axis scales automatically for filtered data.

      The capacity and allocation data for all application division teams is shown.

      Resources not in the App Dev team are filtered out.

      Drill down on individual-level resource allocation and demand with the Capacity Locator tab

      2.2.8
      Portfolio Manager Lite, Tab 9: Capacity Locator

      The Capacity Locator tab is a group of PivotCharts with multiple slicers to view available project capacity.

      For example: click on “Developer” under Role:

      The image shows the list of slicers available using the Capacity Locator tab.

      The image shows a series of graphs produced in the Capacity Locator tab.

      Primary skills of all developers are displayed on the left in the Primary Skill column. You can choose a skill to narrow down the list of resources from all developers to all developers with that skill.

      The selected resources are shown in the Resources column. Data on the right pertains to these resources.

      • The top left graph shows the average available project capacity for all selected resources.
      • The top right graph shows the sum of all available capacity from all selected resources.
      • In the lower left graph, pay attention to available total capacity, as selected resources may have significant non-project demands.
      • The lower right graph shows the number of assigned projects. Control the number of concurrent projects to reduce the need for multitasking and optimize your resource use.

      Where you see the filter button with an x, you can clear the filter imposed by this slicer.

      Check how your projects are resourced with the Project Viewer tab

      2.2.9
      Portfolio Manager Lite
      , Tab 10: Project Viewer

      The Project Viewer tab is a set of PivotCharts with multiple slicers to view how resources are allocated to different projects.

      The image shows a screenshot of the Project Viewer tab, with a bar graph at the top, filter selections at the bottom left, and four pie charts at the bottom right.

      Filtering by sponsor or project manager is useful for examining a group of projects by accountability (sponsor) or responsibility (project manager).

      The graphs show how project budgets are distributed across different categories and priorities of projects, and how resource allocations are distributed across different categories and priorities of projects.

      Report on your project portfolio status with the Project Updates tab

      2.2.10
      Portfolio Manager Lite
      , Tab 11: Project Updates

      The Project Updates tab is a PivotTable showing various fields from the Projects table to rapidly generate a portfolio-wide status report. You can add or remove fields from the Projects table using the PivotTable’s Field View pane.

      The image shows a screenshot of a large table, which is the Project Updates tab. A selection is open, showing how you can filter entries.

      Filter entries by phase. The screenshot shows an expansion of this drop down at the top left.

      Rearrange the columns by first clicking just below the header to select all cells in the column, and then dragging it to the desired position. Alternatively, arrange them in the Field View pane.

      Tools and other requirements needed to complete the resource management strategy

      2.2.11
      10 minutes

      • Recommended: If you are below a level 4 on Info-Tech’s resource management maturity scale, use Info-Tech’s Portfolio Manager Lite to start.
      • Use a commercial PPM tool if you already have one in use and feel that you can accurately maintain the data in this tool.
      • Use this chart to estimate the amount of time it will take to accurately maintain the data for each reporting period.
        • Determine who will be responsible for this maintenance.
        • If there is no one currently available to maintain the data, allocate time for someone or you may even need a portfolio analyst.
        • We will confirm roles and responsibilities in phase 3.
      Maturity Level Dimensions Time needed per month
      Small (1-25 employees) Medium (25-75) Large (75-100) Enterprise (100+)
      1-2 %, team, project, monthly update, 1 month forecast 2 hours 6 hours 20 hours 50 hours
      3-4 %, person, phase, weekly update, 1 quarter forecast 4 hours 12 hours 50 hours 150 hours
      5 %, person, task, continuous update, 1 year forecast 8+ hours 20+ hours 100+ hours 400+ hours

      See also: Grow Your Own PPM Solution with Info-Tech’s Portfolio Manager 2017

      Join hundreds of Info-Tech clients who are successfully growing their own PPM solution.

      If you are looking for a more robust resource management solution, or prefer to allocate staff time in hours rather than percentages, see Info-Tech’s Portfolio Manager 2017.

      Similar to Portfolio Manager Lite, Portfolio Manager 2017 is a Microsoft Excel-based PPM solution that provides project visibility, forecasting, historical insight, and portfolio analytics capabilities for your PMO without a large upfront investment for a commercial solution.

      Watch Info-Tech’s Portfolio Manager 2017 Video – Introduction and Demonstration.

      System Requirements

      To use all functions of Portfolio Manager 2017, you need Excel 2013 or Excel 2016 running on Windows, with the following add-ins:

      • Power Query (Excel 2013 only)
      • Power Pivot
      • Power View

      Power View is only available on select editions of Excel 2013 and 2016, but you can still use Portfolio Manager 2017 without Power View.

      If you are unsure, speak to your IT help desk or an Info-Tech analyst for help.

      For a new PMO, start with the new reality

      CASE STUDY

      Industry Law Enforcement

      Source Info-Tech Client

      Because we already have enterprise licensing for an expensive commercial tool, everyone else thinks it’s logical to start there. I think we’re going to start with something quick and dirty like Excel.” – EPMO Director, Law Enforcement Services

      Situation

      • This was an enterprise PMO, but with relatively low organizational maturity.
      • The IT department had relatively high project management maturity, but the enterprise was under-evolved at the portfolio level.
      • Other areas of the organization already had licensing and deployment of a top-tier commercial PPM tool.
      • There were no examples of a resource management practice.

      Complication

      • There was executive visibility on larger and more strategic projects.
      • There were no constraints on the use of resources for smaller projects.
      • The PMO was generally expected to provide project governance with their limited resources.
      • The organization lacked an understanding of the difference between project and portfolio management. Consequently, it was difficult to create resource management practices at the portfolio level due to a lack of resourcing.

      Resolution

      • The organization deferred the implementation of the commercial PPM tool.
      • They added high-level resource management using spreadsheets.
      • Executive focus was reoriented around overall resource capacity as the principle constraint for project approvals.
      • They introduced deeper levels of planning granularity over time.
      • When the planning granularity gets down to the task level, they move toward the commercial solution.

      Step 2.3: Build process steps to ensure data accuracy and sustainability

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:
      • Draft a high-level resource management workflow
      • Build on the workflow to determine how data will be collected at each step, and who will support the process
      • Document your provisional resource management process
      This step involves the following participants:
      • PMO Director / Portfolio Manager
      • Functional / Resource Managers
      • Project Managers
      Outcomes of this step
      • A high-level resource management workflow, customized from Info-Tech’s sample workflow
      • Process for collecting resource supply data for each reporting period
      • Process for capturing the project demand within each reporting period
      • Process for identifying and documenting resource constraints and issues for each reporting period
      • Standard protocol for resolving resource issues within each reporting period
      • Process for finalizing and communicating resource allocations for the forecast window
      • A customized Resource Management Playbook, documenting the standard operating procedure for the processes

      Make sustainability the goal of your resource management practices

      A resource management process is doing more harm than good if it doesn’t facilitate the flow of accurate and usable data week after week, month after month, year after year.

      When resource management strategies fail, it can typically be tied back to the same culprit: unrealistic expectations from the outset.

      If a resource management process strives for a level of data precision that staff cannot juggle day to day, over the long run, then things will eventually fall apart as staff and decision makers alike lose faith in the data and the relevancy of the process.

      Two things can be done to help avoid this fate:

      1. Strive for accuracy over precision. If your department’s process maturity is low, and staff are ping-ponged from task to task, fire to fire, throughout any given day, then striving for precise data is ill advised. Keep your granularity of allocation more high level, and strive for data that is “maintainably” accurate rather than “unmaintainably” precise.
      2. Keep the process simple. Use the advice in this step to develop a sustainable process, one that is easy to follow with clearly defined responsibilities and accountabilities at each step.

      Info-Tech Insight

      It's not about what you put together as a one-time snapshot. It's about what you can and will maintain every week, even during a crisis. When you stop maintaining resource management data, it’s nearly impossible to catch up and you’re usually forced to start fresh.

      Maintain reliable resourcing data with an easy-to-follow, repeatable process

      Info-Tech recommends following a simple five-step process for resource management.

      1. Collect resource supply data

      • Resources
      • Resource Managers

      2. Collect project demand data

      • Resource Managers
      • Project Managers
      • PMO

      3. Identify sources of supply/demand imbalance

      • PMO

      4. Resolve conflicts and balance project and non-project allocations

      • Resource Managers
      • Project Managers
      • PMO
      • Steering Committee, CIO, other executives

      5. Approve allocations for forecast window

      • PMO
      • Steering Committee, CIO, other executives

      This is a sample workflow with sample roles and responsibilities. This step will help you customize the appropriate steps for your department.

      Info-Tech Insight

      This process aims to control the resource supply to meet the demand – project and non-project alike. Coordinate this process with other portfolio management processes, ensuring that up-to-date resource data is available for project approval, portfolio reporting, closure, etc.

      Draft your own high-level resource management workflow

      2.3.1
      60 to 90 minutes

      Participants

      • Portfolio Manager
      • Project Managers
      • Resource Managers
      • Business Analysts

      Input

      • Process data requirements

      Output

      • High-level description of your target-state process

      Materials

      • Whiteboard or recipe cards

      Conduct a table-top planning exercise to map out, at a high-level, your required and desired process steps.

      While Info-Tech recommends a simple five-step process (see previous slide), you may need to flesh out your process into additional steps, depending upon the granularity of your seven dimensions and the complexity of your resource management tool. A table-top planning exercise can be helpful to ensure the right process steps are covered.

      1. On a whiteboard or using white 4x6 recipe cards, write the unique steps of a resource management process. Use the process example at the bottom of this slide as a guide.
      2. Use a green marker or green cards to write artifacts or deliverables that result from each step.
      3. Use a red marker or red cards to address potential issues, problems, or risks that you can foresee at each step.

      For the purposes of this activity, avoid getting into too much detail by keeping to your focus on the high-level data points that will be required to keep supply and demand balanced on an ongoing basis.

      "[I]t’s important not to get too granular with your time tracking. While it might be great to get lots of insight into how your team is performing, being too detailed can eat into your team’s productive work time. A good rule of thumb to work by is if your employees’ timesheets include time spent time tracking, then you’ve gone too granular."

      Nicolas Jacobeus

      Use Info-Tech’s Resource Management Playbook to help evolve your high-level steps into a repeatable practice

      Once you’ve determined a high-level workflow, you’ll need to flesh out the organizational details for how data will be collected at each step and who will support the process.

      Use Info-Tech’s Resource Management Playbook to help determine and communicate the “who, what, when, where, why, and how” of each of your high-level process steps.

      The playbook template is intended to function as your resource management standard operating procedure. Customize Section 3 of the template to record the specific organizational details of how data will be collected at each process step, and the actions and decisions the data collection process will necessitate.

      • Activities 2.3.2-2.3.6 in this step will help you customize the process steps in Info-Tech’s five-step resource management model and record these in the template. If you developed a customized process in activity 2.3.1, you will need to add to/take away from the activity slides and customize the template accordingly.
      • Lean on the seven dimensions of resource management that you developed in step 2.1 to determine the cadence and frequency of data collection. For instance, if your update frequency is monthly, you will need to ensure you collect your supply-demand data prior to that, giving yourself enough time to analyze it and reconcile imbalances with stakeholders before refreshing your monthly reporting data.

      Download Info-Tech’s Resource Management Playbook

      How the next five activities will help you develop your playbook

      2.3 Resource Management Playbook

      Each of the slides for activities 2.3.2-2.3.6 are comprised of a task-at-a glance box as well as “important decisions to document” for each step.

      Work as a group to complete the task-at-a-glance boxes for each step. Use the “important decisions to document” notes to help brainstorm the “how” for each step. These details should be recorded below the task-at-a-glance boxes in the playbook – see point 6 in the legend below.

      Screenshot of Section 3 of the RM Playbook.

      The image shows a screenshot of Section 3 of the RM Playbook. A legend is included below.

      Screenshot Legend:

      1. Review your existing steps, tools, and templates used for this task. Alternatively, review the example provided in the RM Playbook.
      2. Designate the responsible party/parties for this process. Who carries out the task?
      3. Document the inputs and outputs for the task: artifacts, consulted and informed parties.
      4. If applicable, document the tools and templates used for the task.
      5. Designate the accountable party for this task. Only a single party can be accountable.
      6. Describe the “how” of the task below the Task-at-a-Glance table.

      Step one: determine the logistics for collecting resource supply data for each reporting period

      2.3.2
      20 minutes

      Step one in your resource management process should be ensuring a perpetually current view into your resource supply.

      Resource supply in this context should be understood as the time, per your scope of allocation (i.e. individual, team, skill, etc.) that is leftover or available once non-project demands have been taken out of the equation. In short, the goal of this process step is to determine the non-project demands for the forecast period.

      The important decisions to document for this step include:

      1. What data will be collected and from whom? For example, functional managers to update resource potential capacity and non-project resource allocations.
      2. How often will data be collected and when? For example, data will be collected third Monday of the month, three days before our monthly update frequency.
      3. How will the data be collected? For example, tool admin to send out data to update on third Monday; resource managers update the data and email back to tool admin.

      Document your process for determining resource supply in Section 3.1 of Info-Tech’s Resource Management Playbook.

      Task-at-a-glance:

      Inputs Artifacts i.e. historical usage data
      Consulted i.e. project resources
      Tools & Templates i.e. time tracking template
      Outputs Artifacts i.e. updated template
      Informed i.e. portfolio analyst
      Timing i.e. every second Monday
      Responsible i.e. functional managers
      Accountable i.e. IT directors

      Step two: map out how project demand will be captured within each reporting period

      2.3.3
      20 minutes

      Step two in your resource management process will be to determine the full extent of project demand for your forecast period.

      Project demand in this context can entail both in-flight projects as well as new project plans or new project requests that are proposing to consume capacity during the forecast period. In short, the goal of this process step is to determine all of the project demands for the forecast period.

      The important decisions to document for this step include:

      1. What data will be collected and from whom? For example, project managers to update project allocations for in-flight projects, and PMO will provide proposed allocations for new project requests.
      2. How often will data be collected and when? For example, data will be collected third Tuesday of the month, two days before our monthly update frequency.
      3. How will the data be collected? For example, tool admin to send out data to update on third Tuesday; project managers update the data and email back to tool admin.

      Document your process for determining project demand in Section 3.2 of Info-Tech’s Resource Management Playbook.

      Task-at-a-glance

      Inputs Artifacts i.e. historical usage data
      Consulted i.e. project resources
      Tools & Templates i.e. project demand template
      Outputs Artifacts i.e. updated demand table
      Informed i.e. portfolio analyst
      Timing i.e. every second Monday
      Responsible i.e. project managers
      Accountable i.e. PMO director

      Step three: record how resource constraints and issues for each reporting period will be identified and documented

      2.3.4
      20 minutes

      Step three in your resource management process will be to analyze your resource supply and project demand data to identify points of conflict.

      Once the supply-demand data has been compiled, it will need to be analyzed for points of imbalance and conflict. The goal of this process step is to analyze the raw data and to make it consumable by other stakeholders in preparation for a reconciliation or rebalancing process.

      The important decisions to document for this step include:

      1. How will the data be checked for inaccuracies? For example, tool admin to enter and QA data; reach out by the following Wednesday at noon with inconsistencies; managers to respond no later than next day by noon.
      2. What reports will employed? For example, a refreshed demand spreadsheet will be made available.
      3. What is an acceptable range for over- and under-allocations? For example, the acceptable tolerance for allocation is 15%; that is, report only those resources that are less than 85% allocated, or more than 115% allocated.

      Document your process for identifying resource constraints and issues in Section 3.3 of Info-Tech’s Resource Management Playbook.

      Task-at-a-glance

      Inputs Artifacts i.e. supply/demand data
      Consulted i.e. no one
      Tools & Templates i.e. Portfolio Manager Lite
      Outputs Artifacts i.e. list of issues
      Informed i.e. no one
      Timing i.e. every second Tuesday
      Responsible i.e. portfolio analyst
      Accountable i.e. PMO director

      Step four: establish a standard protocol for resolving resource issues within each reporting period

      2.3.5
      20 minutes

      Step four in your resource management process should be to finalize your capacity management book of record for the reporting period and prepare recommendations for resolving conflicts and issues.

      The reconciliation process will likely take place at a meeting amongst the management of the PMO and representatives from the various functional groups within the department. The goal of this step is to get the right roles and individuals to agree upon proposed reconciliations and to sign-off on resource allocations.

      The important decisions to document for this step include:

      1. What reports will be distributed and in what form? For example, refreshed spreadsheet will be available on the PMO SharePoint site.
      2. When will the reports be generated and for whom? For example, fourth Tuesday of the month, end of day – accessible for all managers.
      3. Who has input into how conflicts should be resolved? For example, conflicts will be resolved at monthly resource management meeting. All meeting participants have input, but the PMO director will have ultimate decision-making authority.

      Document your process for resolving resource constraints and issues in Section 3.4 of Info-Tech’s Resource Management Playbook.

      Inputs Artifacts i.e. meeting agenda
      Consulted i.e. meeting participants
      Tools & Templates i.e. capacity reports
      Outputs Artifacts i.e. minutes and resolutions
      Informed i.e. steering committee
      Timing i.e. every second Thursday
      Responsible i.e. PMO director
      Accountable i.e. CIO

      Step five: record how resource allocations will be finalized and communicated for the forecast window

      2.3.6
      20 minutes

      The final step in your resource management process is to clarify how resource allocations will be documented in your resource management solution and reported to the department.

      Once a plan to rebalance supply and demand for the reporting period has been agreed on, you will need to ensure that the appropriate data is updated in your resource management book of record, and that allocation decisions are communicated to the appropriate stakeholders.

      The important decisions to document for this step include:

      1. Who has ultimate authority for allocation decisions? For example, the CIO has final authority when conflicts need to be escalated and must approve all allocations for the forecast period.
      2. Who will update the book of record and when? For example, the tool admin will update the data before the end of the day following the resource management meeting.
      3. Who needs to be informed and of what? For example, resource plans will be updated in SharePoint for resources and managers to review.

      Document your process for approving and finalizing allocation in Section 3.5 of Info-Tech’s Resource Management Playbook.

      Task-at-a-glance

      Inputs Artifacts i.e. minutes and resolutions
      Consulted i.e. CIO, IT directors
      Tools & Templates i.e. Portfolio Manager Lite
      Outputs Artifacts i.e. updated availability table
      Informed i.e. steering committee
      Timing i.e. every second Friday
      Responsible i.e. portfolio analyst
      Accountable i.e. PMO director

      Finalize your provisional resource management process in the Playbook Template

      2.3 Resource Management Playbook

      Use Info-Tech’s Resource Management Playbook to solidify your processes in a formalized operating plan.

      Throughout this phase, we have been customizing sections 1, 2, and 3 of the Resource Management Playbook.

      Before we move to pilot and implement your resource management strategy in the next phase of this blueprint, ensure that sections 1-3 of your playbook have been drafted and are ready to be communicated and shared with stakeholders.

      • Avoid getting too granular in your process requirements. Keep it to high-level data requirements. Imposing too much detail in your playbook is a recipe for failure.
      • The playbook should remain provisional throughout your pilot phase. Aspects of your process will likely need to be changed or tweaked as they are met with some day-to-day realities. As with any “living document,” it can be helpful to explicitly assign responsibilities for updating the playbook over the long term to ensure it stays relevant.

      "People are spending far more time creating these elaborate [time-tracking] systems than it would have taken just to do the task. You’re constantly on your app refiguring, recalculating, re-categorizing... A better strategy would be [returning] to the core principles of good time management…Block out your calendar for the non-negotiable things. [Or] have an organized prioritized task list." – Laura Stack (quoted in Zawacki)

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      2.1 Wireframe a resource management strategy using Info-Tech’s seven dimensions of resource management

      Action the decision points across Info-Tech’s seven dimensions to ensure your resource management process is guided by realistic data and process goals.

      2.3 Draft a high-level resource management workflow and elaborate it into a repeatable practice

      Customize Info-Tech’s five-step resource management process model. Then, document how the process will operate by customizing the Resource Management Playbook.

      Phase 3

      Implement Sustainable Resource Management Practices

      Phase 3 outline

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 3: Implement Sustainable Resource Management Practices

      Proposed Time to Completion (in weeks): 4-12 weeks

      Step 3.1: Pilot your resource management process

      Start with an analyst kick-off call:

      • Review your resource management dimensions and tools
      • Review your provisional resource management processes
      • Discuss your ideas for a pilot

      Then complete these activities…

      • Select receptive project/functional managers to work with
      • Define the scope of your pilot and determine logistics
      • Finalize resource management roles and responsibilities

      With these tools & templates:

      • Process Pilot Plan Template
      • Resource Management Playbook
      • Project Portfolio Analyst Job Description
      Step 3.2: Plan to engage your stakeholders

      Review findings with analyst:

      • Results of your pilot, team feedback, and lessons learned
      • Your stakeholder landscape

      Then complete these activities…

      • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
      • Plan for next steps

      With these tools & templates:

      • Resource Management Playbook

      Phase 3 Results & Insights:

      Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

      Step 3.1: Pilot your resource management process to assess viability

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:

      • Select receptive project and functional managers to work with during your pilot
      • Define the scope of your pilot and determine logistics
      • Plan to obtain feedback, document lessons learned, and create an action plan for any changes
      • Finalize resource management roles and responsibilities

      This step involves the following participants:

      • CIO
      • PMO Director / Portfolio Manager
      • Project Managers
      • Resource Managers

      Outcomes of this step

      • A pilot team
      • A process pilot plan that defines the scope, logistics, and process for retrospection
      • Roles, responsibilities, and accountabilities for resource management
      • Project Portfolio Analyst job description template

      Pilot your new processes to test feasibility and address issues before a full deployment

      Adopting the right set of practices requires a significant degree of change that necessitates buy-in from varied stakeholders throughout IT and the business.

      Rome wasn’t built in a day. Similarly, your visibility into resource usage and availability won’t happen overnight.

      Resist the urge to deploy a big-bang rollout of your research management practices. This approach is ill advised for two main reasons:

      • It will put more of a strain on the implementation team in the near term, with a larger pool of end users to train and collect data from.
      • Putting untested practices in a department-wide spotlight could lead to mass confusion in the near-term and color the new processes in a negative light, leading to a loss of stakeholder trust and engagement right out of the gate.

      Start with a pilot phase. Identify receptive project managers and functional managers to work with, and leverage their insights to help iron out the kinks in your process before unveiling your practices to IT and business users at large.

      This step will help you:

      • Plan and execute a pilot of the processes we developed in Phase 2.
      • Incorporate the lessons learned from that pilot to strengthen your playbook and ease the communication process.

      Info-Tech Insight

      Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

      Plan your pilot like you would any project to ensure it’s well defined and its goals are clearly articulated

      Use Info-Tech’s Process Pilot Plan Template to help define the scope of your pilot and set appropriate goals for the test run of your new processes.

      A process pilot is a limited scope of an implementation (constrained by time and resources involved) to test the viability and effectiveness of the process as it has been designed.

      • Investing time and energy into a pilot phase can help to lower implementation risk, enhance the details and steps within a process, and improve stakeholder relations prior to a full scale rollout.
      • More than a dry run, however, a pilot should be approached strategically and planned out to limit the scope of it and achieve specific outcomes.
      • Leverage a planning document to ensure your process pilot is grounded in a common set of definitions, that the pilot is delivering value and insight, and that ultimately the pilot can serve as a starting point for a full-scale process implementation.

      "The advantages to a pilot are several. First, risk is constrained. Pilots are closely monitored so if a problem does occur, it can be fixed immediately. Second, the people working in the pilot can become trainers as you roll the process out to the rest of the organization. Third, the pilot is another opportunity for skeptics to visit the pilot process and learn from those working in it. There’s nothing like seeing a new process working for people to change their minds." – Daniel Madison

      Download Info-Tech’s Process Pilot Plan Template

      Select receptive project and functional managers to work with during your pilot

      3.1.1
      20 to 60 minutes

      Input

      • Project management staff and functional managers

      Output

      • Pilot project teams

      Materials

      • Stakeholder Engagement Workbook
      • Process Pilot Plan Template

      Participants

      • Process owner (PMO director or portfolio owner)
      • CIO

      Info-Tech recommends selecting project managers and functional managers who are aware of your role and some of the supply-demand challenges to assist in the implementation process.

      1. If receptive project and functional managers are known, schedule a 15-minute meeting with them to inquire if they would be willing to be part of the pilot process.
      2. If receptive project managers are not known, use Info-Tech’s Stakeholder Engagement Workbook to conduct a formal selection process.
        1. Enter a list of potential pilot project managers in tab 3.
        2. Rate project managers in terms of influence, pilot interest, and potential deployment contribution within tab 4.
        3. Review tab 5 in the workbook. Receptive project managers will appear in the top quadrants. Ideal project managers for the pilot are located in the top right quadrant of the graph.

      Document the project and functional managers involved in your pilot in Section 3 of Info-Tech’s Process Pilot Plan Template.

      Define the scope of your pilot and determine logistics

      Input

      • Sections 1 through 4 of the Process Pilot Plan Template

      Output

      • A process pilot plan

      Materials

      • Process Pilot Plan Template

      Participants

      • Process Owner (PMO Director or Portfolio Owner)
      • CIO
      • Project and Resource Managers

      Use Info-Tech’s Process Pilot Plan Template to design the details of your pilot.

      Investing time into planning your pilot phase strategically will ensure a clear scope, better communications for those piloting the processes, and overall, better, more actionable results during the pilot phase. The Process Pilot Plan Template is broken into five sections to assist in these goals:

        • Pilot Overview and Scope
        • Success and Risk Factors
        • Stakeholders Involved and Communications Plan
        • Pilot Retrospective and Feedback Protocol
        • Lessons Learned
      • The duration of your pilot should go at least one allocation period, depending on your frequency of updates, e.g. one week or month.
      • Estimates of time commitments should be captured for each stakeholder. During the retrospective at the end of the pilot, you should capture actuals to help determine the time-cost of the process itself and measure its sustainability.
      • Once the template is completed, schedule time to share and communicate it with the pilot team and executive sponsors of the process.

      While you should invest time in this planning document, continue to lean on the Resource Management Playbook as well as a process guide throughout the pilot phase.

      Execute your pilot and prepare to make process revisions before the full rollout

      Hit play! Begin the process pilot and get familiar with the work routine and resource management solution.

      Some things to keep in mind during the pilot include:

      • Depending on the solution you’re using, you will likely need to spend one day or less to populate the tool. During the pilot, measure the time and effort required to manage the data within the tool. Compare with the original estimate from activity 2.2.2. Determine whether time and effort required are viable on an ongoing basis (i.e. can you do it every week or month) and have value.
      • Meet with the pilot team and other stakeholders regularly during the pilot – at least weekly. Allow the team (and yourself) to speak honestly and openly about what isn’t working. The pilot is your chance to make things better.
      • Keep notes about what will need to change in the RM Playbook. For major changes, you may have to tweak the process during the pilot itself. Update the process documents as needed and communicate the changes and why they’re being made. If required, update the scope of the pilot in the Process Pilot Plan Template.

      Obtain feedback from the pilot group to improve your processes before a wider rollout

      3.1.3
      30 minutes

      Input

      • What’s working and what isn’t in the process

      Output

      • Ideas to improve process

      Materials

      • Whiteboard
      • Sticky notes
      • Process Pilot Plan Template

      Participants

      • Process Owner (PMO Director or Portfolio Owner)
      • Pilot Team

      Pilot projects allow you to validate your assumptions and leverage lessons learned. During the planning of the pilot, you should have scheduled a retrospective meeting with the pilot team to formally assess strengths and weaknesses in the process you have drafted.

      • Schedule the retrospective shortly after the pilot is completed. Info-Tech recommends a stop/start/continue activity with pilot participants to obtain and capture feedback.
      • Have members of the meeting record any processes/activities on sticky notes that should:
        • Stop: because they are ineffective or not useful
        • Start: because they would be useful for the tool and have not been incorporated into current processes
        • Continue: because they are useful and positively contribute to intended process outcomes

      An example of how to structure a stop/start/continue activity on a whiteboard using sticky notes.

      The image shows three black squares, each with three brightly coloured sticky notes in it. The three squares are labelled: Stop; Start; Continue.

      See below for additional instructions

      Document lessons learned and create an action plan for any changes to the resource management processes

      3.1.4
      30 minutes

      As a group, discuss everyone’s responses and organize according to top priority (mark with a 1) and lower priority/next steps (mark with a 2). At this point, you can also remove any sticky notes that are repetitive or no longer relevant.

      Once you have organized based on priority, be sure to come to a consensus with the group regarding which actions to take. For example, if the group agrees that they should “stop holding meetings weekly,” come to a consensus regarding how often meetings will be held, i.e. monthly.

      Create an action plan for the top priority items that require changes (the stops and starts). Record in this slide or your preferred medium. Be sure to include who is responsible for the action and the date that it will be implemented.

      Priority Action Required Who is Responsible Implementation Date
      Stop: Holding meetings weekly Hold meetings monthly Jane Doe, PMO Next Meeting: November 1, 2017
      Start: Discussing backlog during meetings Ensure that backlog data is up to date for discussion on date of next meeting John Doe, Portfolio Manager November 1, 2017

      Document the outcomes of the start/stop/continue exercise and your action plan in Section 6 of Info-Tech’s Process Pilot Plan Template.

      Review actions that can be taken based on the results of your pilot

      Situation Action Next Steps
      The dimensions that we chose for our strategy have proven to be too difficult to accurately maintain. The dimensions that we chose for our strategy have proven to be too difficult to accurately maintain. Reassess the dimensions that you chose for your strategy. Make sure that you are not overcommitting yourself based on your maturity level. You can always go back and adjust for a higher level of resource management maturity once you have mastered your current level. For example, if you chose “weekly” as your update frequency and this has proven to be too much to maintain, try updating monthly for a few months. Once you have mastered this update frequency, it will be easier to adjust to a weekly update process.
      We were able to maintain the data for our pilot based on the dimensions that we chose. However, allocating projects based on realized capacity did not alleviate any of our resourcing issues and resources still seem to be working on more projects than they can handle. Determine other factors at the organization that would help to maintain the data and work toward reclaiming capacity. Continue working with the dimensions that you chose and maintain the accuracy of this data. The next step is to identify other factors that are contributing to your resource allocation problems and begin reclaiming capacity. Continue forward to the resource management roadmap section and work on changing organizational structures and worker behavior to maximize capacity for project work.
      We were able to easily and accurately maintain the data, which led to positive results and improvement in resource allocation issues. If your strategy is easily maintained, identify factors that will help your organization reclaim capacity. Continue to maintain this data, and eventually work toward maintaining it at a more precise level. For example, if you are currently using an update frequency of “monthly” and succeeding, think about moving toward a “weekly” frequency within a few months. Once you feel confident that you can maintain project and resource data, continue on to the roadmap section to discover ways to reclaim resource capacity through organizational and behavioral change.

      Finalize resource management roles and responsibilities

      3.1.5
      15 to 30 minutes

      Input

      • Tasks for resource management
      • Stakeholder involved

      Output

      • Roles, responsibilities, and accountabilities for resource management

      Materials

      • Resource Management Playbook

      Participants

      • PMO Director/ Portfolio Manager
      • Functional Managers
      • Project Managers

      Perform a RACI exercise to help standardize terminology around roles and responsibilities and to ensure that expectations are consistent across stakeholders and teams.

      • A RACI will help create a clear understanding of the tasks and expectations for each stakeholder at each process step, assigning responsibilities and accountability for resource management outcomes.

      Responsible

      Accountable

      Consulted

      Informed

      Roles CIO PMO Portfolio Analyst Project Manager Functional Manager
      Collect supply data I A R I C
      Collect demand data I A R C I
      Identify conflicts I C/A R C C
      Resolve conflicts C A/R I R R
      Approve allocations A R I R I

      Document your roles and responsibilities in Section 2 of Info-Tech’s Resource Management Playbook.

      Use Info-Tech’s Portfolio Analyst job description to help fill any staffing needs around data maintenance

      3.1 Project Portfolio Analyst/PMO Analyst Job Description

      You will need to determine responsibilities and accountabilities for portfolio management functions within your team.

      If you do not have a clearly identifiable portfolio manager at this time, you will need to clarify who will wear which hats in terms of facilitating intake and prioritization, high-level capacity awareness, and portfolio reporting.

      • Use Info-Tech’s Project Portfolio Analyst job description template to help clarify some of the required responsibilities to support your PPM strategy.
        • If you need to bring in an additional staff member to help support the strategy, you can customize the job description template to help advertise the position. Simply edit the text in grey within the template.
      • If you have other PPM tasks that you need to define responsibilities for, you can use the RASCI chart on the final tab of the PPM Strategy Development Tool.

      Download Info-Tech’s Project Portfolio Analyst Job Description Template

      Finalize the Resource Management Playbook and prepare to communicate your processes

      Once you’ve completed the pilot process and made the necessary tweaks, you should finalize your Resource Management Playbook and prepare to communicate it.

      Revisit your RM Playbook from step 2.3 and ensure it has been updated to reflect the process changes that were identified in activity 3.1.4.

      • If during the pilot process the data was too difficult or time consuming to maintain, revisit the dimensions you have chosen and select dimensions that are easier to accurately maintain. Tweak your process steps in the playbook accordingly.
      • In the long term, if you are not observing any capacity being reclaimed, revisit the roadmap that we’ll prepare in step 3.2 and address some of these inhibitors to organizational change.
      • In the next step, we will also be repurposing some of the content from the playbook, as well as from previous activities, to include them in your presentation to stakeholders, using Info-Tech’s Resource Management Communications Template.

      Download Info-Tech’s Resource Management Playbook

      Info-Tech Best Practice

      Make your process standardization comprehensive. The RM Playbook should serve as your resource management standard operating procedure. In addition to providing a walk-through of the process, an SOP also clarifies project governance by clearly defining roles and responsibilities.

      Step 3.2: Plan to engage your stakeholders with your playbook

      PHASE 1

      1.1 Set a course of action

      1.2 Estimate supply and demand

      PHASE 2

      2.1 Select resource management dimensions

      2.2 Select resource management tools

      2.3 Build process steps

      PHASE 3

      3.1 Pilot your process for viability

      3.2 Plan stakeholder engagement

      This step will walk you through the following activities:

      • Brainstorm and plan for potential resistance to change, objections, and fatigue from stakeholders
      • Plan for next steps in reclaiming project capacity
      • Plan for next steps in overcoming supply-demand reconciliation challenges

      This step involves the following participants:

      • CIO
      • PMO Director / Portfolio Manager
      • Pilot Team from Step 3.1

      Outcomes of this step

      • Plan for communicating responses and objections from stakeholders and staff
      • Plan to manage structural/enabling factors that influence success of the resource management strategy
      • Description of next steps in reclaiming project capacity and overcoming supply-demand reconciliation challenges
      • Final draft of the customized Resource Management Playbook

      Develop a resource management roadmap to communicate and reinforce the strategy

      A roadmap will help anticipate, plan, and address barriers and opportunities that influence the success of the resource management strategy.

      This step of the project will ensure the new strategy is adopted and applied with maximum success by helping you manage challenges and opportunities across three dimensions:

      1. Executive Stakeholder Factors

      For example, resistance to adopting new assumptions about ratio of project versus non-project work.

      2. Workforce/Team Factors

      For example, resistance to moving from individual- to team-based allocations.

      3. Structural Factors

      For example, ensuring priorities are stable within the chosen resource planning horizon.

      See Info-Tech’s Drive Organizational Change from the PMOfor comprehensive tools and guidance on achieving organizational buy-in for your new resource management practices.

      Info-Tech Insight

      Communicate, communicate, communicate. Staff are 34% more likely to adapt to change quickly during the implementation and adoption phases when they are provided with a timeline of impending changes specific to their department. (McLean & Company)

      Anticipate a wide range of responses toward your new processes

      While your mandate may be backed by an executive sponsor, you will need to influence stakeholders from throughout the organization in order to succeed. Indeed, as EPMO leader, success will depend upon your ability to confirm and reaffirm commitments on soft or informal grounds. Prepare an engagement strategy that anticipates a wide range of responses.

      Enthusiasts Fence-sitters Skeptics Saboteurs
      What they look like: Put all their energy into learning new skills and behaviors. Start to use new skills and behaviors at a sluggish pace. Look for alternate ways of implementing the change. Refuse to learn anything new or try new behaviors.
      How they contribute: Lead the rest of the group. Provide an undercurrent of movement from old behaviors to new. Challenge decisions and raise risk points with managers. May raise valid points about the process that should be fixed.
      How to manage them: Give them space to learn and lead others. Keep them moving forward by testing their progress. Listen to them, but don’t give in to their demands. Keep communicating with them until you convert them.
      How to leverage them: Have them lead discussions and training sessions. Use them as an example to forecast the state once the change is adopted. Test new processes by having them try to poke holes in them. If you can convert them, they will lead the Skeptics and Fence-sitters.

      Info-Tech Insight

      Hone your stakeholder engagement strategy. Most people affected by an IT-enabled change tend to be fence-sitters. Small minorities will be enthusiasts, saboteurs, and skeptics. Your communication strategy should focus on engaging the skeptics, saboteurs, and enthusiasts. Fence-sitters will follow.

      Define plans to deal with resistance to change, objections, and fatigue

      Be prepared to confront skeptics and saboteurs when communicating the change.

      1. Use the templates on the following slide to:
        1. Brainstorm possible objections from stakeholders and staff. Prioritize objections that are likely to occur.
        2. Develop responses to objections.
      2. Develop a document and plan for proactively communicating responses and objections to show people that you understand their point of view.
        1. Revise the communications messaging and plan to include proactive objection handling.
      3. Discuss the likelihood and impact of “saboteurs” who aren’t convinced or affected by change management efforts.
        1. Explore contingency plans for dealing with difficult saboteurs. These individuals can negate the progress of the rest of the team by continuing to resist the process and spreading toxic energy. If necessary, be ruthless with these individuals. Let them know that the rest of the group is moving on without them, and if they can’t or won’t adopt the new standards, then they can leave.

      Info-Tech Insight

      Communicate well and engage often. Agility and continuous improvement are good, but can degenerate into volatility if change isn’t managed properly. People will perceive change to be volatile if their expectations aren’t managed through communications and engagement planning.

      Info-Tech Best Practice

      The individuals best positioned to provide insight and influence change positively are also best positioned to create resistance.

      These people should be engaged early and often in the implementation process – not just to make them feel included or part of the change, but also because their insight could very likely identify risks, barriers, and opportunities that need to be addressed.

      Develop a plan to manage stakeholder resistance to the new resource management strategy

      3.2.1
      30 minutes

      Brainstorm potential implications and objections that executive stakeholders might raise about your new processes.

      Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
      i.e. Default Project Ratio 50% “This can’t be right...” “We conducted a thorough time audit to establish this ratio.”
      “We need to spend more time on project work.” “Realistic estimates will help us control new project intake, which will help us optimize time allocated to projects.”
      i.e. Frequency Monthly “This data isn’t detailed enough, we need to know what people are working on right now.” “Maintaining an update frequency of weekly would require approximately [X] extra hours of PMO effort. We can work toward weekly as we mature.”
      i.e. Scope Person “That is a lot of people to keep track of.” “Managing individuals is still the job of the project manager; we are responsible for allocating individuals to projects.”
      i.e. Granularity of Work Assignment Project “We need to know exactly what tasks are being worked on and what the progress is.” “Assigning at task level is very difficult to accurately maintain. Once we have mastered a project-level granularity we can move toward task level.”
      i.e. Forecast Horizon One month “We need to know what each resource is working on next year.” “With a monthly forecast, our estimates are dependable. If we forecast a year in advance, this estimate will not be accurate.”

      Document the outcomes of this activity on slide 26 of Info-Tech’s Resource Management Communications Template.

      Develop a plan to manage staff/team resistance to the new resource management strategy

      3.2.2
      30 minutes

      Brainstorm potential implications and objections that individual staff and members of project teams might raise about your new processes.

      Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
      i.e. Default Project Ratio 50% “There’s too much support work.” “We conducted a thorough time audit to establish this ratio. Realistic estimates will help us control new project intake, which will help us optimize your project time.”
      i.e. Frequency Monthly “I don’t have time to give you updates on project progress.” “This update frequency requires only [X] amount of time from you per week/month.”
      i.e. Granularity Project “I need more clarity on what I’m working on.” “Team members and project managers are in the best position to define and assign (or self-select) individual tasks.”
      i.e. Forecast Horizon One month “I need to know what my workload will be further in advance.” “You will still have a high-level understanding of what you will be working on in the future, but projects will only be officially forecasted one month in advance.”
      i.e. Allocation Cadence Monthly “We need a more frequent cadence.” “We can work toward weekly cadence as we mature.”

      Document the outcomes of this activity on slide 27 of Info-Tech’s Resource Management Communications Template.

      Develop a plan to manage structural/enabling factors that influence success of the resource management strategy

      3.2.3
      30 minutes

      Brainstorm a plan to manage other risks and challenges to implementing your processes.

      Dimension Decision Potential Impact, Implications, and Objections Possible Responses and Actions
      i.e. Default Project Ratio 50% “We have approved too many projects to allocate so little time to project work.” Nothing has changed – this was always the amount of time that would actually go toward projects. If you are worried about a backlog, stop approving projects until you have completed the current workload.
      i.e. Frequency Monthly “Status reports aren’t reliably accurate and up to date more than quarterly.” Enforce strict requirements to provide monthly status updates for 1-3 key KPIs.
      i.e. Scope Person “How can we keep track of what each individual is working on?” Establish a simple, easy reporting mechanism so that resources are reporting their own progress.
      i.e. Granularity Project “How will we know the status of a project without knowing what tasks are completed?” It is in the domain of the project manager to know what tasks have been completed and to report overall project progress.
      i.e. Forecast Horizon One Month “It will be difficult to plan for resource needs in advance.” Planning a month in advance allows you to address conflicts or issues before they are urgent.

      Document the outcomes of this activity on slide 28 of Info-Tech’s Resource Management Communications Template.

      Finalize your communications plan and prepare to present the new processes to the organization

      Use Info-Tech’s Resource Management Communications Template to record the challenges your resource management strategy is addressing and how it is addressing them.

      Highlight organizational factors that necessitated the change.

      • Stakeholders and staff understandably tend to dislike change for the sake of change. Use Info-Tech’s Resource Management Communications Template to document the pain points that your process change is addressing and explain the intended benefits for all who will be subject to the new procedures.

      Determine goals and benefits for implementation success.

      • Provide metrics by which the implementation will be deemed a success. Providing this horizon will provide some structure for stakeholders and hopefully help to encourage process discipline.

      Clearly indicate what is required of people to adopt new processes.

      • Document your Resource Management Playbook. Be sure to include specific roles and responsibilities so there is no doubt regarding who is accountable for what.

      Download Info-Tech’s Resource Management Communications Template

      "You need to be able to communicate effectively with major stakeholders – you really need their buy-in. You need to demonstrate credibility with your audience in the way you communicate and show how portfolio [management] is a structured decision-making process." – Dr. Shan Rajegopal (quoted in Akass, “What Makes a Successful Portfolio Manager”)

      Review tactics for keeping your processes on track

      Once the strategy is adopted, the next step is to be prepared to address challenges as they come up. Review the tactics in the table below for assistance.

      Challenge Resolution Next Step
      Workers are distracted because they are working on too many projects at once; their attention is split and they are unproductive. Workers are distracted because they are working on too many projects at once; their attention is split and they are unproductive. Review portfolio practices for ways to limit work in progress (WIP).
      Employees are telling project managers what they want to hear and not giving honest estimates about the way their time is spent. Ensure that employees understand the value of honest time tracking. If you’re allocating your hours to the wrong projects, it is your projects that suffer. If you are overallocated, be honest and share this with management. Display employee time-tracking reports on a public board so that everyone will see where their time is spent. If they are struggling to complete projects by their deadlines they must be able to demonstrate the other work that is taking up their time.
      Resources are struggling with projects because they do not have the necessary expertise. Perform a skills audit to determine what skills employees have and assign them to projects accordingly. If an employee with a certain skill is in high demand, consider hiring more resources who are able to complete this work.

      See below for additional challenges and tactics

      Review tactics for keeping supply and demand aligned

      Once the strategy is adopted, the next step is to use the outputs of the strategy to reclaim capacity and ensure supply and demand remain aligned. Review the tactics in the table below for assistance.

      Challenge Resolution Next Step
      There is insufficient project capacity to take on new work, but demand continues to grow. Extend project due date and manage the expectations of project sponsors with data. If possible, reclaim capacity from non-project work. Customize the playbook to address insufficient project capacity.
      There is significant fluctuation in demand, making it extremely challenging to stick to allocations. Project managers can build in additional contingencies to project plans based on resourcing data, with plans for over-delivering with surplus capacity. In addition, the CIO can leverage business relationships to curb chaotic demand. The portfolio manager should analyze the project portfolio for clues on expanding demand. Customize the playbook to address large fluctuations in demand.
      On a constant basis, there are conflicting project demands over specific skills. Re-evaluate the definition of a project to guard the value of the portfolio. Continually prioritize projects based on their business values as of today. Customize the playbook to address conflicting project demands. Feed into any near- and long-term staffing plans.

      Prepare to communicate your new resource management practices and reap their benefits

      As you roll out your resource management strategy, familiarize yourself with the capability improvements that will drive your resource management success metrics.

      1. Increased capacity awareness through the ability to more efficiently and more effectively collect and track complex, diverse, and dynamic project data across the project portfolio.
      2. Improved supply management. Increased awareness of resource capacity (current and forecasted) combined with the ability to see the results of resource allocations across the portfolio will help ensure that project resources are used as effectively as possible.
      3. Improved demand management. Increased capacity awareness, combined with reliable supply management, will help PMOs set realistic limits on the amount and kind of IT projects the organization can take on at any given time. The ability to present user-friendly reports to key decision makers will help the PMO to ensure that the projects that are approved are realistically attainable and strategically aligned.
      4. Increased portfolio success. Improvements in the three areas indicated above should result in more realistic demands on project workers/managers, better products, and better service to all stakeholders. While successfully implemented PPM solutions should produce more efficient PPM processes, ideally they should also drive improved project stakeholder satisfaction across the organization.

      The image shows a series on concentric circles, labelled (from the inside out): Capacity Awareness; Supply Management; Demand Management; Project Success.

      Info-Tech client achieves resource management success by right-sizing its data requirements and focusing on reporting

      CASE STUDY

      Industry Manufacturing

      Source Info-Tech Client

      We were concerned that the staff would not want to do timesheets. With one level of task definition, it’s not really timesheets. It’s more about reconciling our allocations.” – PMO Director, Manufacturing

      Challenge

      • In a very fast-paced environment, the PMO had developed a meaningful level of process maturity.
      • There had never been time to slow down enough to introduce a mature PPM tool set.
      • The executive leadership had started to ask for more throughput of highly visible IT projects.

      Solution

      • There had never been oversight on how much IT time went toward escalated support issues and smaller enhancement requests.
      • Staff had grown accustomed to a lack of documentation rigor surrounding the portfolio.
      • Despite a historic baseline of the ratio between strategic projects, small projects, and support, the lack of recordkeeping made it hard to validate or reconcile these ratios.

      Results

      • The organization introduced a robust commercial PPM tool.
      • They were able to restrict the granularity of data to a high level in order to limit the time required to enter and manage, and track the actuals.
      • They prepared executive leadership for their renewed focus on the allocation of resources to strategically important projects.
      • Approval of projects was right-sized based on the actual capacity and realized through improved timesheet recordkeeping.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      3.1 Define the scope of your pilot and set appropriate goals for the test-run of your new processes

      An effective pilot lowers implementation risk, enhances the details and steps within a process, and improves stakeholder relations prior to a full scale rollout.

      3.2 Develop a plan to manage stakeholder and staff resistance to the new resource management practice

      Proactively plan for communicating responses and objections to show people that you understand their point of view and win their buy-in.

      Insight breakdown

      Insight 1

      A matrix organization creates many small, untraceable demands that are often overlooked in resource management efforts, which lead to underestimating total demand and overcommitting resources. To capture them and enhance the success of your resource management effort, focus on completeness rather than precision. Precision of data will improve over time as your process maturity grows.

      Insight 2

      Draft the resource management practice with sustainability in mind. It is about what you can and will maintain every week, even during a crisis: it is not about what you put together as a one-time snapshot. Once you stop maintaining resource data, it’s nearly impossible to catch up.

      Insight 3

      Engagement paves the way for smoother adoption. An engagement approach (rather than simply communication) turns stakeholders into advocates who can help boost your message, sustain the change, and realize benefits without constant intervention or process command-and-control.

      Summary of accomplishment

      Knowledge Gained

      • Disconnect between traditional resource management paradigms and today’s reality of work environment
      • Differentiation of accuracy and precision in capacity data
      • Snapshot of resource capacity supply and demand
      • Seven dimensions of resource management strategy
      • How to create sustainability of a resource management practice

      Processes Optimized

      • Collecting resource supply data
      • Capturing the project demand
      • Identifying and documenting resource constraints and issues
      • Resolving resource issues
      • Finalizing and communicating resource allocations for the forecast window

      Deliverable Completed

      • Resource Management Supply-Demand Calculator, to create an initial estimate of resource capacity supply and demand
      • Time-tracking survey emails, to validate assumptions made for creating the initial snapshot of resource capacity supply and demand
      • Resource Management Playbook, which documents your resource management strategy dimensions, process steps, and responses to challenges
      • PPM Solution Vendor Demo Script, to structure your resource management tool demos and interactions with vendors to ensure that their solutions can fully support your resource management practices
      • Portfolio Manager Lite, a spreadsheet-based resource management solution to facilitate the flow of data
      • Process Pilot Plan, to ensure that the pilot delivers value and insight necessary for a wider rollout
      • Project Portfolio Analyst job description, to help your efforts in bringing in additional staff to provide support for the new resource management practice
      • Resource Management Communications presentation, with which to engage your stakeholders during the new process rollout

      Research contributors and experts

      Trevor Bramwell, ICT Project Manager Viridor Waste Management

      John Hansknecht, Director of Technology University of Detroit Jesuit High School & Academy

      Brian Lasby, Project Manager Toronto Catholic District School Board

      Jean Charles Parise, CIO & DSO Office of the Auditor General of Canada

      Darren Schell, Associate Executive Director of IT Services University of Lethbridge

      Related Info-Tech research

      Develop a Project Portfolio Management Strategy

      Grow Your Own PPM Solution

      Optimize Project Intake, Approval, and Prioritization

      Maintain and Organized Portfolio

      Manage a Minimum-Viable PMO

      Establish the Benefits Realization Process

      Manage an Agile Portfolio

      Tailor Project Management Processes to Fit Your Projects

      Project Portfolio Management Diagnostic Program

      The Project Portfolio Management Diagnostic Program is a low-effort, high-impact program designed to help project owners assess and improve their PPM practices. Gather and report on all aspects of your PPM environment to understand where you stand and how you can improve.

      Bibliography

      actiTIME. “How Poor Tracking of Work Time Affects Your Business.” N.p., Oct. 2016. Web.

      Akass, Amanda. “What Makes a Successful Portfolio Manager.” Pcubed, n.d. Web.

      Alexander, Moira. “5 Steps to avoid overcommitting resources on your IT projects.” TechRepublic. 18 July 2016. Web.

      Anderson, Ryan. “Some Shocking Statistics About Interruptions in Your Work Environment.” Filevine, 9 July 2015. Web.

      Bondale, Kiron. “Focus less on management and more on the resources with resource management.” Easy in Theory, Difficult in Practice. 16 July 2014. Web.

      Burger, Rachel. “10 Software Options that Will Make Your Project Resource Allocation Troubles Disappear.” Capterra Project Management Blog, 6 January 2016. Web.

      Cooper, Robert, G. “Effective Gating: Make product innovation more productive by using gates with teeth.” Stage-Gate International and Product Development Institute. March/April 2009. Web.

      Dimensional Research. “Lies, Damned Lies and Timesheet Data.” Replicon, July 2013. Web.

      Edelman Trust Barometer. “Leadership in a Divided World.” 2016. Web.

      Frank, T.A. “10 Execs with Time-Management Secrets You Should Steal.” Monday*. Issue 2: Nov-Dec 2014. Drucker Institute. Web.

      Huth, Susanna. “Employees waste 759 hours each year due to workplace distractions.” The Telegraph, 22 Jun 2015. Web.

      Jacobeus, Nicolas. “How Detailed Does Your Agency Time Tracking Need to Be?” Scale Blog, 18 Jul 2016. Web.

      Lessing, Lawrence. Free Culture. Lulu Press Inc.: 30 July 2016.

      Kwak, James. “The Importance of Excel. The Baseline Scenario, 9 Feb 2013. Web.

      Madison, Daniel. “The Five Implementation Options to Manage the Risk in a New Process.” BPMInstitute.org. n.d. Web.

      Mark, Gloria. Multitasking in the Digital Age. Morgan & Claypool Publishers. 1 April 2015

      Maron, Shim. “Accountability Vs. Responsibility In Project Management.” Workfront, 10 June 2016. Web.

      PM Solutions. “Resource Management and the PMO: Three Strategies for Addressing Your Biggest Challenge.” N.p., 2009. Web.

      Project Management Institute. “Pulse of the Profession 2014.” PMI, 2014. Web.

      Planview. “Capacity Planning Fuels Innovation Speed.” 2016. Web.

      Rajda, Vilmos. “The Case Against Project Portfolio Management.” PMtimes, 1 Dec 2010. Web.

      Reynolds, Justin. “The Sad Truth about Nap Pods at Work.” TINYpulse, 22 Aug 2016. Web.

      Schulte, Brigid. “Work interrupts can cost you 6 hours a day. An efficiency expert explains how to avoid them.” Washington Post, 1 June 2015. Web.

      Stone, Linda. "Continuous Partial Attention." Lindastone.net. N.p., n.d. Web.

      Zawacki, Kevin. “The Perils of Time Tracking.” Fast Company, 26 Jan 2015. Web.

      Optimize the IT Operations Center

      • Buy Link or Shortcode: {j2store}449|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Operations Management
      • Parent Category Link: /i-and-o-process-management
      • Your team’s time is burned up by incident response.
      • Manual repetitive work uses up expensive resources.
      • You don’t have the visibility to ensure the availability the business demands.

      Our Advice

      Critical Insight

      • Sell the project to the business.
      • Leverage the Operations Center to improve IT Operations.

      Impact and Result

      • Clarify lines of accountability and metrics for success.
      • Implement targeted initiatives and track key metrics for continual improvement.

      Optimize the IT Operations Center Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should Optimize the IT Operations Center, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

      Get quick wins to demonstrate early value for investments in IT Operations.

      • Optimize the IT Operations Center – Lightning Phase: Pluck Low-Hanging Fruit for Quick Wins

      2. Get buy-in

      Get buy-in from business stakeholders by speaking their language.

      • Optimize the IT Operations Center – Phase 1: Get Buy-In
      • IT Operations Center Prerequisites Assessment Tool
      • IT Operations Center Stakeholder Buy-In Presentation
      • IT Operations Center Continual Improvement Tracker

      3. Define accountability and metrics

      Formalize process and task accountability and develop targeted metrics.

      • Optimize the IT Operations Center – Phase 2: Define Accountability and Metrics
      • IT Operations Center RACI Charts Template

      4. Assess gaps and prioritize initiatives

      Identify pain points and determine the top solutions.

      • Optimize the IT Operations Center – Phase 3: Assess Gaps and Prioritize Initiatives
      • IT Operations Center Gap and Initiative Tracker
      • IT Operations Center Initiative Prioritization Tool

      5. Launch initiatives and track metrics

      Lay the foundation for implementation and continual improvement.

      • Optimize the IT Operations Center – Phase 4: Launch Initiatives and Track Metrics
      [infographic]

      Workshop: Optimize the IT Operations Center

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Check Foundation

      The Purpose

      Ensure base maturity in IT Operations processes.

      Key Benefits Achieved

      Verify that foundation is in place to proceed with Operations Center project.

      Activities

      1.1 Evaluate base maturity.

      Outputs

      IT Operations Center Prerequisites Assessment Tool

      2 Define Accountabilities

      The Purpose

      Define accountabilities for Operations processes and tasks.

      Key Benefits Achieved

      Documented accountabilities.

      Activities

      2.1 Pluck low-hanging fruit for quick wins.

      2.2 Complete process RACI.

      2.3 Complete task RACI.

      Outputs

      Project plan

      Process RACI

      Task RACI

      3 Map the Challenge

      The Purpose

      Define metrics and identify accountabilities and gaps.

      Key Benefits Achieved

      List of initiatives to address pain points.

      Activities

      3.1 Define metrics.

      3.2 Define accountabilities.

      3.3 Identify gaps.

      Outputs

      IT Operations Center Gap and Initiative Tracker

      4 Build Action Plan

      The Purpose

      Develop an action plan to boost KPIs.

      Key Benefits Achieved

      Action plan and success criteria.

      Activities

      4.1 Prioritize initiatives.

      Outputs

      IT Operations Center Initiative Prioritization Tool

      5 Map Out Implementation

      The Purpose

      Build an implementation plan for continual improvement.

      Key Benefits Achieved

      Continual improvement against identified metrics and KPIs.

      Activities

      5.1 Build implementation plan.

      Outputs

      IT Operations Center Continual Improvement Tracker

      Further reading

      Optimize the IT Operations Center

      Stop burning budget on non-value-adding activities.

      ANALYST PERSPECTIVE

      The Network Operations Center is not in Kansas anymore.

      "The old-school Network Operations Center of the telecom world was heavily peopled and reactionary. Now, the IT Operations Center is about more than network monitoring. An effective Operations Center provides visibility across the entire stack, generates actionable alerts, resolves a host of different incidents, and drives continual improvement in the delivery of high-quality services.
      IT’s traditional siloed approach cannot provide the value the business demands. The modern Operations Center breaks down these silos for the end-to-end view required for a service-focused approach."

      Derek Shank,
      Research Analyst, Infrastructure & Operations
      Info-Tech Research Group

      Our understanding of the problem

      This Research Is Designed For:

      • IT Operations Managers
      • IT Infrastructure Managers
      • CIOs

      This Research Will Help You:

      • Improve reliability of services.
      • Reduce the cost of incident response.
      • Reduce the cost of manual repetitive work (MRW).

      This Research Will Also Assist

      • Business Analysts
      • Project Managers
      • Business Relationship Managers

      This Research Will Help Them

      • Develop appropriate non-functional requirements.
      • Integrate non-functional requirements into solution design and project implementation.

      Executive Summary

      Situation

      • Your team’s time is burned up by incident response.
      • MRW burns up expensive resources.
      • You don’t have the visibility to ensure the availability the business demands.

      Complication

      • The increasing complexity of technology has resulted in siloed teams of specialists.
      • The business views IT Operations as a cost center and doesn’t want to provide resources to support improvement initiatives.

      Resolution

      • Pluck low-hanging fruit for quick wins.
      • Obtain buy-in from business stakeholders by speaking their language.
      • Clarify lines of accountability and metrics for success.
      • Implement targeted initiatives and track key metrics for continual improvement.

      Info-Tech Insight

      1. Sell the project to the business. Your first job is a sales job because executive sponsorship is key to project success.
      2. Worship the holy trinity of metrics: impact of downtime, cost of incident response, and time spent on manual repetitive work (MRW).
      3. Invest in order to profit. Improving the Operations Center takes time and money. Expect short-term pain to realize long-term gain.

      The role of the Network Operations Center has changed

      • The old approach was technology siloed and the Network Operations Center (NOC) only cared about the network.
      • The modern Operations Center is about ensuring high availability of end-user services, and requires cross-functional expertise and visibility across all the layers of the technology stack.
      A pie chart is depicted. The data displayed on the chart, in decreasing order of size, include: Applications; Servers; LAN; WAN; Security; Storage. Source: Metzler, n.d.

      Most organizations lack adequate visibility

      • The rise of hybrid cloud has made environments more complex, not less.
      • The increasing complexity makes monitoring and incident response more difficult than ever.
      • Only 31% of organizations use advanced monitoring beyond what is offered by cloud providers.
      • 69% perform no monitoring, basic monitoring, or rely entirely on the cloud provider’s monitoring tools.
      A Pie chart is depicted. Two data are represented on the chart. The first, representing 69% of the chart, is: Using no monitoring, basic monitoring, or relying only on the cloud vendor's monitoring. the second, representing 31% of the chart, is Using advanced monitoring beyond what cloud vendors provide. Source: InterOp ITX, 2018

      Siloed service level agreements cannot ensure availability

      You can meet high service level agreements (SLAs) for functional silos, but still miss the mark for service availability. The business just wants things to work!

      this image contains Info-Tech's SLA-compliance rating chart, which displays the categories: Available, behaving as expected; Slow/degraded; and Unavailable, for each of: Webserver; Database; Storage; Network; Application; and, Business Service

      The cost of downtime is massive

      Increasing reliance on IT makes downtime hurt more than ever.
      98% of enterprises lose $100,000+.
      81% of enterprises lose $300,000+ per hour of downtime.

      This is a bar graph, showing the cost per hour of downtime, against the percentage of enterprises.

      Source: ITIC, 2016

      IT is asked to do more with less

      Most IT budgets are staying flat or shrinking.

      57% of IT departments expect their budget to stay flat or to shrink from 2018 to 2019.

      This image contains a pie chart with two data, one is labeled: Increase; representing 43% of the chart. The other datum is labeled: Shrink or stay flat, and represents 57% of the chart.

      Unify and streamline IT Operations

      A well-run Operations Center ensures high availability at reasonable cost. Improving your Operations Center results in:

      • Higher availability
      • Increased reliability
      • Improved project capacity
      • Higher business satisfaction

      Measure success with the holy trinity of metrics

      Focus on reducing downtime, cost of incident response, and MRW.

      This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

      Start from the top and employ a targeted approach

      Analyze data to get buy-in from stakeholders, and use our tools and templates to follow the process for continual improvement in IT Operations.

      This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

      Workshop

      "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

      Consulting

      "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

      Diagnostics and consistent frameworks used throughout all four options

      Optimize the IT Operations Center – project overview

      Launch the Project

      Identify Enterprise Services

      Identify Line of Business Services

      Complete Service Definitions

      Best-Practice Toolkit

      🗲 Pluck Low-Hanging Fruit for Quick Wins

      1.1 Ensure Base Maturity Is in Place

      1.2 Make the Case

      2.1 Define Accountabilities

      2.2 Define Metrics

      3.1 Assess Gaps

      3.2 Plan Initiatives

      4.1 Lay Foundation

      4.2 Launch and Measure

      Guided Implementations

      Discuss current state.

      Review stakeholder presentation.

      Review RACIs.

      Review metrics.

      Discuss gaps.

      Discuss initiatives.

      Review plan and metric schedule.

      Onsite Workshop Module 1:

      Clear understanding of project objectives and support obtained from the business.

      Module 2:

      Enterprise services defined and categorized.

      Module 3:

      LOB services defined based on user perspective.

      Module 4:

      Service record designed according to how IT wishes to communicate to the business.

      Phase 1 Results:

      Stakeholder presentation

      Phase 2 Results:
      • RACIs
      • Metrics
      Phase 3 Results:
      • Gaps list
      • Prioritized list of initiatives
      Phase 4 Results:
      • Implementation plan
      • Continual improvement tracker

      Workshop overview

      Contact your account representative or email Workshops@InfoTech.com for more information.

      Pre-Workshop Workshop Day 1 Workshop Day 2 Workshop Day 3 Workshop Day 4
      Activities

      Check Foundation

      Define Accountabilities

      Map the Challenge

      Build Action Plan

      Map Out Implementation

      1.1 Ensure base maturity.

      🗲 Pluck low-hanging fruit for quick wins.

      2.1 Complete process RACI.

      2.2 Complete task RACI.

      3.1 Define metrics.

      3.2 Define accountabilities.

      3.2 Identify gaps.

      4.1 Prioritize initiatives.

      5.1 Build implementation plan.

      Deliverables
      1. IT Operations Center Prerequisites Assessment Tool
      1. IT Operations Center RACI Charts Template
      1. IT Operations Center Gap and Initiative Tracker
      1. IT Operations Center Initiative Prioritization Tool
      1. IT Operations Center Continual Improvement Tracker

      PHASE 🗲

      Pluck Low-Hanging Fruit for Quick Wins

      Optimize the IT Operations Center

      Conduct a ticket-trend analysis

      Generate reports on tickets from your IT service management (ITSM) tool. Look for areas that consume the most resources, such as:

      • Recurring tickets.
      • Tickets that have taken a long time to resolve.
      • Tickets that could have been resolved at a lower tier.
      • Tickets that were unnecessarily or improperly escalated.

      Identify issues

      Analyze the tickets:

      • Look for recurring tickets that may indicate underlying problems.
      • Ask tier 2 and 3 technicians to flag tickets that could have been resolved at a lower tier.
      • Identify painful and/or time consuming service requests.
      • Flag any manual repetitive work.

      Write the issues on a whiteboard.

      Oil & Gas IT reduces manual repetitive maintenance work

      CASE STUDY
      Industry Oil & Gas
      Source Interview

      Challenge

      The company used a webserver to collect data from field stations for analytics. The server’s version did not clear its cache – it filled up its own memory and would not overwrite, so it would just lock up and have to be rebooted manually.

      Solution

      The team found out that the volumes and units of data would cause the memory to fill at a certain time of the month. They wrote a script to reboot the machine and set up a planned outage during the appropriate weekend each month.

      Results

      The team never had to do manual reboots again – though they did have to tweak their reboot script not to rely on their calendar, after a shift in production broke the pattern between memory consumption and the calendar.

      Rank the issues

      🗲.1.1 10 minutes

      1. Assign each participant five sticky dots to use for voting.
      2. Have each participant place any number of dots beside the issue(s) of their choice.
      3. Count the dots and rank the top three most important issues.

      INPUT

      • List of issues

      OUTPUT

      • Top three issues

      Materials

      • Whiteboard
      • Markers
      • Sticky dots

      Participants

      • Operations Manager
      • Infrastructure Manager
      • I&O team members

      Brainstorm solutions

      🗲.1.2 10 minutes

      1. Write the three issues at the top of a whiteboard, each at the head of its own column.
      2. Focusing on one issue at a time, brainstorm potential solutions for each issue. Have one person write all the proposed solutions on the board beneath the issue.

      Info-Tech Best Practice

      Do not censor or evaluate the proposed solutions at this time. During brainstorming, focus on coming up with as many potential solutions as possible, no matter how infeasible or outlandish.

      INPUT

      • Top three issues

      OUTPUT

      • Potential solutions

      Materials

      • Whiteboard
      • Markers

      Participants

      • Operations Manager
      • Infrastructure Manager
      • I&O team members

      Evaluate and rank potential solutions

      🗲.1.3 30 minutes

      1. Score the solutions from 1-5 on each of the two dimensions:
      • Attainability
      • Probable efficacy
    • Identify the top scoring solution for each issue. In the event of a tie, vote to determine the winner.
    • Info-Tech Insight

      Quick wins are the best of both worlds. To get a quick win, pick a solution that is both readily attainable and likely to have high impact.

      INPUT

      • Potential solutions

      OUTPUT

      • Ranked list of solutions

      Materials

      • Whiteboard
      • Markers

      Participants

      • Operations Manager
      • Infrastructure Manager
      • I&O team members

      Develop metrics to measure the effectiveness of solutions

      You should now have a top potential solution for each pain point.

      For each pain point and proposed solution, identify the metric that would indicate whether the solution had been effective or not. For example:

      • Pain point: Too many unnecessary escalations for SharePoint issues.
      • Solution: Train tier 1 staff to resolve SharePoint tickets.
      • Metric: % of SharePoint tickets resolved at tier 1.

      Design solutions

      • Some solutions explain themselves. E.g., hire an extra service desk person.
      • Others require more planning and design, as they involve a bespoke solution. E.g., improve asset management process or automate onboarding of new users.
      • For the solutions that require planning, take the time to design each solution fully before rushing to implement it.

      Build solutions

      • Build any of the solutions that require building. For example, any scripting for automations requires the writing of those scripts, and any automated ticket routing requires configuration of your ITSM tool.
      • Part of the build phase for many solutions should also involve designing the tests of those solutions.

      Test solutions – refine and iterate

      • Think about the expected outcome and results of the solutions that require testing.
      • Test each solution under production-like circumstances to see if the results and behavior are as expected.
      • Refine and iterate upon the solutions as necessary, and test again.

      Implement solutions and measure results

      • Before implementing each solution, take a baseline measurement of the metric that will measure success.
      • Implement the solutions using your change management process.
      • After implementation, measure the success of the solution using the appropriate metric.
      • Document the results and judge whether the solution has been effective.

      Use the top result as a case study to obtain buy-in

      Your most effective solution will make a great case study.

      Write up the results and input the case study into the IT Operations Center Stakeholder Buy-In Presentation.

      This image contains a screenshot of info-tech's default format for presenting case studies.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts

      this is a picture of an Info-Tech Analyst
      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
      The following are sample activities that will be conducted by Info-Tech analysts with your team:
      🗲.1.2 This image contains a screenshot from section 🗲.1.2 of this blueprint.

      Identify issues

      Look for areas that aren’t working optimally.

      🗲.1.3 this image contains a screenshot from section 🗲.1.3 of this blueprint.

      Evaluate and rank potential solutions

      Sort the wheat from the chaff and plan for quick wins.

      PHASE 1

      Get Buy-In

      Optimize the IT Operations Center

      Step 1.1: Ensure Base Maturity Is in Place

      This step will walk you through the following activities:

      • Assess maturity of base IT Operations processes.

      Outcomes of this step

      • Completed IT Operations Center Prerequisites Assessment Tool

      Base processes underpin the Operations Center

      • Before you optimize your Operations Center, you should have foundational ITSM processes in place: service desk, and incident, problem, and change management.
      • Attempting to optimize Operations before it rests on a solid foundation can only lead to frustration.

      IT Operations Center

      • Service Desk
      • Incident Management
      • Problem Management
      • Change Management

      Info-Tech Insight

      ITIL isn’t dead. New technology such as cloud solutions and advanced monitoring tools have transformed how ITSM processes are implemented, but have not obviated them.

      Assess maturity of prerequisite processes

      1.1.1 IT Operations Center Prerequisites Assessment Tool

      • Don’t try to prematurely optimize your Operations Center.
      • Before undertaking this project, you should already have a base level of maturity in the four foundational IT Operations processes.
      • Complete the IT Operations Center Prerequisites Assessment Tool to assess your current level in service desk, incident management, problem management, and change management.
      this image contains a screenshot from Info-Tech's IT Operations Center Prerequisite Assessment

      Make targeted improvements on prerequisite processes if necessary

      If there are deficiencies in any of your foundational processes, take the time to remedy those first before proceeding with Optimize the IT Operations Center. See Info-Tech’s other blueprints:

      Standardize the Service Desk

      Strengthen your service desk to build a strong ITSM foundation.

      Incident and Problem Management

      Don’t let persistent problems govern your department.

      Optimize Change Management

      Turn and face the change with a right-sized change management process.

      Step 1.2: Make the Case

      This step will walk you through the following activities:

      • Estimate the impact of downtime for top five applications.
      • Estimate the cost of incident response.
      • Estimate the cost of MRW.
      • Set success metrics and estimate the ROI of the Operations Center project.
      • IT Operations Center Stakeholder Buy-In Presentation

      Obtaining buy-in is critical

      Buy-in from top-level stakeholders is critical to the success of the project.

      Before jumping into your initiatives, take the time to make the case and bring the business on board.

      Factors that “prevent us from improving the NOC”

      This image contains a graph of factors that prevent us from improving the NOC. In decreasing order, they include: Lack of strategic guidance from our vendors; The unwillingness of our management to accept new risk; Lack of adequate software tools; Our internal processes; Lack of management vision; Lack of funding; and Lack of personnel resources. There is a red circle drawn around the last three entries, with the words: Getting Buy-in Removes the Top Three Roadblocks to Improvement!. Source: Metzier, n.d

      List your top five applications

      List your top five applications for business criticality.

      Don’t agonize over decisions at this point.

      Generally, the top applications will be customer facing, end-user facing for the most critical business units, or critical for health and safety.

      Estimate impact of downtime

      • Come up with a rough, back-of-the-napkin estimate of the hourly cost of downtime for each application.
      • Complete page two of the IT Operations Center Stakeholder Buy-In Presentation.
      • Estimate loss of revenue per hour, loss of productivity per hour, and IT cost per incident resolution hour.
      • Pull a report on incident hours/outages in the past year from your ITSM tool. Multiply the total cost per incident hour by the incident hours per year to determine the current cost per year of service disruptions for each service.
      • Add up the cost for each of the top five services.
      • Now you can show the business a hard value number that quantifies your availability issues.

      Estimate salary cost of non-value-adding work

      Complete page three of the IT Operations Center Stakeholder Buy-In Presentation.

      • Estimate annual wage cost of incident response: multiply incident response hours per year (take from your ITSM tool) by the average hourly wage of incident responders.
      • Estimate annual cost of MRW: multiply MRW hours per year (take from ITSM tool or from time-keeping tool, or use best guess based on talking to staff members) by the average hourly wage of IT staff performing MRW.
      • Add the two numbers together to calculate the non-value-adding IT salary cost per year.
      • Express the previous number as a percentage of total IT salary. Everything that is not incident response or MRW is value-adding work.

      Now you have the holy trinity of metrics: set some targets

      The holy trinity of metrics:

      • Cost of downtime
      • % of salary on incident response
      • % of salary on MRW

      You want to reduce the above numbers. Set some back-of-the-napkin targets for percentage reductions for each of these areas. These are high-level metrics that business stakeholders will care about.

      Take your best guess at targets. Higher maturity organizations will have less potential for reduction from a percentage point of view (eventually you hit diminishing returns), while organizations just beginning to optimize their Operations Center have the potential for huge gains.

      Calculate the potential gains of targets

      Complete page five of the IT Operations Center Stakeholder Buy-In Presentation.

      • Multiply the targeted/estimated % reductions of the costs by your current costs to determine the potential savings/benefits.
      • Do a back-of-the napkin estimate of the cost of the Operations Center improvement project. Use reasonable numbers for cost of personnel time and cost of tools, and be sure to include ongoing personnel time costs – your time isn’t free and continual improvement takes work and effort.
      • Calculate the ROI.

      Fill out the case study

      • Complete page six of the IT Operations Center Stakeholder Buy-In Presentation. If you completed the lightning phase, use the results of your own quick win project(s) as an example of feasibility.
      • If you did not complete the lightning phase, delete this slide, or use an example of what other organizations have achieved to demonstrate feasibility.
      This image contains a screenshot of info-tech's default format for presenting case studies.

      Present to stakeholders

      • Deliver the presentation to key stakeholders.
      • Focus on the high-level story that the current state is costing real dollars and wages, and that these losses can be minimized through process improvements.
      • Be up front that many of the numbers are based on estimates, but be prepared to defend the reasonableness of the estimates.

      Gain buy-in and identify project sponsor

      • If the business is on board with the project, determine one person to be the executive sponsor for the project. This person should have a strong desire to see the project succeed, and should have some skin in the game.

      Formalize communication with the project sponsor

      • Establish how you will communicate with the sponsor throughout the project (e.g. weekly or monthly e-mail updates, bi-weekly meetings).
      • Set up a regular/recurring cadence and stick to it, so it can be put on auto-pilot. Be clear about who is responsible for initiating communication and sticking to the reporting schedule.

      Info-Tech Insight

      Tailor communication to the sponsor. The project sponsor is not the project manager. The sponsor’s role is to drive the project forward by allocating appropriate resources and demonstrating highly visible support to the broader organization. The sponsor should be kept in the loop, but not bothered with minutiae.

      Note the starting numbers for the holy trinity

      Use the IT Operations Center Continual Improvement Tracker:

      • Enter your starting numbers for the holy trinity of metrics.
      • After planning and implementing initiatives, this tracker will be used to update against the holy trinity to assess the success of the project on an ongoing basis and to drive continual improvement.

      PHASE 2

      Define Accountability and Metrics

      Optimize the IT Operations Center

      Step 2.1: Define Accountabilities

      This step will walk you through the following activities:

      • Formalize RACI for key processes.
      • Formalize RACI for key tasks.

      Outcomes of this step

      • Completed RACIs

      List key Operations Center processes

      Compile a list of processes that are key for the Operations Center.

      These processes should include the four foundational processes:

      • Service Desk
      • Incident Management
      • Problem Management
      • Change Management

      You may also want to include processes such as the following:

      • Event Management
      • Configuration Management

      Avoid listing processes you have yet to develop – stick with those already playing a role in your current state.

      Formalize RACI for key processes

      Use the IT Operations Center RACI Charts Template. Complete a RACI for each of the key processes involved in the IT Operations Center.

      RACI:

      • Responsible (does the work on a day-to-day basis)
      • Accountable (reviews, signs off, and is held accountable for outcomes)
      • Consulted (input is sought to feed into decision making)
      • Informed (is given notification of outcomes)

      As a best practice, no more than one person should be responsible or accountable for any given process. The same person can be both responsible and accountable for a given process, or it could be two different people.

      Avoid making someone accountable for a process if they do not have full visibility into the process for appropriate oversight, or do not have time to give the process sufficient attention.

      Formalize RACI for IT tasks

      Now think about the actual tasks or work that goes on in IT. Which roles and individuals are accountable for which tasks or pieces of work?

      In this case, more than one role/person can be listed as responsible or accountable in the RACI because we’re talking about types or categories of work. No conflict will occur because these individuals will be responsible or accountable for different pieces of work or individual tasks of the same type. (e.g. all service desk staff are responsible for answering phones and inputting tickets into the ITSM tool, but no more than one staff member is responsible for the input of any given ticket from a specific phone call).

      Step 2.2: Define Metrics

      This step will walk you through the following activities:

      • Cascade operational metrics from the holy trinity.
      • Evaluate metrics and identify key performance indicators (KPIs).
      • Cascade performance assessment (PA) metrics to support KPIs.
      • Build feedback loop for PA metrics.

      Outcomes of this step

      • KPIs
      • PA metrics

      Metrics must span across silos for shared accountability

      To adequately support the business goals of the organization, IT metrics should span across functional silos.

      Metrics that span across silos foster shared accountability across the IT organization.

      Metrics supported by all groups

      three grain silos are depicted. below, are the words IT Groups, with arrows pointing from the words to each of the three silos.

      Cascade operational metrics from the holy trinity

      Focus on the holy trinity of metrics.

      From these, cascade down to operational metrics that contribute to the holy trinity. It is possible that an operational metric may support more than one trinity metric. For example:

      a flow chart is depicted. two input circles point toward a central circle, and two output circles point away. the input circles include: Cost of Downtime; Cost of Incident Response. The central circle reads: Mean time to restore service. the output circles include the words: Tier 1 Resolution Rate; %% of Known Errors Captured in ITSM Tool.

      Evaluate metrics and identify KPIs

        • Evaluate your operational metrics and determine which ones are likely to have the largest impact on the holy trinity of metrics.
        • Identify the ten metrics likely to have the most impact: these will be your KPIs moving forward.
        • Enter these KPIs into the IT Operations Center Continual Improvement Tracker.
        this image depicts a cycle around the term KPI. The cycle includes: Objective; Measurement; optimization; strategy; performance; evaluation

      Beware how changing variables/context can affect metrics

      • Changes in context can affect metrics drastically. It’s important to keep the overall context in mind to avoid being led astray by certain numbers taken in isolation.
      • For example, a huge hiring spree might exhaust the stock of end-user devices, requiring time to procure hardware before the onboarding tickets can be completely fulfilled. You may have improved your onboarding process through automation, but see a large increase in average time to onboard a new user. Keep an eye out for such anomalies or fluctuations, and avoid putting too much stock in any single operational KPI.
      • Remember, operational KPIs are just a heuristic tool to support the holy trinity of metrics.

      Determine accountability for KPIs

      • For each operational KPI, assign one person to be accountable for that KPI.
      • Be sure the person in charge has the necessary authority and oversight over the processes and personnel that most affect that KPI – otherwise it makes little sense to hold the individual accountable.
      • Consulting your process RACIs is a good place to start.
      • Record the accountable person for each KPI in the IT Operations Center Continual Improvement Tracker.

      Info-Tech Best Practice

      Match accountability with authority. The person accountable for each KPI should be the one who has the closet and most direct control over the work and processes that most heavily impact that KPI.

      Cascade PA metrics to support KPIs

      KPIs are ultimately driven by how IT does its work, and how individuals work is driven by how their performance is assessed and evaluated.

      For the top KPIs, be sure there are individual PA metrics in place that support the KPI, and if not, develop the appropriate PA metrics.

      For example:

      • KPI: Mean time to resolve incidents
      • PA metric: % of escalations that followed SOP (e.g. not holding onto a ticket longer than supposed to)
      • KPI: Number of knowledge base articles written
      • PA metric: Number of knowledge base articles written/contributed to

      Communicate key changes in PA metrics

      Any changes from the previous step will take time and effort to implement and make stick.

      Changing people’s way of working is extremely difficult.

      Build a communication and implementation plan about rolling out these changes, emphasize the benefits for everyone involved, and get buy-in from the affected staff members.

      Build feedback loops for PA metrics

      Now that PA metrics support your Operations Center’s KPIs, you should create frequent feedback loops to drive and boost those PA metrics.

      Once per year or once per quarter is not frequent enough. Managers should meet with their direct reports at least monthly and review their reports’ performance against PA metrics.

      Use a “set it and forget it” implementation, such as a recurring task or meeting in your calendar.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts

      this is a picture of an Info-Tech Analyst

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
      The following are sample activities that will be conducted by Info-Tech analysts with your team:
      2.2.1 This image contains a screenshot from section 2.2.1 of this blueprint.

      Cascade operational metrics from the holy trinity

      Rank goals based on business impact and stakeholder pecking order.

      2.2.2 this image contains a screenshot from section 2.2.2 of this blueprint.

      Determine accountability for KPIs

      Craft a concise and compelling elevator pitch that will drive the project forward.

      PHASE 3

      Assess Gaps and Prioritize Initiatives

      Optimize the IT Operations Center

      Step 3.1: Assess Gaps

      This step will walk you through the following activities:

      • Assess visibility provided by monitoring.
      • Assess process workflows and identify areas for automation.
      • Assess requests and identify potential for automation.
      • Assess Operations Center staff capabilities.
      • Conduct a root cause analysis on the gaps/pain points.

      Outcomes of this step

      • List of gaps
      • List of root causes

      Measure current state of KPIs and identify lagging ones

      Take a baseline measurement of each operational KPI.

      If historical data is available, compare the present state measurement to data points collected over the last year or so.

      Review the measured KPIs.

      Identify any KPIs that seem lagging or low, or that may be particularly important to influence.

      Record lagging KPIs in the IT Operations Center Gap and Initiative Tracker tool.

      Assess visibility provided by monitoring

      List the top five most critical business services supported by IT.
      Assess the current state of your monitoring tools.

      For each business service, rate the level of visibility your monitoring tools allow from the following options:

      1. We have no visibility into the service, or lack visibility into crucial elements.
      2. We have basic visibility (up/down) into all the IT components that support the service.
      3. We have basic visibility (up/down) into the end service itself, in addition to all the IT components that make it up.
      4. We have some advanced visibility into some aspects of the service and/or its IT components.
      5. We have a full, end-to-end view of performance across all the layers of the stack, as well as the end business service itself.

      Identify where more visibility may be necessary

      For most organizations it isn’t practical to have complete visibility into everything. For the areas in which visibility is lacking into key services, think about whether more visibility is actually required or not. Consider some of the following questions:

      • How great is the impact of this service being unavailable?
      • Would greater visibility into the service significantly reduce the mean time to restore the service in the event of incidents?

      Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

      Assess alerting

      Assess alerting for your most critical services.

      Consider whether any of the following problems occur:

      • Often receive no alert(s) in the event of critical outages of key services (we find out about critical outages from the service desk).
      • We are regularly overwhelmed with too many alerts to investigate properly.
      • Our alerts are rarely actionable.
      • We often receive many false alerts.

      Identify areas for potential improvement in the managing of alerts. Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

      Assess process workflows and identify areas for automation

      Review your process flows for base processes such as Service Desk, Incident Management, Problem Management, and Change Management.

      Identify areas in the workflows where there may be defects, inefficiencies, or potential for improvement or automation.

      Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

      See the blueprint Prepare for Cognitive Service Management for process workflows and areas to look for automation possibilities.

      Prepare for Cognitive Service Management

      Make ready for AI-assisted IT operations.

      Assess requests and identify potential for automation

      • Assess the most common work orders or requests handled by the Operations Center group (i.e. this does not include requests fulfilled by the help desk).
      • Which work orders are the most painful? That is, what common work orders involve the greatest effort or the most manual work to fulfill?
      • Fulfillment of common, recurring work orders is MRW, and should be reduced or removed if possible.
      • Consider automation of certain work orders, or self-service delivery.
      • Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

      Assess Operations Center staff capabilities

      • Assess the skills and expertise of your team members.
      • Consider some of the following:
        • Are there team members who could perform their job more effectively by picking up certain skills or proficiencies?
        • Are there team members who have the potential to shift into more valuable or useful roles, given the appropriate training?
        • Are there individual team members whose knowledge is crucial for operations, and whose function cannot be taken up by others?

      Record any deficiencies in the IT Operations Center Gap and Initiative Tracker tool.

      Info-Tech Insight

      Train to avoid pain. All too often organizations expose themselves to significant key person risk by relying on the specialized skills and knowledge of one team member. Use cross training to remedy such single points of failure before the risk materializes.

      Brainstorm pain points

      Brainstorm any pain points not discussed in the previous areas.

      Pain points can be specific operational issues that have not yet been considered. For example:

      • Tom is overwhelmed with tickets.
      • Our MSP often breaches SLA.
      • We don’t have a training budget.

      Record any deficiencies in the IT Operations CenterGap and Initiative Tracker tool.

      Conduct a root cause analysis on the gaps/pain points

      • Pain points can often be symptoms of other deficiencies, or somewhat removed from the actual problem.
      • Using the 5 Whys, conduct a root cause analysis on the pain points for which the causes are not obvious.
      • For each pain point, ask “why” for a sequence of five times, attempting to proceed to the root cause of the issue. This root cause is the true gap that needs to be remedied to resolve the pain point.
      • For example:
        • The Wi-Fi network often goes down in the afternoon.
          • Why?: Its bandwidth gets overloaded.
          • Why?: Many people are streaming video.
          • Why?: There’s a live broadcast of a football game at that time.
        • Possible solutions:
          • Block access to the streaming services.
          • Project the game on a screen in a large conference room and encourage everyone to watch it there.

      Step 3.2: Plan Initiatives

      This step will walk you through the following activities:

      • Brainstorm initiatives to boost KPIs and address gaps.
      • Prioritize potential initiatives.
      • Decide which initiatives to include on the roadmap.

      Outcomes of this step

      • Targeted improvement roadmap

      Brainstorm initiatives to boost KPIs and address gaps

      Prioritize potential initiatives

      3.2.1 IT Operations Center Initiative Prioritization Tool

      • Use the IT Operations Center Initiative Prioritization Tool.
      • Enter the initiatives into the tool.
      • For each initiative, input the following ranking criteria:
        • The metric/KPI’s estimated degree of impact on the holy trinity.
        • The gap or pain point’s estimated degree of impact on the metric/KPI.
        • The initiative’s estimated degree of positive impact on the gap or pain point
        • The initiative’s attainability.
      • Estimate the resourcing capacity required for each initiative.
      • For accurate capacity assessment, input as “force include” all current in-flight projects handled by the Operations Center group (including those unrelated to the Operations Center project).

      Decide which initiatives to include on the roadmap

      • Not all initiatives will be worth pursuing – and especially not all at once.
      • Consider the results displayed on the final tab of the IT Operations CenterInitiative Prioritization Tool.
      • Based on the prioritization and taking capacity into account, decide which initiatives to include on your roadmap.
      • Sometimes, for operational or logistical reasons, it may make sense to schedule an initiative at a time other than its priority might dictate. Make such exceptions on a case-by-case basis.

      Assign an owner to each initiative, and provide resourcing

      • For each initiative, assign one person to be the owner of that initiative.
      • Be sure that person has the authority and the bandwidth necessary to drive the initiative forward.
      • Secure additional resourcing for any initiatives you want to include on your roadmap that are lacking capacity.

      Info-Tech Insight

      You must invest resources in order to reduce the time spent on non-value-adding work.

      "The SRE model of working – and all of the benefits that come with it – depends on teams having ample capacity for engineering work. If toil eats up that capacity, the SRE model can’t be launched or sustained. An SRE perpetually buried under toil isn’t an SRE, they are just a traditional long-suffering SysAdmin with a new title."– David N. Blank-Edelman

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts

      this is a picture of an Info-Tech Analyst

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
      The following are sample activities that will be conducted by Info-Tech analysts with your team:
      3.1.1 This image contains a screenshot from section 3.1.1 of this blueprint.

      Conduct a root cause analysis on the gaps/pain points

      Find out the cause, so you can come up with solutions.

      3.2.1 this image contains a screenshot from section 3.2.1 of this blueprint.

      Prioritize potential initiatives

      Don’t try to boil the ocean. Target what’s manageable and what will have the most impact.

      PHASE 4

      Launch Initiatives and Track Metrics

      Optimize the IT Operations Center

      Step 4.1: Lay Foundation

      This step will walk you through the following activities:

      • Build initiative communication plan.
      • Develop a testing plan for each technical initiative.

      Outcomes of this step

      • Communication plan
      • Testing plan(s)

      Expect resistance to change

      • It’s not as simple as rolling out what you’ve designed.
      • Anything that affects people’s way of working will inevitably be met with suspicion and pushback.
      • Be prepared to fight the battle.
      • "The hardest part is culture. You must get people to see the value of automation. Their first response is ‘We've been doing it this way for 10 years, why do we need to do it another way?’ It's hard to get someone out of their comfort zone to learn something new, especially when they've been at an organization for 20 years. You need to give them incentives."– Cyrus Kalatbari, Senior IT Architect, Infrastructure/Cloud

      Communicate changes in advance, along with their benefits!

      • Communicate changes well in advance of the date(s) of implementation.
      • Emphasize the benefits of the changes – not just for the organization, but for employees and staff members.
      • Advance communication of changes helps make them more palatable, and builds trust in employees by making them feel informed of what’s going on.

      Involve IT staff in design and implementation of changes

      • As you communicate the coming changes, take the opportunity to involve any affected staff members who have not yet participated in the project.
      • Solicit their feedback and get them to help design and implement the initiatives that involve significant changes to their roles.

      Develop a testing plan for each technical initiative

      • Some initiatives, such as appointing a new change manager or hiring a new staff member, do not make sense to test.
      • On the other hand, technical initiatives such as automation scripts, new monitoring tools or dashboards, and changed alert thresholds should be tested thoroughly before implementation.
      • For each technical initiative, think about the expected results and performance if it were to run in production, and build a test plan to ensure it behaves as expected and there are no corner cases.

      Test technology initiatives and iterate if necessary

      • Test each technical initiative under a variety of circumstances, with as close an environment to production as possible.
      • Try to develop corner cases or unusual or unexpected situations, and see if any of these will break the functionality or produce unintended or unexpected results.
      • Document the results of the testing, and iterate on the initiative and test again if necessary.

      "The most important things – and the things that people miss – are prerequisites and expected results. People jump out and build scripts, then the scripts go into the ditch, and they end up debugging in production." – Darin Stahl, Research Director, Infrastructure & Operations

      Step 4.2: Launch and Measure

      This step will walk you through the following activities:

      • Launch initiatives and track adoption and effectiveness.
      • Investigate initiatives that appear ineffective.
      • Measure success with the holy trinity.

      Outcomes of this step

      • Continual improvement roadmap

      Establish a review cycle for each metric

      Info-Tech Best Practice

      Don’t measure what doesn’t matter. If a metric is not going to be reviewed or reported on for informational or decision-making purposes, it should not be tracked.

      Launch initiatives and track adoption and effectiveness

      • Launch the initiatives.
      • Some initiatives will need to proceed through your change management process in order to roll out, but others will not.
      • Track the adoption of initiatives that require it.
        • Some initiatives will require tracking of adoption, whereas others will not.
        • For example, hiring a new service desk staff member does not require tracking of adoption, but implementing a new process for ticket handling does.
        • The implementation plan should include a way to measure the adoption of such initiatives, and regularly review the numbers to see if the implementation has been successful.
      • For all initiatives, measure their effectiveness by continuing to track the KPI/metric that the initiative is intended to influence.

      Assess metrics according to review cycle for continual improvement

      • Assess metrics according to the review cycle.
      • Note whether metrics are improving in the right direction or not.
      • Correlate changes in the metrics with measures of the adoption of the initiatives – see whether initiatives that have been adopted are moving the needle on the KPIs they are intended to.

      Investigate initiatives that appear ineffective

      • If the adoption of an initiative has succeeded, but the expected impact of that initiative on the KPI has not taken place, investigate further and conduct a root causes analysis to determine why this is the case.
      • Sometimes, anomalies or fluctuations will occur that cause the KPI not to move in accordance with the success of the initiative. In this case, it’s just a fluke and the initiative can still be successful in influencing the KPI over the long term.
      • Other times, the initiative may prove mostly or entirely ineffective, either due to misdesign of the initiative itself, a change of circumstances, or other compounding factors or complexities. If the initiative proves ineffective, consider iterating modifications of the initiative and continuing to measure the effect on KPIs – or perhaps killing the initiative altogether.
      • Remember that experimentation is not a bad thing – it’s okay that not every initiative will always prove worthwhile.

      Measure success with the holy trinity

      • Report to business stakeholders on the effect on the holy trinity of metrics at least annually.
      • Calculate the ROI of the project after two years and compare the results to the targeted ROI you initially presented in the IT Operations Center Stakeholder Buy-In Presentation.
      This image contains a Funnel Chart showing the inputs: Downtime; Cost of Incident Response; MRW; and the output: Reduce for continual improvement

      Iterate on the Operations Center process for continual improvement

      This image depicts a cycle, which includes: Data analysis; Executive Sponsorship; Success Criteria; Gap Assessment; Initiatives; Tracking & Measurement

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts

      this is a picture of an Info-Tech Analyst

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.
      The following are sample activities that will be conducted by Info-Tech analysts with your team:
      4.1.1This image contains a screenshot from section 3.1.1 of this blueprint.

      Communicate changes in advance, along with their benefits!

      Rank goals based on business impact and stakeholder pecking order.

      4.1.2 this image contains a screenshot from section 3.2.1 of this blueprint.

      Develop a testing plan for each technical initiative

      Craft a concise and compelling elevator pitch that will drive the project forward.

      Research contributors and experts
      This is a picture of Cyrus Kalatbari, IT infrastructure/cloud architect

      Cyrus Kalatbari, IT Infrastructure/Cloud Architect

      Cyrus’ in-depth knowledge cutting across I&O and service delivery has enhanced the IT operations of multiple enterprise-class clients.

      This is a picture of Derek Cullen, Chief Technology Officer

      Derek Cullen, Chief Technology Officer

      Derek is a proven leader in managing enterprise-scale development, deployment, and integration of applications, platforms, and systems, with a sharp focus on organizational transformation and corporate change.

      This is a picture of Phil Webb, Senior Manager

      Phil Webb, Senior Manager – Unified Messaging and Mobility

      Phil specializes in service delivery for cloud-based and hybrid technology solutions, spanning requirements gathering, solution design, new technology introduction, development, integration, deployment, production support, change/release delivery, maintenance, and continuous improvement.

      This is a picture of Richie Mendoza, IT Services Delivery Consultant

      Richie Mendoza, IT Services Delivery Consultant

      Ritchie’s accomplishments include pioneering a cloud capacity management process and presenting to the Operations team and to higher management, while providing a high level of technical leadership in all phases of capacity management activities.

      This is a picture of Rob Thompson, Solutions Architect

      Rob Thomson, Solutions Architect

      Rob is an IT leader with a track record of creating and executing digital transformation initiatives to achieve the desired outcomes by integrating people, process, and technology into an efficient and effective operating model.

      Related Info-Tech research

      Create a Configuration Management Roadmap

      Right-size your CMDB to improve IT operations.

      Harness Configuration Management Superpowers

      Build a CMDB around the IT services that are most important to the organization.

      Develop an IT Infrastructure Services Playbook

      Automation, SDI, and DevOps – build a cheat sheet to manage a changing Infrastructure & Operations environment.

      Develop an Availability and Capacity Management Plan

      Manage capacity to increase uptime and reduce costs.

      Establish a Program to Enable Effective Performance Monitoring

      Maximize the benefits of infrastructure monitoring investments by diagnosing and assessing transaction performance, from network to server to end-user interface.

      Bibliography

      Baker, Dan, and Hal Baylor. “How Benchmarking & Streamlining NOC Operations Can Lower Costs & Boost Effectiveness.” Top Operator, Mar. 2017. Web.

      Blank-Edelman, David. Seeking SRE: Conversations About Running Production Systems at Scale. O'Reilly, 2018. Web.

      CA Technologies. “IT Transformation to Next-Generation Operations Centers: Assure Business Service Reliability by Optimizing IT Operations.” CA Technologies, 2014. Web.

      Ditmore, Jim. “Improving Availability: Where to Start.” Recipes for IT, n.d. Web.

      Ennis, Shawn. “A Phased Approach for Building a Next-Generation Network Operations Center.” Monolith Software, 2009. Web.

      Faraclas, Matt. “Why Does Infrastructure Operations Still Suck?” Ideni, 25 Feb. 2016. Web.

      InterOp ITX. “2018 State of the Cloud.” InterOp ITX, Feb. 2018. Web.

      ITIC. “Cost of Hourly Downtime Soars: 81% of Enterprises Say it Exceeds $300K On Average.” ITIC, 2 Aug. 2016. Web.

      Joe the IT Guy. “Availability Management Is Harder Than it Looks.” Joe the IT Guy, 10 Feb. 2016. Web.

      ---. “Do Quick Wins Exist for Availability Management?” Joe the IT Guy, 15 May 2014. Web.

      Lawless, Steve. “11 Top Tips for Availability Management.” Purple Griffon, 4 Jan. 2019. Web.

      Metzler, Jim. “The Next Generation Network Operations Center: How the Focus on Application Delivery is Redefining the NOC.” Ashton, Metzler & Associates, n.d. Web.

      Nilekar, Shirish. “Beyond Redundancy: Improving IT Availability.” Network Computing, 28 Aug. 2015. Web.

      Slocum, Mac. “Site Reliability Engineering (SRE): A Simple Overview.” O’Reilly, 16 Aug. 2018. Web.

      Spiceworks. “The 2019 State of IT.” Spiceworks, 2019. Web

      Do you believe in absolute efficiency?

      Weekend read. Hence I post this a bit later on Friday.
      Lately, I've been fascinated by infinity. And in infinity, some weird algebra pops up. Yet that weirdness is very much akin to what our business stakeholders want, driven by what our clients demand, and hence our KPIs drive us. Do more with less. And that is what absolute efficiency means.

      Register to read more …

      Implement Hardware Asset Management

      • Buy Link or Shortcode: {j2store}312|cart{/j2store}
      • member rating overall impact: 9.4/10 Overall Impact
      • member rating average dollars saved: $29,447 Average $ Saved
      • member rating average days saved: 25 Average Days Saved
      • Parent Category Name: Asset Management
      • Parent Category Link: /asset-management
      • Executives are often aware of the benefits asset management offers, but many organizations lack a defined program to manage their hardware.
      • Efforts to implement hardware asset management (HAM) are stalled because organizations feel overwhelmed navigating the process or under use the data, failing to deliver value.

      Our Advice

      Critical Insight

      • Organizations often implement an asset management program as a one-off project and let it stagnate.
      • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
      • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underutilized. Departments within IT become data siloes, preventing effective use of the data.

      Impact and Result

      • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
      • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
      • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
      • Build and involve an ITAM team in the process from the beginning to help embed the change.
      • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.

      Implement Hardware Asset Management Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should Implement Hardware Asset Management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Lay foundations

      Build the foundations for the program to succeed.

      • Implement Hardware Asset Management – Phase 1: Lay Foundations
      • HAM Standard Operating Procedures
      • HAM Maturity Assessment Tool
      • IT Asset Manager
      • IT Asset Administrator

      2. Procure & receive

      Define processes for requesting, procuring, receiving, and deploying hardware.

      • Implement Hardware Asset Management – Phase 2: Procure and Receive
      • HAM Process Workflows (Visio)
      • HAM Process Workflows (PDF)
      • Non-Standard Hardware Request Form
      • Purchasing Policy

      3. Maintain & dispose

      Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

      • Implement Hardware Asset Management – Phase 3: Maintain and Dispose
      • Asset Security Policy
      • Hardware Asset Disposition Policy

      4. Plan implementation

      Plan the hardware budget, then build a communication plan and roadmap to implement the project.

      • Implement Hardware Asset Management – Phase 4: Plan Implementation 
      • HAM Budgeting Tool
      • HAM Communication Plan
      • HAM Implementation Roadmap
      [infographic]

      Workshop: Implement Hardware Asset Management

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Lay Foundations

      The Purpose

      Build the foundations for the program to succeed.

      Key Benefits Achieved

      Evaluation of current challenges and maturity level

      Defined scope for HAM program

      Defined roles and responsibilities

      Identified metrics and reporting requirements

      Activities

      1.1 Outline hardware asset management challenges.

      1.2 Conduct HAM maturity assessment.

      1.3 Classify hardware assets to define scope of the program.

      1.4 Define responsibilities.

      1.5 Use a RACI chart to determine roles.

      1.6 Identify HAM metrics and reporting requirements.

      Outputs

      HAM Maturity Assessment

      Classified hardware assets

      Job description templates

      RACI Chart

      2 Procure & Receive

      The Purpose

      Define processes for requesting, procuring, receiving, and deploying hardware.

      Key Benefits Achieved

      Defined standard and non-standard requests for hardware

      Documented procurement, receiving, and deployment processes

      Standardized asset tagging method

      Activities

      2.1 Identify IT asset procurement challenges.

      2.2 Define standard hardware requests.

      2.3 Document standard hardware request procedure.

      2.4 Build a non-standard hardware request form.

      2.5 Make lease vs. buy decisions for hardware assets.

      2.6 Document procurement workflow.

      2.7 Select appropriate asset tagging method.

      2.8 Design workflow for receiving and inventorying equipment.

      2.9 Document the deployment workflow(s).

      Outputs

      Non-standard hardware request form

      Procurement workflow

      Receiving and tagging workflow

      Deployment workflow

      3 Maintain & Dispose

      The Purpose

      Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.

      Key Benefits Achieved

      Policies and processes for hardware maintenance and asset security

      Documented workflows for hardware disposal and recovery/redeployment

      Activities

      3.1 Build a MAC policy, request form, and workflow.

      3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.

      3.3 Revise or create an asset security policy.

      3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.

      Outputs

      User move workflow

      Asset security policy

      Asset disposition policy, recovery and disposal workflows

      4 Plan Implementation

      The Purpose

      Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.

      Key Benefits Achieved

      Shortlist of ITAM tools

      Hardware asset budget plan

      Communication plan and HAM implementation roadmap

      Activities

      4.1 Generate a shortlist of ITAM tools that will meet requirements.

      4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.

      4.3 Build HAM policies.

      4.4 Develop a communication plan.

      4.5 Develop a HAM implementation roadmap.

      Outputs

      HAM budget

      Additional HAM policies

      HAM communication plan

      HAM roadmap tool

      Further reading

      Implement Hardware Asset Management

      Build IT services value on the foundation of a proactive asset management program.

      ANALYST PERSPECTIVE

      IT asset data impacts the entire organization. It’s time to harness that potential.

      "Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.

      A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.

      As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group

      Our understanding of the problem

      This Research Is Designed For:

      • Asset Managers and Service Delivery Managers tasked with developing an asset management program who need a quick start.
      • CIOs and CFOs who want to reduce or improve budgeting of hardware lifecycle costs.
      • Information Security Officers who need to mitigate the risk of sensitive data loss due to insecure assets.

      This Research Will Help You:

      • Develop a hardware asset management (HAM) standard operating procedure (SOP) that documents:
        • Process roles and responsibilities.
        • Data classification scheme.
        • Procurement standards, processes, and workflows for hardware assets.
        • Hardware deployment policies, processes, and workflows.
        • Processes and workflows for hardware asset security and disposal.
      • Identify requirements for an IT asset management (ITAM) solution to help generate a shortlist.
      • Develop a hardware asset management implementation roadmap.
      • Draft a communication plan for the initiative.

      Executive summary

      Situation

      • Executives are aware of the numerous benefits asset management offers, but many organizations lack a defined ITAM program and especially a HAM program.
      • Efforts to implement HAM are stalled because organizations cannot establish and maintain defined processes and policies.

      Complication

      • Organizations often implement an asset management program as a one- off project and let it stagnate, but asset management needs to be a dynamic, continually involving process to succeed.
      • Organizations often fail to dedicate adequate resources to the HAM process, leading to unfinished processes and inconsistent standards.
      • Hardware asset management programs yield a large amount of useful data. Unfortunately, this data is often underused. Departments within IT become data siloes, preventing effective use of the data.

      Resolution

      • As the IT environment continues to change, it is important to establish consistency in the standards around IT asset management.
      • A current state assessment of your HAM program will shed light on the steps needed to safeguard your processes.
      • Define the assets that will need to be managed to inform the scope of the ITAM program before defining processes.
      • Build and involve an ITAM team in the process from the beginning to help embed the change.
      • Define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
      • Pace yourself; a staged implementation will make your ITAM program a success.

      Info-Tech Insight

      1. HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
      2. ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
      3. Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

      Implement HAM to reduce and manage costs, gain efficiencies, and ensure regulatory compliance

      Save & Manage Money

      • Companies with effective HAM practices achieve cost savings through redeployment, reduction of lost or stolen equipment, power management, and on-time lease returns.
      • The right HAM system will enable more accurate planning and budgeting by business units.

      Improve Contract Management

      • Real-time asset tracking to vendor terms and conditions allows for more effective negotiation.

      Inform Technology Refresh

      • HAM provides accurate information on hardware capacity and compatibility to inform upgrade and capacity planning

      Gain Service Efficiencies

      • Integrating the hardware lifecycle with the service desk will enable efficiencies through Install/Moves/Adds/Changes (IMAC) processes, for larger organizations.

      Meet Regulatory Requirements

      • You can’t secure organizational assets if you don’t know where they are! Meet governance and privacy laws by knowing asset location and that data is secure.

      Prevent Risk

      • Ensure data is properly destroyed through disposal processes, track lost and stolen hardware, and monitor hardware to quickly identify and isolate vulnerabilities.

      HAM is more than just inventory; 92% of organizations say that it helps them provide better customer support

      Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.

      Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.

      Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.

      A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)

      HAM delivers cost savings beyond only the procurementstage

      HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.

      HAM delivers cost savings in several ways:

      • Use a discovery tool to identify assets that may be retired, redeployed, or reused to cut or reallocate their costs.
      • Enforce power management policies to reduce energy consumption as well as costs associated with wasted energy.
      • Enforce policies to lock down unauthorized devices and ensure that confidential information isn’t lost (and you don’t have to waste money recovering lost data).
      • Know the location of all your assets and which are connected to the network to ensure patches are up to date and avoid costly security risks and unplanned downtime.
      • Scan assets to identify and remediate vulnerabilities that can cause expensive security attacks.
      • Improve vendor and contract management to identify areas of hardware savings.

      The ROI for HAM is significant and measurable

      Benefit Calculation Sample Annual Savings

      Reduced help desk support

      • The length of support calls should be reduced by making it easier for technicians to identify PC configuration.
      # of hardware-related support tickets per year * cost per ticket * % reduction in average call length 2,000 * $40 * 20% = $16,000

      Greater inventory efficiency

      • An ITAM solution can automate and accelerate inventory preparation and tasks.
      Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640

      Improved employee productivity

      • Organizations can monitor and detect unapproved programs that result in lost productivity.
      # of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate 500 employees * 10% * 156 hours * $18 = $140,400

      Improved security

      • Improved asset tracking and stronger policy enforcement will reduce lost and stolen devices and data.
      # of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device (50 * $1,000) + (50 * $5,000) = $300,000
      Total Savings: $459,040
      1. Weigh the return against the annual cost of investing in an ITAM solution to calculate the ROI.
      2. Don’t forget about the intangible benefits that are more difficult to quantify but still significant, such as increased visibility into hardware, more accurate IT planning and budgeting, improved service delivery, and streamlined operations.

      Avoid these common barriers to ITAM success

      Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:

      Organizational resistance to change

      Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.

      Lack of dedicated resources

      ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.

      Focus on tool over process

      Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.

      Choosing a tool or process that doesn’t scale

      Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.

      Using data only to respond to an audit without understanding root causes

      Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.

      To help you make quick progress, Info-Tech Research Group parses hardware asset management into essential processes

      Focus on hardware asset lifecycle management essentials:

      IT Asset Procurement:

      • Define procurement standards for new hardware along with related warranties and support options.
      • Develop processes and workflows for purchasing and work out financial implications to inform budgeting later.

      IT Asset Intake and Deployment:

      • Define policies, processes, and workflows for hardware and receiving, inventory, and tracking practices.
      • Develop processes and workflows for managing imaging, change and moves, and large-scale rollouts.

      IT Asset Security and Maintenance:

      • Develop processes, policies, and workflows for asset tracking and security.
      • Maintain contracts and agreements.

      IT Asset Disposal or Recovery:

      • Manage the employee termination and equipment recovery cycle.
      • Securely wipe and dispose of assets that have reached retirement stage.

      The image is a circular graphic, with Implement HAM written in the middle. Around the centre circle are four phrases: Recover or Dispose; Plan & Procure; Receive & Deploy; Secure & Maintain. Around that circle are six words: Retire; Plan; Request; Procure; Receive; Manage.

      Follow Info-Tech’s methodology to build a plan to implement hardware asset management

      Phase 1: Assess & Plan Phase 2: Procure & Receive Phase 3: Maintain & Dispose Phase 4: Plan Budget & Build Roadmap
      1.1 Assess current state & plan scope 2.1 Request & procure 3.1 Manage & maintain 4.1 Plan budget
      1.2 Build team & define metrics 2.2 Receive & deploy 3.2 Redeploy or dispose 4.2 Communicate & build roadmap
      Deliverables
      Standard Operating Procedure (SOP)
      HAM Maturity Assessment Procurement workflow User move workflow HAM Budgeting Tool
      Classified hardware assets Non-standard hardware request form Asset security policy HAM Communication Plan
      RACI Chart Receiving & tagging workflow Asset disposition policy HAM Roadmap Tool
      Job Descriptions Deployment workflow Asset recovery & disposal workflows Additional HAM policies

      Asset management is a key piece of Info-Tech's COBIT- inspired IT Management and Governance Framework

      The image shows a graphic which is a large grid, showing Info-Tech's research, sorted into categories.

      Cisco IT reduced costs by upwards of $50 million through implementing ITAM

      CASE STUDY

      Industry IT

      Source Cisco Systems, Inc.

      Cisco Systems, Inc.

      Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.

      Asset Management

      As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.

      Results

      Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.

      This case study continues in phase 1

      The image shows four bars, from bottom to top: 1. Asset Gathering; 2. Asset Distribution; 3. Asset Protection; 4. Asset Data. On the right, there is an arrow pointing upwards labelled ITAM Program Maturity.

      Info-Tech delivers: Use our tools and templates to accelerate your project to completion

      HAM Standard Operating Procedures (SOP)

      HAM Maturity Assessment

      Non-Standard Hardware Request Form

      HAM Visio Process Workflows

      HAM Policy Templates

      HAM Budgeting Tool

      HAM Communication Plan

      HAM Implementation Roadmap Tool

      Measured value for Guided Implementations (GIs)

      Engaging in GIs doesn’t just offer valuable project advice, it also results in significant cost savings.

      GI Measured Value
      Phase 1: Lay Foundations
      • Time, value, and resources saved by using Info-Tech’s tools and templates to assess current state and maturity, plan scope of HAM program, and define roles and metrics.
      • For example, 2 FTEs * 14 days * $80,000/year = $8,615
      Phase 2: Procure & Receive
      • Time, value, and resources saved by using Info-Tech’s tools and templates to build processes for hardware request, procurement, receiving, and deployment.
      • For example, 2 FTEs * 14 days * $80,000/year = $8,615
      Phase 3: Maintain & Dispose
      • Time, value, and resources saved by following Info-Tech’s tools and methodology to build processes and policies for managing and maintaining hardware and disposing or redeploying of equipment.
      • For example, 2 FTE * 14 days * $80,000/year = $8,615
      Phase 4: Plan Implementation
      • Time, value, and resources saved by following Info-Tech’s tools and methodology to select tools, plan the hardware budget, and build a roadmap.
      • For example, 2 FTE * 14 days * $80,000/year = $8,615
      Total savings $25,845

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

      Workshop

      “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

      Consulting

      “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

      Diagnostics and consistent frameworks used throughout all four options

      Guided Implementation overview

      1. Lay Foundations 2. Procure & Receive 3. Maintain & Dispose 4. Budget & Implementation
      Best-Practice Toolkit

      1.1 Assess current state & plan scope

      1.2 Build team & define metrics

      2.1 Request & procure

      2.2 Receive & deploy

      3.1 Manage & maintain

      3.2 Redeploy or dispose

      4.1 Plan budget

      4.2 Communicate & build roadmap

      Guided Implementation
      • Assess current state.
      • Define scope of HAM program.
      • Define roles and metrics.
      • Define standard and non-standard hardware.
      • Build procurement process.
      • Determine asset tagging method and build equipment receiving and deployment processing.
      • Define processes for managing and maintaining equipment.
      • Define policies for maintaining asset security.
      • Build process for redeploying or disposing of assets.
      • Discuss best practices for effectively managing a hardware budget.
      • Build communications plan and roadmap.
      Results & Outcomes
      • Evaluation of current maturity level of HAM
      • Defined scope for the HAM program including list of hardware to track as assets
      • Defined roles and responsibilities
      • Defined and documented KPIs and metrics to meet HAM reporting requirements
      • Defined standard and non- standard requests and processes
      • Defined and documented procurement workflow and purchasing policy
      • Asset tagging method and process
      • Documented equipment receiving and deployment processes
      • MAC policies and workflows
      • Policies and processes for hardware maintenance and asset security
      • Documented workflows for hardware disposal and recovery/redeployment
      • Shortlist of ITAM tools
      • Hardware asset budget plan
      • Communication plan and HAM implementation roadmap

      Workshop overview

      Contact your account representative or email Workshops@InfoTech.comfor more information.

      Phases: Teams, Scope & Hardware Procurement Hardware Procurement and Receiving Hardware Maintenance & Disposal Budgets, Roadmap & Communications
      Duration* 1 day 1 day 1 day 1 day
      * Activities across phases may overlap to ensure a timely completion of the engagement
      Projected Activities
      • Outline hardware asset management goals
      • Review HAM maturity and anticipated milestones
      • Define scope and classify hardware assets
      • Define roles and responsibilities
      • Define metrics and reporting requirements
      • Define standard and non-standard hardware requests
      • Review and document procurement workflow
      • Discuss appropriate asset tagging method
      • Design and document workflow for receiving and inventorying equipment
      • Review/create policy for hardware procurement and receiving
      • Identify data sources and methodology for inventory and data collection
      • Define install/moves/adds/changes (MAC) policy
      • Build workflows to document user MAC processes and design request form
      • Design process and policies for hardware maintenance, warranty, and support documentation handling
      • Design hardware asset recovery and disposal workflows
      • Define budgeting process and review Info-Tech’s HAM Budgeting Tool
      • Develop a communication plan
      • Develop a HAM implementation plan
      Projected Deliverables
      • Standard operating procedures for hardware
      • Visio diagrams for all workflows
      • Workshop summary with milestones and task list
      • Budget template
      • Policy draft

      Phase 1

      Lay Foundations

      Implement Hardware Asset Management

      A centralized procurement process helped cut Cisco’s hardware spend in half

      CASE STUDY

      Industry IT

      Source Cisco Systems, Inc.

      Challenge

      Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.

      Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.

      Solution

      The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.

      The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.

      This information had to be centralized, then consolidated and correlated into a meaningful format.

      Results

      The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.

      This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.

      There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.

      This case study continues in phase 2

      Step 1.1: Assess current state and plan scope

      Phase 1: Assess & Plan

      1.1 Assess current state & plan scope

      1.2 Build team & define metrics

      This step will walk you through the following activities:

      1.1.1 Complete MGD (optional)

      1.1.2 Outline hardware asset management challenges

      1.1.3 Conduct HAM maturity assessment

      1.1.4 Classify hardware assets to define scope of the program

      This step involves the following participants:

      • CIO/CFO
      • IT Director
      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Security (optional)
      • Operations (optional)

      Step Outcomes

      • Understand key challenges related to hardware asset management within your organization to inform program development.
      • Evaluate current maturity level of hardware asset management components and overall program to determine starting point.
      • Define scope for the ITAM program including list of hardware to track as assets.

      Complete the Management & Governance Diagnostic (MGD) to weigh the effectiveness of ITAM against other services

      1.1.1 Optional Diagnostic

      The MGD helps you get the data you need to confirm the importance of improving the effectiveness of your asset management program.

      The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.

      Use the results to understand the urgency to change asset management and its relevant impact on the organization.

      Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.

      To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).

      Sketch out challenges related to hardware asset management to shape the direction of the project

      Common HAM Challenges

      Processes and Policies:

      • Existing asset management practices are labor intensive and time consuming
      • Manual spreadsheets are used, making collaboration and automation difficult
      • Lack of HAM policies and standard operating procedures
      • Asset management data is not centralized
      • Lack of clarity on roles and responsibilities for ITAM functions
      • End users don’t understand the value of asset management

      Tracking:

      • Assets move across multiple locations and are difficult to track
      • Hardware asset data comes from multiple sources, creating fragmented datasets
      • No location data is available for hardware
      • No data on ownership of assets

      Security and Risk:

      • No insight into which assets contain sensitive data
      • There is no information on risks by asset type
      • Rogue systems need to be identified as part of risk management best practices
      • No data exists for assets that contain critical/sensitive data

      Procurement:

      • No centralized procurement department
      • Multiple quotes from vendors are not currently part of the procurement process
      • A lack of formal process can create issues surrounding employee onboarding such as long lead times
      • Not all procurement standards are currently defined
      • Rogue purchases create financial risk

      Receiving:

      • No formal process exists, resulting in no assigned receiving location and no assigned receiving role
      • No automatic asset tracking system exists

      Disposal:

      • No insight into where disposed assets go
      • Formal refresh and disposal system is needed

      Contracts:

      • No central repository exists for contracts
      • No insight into contract lifecycle, hindering negotiation effectiveness and pricing optimization

      Outline hardware asset management challenges

      1.1.1 Brainstorm HAM challenges

      Participants

      • CIO/CFO
      • IT Director
      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Security
      • Operations (optional)

      A. As a group, outline the hardware asset management challenges facing the organization.

      Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:

      • Processes and Policies
      • Tracking
      • Procurement
      • Receiving
      • Security and Risk
      • Disposal
      • Contracts

      B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.

      To be effective with hardware asset management, understand the drivers and potential impact to the organization

      Drivers of effective HAM Results of effective HAM
      Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests.
      Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security.
      Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning.
      Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device.

      Each level of HAM maturity comes with its own unique challenges

      Maturity People & Policies Processes Technology
      Chaos
      • No dedicated staff
      • No policies published
      • Procedures not documented or standardized
      • Hardware not safely secured or tagged
      • Hardware purchasing decisions not based on data
      • Minimal tracking tools in place
      Reactive
      • Semi-focused HAM manager
      • No policies published
      • Reliance on suppliers to provide reports for hardware purchases
      • Hardware standards are enforced
      • Discovery tools and spreadsheets used to manage hardware
      Controlled
      • Full-time HAM manager
      • End-user policies published
      • HAM manager involved in budgeting and planning sessions
      • Inventory tracking is in place
      • Hardware is secured and tagged
      • Discovery and inventory tools used to manage hardware
      • Compliance reports run as needed
      Proactive
      • Extended HAM team, including Help Desk, HR, Purchasing
      • Corporate hardware use policies in place and enforced
      • HAM process integrated with help desk and HR processes
      • More complex reporting and integrated financial information and contracts with asset data
      • Hardware requests are automated where possible
      • Product usage reports and alerts in place to harvest and reuse licenses
      • Compliance and usage reports used to negotiate software contracts
      Optimized
      • HAM manager trained and certified
      • Working with HR, Legal, Finance, and IT to enforce policies
      • Quarterly meetings with ITAM team to review policies, procedures, upcoming contracts, and rollouts; data is reviewed before any financial decisions made
      • Full transparency into hardware lifecycle
      • Aligned with business objectives
      • Detailed savings reports provided to executive team annually
      • Automated policy enforcement and process workflows

      Conduct a hardware maturity assessment to understand your starting point and challenges

      1.1.3 Complete HAM Maturity Assessment Tool

      Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.

      An effective asset management project has four essential components, with varying levels of management required

      The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.

      Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.

      Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.

      Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.

      Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.

      See Harness Configuration Management Superpowers to learn more about building a CMDB.

      Classify your hardware assets to determine the scope and strategy of the program

      Asset: A unique device or configuration of devices that enables a user to perform productive work tasks and has a defined location and ownership attributes.

      • Hardware asset management involves tracking and managing physical components from procurement through to retirement. It provides the base for software asset management and is an important process that can lead to improved lifecycle management, service request fulfillment, security, and cost savings through harvesting and redeployment.
      • When choosing your strategy, focus on those devices that are high cost and high risk/function such as desktops, laptops, servers, and mobile devices.

      ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.

      INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.

      COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.

      Classify your hardware assets to define the scope of the program

      1.1.4 Define the assets to be tracked within your organization

      Participants

      • Participants
      • CIO/CFO
      • IT Director
      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Security (optional)
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Section 1 – Overview & Scope

      1. Determine value/risk threshold at which items should be tracked (e.g. over $1,000 and holding data).
      2. Divide a whiteboard or flip chart into three columns: commodity, asset, and inventory.
      3. Divide participants into groups by functional role to brainstorm devices in use within the organization. Write them down on sticky notes.
      4. Place the sticky notes in the column that best describes the role of the product in your organization.

      Align the scope of the program with business requirements

      CASE STUDY

      Industry Public Administration

      Source Client Case Study

      Situation

      A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.

      The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.

      However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.

      Complication

      The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.

      What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.

      Resolution

      The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.

      Step 1.2: Build team and define metrics

      Phase 1: Assess & Plan

      1.1 Assess current state & plan scope

      1.2 Build team and define metrics

      This step will walk you through the following activities:

      1.2.1 Define responsibilities for Asset Manager and Asset Administrator

      1.2.2 Use a RACI chart to determine roles within HAM team

      1.2.3 Further clarify HAM responsibilities for each role

      1.2.4 Identify HAM reporting requirements

      This step involves the following participants:

      • CIO/CFO
      • IT Director
      • IT Managers
      • Asset Manager
      • Asset Coordinators
      • ITAM Team
      • Service Desk
      • End-User Device Support Team

      Step Outcomes:

      • Defined responsibilities for Asset Manager and Asset Administrator
      • Documented RACI chart assigning responsibility and accountability for core HAM processes
      • Documented responsibilities for ITAM/HAM team
      • Defined and documented KPIs and metrics to meet HAM reporting requirements

      Form an asset management team to lead the project

      Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.

      Delegate the following roles to team members and grow your team accordingly.

      Asset Manager

      • Responsible for setting policy and governance of process and data accuracy
      • Support budget process
      • Support asset tracking processes in the field
      • Train employees in asset tracking processes

      Asset Administrator

      • The front-lines of asset management
      • Communicates with and supports asset process implementation teams
      • Updates and contributes information to asset databases
      Service Desk, IT Operations, Applications
      • Responsible for advising asset team of changes to the IT environment, which may impact pricing or ability to locate devices
      • Works with Asset Coordinator/Manager to set standards for lifecycle stages
      • The ITAM team should visit and consult with each component of the business as well as IT.
      • Engage with leaders in each department to determine what their pain points are.
      • The needs of each department are different and their responses will assist the ITAM team when designing goals for asset management.
      • Consultations within each department also communicates the change early, which will help with the transition to the new ITAM program.

      Info-Tech Insight

      Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.

      Define the responsibilities for core ITAM/HAM roles of Asset Manager and Asset Administrator

      1.2.1 Use Info-Tech’s job description templates to define roles

      The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:

      • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
      • Forming procurement strategies to optimize technology spend across the organization.
      • Developing and implementing procedures for tracking company assets to oversee quality control throughout their lifecycles.

      The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:

      • Updating and maintaining accurate asset records.
      • Planning, monitoring, and recording software licenses and/or hardware assets to ensure compliance with vendor contracts.
      • Administrative duties within procurement and inventory management.
      • Maintaining records and databases regarding warranties, service agreements, and lifecycle management.
      • Product standardization and tracking.

      Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.

      Organize your HAM team based on where they fit within the strategic, tactical, and operational components

      Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.

      The image shows a flowchart for organizing the HAM team, structured by three components: Strategic (at the top); Tactical (in the middle); and Operational (at the bottom). The chart shows how the job roles flow together within the hierarchy.

      Determine the roles and responsibilities of the team who will support your HAM program

      1.2.2 Complete a RACI

      A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.

      Participants

      • Project Sponsor
      • IT Director, CIO
      • Project Manager
      • IT Managers and Asset Manager(s)
      • ITAM Team

      Document

      Document in the Standard Operating Procedure.

      Instructions:

      1. Write out the list of all stakeholders along the top of a whiteboard. Write out the key initiative steps for the consolidation project along the left side (use this list as a starting point).
      2. For each initiative, identify each team member’s role. Are they:
        • Responsible? The one responsible for getting the job done.
        • Accountable? Only one person can be accountable for each task.
        • Consulted? Involved through input of knowledge and information.
        • Informed? Receive information about process execution and quality.
      3. As you proceed through the initiative, continue to add tasks and assign responsibility to this RACI chart.

      A sample RACI chart is provided on the next slide

      Start with a RACI chart to determine the responsibilities

      1.2.2 Complete a RACI chart for your organization

      HAM Tasks CIO CFO HAM Manager HAM Administrator Service Desk (T1,T2, T3) IT Operations Security Procurement HR Business Unit Leaders Compliance /Legal Project Manager
      Policies and governance A I R I I C I C C I I
      Strategy A R R R R
      Data entry and quality management C I A I C C I I C C
      Risk management and asset security A R C C R C C
      Process compliance auditing A R I I I I I
      Awareness, education, and training I A I I C
      Printer contracts C A C C C R C C
      Hardware contract management A I R R I I R R I I
      Workflow review and revisions I A C C C C
      Budgeting A R C I C
      Asset acquisition A R C C C C I C C
      Asset receiving (inspection/acceptance) I A R R I
      Asset deployment A R R I I
      Asset recovery/harvesting A R R I I
      Asset disposal C A R R I I
      Asset inventory (input/validate/maintain) I I A/R R R R I I I

      Further clarify HAM responsibilities for each role

      1.2.3 Define roles and responsibilities for the HAM team

      Participants

      • Participants IT Asset Managers and Coordinators
      • ITAM Team
      • IT Managers and IT Director

      Document

      1. Discuss and finalize positions to be established within the ITAM/HAM office as well as additional roles that will be involved in HAM.
      2. Review the sample responsibilities below and revise or create responsibilities for each key position within the HAM team.
      3. Document in the HAM Standard Operating Procedures.
      Role Responsibility
      IT Manager
      • Responsible for writing policies regarding asset management and approving final documents
      • Build and revise budget, tracking actual spend vs. budget, seeking final approvals from the business
      • Process definition, communication, reporting and ensuring people are following process
      • Awareness campaign for new policy and process
      Asset Managers
      • Approval of purchases up to $10,000
      • Inventory and contract management including contract review and recommendations based on business and IT requirements
      • Liaison between business and IT regarding software and hardware
      • Monitor and improve workflows and asset related processes
      • Monitor controls, audit and recommend policies and procedures as needed
      • Validate, manage and analyze data as related to asset management
      • Provide reports as needed for decision making and reporting on risk, process effectiveness and other purposes as required
      • Asset acquisition and disposal
      Service Desk
      Desktop team
      Security
      Infrastructure teams

      Determine criteria for success: establish metrics to quantify and demonstrate the results and value of the HAM function

      HAM metrics fall in the following categories:

      HAM Metrics

      • Quantity e.g. inventory levels and need
      • Cost e.g. value of assets, budget for hardware
      • Compliance e.g. contracts, policies
      • Quality e.g. accuracy of data
      • Duration e.g. time to procure or deploy hardware

      Follow a process for establishing metrics:

      1. Identify and obtain consensus on the organization’s ITAM objectives, prioritized if possible.
      2. For each ITAM objective, select two or three metrics in the applicable categories (not all categories will apply to all objectives); be sure to select metrics that are achievable with reasonable effort.
      3. Establish a baseline measurement for each metric.
      4. Establish a method and accountability for ongoing measurement and analysis/reporting.
      5. Establish accountability for taking action on reported results.
      6. As ITAM expands and matures, change or expand the metrics as appropriate.

      Define KPIs and associated metrics

      • Identify the critical success factors (CSFs) for your hardware asset management program based on strategic goals.
      • For each success factor, identify the key performance indicators (KPIs) to measure success and specific metrics that will be tracked and reported on.
      • Sample metrics are below:
      CSF KPI Metrics
      Improve accuracy of IT budget and forecasting
      • Asset costs and value
      • Average cost of workstation
      • Total asset spending
      • Total value of assets
      • Budget vs. spend
      Identify discrepancies in IT environment
      • Unauthorized or failing assets
      • Number of unauthorized assets
      • Assets identified as cause of service failure
      Avoid over purchasing equipment
      • Number of unused and underused computers
      • Number of unaccounted-for computers
      • Money saved from harvesting equipment instead of purchasing new
      Make more-effective purchasing decisions
      • Predicted replacement time and cost of assets
      • Deprecation rate of assets
      • Average cost of maintaining an asset
      • Number of workstations in repair
      Improve accuracy of data
      • Accuracy of asset data
      • Accuracy rate of inventory data
      • Percentage improvement in accuracy of audit of assets
      Improved service delivery
      • Time to deploy new hardware
      • Mean time to purchase new hardware
      • Mean time to deploy new hardware

      Identify hardware asset reporting requirements and the data you need to collect to meet them

      1.2.4 Identify asset reporting requirements

      Participants

      • CIO/CFO
      • IT Director
      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Section 13: Reporting

      1. Discuss the goals and objectives of implementing or improving hardware asset management, based on challenges identified in Step 1.2.
      2. From the goals, identify the critical success factors for the HAM program
      3. For each CSF, identify one to three key performance indicators to evaluate achievement of the success factor.
      4. For each KPI, identify one to three metrics that can be tracked and reported on to measure success. Ensure that the metrics are tangible and measurable and will be useful for decision making or to take action.
      5. Determine who needs this information and the frequency of reporting.
      6. If you have existing ITAM data, record the baseline metric.
      CSF KPI Metrics Stakeholder/frequency

      Phase 1 Guided Implementation

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 1: Lay Foundations

      Proposed Time to Completion: 4 weeks

      Step 1.1: Assess current state and plan scope

      Start with an analyst kick-off call:

      • Review challenges.
      • Assess current HAM maturity level.
      • Define scope of HAM program.

      Then complete these activities…

      • Complete MGD (optional).
      • Outline hardware asset management challenges.
      • Conduct HAM maturity assessment.
      • Classify hardware assets to define scope of the program.

      With these tools & templates:

      HAM Maturity Assessment

      Standard Operating Procedures

      Step 1.2: Build team and define metrics

      Review findings with analyst:

      • Define roles and responsibilities.
      • Assess reporting requirements.
      • Document metrics to track.

      Then complete these activities…

      • Define responsibilities for Asset Manager and Asset Administrator.
      • Use a RACI chart to determine roles within HAM team.
      • Document responsibilities for HAM roles.
      • Identify HAM reporting requirements.

      With these tools & templates:

      RACI Chart

      Asset Manager and Asset Administrator Job Descriptions

      Standard Operating Procedures

      Phase 1 Results & Insights:

      For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      1.1.4 Classify hardware assets to define scope of the program

      Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.

      1.2.2 Build a RACI chart to determine responsibilities

      Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.

      Phase 2

      Procure and Receive

      Implement Hardware Asset Management

      Step 2.1: Request and Procure Hardware

      Phase 2: Procure & Receive

      2.1 Request & Procure

      2.2 Receive & Deploy

      This step will walk you through the following activities:

      2.1.1 Identify IT asset procurement challenges

      2.1.2 Define standard hardware requests

      2.1.3 Document standard hardware request procedure

      2.1.4 Build a non-standard hardware request form

      2.1.5 Make lease vs. buy decisions for hardware assets

      2.1.6 Document procurement workflow

      2.1.7 Build a purchasing policy

      This step involves the following participants:

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • CFO or other management representative from Finance

      Step Outcomes:

      • Definition of standard hardware requests for roles, including core vs. optional assets
      • End-user request process for standard hardware
      • Non-standard hardware request form
      • Lease vs. buy decisions for major hardware assets
      • Defined and documented procurement workflow
      • Documented purchasing policy

      California saved $40 million per year using a green procurement strategy

      CASE STUDY

      Industry Government

      Source Itassetmanagement.net

      Challenge

      Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.

      In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.

      Solution

      A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).

      A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.

      Other changes, including improved software license compliance and data center consolidation, were also enacted.

      Results

      Because of the scale of this hardware refresh, the small changes meant big savings.

      A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.

      Improve your hardware asset procurement process to…

      Asset Procurement

      • Standardization
      • Aligned procurement processes
      • SLAs
      • TCO reduction
      • Use of centralized/ single POC

      Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.

      Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.

      Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.

      Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.

      Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.

      Identify procurement challenges to identify process improvement needs

      2.1.1 Identify IT asset procurement challenges

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      1. As a group, brainstorm existing challenges related to IT hardware requests and procurement.
      2. If you get stuck, consider the common challenges listed below.
      3. Use the results of the discussion to focus on which problems can be resolved and integrated into your organization as operational standards.

      Document hardware standards to speed time to procure and improve communications to users regarding options

      The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:

      • What constitutes a non-standard request?
      • Who is responsible for evaluating each type of request? Will there be one individual or will each division in IT elect a representative to handle requests specific to their scope of work?
      • What additional security measures need to be taken?
      • Are there exceptions made for specific departments or high-ranking individuals?

      If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.

      Once you’ve answered questions like these, you can outline your hardware standards as in the example below:

      Use Case Mobile Standard Mac Standard Mobile Power User
      Asset Lenovo ThinkPad T570 iMac Pro Lenovo ThinkPad P71
      Operating system Windows 10 Pro Mac OSX Windows 10 Pro, 64 bit
      Display 15.6" 21.5" 17.3”

      Memory

      32GB 8GB 64GB
      Processor Intel i7 – 7600U Processor 2.3GHz Xeon E3 v6 Processor
      Drive 500GB 1TB 1TB
      Warranty 3 year 1 year + 2 extended 3 year

      Info-Tech Insight

      Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.

      Document specifications to meet environmental, security, and manageability requirements

      Determine environmental requirements and constraints.

      Power management

      Compare equipment for power consumption and ability to remotely power down machines when not in use.

      Heat and noise

      Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.

      Carbon footprint

      Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.

      Ensure security requirements can be met.

      • Determine if network/wireless cards meet security requirements and if USB ports can be turned off to prevent removal of data.
      • Understand the level of security needed for mobile devices including encryption, remote shut down or wipe of hard drives, recovery software, or GPS tracking.
      • Decide if fingerprint scanners with password managers would be appropriate to enable tighter security and reduce the forgotten-password support calls.

      Review features available to enhance manageability.

      • Discuss manageability goals with your IT team to see if any can be solved with added features, for example:
        • Remote control for troubleshooting and remote management of data security settings.
        • Asset management software or tags for bar coding, radio frequency identification (RFID), or GPS, which could be used in combination with strong asset management practices to inventory, track, and manage equipment.

      If choosing refurbished equipment, avoid headaches by asking the right questions and choosing the right vendor

      • Is the equipment functional and for how long is it expected to last?
      • How long will the vendor stand behind the product and what support can be expected?
        • This is typically two to five years, but will vary from vendor to vendor.
        • Will they repair or replace machines? Many will just replace the machine.
      • How big is the inventory supply?
        • What kind of inventory does the vendor keep and for how long can you expect the vendor to keep it?
        • How does the vendor source the equipment and do they have large quantities of the same make and model for easier imaging and support?
      • How complete is the refurbishment process?
        • Do they test all components, replace as appropriate, and securely wipe or replace hard drives?
        • Are they authorized to reload MS Windows OEM?
      • Is the product Open Box or used?
        • Open Box is a new product returned back to the vendor. Even if it is not used, the product cannot be resold as a new product. Open Box comes with a manufacturer’s warranty and the latest operating system.
        • If used, how old is the product?

      "If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group

      Info-Tech Insight

      Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.

      Define standard hardware requests, including core and optional assets

      2.1.2 Identify standards for hardware procurement by role

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • Representatives from all other areas of the business

      Document

      Document in the Standard Operating Procedures, Section 7: Procurement.

      1. Divide a whiteboard into columns representing all major areas of the business.
      2. List the approximate number of end users present at each tier and record these totals on the board.
      3. Distribute sticky notes. Use two different sizes: large sizes represent critically important hardware and small sizes represent optional hardware.
      4. Define core hardware assets for each division as well as optional hardware assets.
      5. Focus on the small sticky notes to determine if these optional purchases are necessary.
      6. Finalize the group decision to determine the standard hardware procurement for each role in the organization. Record results in a table similar to the example below:
      Department Core Hardware Assets Optional Hardware Assets
      IT PC, tablet, monitor Second monitor
      Sales PC, monitor Laptop
      HR PC, monitor Laptop
      Marketing PC (iMac) Tablet, laptop

      Document procedures for users to make standard hardware requests

      2.1.3 Document standard hardware request procedure

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • Representatives from all other areas of the business

      Document

      Document in the Standard Operating Procedures, Section 6: End-User Request Process.

      Discuss and document the end-user request process:

      1. In which cases can users request a primary device?
      2. In which cases can users request a secondary (optional device)?
      3. What justification is needed to approve of a secondary device?
        1. E.g. The request for a secondary device should be via email to the IS Projects and Procurements Officer. This email should outline the business case for why multiple devices are required.
      4. Will a service catalog be available and integrated with an ITAM solution for users to make standard requests? If so, can users also configure their options?
      5. Document the process in the standard operating procedure. Example:

      End-User Request Process

      • Hardware and software will be purchased through the user-facing catalog.
      • Peripherals will be ordered as needed.
      • End-user devices will be routed to business managers for approval prior to fulfillment by IT.
      • Requests for secondary devices must be accompanied by a business case.
      • Equipment replacements due to age will be managed through IT replacement processes.

      Improve the process for ordering non-standard hardware by formalizing the request process, including business needs

      2.1.4 Build a non-standard hardware request form

      • Although the goal should be to standardize as much as possible, this isn’t always possible. Ensure users who are requesting non-standard hardware have a streamlined process to follow that satisfies the justifications for increased costs to deliver.
      • Use Info-Tech’s template to build a non-standard hardware request form that may be used by departments/users requesting non-standard hardware in order to collect all necessary information for the request to be evaluated, approved, and sent to procurement.
      • Ensure that the requestor provides detailed information around the equipment requested and the reason standard equipment does not suffice and includes all required approvals.
      • Include instructions for completing and submitting the form as well as expected turnaround time for the approval process.

      Info-Tech Insight

      Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”

      Identify the information you need to collect to ensure a smooth purchasing process

      Categories Peripherals Desktops/Laptops Servers
      Financial
      • Operational expenses
      • Ordered for inventory with the exceptions of monitors that will be ordered as needed
      • Equipment will be purchased through IT budget
      • Capital expenses
      • Ordered as needed…
      • Inventory kept for…
      • End-user devices will be purchased through departmental budgets
      • Capital expenses
      • Ordered as needed to meet capacity or stability requirements
      • Devices will be purchased through IT budgets
      Request authorization
      • Any user can request
      • Users who are traveling can purchase and expense peripherals as needed, with manager approvals
      • Tier 3 technicians
      Required approvals
      • Manager approvals required for monitors
      • Infrastructure and applications manager up to [$]
      • CIO over [$]
      Warranty requirements
      • None
      • Three years
      • Will be approved with project plan
      Inventory requirements
      • Minimum inventory at each location of 5 of each: mice, keyboards, cables
      • Docking stations will be ordered as needed
      • Laptops (standard): 5
      • Laptops (ultra light): 1
      • Desktops: 5
      • Inventory kept in stock as per DR plan
      Tracking requirements
      • None
      • Added to ITAM database, CMDB
      • Asset tag to be added to all equipment
      • Added to ITAM database, CMDB

      Info-Tech Best Practice

      Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.

      Develop a procurement plan to get everyone in the business on the same page

      • Without an efficient and structured process around how IT purchases are budgeted and authorized, maverick spending and dark procurement can result, limiting IT’s control and visibility into purchases.
      • The challenge many IT departments face is that there is a disconnect between meeting the needs of the business and bringing in equipment according to existing policies and procedures.
      • The asset manager should demonstrate how they can bridge the gaps and improve tracking mechanisms at the same time.

      Improve procurement decisions:

      • Demonstrate how technology is a value-add.
      • Make a clear case for the budget by using the same language as the rest of the business.
      • Quantify the output of technology investments in tangible business terms to justify the cost.
      • Include the refresh cycle in the procurement plan to ensure mission- critical systems will include support and appropriate warranty.
      • Plan technology needs for the future and ensure IT technology will continue to meet changing needs.
      • Synchronize redundant organizational procurement chains in order to lower cost.

      Document the following in your procurement procedure:

      • Process for purchase requests
      • Roles and responsibilities, including requestors and approvers
      • Hardware assets to purchase and why they are needed
      • Timelines for purchase
      • Process for vendors

      Info-Tech Insight

      IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.

      Determine if it makes sense to lease or buy your equipment; weigh the pros and cons of leasing hardware

      Pros

      • Keeps operational costs low in the short term by containing immediate cost.
      • Easy, predictable payments makes it easier to budget for equipment over long term.
      • Get the equipment you need to start doing business right away if you’re just starting out.
      • After the leasing term is up, you can continue the lease and update your hardware to the latest version.
      • Typical leases last 2 or 3 years, meaning your hardware can get upgrades when it needs it and your business is in a better position to keep up with technology.
      • Leasing directly from the vendor provides operational flexibility.
      • Focus on the business and let the vendor focus on equipment service and updates as you don’t have to pay for maintenance.
      • Costs structured as OPEX.

      Cons

      • In the long term, leasing is almost always more expensive than buying because there’s no equity in leased equipment and there may be additional fees and interest.
      • Commitment to payment through the entire lease period even if you’re not using the equipment anymore.
      • Early termination fees if you need to get out of the lease.
      • No option to sell equipment once you’re finished with it to make money back.
      • Maintenance is up to leasing company’s specifications.
      • Product availability may be limited.

      Recommended for:

      • Companies just starting out
      • Business owners with limited capital or budget
      • Organizations with equipment that needs to be upgraded relatively often

      Weigh the pros and cons of purchasing hardware

      Pros

      • Complete control over assets.
      • More flexible and straightforward procurement process.
      • Tax incentives: May be able to fully deduct the cost of some newly purchased assets or write off depreciation for computers and peripherals on taxes.
      • Preferable if your equipment will not be obsolete in the next two or three years.
      • You can resell the asset once you don’t need it anymore to recover some of the cost.
      • Customization and management of equipment is easier when not bound by terms of leasing agreement.
      • No waiting on vendor when maintenance is needed; no permission needed to make changes.

      Cons

      • High initial cost of investment with CAPEX expense model.
      • More paperwork.
      • You (as opposed to vendor) are responsible for equipment disposal in accordance with environmental regulations.
      • You are responsible for keeping up with upgrades, updates, and patches.
      • You risk ending up with out-of-date or obsolete equipment.
      • Hardware may break after terms of warranty are up.

      Recommended for:

      • Established businesses
      • Organizations needing equipment with long-term lifecycles

      Make a lease vs. buy decision for equipment purchases

      2.1.4 Decide whether to purchase or lease

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • Representatives from all other areas of the business

      Document

      Document policy decisions in the Standard Operating Procedures – Section 7: Procurement

      1. Identify hardware equipment that requires a purchase vs. lease decision.
      2. Discuss with Finance whether it makes sense to purchase or lease each major asset, considering the following:
      • Costs of equipment through each method
      • Tax deductions
      • Potential resale value
      • Potential revenue from using the equipment
      • How quickly the equipment will be outdated or require refresh
      • Size of equipment
      • Maintenance and support requirements
      • Overall costs
    • The leasing vs. buying decision should take considerable thought and evaluation to make the decision that best fits your organizational needs and situation.
    • Determine appropriate warranty and service-level agreements for your organization

      Determine acceptable response time, and weigh the cost of warranty against the value of service.

      • Standard warranties vary by manufacturer, but are typically one or three years.
      • Next-day, onsite service may be part of the standard offering or may be available as an uplift.
      • Four-hour, same-day service can also be added for high availability needs.
      • Extended warranties can be purchased beyond three years, although not many organizations take advantage of this offering.
      • Other organizations lower or remove the warranty and have reported savings of as much as $150 per machine.

      Speak to your partner to see how they can help the process of distributing machines.

      • Internal components change frequently with laptops and desktops. If purchasing product over time rather than buying in bulk, ensure the model will be available for a reasonable term to reduce imaging and support challenges.
      • Determine which services are important to your organization and request these services as part of the initial quote. If sending out a formal RFQ or RFP, document required services and use as the basis for negotiating SLAs.
      • Document details of SLA, including expectations of services for manufacturer, vendor, and internal team.
      • If partner will be providing services, request they stock an appropriate number of hot spares for frequently replaced parts.
      • If self-certifying, review resource capabilities, understand skill and certification requirements; for example, A+ certification may be a pre-requisite.
      • Understand DOA policy and negotiate a “lemon policy,” meaning if product dies within 15 or 30 days it can be classified as DOA. Seek clarity on return processes.

      Consider negotiation strategies, including how and when to engage with different partners during acquisition

      Direct Model

      • Dell’s primary sales model is direct either through a sales associate or through its e-commerce site. Promotions are regularly listed on the website, or if customization is required, desktops and laptops have some flexibility in configuration. Discounts can be negotiated with a sales rep on quantity purchases, but the discount level changes based on the model and configuration.
      • Other tier-one manufacturers typically sell direct only from their e-commerce sites, providing promotions based on stock they wish to move, and providing some configuration flexibility. They rely heavily on the channel for the majority of their business.

      Channel Model

      • Most tier one manufacturers have processes in place to manage a smaller number of partners rather than billing and shipping out to individual customers. Deviating from this process and dealing direct with end customers can create order processing issues.
      • Resellers have the ability to negotiate discounts based on quantities. Discounts will vary based on model, timing (quarter or year end), and quantity commitment.
      • Negotiations on large quantities should involve a manufacturer rep as well as the reseller to clearly designate roles and services, ensure processes are in place to fulfill your needs, and agree on pricing scheme. This will prevent misunderstandings and bring clarity to any commitments.
      • Often the channel partners are authorized to provide repair services under warranty for the manufacturer.
      • Dell also uses the channel model for distribution where customers demand additional services.

      Expect discounts to reflect quantity and method of purchase

      Transaction-based purchases will receive the smallest discounting.

      • Understand requirements to find the most appropriate make and model of equipment.
      • Prepare a forecast of expected purchases for the year and discuss discounting.
      • Typically initial discounts will be 3-5% off suggested retail price.
      • Once a history is in place, and the vendor is receiving regular orders, it may extend deeper discounts.

      Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.

      • Examine shipping options and costs to take advantage of bulk deliveries; in some cases vendors may waive shipping fees as an extension of the discounting.
      • If choosing end-of-line product, ensure appropriate quantity of a single model is available to efficiently roll out equipment.
      • Various pricing models can be used to obtain best price.

      Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.

      • Discuss all required services as part of negotiation to ensure there are no surprise charges.
      • Several pricing models can be used to obtain the best price.
        • Suggested retail price minus as much as 20%.
        • Cost plus 3% up to 10% or more.
        • Fixed price based on negotiating equipment availability with budget requirements.

      If sending out to bid, determine requirements and scoring criteria

      It’s nearly impossible to find two manufacturers with the exact same specifications, so comparisons between vendors is more art than science.

      New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:

      • Define and document minimum technology requirements.
      • Define and document service needs.
      • Compare vendors to see if they’ve met the criteria or not; if yes, compare prices.
      • If the vendors have included additional offerings, see if they make sense for your organization. If they do, include that in the scoring. If not, exclude and score based on price.
      • Recognize that the complexity of the purchase will dictate the complexity of scoring.

      "The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board

      Document and analyze the hardware procurement workflow to streamline process

      The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.

      Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.

      A poorly designed procurement workflow:

      • Includes many bottlenecks, stopping and starting points.
      • May impact project and service requests and requires unrealistic lead times.
      • May lead to lost productivity for users and lost credibility for the IT department.

      A well-designed hardware procurement workflow:

      • Provides reasonable lead times for project managers and service or hardware request fulfillment.
      • Provides predictability for technical resources to plan deployments.
      • Reduces bureaucracy and workload for following up on missing shipments.
      • Enables improved documentation of assets to start lifecycle management.

      Info-Tech Insight

      Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.

      Document and analyze your procurement workflow to identify opportunities for improvement and communicate process

      Determine if you need one workflow for all equipment or multiples for small vs. large purchases.

      Occasionally large rollouts require significant changes from lower dollar purchases.

      Watch for:

      • Back and forth communications
      • Delays in approvals
      • Inability to get ETAs from vendors
      • Too many requests for quotes for small purchases
      • Entry into asset database

      This sample can be found in the HAM Process Workflows.

      The image shows a workflow, titled Procurement-Equipment-Small Quantity. On the left, the chart is separated into categories: IT Procurment; Tier 2 or Tier 3; IT Director; CIO.

      Design the process workflow for hardware procurement

      2.1.6 Illustrate procurement workflow with a tabletop exercise

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • CFO or other management representative from Finance

      Document

      Document in the Standard Operating Procedures, Section 7: Procurement

      1. In a group, distribute sticky notes or cue cards.
      2. Designate a space on the table/whiteboard to plot the workflow.
      3. Determine which individuals are responsible for handling non-standard requests. Establish any exceptions that may apply to your defined hardware standard.
      4. Gather input from Finance on what the threshold will be for hardware purchases that will require further approval.
      5. Map the procurement process for a standard hardware purchase.
      6. If applicable, map the procurement process for a non-standard request separately.
      7. Evaluate the workflow to identify any areas of inefficiency and make any changes necessary to improve the process.
      8. Be sure to discuss and include:
        • All necessary approvals
        • Time required for standard equipment process
        • Time required for non-standard equipment process
        • How information will be transferred to ITAM database

      Document and share an organizational purchasing policy

      2.1.7 Build a purchasing policy

      A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

      The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.

      Implement a purchasing policy to prevent or reduce:

      • Costly corporate conflict of interest cases.
      • Unauthorized purchases of non-standard, difficult to support equipment.
      • Unauthorized purchases resulting in non-traceable equipment.
      • Budget overruns due to decentralized, equipment acquisition.

      Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.

      Step 2.2: Receive and Deploy Hardware

      Phase 2: Procure & Receive

      2.1 Request & Procure

      2.2 Receive & Deploy

      This step will walk you through the following activities:

      2.2.1 Select appropriate asset tagging method

      2.2.2 Design workflow for receiving and inventorying equipment

      2.2.3 Document the deployment workflow(s)

      This step involves the following participants:

      • Asset Manager
      • Purchasing
      • Receiver (optional)
      • Service Desk Manager
      • Operations (optional)

      Step Outcomes:

      • Understanding of the pros and cons of various asset tagging methods
      • Defined asset tagging method, process, and location by equipment type
      • Identified equipment acceptance, testing, and return procedures
      • Documented equipment receiving and inventorying workflow
      • Documented deployment workflows for desktop hardware and large-scale deployments

      Cisco implemented automation to improve its inventory and deployment system

      CASE STUDY

      Industry Networking

      Source Cisco IT

      Challenge

      Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.

      Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.

      Sharing information with management and end users also required the generation of reports – another manual task.

      Solution

      The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.

      Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.

      Results

      As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.

      The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.

      Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.

      This case study continues in phase 3.

      An effective equipment intake process is critical to ensure product is correct, documented, and secured

      Examine your current process for receiving assets. Typical problems include:

      Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.

      Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.

      Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.

      How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.

      A workflow will help to answer questions such as:

      • How do you deal with damaged shipments? Incorrect shipments?
      • Did you reach an agreement with the vendor to replace damaged/incorrect shipments within a certain timeframe?
      • When does the product get tagged and entered into the system as received?
      • What information needs to get captured on the asset tag?

      Standardize the process for receiving your hardware assets

      The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.

      Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.

      People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.

      Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.

      Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.

      Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.

      Info-Tech Insight

      Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.

      Evaluate the pros and cons of different asset tagging methods

      Method Cost Strengths Weaknesses Recommendation
      RFID with barcoding – asset tag with both a barcode and RFID solution $$$$
      • Secure, fast, and robust
      • Track assets in real time
      • Quick and efficient
      • Most expensive option, requiring purchase of barcode scanner with RFID reader and software)
      • Does not work as well in an environment with less control over assets
      • Requires management of asset database
      • Best in a controlled environment with mature processes and requirement for secure assets
      RFID only – small chip with significant data capacity $$$
      • Track assets from remote locations
      • RFID can be read through boxes so you don’t have to unpack equipment
      • Scan multiple RFID-tagged hardware simultaneously
      • Large data capacity on small chip
      • Expensive, requiring purchase of RFID reading equipment and software
      • Ideal if your environment is spread over multiple locations
      Barcoding only – adding tags with unique barcodes $$
      • Reasonable security
      • Report inventory directly to database
      • Relatively low cost
      • Only read one at a time
      • Need to purchase barcode scanners and software
      • Can be labor intensive to deploy with manual scanning of individual assets
      • Less secure
      • Can’t hold as much data
      • Not as secure as barcodes with RFID but works for environments that are more widely distributed and less controlled

      Evaluate the pros and cons of different asset tagging methods

      Method Cost Strengths Weaknesses Recommendation
      QR codes – two-dimensional codes that can store text, binary, image, or URL data $$
      • Easily scannable from many angles
      • Save and print on labels
      • Can be read by barcode scanning apps or mobile phones
      • Can encode more data than barcodes
      • QR codes need to be large enough to be usable, which can be difficult with smaller IT assets
      • Scanning on mobile devices takes longer than scanning barcodes
      • Ideal if you need to include additional data and information in labels and want workers to use smartphones to scan labels
      Manual tags – tag each asset with your own internal labels and naming system $
      • Most affordable
      • Manual
      • Tags are not durable
      • Labor intensive and time consuming
      • Leaves room for error, misunderstanding, and process variances between locations
      • As this is the most time consuming and resource intensive with a low payoff, it is ideal for low maturity organizations looking for a low-cost option for tagging assets
      Asset serial numbers – tag assets using their serial number $
      • Less expensive
      • Unique serial numbers identified by vendor
      • Serial numbers have to be added to database manually, which is labor intensive and leaves room for error
      • Serial numbers can rub off over time
      • Hard to track down already existing assets
      • Doesn’t help track location of assets after deployment
      • Potential for duplicates
      • Inconsistent formats of serial numbers by manufacturers makes this method prone to error and not ideal for asset management

      Select the appropriate method for tagging and tracking your hardware assets

      2.2.1 Select asset tagging method

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Section 8

      1. Define your asset tagging method. For most organizations, asset tracking is done via barcoding or QR codes, either by using one method or a combination of the two. Other methods, including RFID, may be applicable based on cost or tracking complexity. Overall, barcodes embedded with RFID are the most robust and efficient method for asset tagging, but also the most expensive. Choose the best method for your organization, taking into account affordability, labor-intensiveness, data complexity needs, and ease of deployment.
      2. Define the process for tagging assets, including how soon they should receive the tag, whose responsibility it is, and whether the tag type varies depending on the asset type.
      3. Define the location of asset tags according to equipment type. Example:
      Asset Type Asset Tag Location
      PC desktop Right upper front corner
      Laptop Right corner closest to user when laptop is closed
      Server Right upper front corner
      Printer Right upper front corner
      Modems Top side, right corner

      Inspect and test equipment before accepting it into inventory to ensure it’s working according to specifications

      Upon receipt of procured hardware, validate the equipment before accepting it into inventory.

      1. Receive - Upon taking possession of the equipment, stage them for inspection before placing them into inventory or deploying for immediate use.
      2. Inspect - The inspection process should involve at minimum examining the products that have been delivered to determine conformance to purchase specifications.
      3. Test -Depending on the type and cost of hardware, some assets may benefit from additional testing to determine if they perform at a satisfactory level before being accepted.
      4. Accept - If the products conform to the requirements of the purchase order, acknowledge receipt so the supplier may be paid. Most shipments are automatically considered as accepted and approved for payment within a specific timeframe.

      Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:

      • The products conform to purchase order requirements.
      • The quantity ordered is the same as the quantity delivered.
      • There is no damage to equipment.
      • Delivery documentation is acceptable.
      • Products are operable and perform according to specifications.
      • If required, document an acceptance testing process as a separate procedure.

      Build the RMA procedure into the receiving process to handle receipt of defective equipment

      The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.

      If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:

      • Call the vendor to receive a unique RMA number that will be attached to the equipment to be returned, then follow manufacturer specifications for returning equipment within allowable timelines according to the contract where applicable.
      • Establish a lemon policy with vendors, allowing for full returns up to 30 days after equipment is deployed if the product proves defective after initial acceptance.

      Info-Tech Insight

      Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.

      Info-Tech Best Practice

      Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.

      Determine what equipment should be stocked for quick deployment where demand is high or speed is crucial

      The most important feature of your receiving and inventory process should be categorization. A well-designed inventory system should reflect not only the type of asset, but also the usage level.

      A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:

      A

      A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.

      A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.

      B

      B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.

      B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.

      C

      C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.

      C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.

      Info-Tech Insight

      Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.

      Define the process for receiving equipment into inventory

      Define the following in your receiving process:

      • When will equipment be opened once delivered?
      • Who will open and validate equipment upon receipt?
      • How will discrepancies be resolved?
      • When will equipment be tagged and identified in the tracking tool?
      • When will equipment be locked in secure storage?
      • Where will equipment go if it needs to be immediately deployed?

      The image shows a workflow chart titled Receiving and Tagging. The process is split into two sections, labelled on the left as: Desktop Support Team and Procurement.

      Design the workflow for receiving and inventorying equipment

      2.2.2 Illustrate receiving workflow with a tabletop exercise

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • CFO or other management representative from Finance

      Document

      Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory

      Option 1: Whiteboard

      1. Discuss the workflow and draw it on the whiteboard.
      2. Assess whether you are using the best workflow. Modify it if necessary.
      3. Use the sample workflow from this step as a guide if starting from scratch.
      4. Engage the team in refining the process workflow.
      5. Transfer data to Visio and add to the SOP.

      Option 2: Tabletop Exercise

      1. Distribute index cards to each member of the team.
      2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
      3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
      4. Arrange the index cards in order, removing duplicates.
      5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
      6. Transfer data to Visio and add to the SOP.

      Improve device deployment by documenting software personas for each role

      • Improve the deployment process for new users by having a comprehensive list of software used by common roles within the organization. With large variations in roles, it may be impossible to build a complete list, but as you start to see patterns in requirements, you may find less distinct personas than anticipated.
      • Consider a survey to business units to determine what they need if this will solve some immediate problems. If this portion of the project will be deferred, use the data uncovered in the discovery process to identify which software is used by which roles.
      • Replacement equipment can have the software footprint created by what was actually utilized by the user, not necessarily what software was installed on the previous device.

      The image shows 4 bubbles, representing software usage. The ARC-GIS bubble is the largest, Auto CAD the second largest, and MS Office and Adobe CS equal in size.

      A software usage snapshot for an urban planner/engineer.

      • Once software needs are determined, use this information to review the appropriate device for each persona.
        • Ensure hardware is appropriate for the type of work the user does and supports required software.
        • If it is more appropriate for a user to have a tablet, ensure the software they use can be used on any device.
      • Review deployment methods to determine if there is any opportunity to improve the imaging or software deployment process with better tools or methodologies.
      • Document the device’s location if it will be static, or if the user may be more mobile, add location information for their primary location.
      • Think about the best place to document – if this information can be stored in Active Directory and imported to the ITAM database, you can update once and use in multiple applications. But this process is built into your add/move/change workflows.

      Maintain a lean library to simplify image management

      Simplify, simplify, simplify. Use a minimal number of desktop images and automate as much as you can.

      • Embrace minimalism. When it comes to managing your desktop image library, your ultimate goal should be to minimize the manual effort involved in provisioning new desktops.
      • Less is more. Try to maintain as few standard desktop images as possible and consider a thin gold image, which can be patched and updated on a regular basis. A thin image with efficient application deployment will improve the provisioning process.
      • Standardize and repeat. System provisioning should be a repeatable process. This means it is ripe for standardization and automation. Look at balancing the imaging process with software provisioning, using group policy and deployment tools to reduce time to provision and deliver equipment.
      • Outsource where appropriate. Imaging is one of the most employed services, where the image is built in-house and deployed by the hardware vendor. As a minimum, quarterly updates should still be provided to integrate the latest patches into the operating system.

      Document the process workflow for hardware deployment

      Define the process for deploying hardware to users.

      Include the following in your workflow:

      • How will equipment be configured and imaged before deployment?
      • Which images will be used for specific roles?
      • Which assets are assigned to specific roles?
      • How will the device status be changed in the ITAM tool once deployed?

      The image shows a workflow chart titled Hardware Deployment. It is divided into two categories, listed on the left: Desktop Support Team and Procurement.

      Large-scale deployments should be run as projects, benefitting from economies of scale in each step

      Large-scale desktop deployments or data center upgrades will likely be managed as projects.

      These projects should include project plans, including resources, timelines, and detailed procedures.

      Define the process for large-scale deployment if it will differ from the regular deployment process.

      The image is a graphic of a flowchart titled Deployment-Equipment-Large Quantity Rollout. It is divided into three categories, listed on the left: IT Procurement; Desktop Rollout Team; Asset Manager.

      Document the deployment workflow(s)

      2.2.3 Document deployment workflows for desktop and large-scale deployment

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Operations (optional)
      • CFO or other management representative from Finance

      Document

      Document in the Standard Operating Procedures, Section 9: Deployment

      Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

      1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for it.
      2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
      3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If yes, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
      4. Document separately the process for large-scale deployment if required.

      Look for opportunities to improve the request and deployment process with better communication and tools

      The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.

      • Work with the procurement and the services team to ensure inventory is accessible, and regularly validate that inventory levels in the ITAM database are accurate.
      • Work with the HR department to predict (where possible) anticipated new hires. Plan for inventory ebbs and flows to match the hiring timelines where there are large variations.
      • If service catalogs will be made available for communicating options and SLAs for equipment purchases, work with the service catalog administrators to automate inventory checks and notifications. Work with the end-user device managers to set standards and reduce equipment variations to a manageable amount.
      • Where deployments are part of equipment refresh, ensure data is up to date for the services team to plan the project rollouts and know which software should be redeployed with the devices.
      • Infrastructure and security teams may have specific hardware assets relating to networking, data centers, and security, which may bypass the end-user device workflows but need to be tagged and entered into inventory early in the process. Work with these teams to have their equipment follow the same receiving and inventory processes. Deployment will vary based on equipment type and location.

      Automate hardware deployment where users are dispersed and deployment volume is high

      Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.

      Benefits of using vending machines:

      • Secure equipment until deployed.
      • Equipment can be either purchased by credit card or linked to employee ID cards, enabling secure transactions and reporting.
      • Access rights can be controlled in real time, preventing terminated employees from accessing equipment or managing how many devices can be deployed to each user.
      • Vending machines can be managed through a cellular or wireless network.
      • Technology partners can be tasked with monitoring and refilling vending machines.
      • Employees are able to access technology wherever a vending machine can be located rather than needing to travel to the help desk.
      • Equipment loans and new employee packages can be managed through vending machines.

      Phase 2 Guided Implementation

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 2: Request, Procure, Receive, and Deploy

      Proposed Time to Completion: 4 weeks

      Step 2.1: Request & Procure

      Start with an analyst kick-off call:

      • Define standard and non-standard hardware.
      • Weigh the pros and cons of leasing vs. buying.
      • Build the procurement process.

      Then complete these activities…

      • Define standard hardware requests.
      • Document standard hardware request procedure.
      • Document procurement workflow.
      • Build a purchasing policy.

      With these tools & templates:

      • Standard Operating Procedures
      • Non-Standard Hardware Request Form
      • Hardware Procurement Workflow
      • Purchasing Policy

      Step 2.2: Receive & Deploy

      Review findings with analyst:

      • Determine appropriate asset tagging method.
      • Define equipment receiving process.
      • Define equipment deployment process.

      Then complete these activities…

      • Select appropriate asset tagging method.
      • Design workflow for receiving and inventorying equipment.
      • Document the deployment workflow(s).

      With these tools & templates:

      • Standard Operating Procedures
      • Equipment Receiving & Tagging Workflow
      • Deployment Workflow

      Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      2.1.2 Define standard hardware requests

      Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.

      2.2.1 Select appropriate method for tagging and tracking assets

      Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.

      Phase 3

      Maintain and Dispose

      Implement Hardware Asset Management

      Cisco overcame organizational resistance to change to improve asset security

      CASE STUDY

      Industry Networking

      Source Cisco IT

      Challenge

      Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.

      Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.

      Solution

      The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.

      Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.

      Results

      Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.

      On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.

      A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.

      This case study continues in phase 4

      Step 3.1: Manage, Maintain, and Secure Hardware Assets

      Phase 3: Maintain & Dispose

      3.1 Manage & Maintain

      3.2 Dispose or Redeploy

      This step will walk you through the following activities:

      3.1.1 Build a MAC policy and request form

      3.1.2 Build workflows to document user MAC processes

      3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling

      3.1.4 Revise or create an asset security policy

      This step involves the following participants:

      • Asset Manager
      • Service Desk Manager
      • Operations (optional)
      • Security Department

      Step Outcomes

      • Understanding of inventory management process best practices
      • Templates for move/add/change request policy and form
      • Documented process workflows for the user move/add/change process
      • Process and policies for hardware maintenance, warranty, and support documentation handling
      • Defined policies for maintaining asset security

      Determine methods for performing inventory audits on equipment

      Auto-discovery

      • Auto-discovery tools will be crucial to the process of understanding what equipment is connected to the network and in use.
      • The core functionality of discovery tools is to scan the environment and collect configuration data from all connected assets, but most tools can also be used to collect usage data, network monitoring, and software asset management data including software distribution, compliance, and license information.
      • These tools may not connect to peripheral devices such as monitors and external drives, will not scan devices that are turned off or disconnected from the network, may not inventory remote users, and will rarely provide location information. This often results in a need to complete physical audits as well.

      Info-Tech Insight

      One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.

      Physical audit

      • The physical audit can be greatly improved with barcode, RFID, or QR codes, allowing items to be scanned, records opened, then updated.
      • If not everything is tagged or entered into the ITAM database, then searching closets, cabinets, and desk drawers may be required to tag and enter those devices into the database.
      • Provide the inventory team with exact instructions on what needs to be collected, verified, and recorded. Depending on the experience and thoroughness of the team, spot checks early in the process may alleviate quality issues often discovered at the end of the inventory cycle.

      Determine requirements for performing inventory audits on equipment

      Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.

      Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.

      Item Target Stock Levels Estimated $ Value
      Desktop computers
      Standard issue laptops
      Mice
      Keyboards
      Network cables
      Phones

      Info-Tech Insight

      Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.

      Build an inventory management process to maintain an accurate view of owned hardware assets

      • Your inventory should capture which assets are on hand, where they are located, and who owns them, at minimum. Maintaining an accurate, up-to-date view of owned hardware assets allows you to see at any time the actual state of the components that make up your infrastructure across the enterprise.
      • Automated inventory practices save time and effort from doing physical inventories and also reduce the interruption to business users while improving accuracy of data.
      • If you are just starting out, define the process for conducting an inventory of deployed assets, and then define the process for regular upkeep and audit of inventory data.

      Inventory Methods

      • Electronic – captures networked asset information only and can be deployed over the network with no deskside service interaction.
      • Physical – captures environmental detail and must be performed manually by a service technician with possible disruption to users.
      • Full inventory – both physical and electronic inventory of assets.

      Internal asset information to collect electronically

      • Hardware configuration
      • Installed software
      • Operating system
      • System BIOS
      • Network configuration
      • Network drive mappings
      • Printer setups
      • System variables

      External asset information that cannot be detected electronically

      • Assigned user
      • Associated assets
      • Asset/user location
      • Usage of asset
      • Asset tag number

      IMAC (Install, Move, Add, Change) services will form the bulk of asset management work while assets are deployed

      IMAC services are usually performed at a user’s deskside by a services technician and can include:

      • Installing new desktops or peripherals
      • Installing or modifying software
      • Physically moving an end user’s equipment
      • Upgrading or adding components to a desktop

      Specific activities may include:

      Changes

      • Add new user IDs
      • Manage IDs
      • Network changes
      • Run auto-discovery scan

      Moves

      • Perform new location site survey
      • Coordinate with facilities
      • Disconnect old equipment
      • Move to new location
      • Reconnect at new location
      • Test installed asset
      • Obtain customer acceptance
      • Close request

      Installs and Adds

      • Perform site survey
      • Perform final configuration
      • Coordinate with Facilities
      • Asset tagging
      • Transfer data from old desktop
      • Wipe old desktop hard drive
      • Test installed asset
      • Initiate auto-discovery scan
      • Obtain customer acceptance
      • Close request

      A strong IMAC request process will lessen the burden on IT asset managers

      • When assets are actively in use, Asset Managers must also participate in the IMAC (Install-Move-Add-Change) process and ensure that any changes to asset characteristics or locations are updated and tracked in the asset management tool and that the value and usefulness of the asset is monitored.
      • The IMAC process should not only be reactive in response to requests, but proactive to plan for moves and relocations during any organizational change events.

      Recommendations:

      Automate. Wherever possible, use tools to automate the IMAC process.

      E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.

      Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.

      Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.

      Build a MAC request policy and form for end users

      A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:

      • Relocation of PCs and/or peripherals.
      • New account setup.
      • Hardware or software upgrades.
      • Equipment swaps or replacements.
      • User account/access changes.
      • Document generation.
      • User acceptance testing.
      • Vendor coordination.

      Create a request form.

      If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:

      • The name and department of the requester.
      • The date of the request.
      • Severity of the request. For example, severity can be graded on a score of high, medium, or low where high represents a mission-critical change that could compromise business continuity if not addressed immediately, and low represents a more cosmetic change that will not negatively affect operations. The severity of the request can be determined by the service-level agreement (SLA) associated with the service.
      • Date the request must be completed by. Or at least, what would be the ideal date for completion. This will vary greatly depending on the severity of the request. For example, deleting the access of a terminated employee would be very time sensitive.
      • Item or service to be moved, added, or changed. Include location, serial number, or other designated identifier where possible.
      • If the item or service is to be moved, indicated where it is being moved.
      • It is a good idea to include a comments section where the requester can add any additional questions or details.

      Use Info-Tech’s templates to build your MAC policy and request form

      3.1.1 Build a MAC policy and request form

      Desktop Move/Add/Change Policy

      This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.

      Move, Add, Change Request Form

      Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.

      Document the process for user equipment moves

      Include the following in your process documentation:

      • How and when will any changes to user or location information be made in the ITAM tool?
      • Will any changes in AD automatically update in the ITAM tool?
      • How should requests for equipment moves or changes be made?
      • How will resources be scheduled?

      The image shows a flowchart titled SErvice Request - User Moves. The chart of processes is split into three categories, listed on the left side of the chart: User Manager; IT Coordinator; and Tier 2 & Facilities.

      Build workflows to document user MAC processes

      3.1.2 Build MAC process workflows

      Participants

      • Asset Manager
      • Service Desk Manager
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes

      Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

      1. Outline each step in the process of desktop deployment. Be as granular as possible. On each card, describe the step as well as the individual responsible for each step.
      2. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
      3. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
      4. Document separately the process for large-scale deployment if required.

      Define a policy to ensure effective maintenance of hardware assets

      Effective maintenance and support of assets provides longer life, higher employee productivity, and increased user satisfaction.

      • Your asset management documentation and database should store equipment maintenance contract information so that it can be consulted whenever hardware service is required.
      • Record who to contact as well as how, warranty information, and any SLAs that are associated with the maintenance agreement.
      • Record all maintenance that hardware equipment receives, which will be valuable for evaluating asset and supplier performance.
      • In most cases, the Service Desk should be the central point of contact for maintenance calls to all suppliers.

      Sample equipment maintenance policy terms:

      • Maintenance and support arrangements are required for all standard and non-standard hardware.
      • All onsite hardware should be covered by onsite warranty agreements with appropriate response times to meet business continuity needs.
      • Defective items under warranty should be repaired in a timely fashion.
      • Service, maintenance, and support shall be managed through the help desk ticketing system.

      Design process and policies for hardware maintenance, warranty, and support documentation handling

      3.1.3 Design process for hardware maintenance

      Participants

      • Asset Manager
      • Purchasing
      • Service Desk Manager
      • Security
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Section 10

      1. Discuss and document the policy for hardware maintenance, warranty, and support.
      2. Key outcomes should include:
      • Who signs off on policies?
      • What is the timeline for documentation review?
      • Where are warranty and maintenance documents stored?
      • How will equipment be assessed for condition during audits?
      • How often will deployed equipment be reimaged?
      • How will equipment repair needs be requested?
      • How will repairs for equipment outside warranty be handled?
    • Document in the Standard Operating Procedure.
    • Use your HAM program to improve security and meet regulatory requirements

      ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.

      It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.

      How does HAM help keep your organization secure?

      • Educating users on best practices for securing their devices, and providing physical security such as cable locks and tracking mechanisms.
      • Best practices for reporting lost or stolen equipment for quickly removing access and remotely wiping devices.
      • Accurate location and disposal records will enable accurate reporting for HIPAA and PCI DSS audits where movement of media or hardware containing data is a requirement. Best practices for disposal will include properly wiping drives, recording information, and ensuring equipment is disposed of according to environmental regulations.
      • Secure access to data through end-user mobile devices. Use accurate records and MDM tools to securely track, remove access, and wipe mobile devices if compromised.
      • Encrypt devices that may be difficult to track such as USB drives or secure ports to prevent data from being copied to external drives.
      • Managed hardware allows software to be managed and patched on a regular basis.

      Best Practices

      1. Educate end users about traveling with equipment. Phones and laptops are regularly stolen from cars; tablets and phones are left on planes. Encourage users to consider how they store equipment on the way home from work.
      2. Cable locks used at unsecured offsite or onsite work areas should be supplied to employees.
      3. Equipment stored in IT must be secured at all times.

      Implement mobile device management (MDM) solutions

      Organizations with a formal mobile management strategy have fewer problems with their mobile devices.

      Develop a secure MDM to:

      • Provide connection and device support when the device is fully subsidized by the organization to increase device control.
      • Have loaner devices for when traveling to limit device theft or data loss.
      • Personal devices not managed by MDM should be limited to internet access on a guest network.
      • Limit personal device access to only internet access or a limited zone for data access and a subset of applications.
      • Advanced MDM platforms provide additional capabilities including containerization.

      The benefits of a deployed MDM solution:

      • Central management of a variety of devices and platforms is the most important advantage of MDM. Administrators can gain visibility into device status and health, set policies to groups of users, and control who has access to what.
      • Security features such as enforcing passcodes and remote wipe are also essential, given the increased risk of mobile devices.
        • Remote wipe should be able to wipe either the whole device or just selected areas.
      • Separation of personal data is becoming increasingly important as BYOD becomes the norm. This is a feature that vendors are approaching radically differently.
      • Device lock: Be able to lock the device itself, its container, or its SIM. Even if the SIM is replaced, the device should still remain locked. Consider remote locking a device if retrieval is possible.

      Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.

      What can be packed into an MDM can vary and be customized in many forms for what your organization needs.

      Secure endpoint devices to protect the data you cannot control

      Endpoint Encryption

      Endpoints Average None
      Desktop 73% 4%
      Laptops 65% 9%
      Smartphones 27% 28%
      Netbooks 26% 48%
      Tablets 16% 59%
      Grand average 41%

      Benefits from endpoint encryption:

      • Reduced risk associated with mobile workers.
      • Enabled sharing of data in secured workspace.
      • Enhanced end-user accountability.
      • Reduced number of data breach incidents.
      • Reduced number of regulatory violations.

      Ways to reduce endpoint encryption costs:

      • Use multiple vendors (multiple platforms): 33%
      • Use a single vendor (one platform): 40%
      • Use a single management console: 22%
      • Outsource to managed service provider: 26%
      • Permit user self-recovery: 26%

      Remote Wiping

      • If all else fails, a device can always be erased of all its data, protecting sensitive data that may have been on it.
      • Selective wipe takes it a step further by erasing only sensitive data.

      Selective wipe is not perfect.

      It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.

      Selective wipe can erase:

      • Corporate profiles, email, and network settings.
      • Data within a corporate container or other sandbox.
      • Apps deployed across the enterprise.

      Know when to perform a remote wipe.

      Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.

      Design an effective asset security policy to protect the business

      Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.

      Organizations often struggle with the following with respect to IT asset security:

      • IT hardware asset removal control.
      • Personal IT hardware assets (BYOD).
      • Data removal from IT hardware assets.
      • Inventory control with respect to leased hardware and software.
      • Unused software.
      • Repetitive versions of software.
      • Unauthorized software.

      Your security policy should seek to protect IT hardware and software that:

      • Have value to the business.
      • Require ongoing maintenance and support.
      • Create potential risk in terms of financial loss, data loss, or exposure.

      These assets should be documented and controlled in order to meet security requirements.

      The asset security policy should encompass the following:

      • Involved parties.
      • Hardware removal policy/documentation procedure.
      • End-user asset security responsibilities.
      • Theft/loss reporting procedure.
      • BYOD standards, procedures, and documentation requirements.
      • Data removal.
      • Software usage.
      • Software installation.

      Info-Tech Insight

      Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.

      Revise or create an asset security policy

      3.1.4 Develop IT asset security policy

      Participants

      • CIO or IT Director
      • Asset Manager
      • Service Desk Manager
      • Security
      • Operations (optional)

      Document

      Document in the Asset Security Policy.

      1. Identify asset security challenges within your organization. Record them in a table like the one below.
      Challenge Current Security Risk Target Policy
      Hardware removal Secure access and storage, data loss Designated and secure storage area
      BYOD No BYOD policy in place N/A → phasing out BYOD as an option
      Hardware data removal Secure data disposal Data disposal, disposal vendor
      Unused software Lack of support/patching makes software vulnerable Discovery and retirement of unused software
      Unauthorized software Harder to track, less secure Stricter stance on pirated software
      1. Brainstorm the reasons for why these challenges exist.
      2. Identify target policy details that pertain to each challenge. Record the outcomes in section(s) 5.1, 5.2, or 5.3 of the Asset Security Policy.

      Poor asset security and data protection had costly consequences for UK Ministry of Justice

      CASE STUDY

      Industry Legal

      Source ICO

      Challenge

      The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.

      These hard drives contained information related to health, history of drug use, and past links to organized crime.

      After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.

      Solution

      It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.

      Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.

      When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).

      Results

      The perpetrators were never found and the stolen hard drives were never recovered.

      As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.

      The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.

      Step 3.2: Dispose or Redeploy Assets

      3.1 Manage & Maintain

      3.2 Dispose or Redeploy

      This step will walk you through the following activities:

      3.2.1 Identify challenges with IT asset recovery and disposal

      3.2.2 Design hardware asset recovery and disposal workflows

      3.2.3 Build a hardware asset disposition policy

      This step involves the following participants:

      • Infrastructure Director/Manager
      • Asset Manager
      • Service Desk Manager
      • Operations (optional)

      Step Outcomes:

      • Defined process to determine when to redeploy vs. dispose of hardware assets
      • Process for recovering and redeploying hardware equipment
      • Process for safely disposing of assets that cannot be redeployed
      • Comprehensive asset disposition policy

      Balance the effort to roll out new equipment against the cost to maintain equipment when building your lifecycle strategy

      The image shows two line graphs. The graph on the left is titled: Desktop Refresh Rate by Company Size (based on Revenue). The graph on the right is titled: Laptop Refresh Rate by Company Size (based on Revenue). Each graph has four lines, defined by a legend in the centre of the image: yellow is small ($25mm); dark blue is Mid ($25-500MM); light blue is large ( data-verified=$500MM); and orange is Overall.">

      (Info-Tech Research Group; N=96)

      Determining the optimal length of time to continue to use equipment will depend on use case and equipment type

      Budget profiles Refresh methods

      Stretched

      Average equipment age: 7+ years

      To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed.

      Generous

      Average equipment age: 3 years

      Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system.

      Cautious

      Average equipment age: 4 to 5 years

      Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service.

      Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic.

      Build a process to determine when and how to redeploy or dispose of hardware assets at end of use

      • When equipment is no longer needed for the function or individual to whom it was assigned, the Hardware Asset Manager needs to use data to ensure the right decision is made as to what to do with the asset.
      • End of use involves evaluating options for either continuing to use the equipment in another capacity or by another individual or determining that the asset has no remaining value to the organization in any capacity and it is time to retire it.
      • If the asset is retired, it may still have capacity for continued use outside of the organization or it may be disposed.

      Redeployment

      • Deliver the asset to a new user if it is no longer needed by the original user but still has value and usability.
      • Redeployment saves money and prevents unnecessary purchases.
      • Common when employees leave the company or a merge or acquisition changes the asset pool.

      VS.

      Disposal

      • When an asset is no longer of use to the organization, it may be disposed of.
      • Need to consider potential financial and public relations considerations if disposal is not done according to environmental legislation.
      • Need to ensure proper documentation and data removal is built into disposition policy.

      Use persistent documentation and communication to improve hardware disposal and recovery

      Warning! Poor hardware disposal and recovery practices can be caused by the following:

      1. Your IT team is too busy and stretched thin. Data disposal is one of many services your IT team is likely to have to deal with, but this service requires undivided attention. By standardizing hardware refreshes, you can instill more predictability with your hardware life cycles and better manage disposal.
      2. Poor inventory management. Outdated data and poor tracking practices can result in lost assets during the disposal phase. It only takes a single lost asset to cause a disastrous data breach in your supply chain.
      3. Obliviousness to disposal regulations. Electronic disposal and electronically stored data are governed by strict regulation.

      How do you improve your hardware disposal and recovery process?

      • A specific, controlled process needs to be in place to wipe all equipment and verify that it’s been wiped properly. Otherwise, companies will continue to spend money to protect data while equipment is in use, but overlook the dangerous implications of careless IT asset disposal. Create a detailed documentation process to track your assets every step of the way to ensure that data and applications are properly disposed of. Detailed documentation can also help bolster sustainability reporting for organizations wishing to track such data.
      • Better communication should be required. Most decommissioning or refresh processes use multiple partners for manufacturing, warehousing, data destruction, product resale, and logistics. Setting up and vetting these networks can take years, and even then, managing them can be like playing a game of telephone; transparency is key.

      Address three core challenges of asset disposal and recovery

      Asset Disposal

      Data Security

      Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.

      Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.

      Environmental

      Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.

      Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.

      Residual value

      Many obsolete IT assets are simply confined to storage at their end of life.

      This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.

      Identify challenges with IT asset recovery and disposal with a triple bottom line scorecard

      3.2.1 Identify challenges with IT asset recovery and disposal

      Participants

      • Infrastructure Director/Manager
      • Asset Manager
      • Service Desk Manager
      • Operations (optional)
      1. Divide the whiteboard into three boxes: Social, Economic, and Environmental.
      2. Divide each box into columns like the one shown below:
      Economic
      Challenge Objectives Targets Initiatives
      No data capture during disposal Develop reporting standards 80% disposed assets recorded Work with Finance to develop reporting procedure
      Idle assets Find resale market/dispose of idle assets 50% of idle assets disposed of within the year Locate resale vendor and disposal service
      1. Ask participants to list challenges associated with each area.
      2. Once challenges facing recovery and disposal have been exhausted from the group, assign a significance of 1-5 (1 being the lowest and 5 being the highest) to each challenge.
      3. Discuss the most significant challenges and how they might be addressed through the next steps of building recovery & disposal processes.

      Build a process for recovery and redeployment of hardware

      • Having hardware standards in place makes redeploying easier by creating a larger pool of possible users for a standardized asset.
      • Most redeployment activities will be carried out by the Help Desk as a service request ticket, so it is important to have clear communication and guidelines with the Help Desk as to which tasks need to be carried out as part of the request.

      Ensure the following are addressed:

      • Where will equipment be stored before being redeployed?
      • Will shipping be required and are shipping costs factored into analysis?
      • Ensure equipment is cleaned before it is redeployed.
      • Do repairs and reconfigurations need to be made?
      • How will software be removed and licenses harvested and reported to Software Asset Manager?
      • How will data be securely wiped and protected?

      The image shows a work process in flowchart format titled Equipment Recovery. The chart is divided into two sections, listed on the left: Business Manager/HR and Desktop Support Team.

      Define the process for safely disposing of assets that cannot be redeployed

      Asset Disposal Checklist

      1. Review the data stored on the device.
      2. Determine if there has been any sensitive or confidential information stored.
      3. Remove all sensitive/confidential information.
      4. Determine if software licenses are transferable.
      5. Remove any non- transferable software prior to reassignment.
      6. Update the department’s inventory record to indicate new individual assigned custody.
      7. In the event of a transfer to another department, remove data and licensed software.
      8. If sensitive data has been stored, physically destroy the storage device.
      • Define the process for retiring and disposing of equipment that has reached replacement age or no longer meets minimum conditions or standards.
      • Clearly define the steps that need to be taken both before and after the involvement of an ITAD partner.

      The image shows a flowchart titled Equipment Disposal. It is divided into two sections, labelled on the left as: Desktop Support Team and Asset Manager.

      Design hardware asset recovery and disposal workflows

      3.2.2 Design hardware asset recovery and disposal policies and workflows

      Participants

      • Infrastructure Director/Manager
      • Asset Manager
      • Service Desk Manager
      • Operations (optional)

      Document

      Document in the Standard Operating Procedures, Sections 11 and 12

      Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.

      1. Keeping in mind current challenges around hardware asset recovery and disposal, design the target state for both the asset recovery and disposal processes.
      2. Outline each step of the process and be as granular as possible.
      3. When you are satisfied that each step is accurately captured, use a second color of notecard to document any challenges, inefficiencies, or pains associated with each step. Consider further documenting the time on each task.
      4. Examine each challenge or pain point. Discuss whether or not there is a clear solution to the problem. If so, document the solution and amend the workflow. If not, engage in a broader discussion of possible solutions, taking into account people, processes, and available technology.
      5. Review the checklists on the previous slides to ensure all critical tasks are accounted for in your process workflows.

      Add equipment disposition to asset lifecycle decisions to meet environmental regulations and mitigate risk

      Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.

      Optimized ITAD solutions:

      1. Protect sensitive or valuable data
      2. Support sustainability
      3. Focus on asset value recovery

      Info-Tech Insight

      A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.

      Partner with an ITAD vendor to support your disposition strategy

      Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.

      • An ITAD vendor knows the repurpose and resale space better than your organization. They know the industry and have access to more potential buyers.
      • ITAD vendors can help your organization navigate costly environmental regulations for improper disposal of IT assets.

      Disposal doesn’t mean your equipment has to go to waste.

      Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.

      Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.

      Before donating:

      • Ensure equipment is needed and useful to the organization.
      • Be prepared for an appraisal requirement. Receipts can only be issued for fair market value.
      • Prevent compromised data by thoroughly wiping or completely replacing drives.
      • Ensure official transfer of ownership to prevent liability if improper disposal practices follow.

      Info-Tech Insight

      Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.

      Protect the organization by sufficiently researching potential ITAD partners

      Research ITAD vendors as diligently as you would primary hardware vendors.

      Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:

      • Are you a full-service vendor or are you connected to a wholesaler?
      • Who are your collectors and processors?
      • How do you handle data wiping? If you erase the data, how many passes do you perform?
      • What do you do with the e-waste? How much is reused? How much is recycled?
      • Do you have errors and omissions insurance in case data is compromised?
      • How much will it cost to recycle or dispose of worthless equipment?
      • How much will I receive for assets that still have useful life?

      ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.

      ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.

      Info-Tech Insight

      To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.

      Work with ITAD partner or equipment supplier to determine most cost-effective method and appropriate time for disposal

      2-4 Two-to-four year hardware refresh cycle

      • Consider selling equipment to an ITAD partner who specializes in sales of refurbished equipment.
      • Consider donating equipment to schools or non-profits, possibly using an ITAD partner who specializes in refurbishing equipment and managing the donation process.

      5-7 Five-to-seven year hardware refresh cycle

      • At this stage equipment may still have a viable life, but would not be appropriate for school or non-profit donations, due to a potentially shorter lifespan. Consider selling equipment to an ITAD partner who has customers interested in older, refurbished equipment.

      7+ Seven or more years hardware refresh cycle

      • If keeping computers until they reach end of life, harvest parts for replacement on existing machines and budget for disposal fees.
      • Ask new computer supplier about disposal services or seek out ITAD partner who will disassemble and dispose of equipment in an environmentally responsible manner.

      Info-Tech Insight

      • In all cases, ensure hard drives are cleansed of data with no option for data recovery. Many ITAD partners will provide a drive erasure at DoD levels as part of their disposal service.
      • Many ITAD partners will provide analysts to help determine the most advantageous time to refresh.

      Ensure data security and compliance by engaging in reliable data wiping before disposition

      Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.

      Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.

      Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.

      Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.

      Info-Tech Best Practice

      Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.

      Make data security a primary driver of asset disposition practices

      It is estimated that 10-15% of data loss cases result from insecure asset disposal. Protect yourself by following some simple disposition rules.

      1. Reconcile your data onsite
      • Verify that bills of landing and inventory records match before assets leave. Otherwise, you must take the receiver’s word on shipment contents.
    • Wipe data at least once onsite
      • Do at least one in-house data wipe before the assets leave the site for greater data security.
    • Transport promptly after data wiping
      • Prompt shipment will minimize involvement with the assets, and therefore, cost. Also, the chance of missing assets will drop dramatically.
    • Avoid third-party transport services
      • Reputable ITAD companies maintain strict chain of custody control over assets. Using a third party introduces unnecessary risk.
    • Keep detailed disposition records
      • Records will protect you in the event of an audit, a data loss incident, or an environmental degradation claim. They could save you millions.
    • Wipe all data-carrying items
      • Don’t forget cell phones, fax machines, USB drives, scanners, and printers – they can carry sensitive information that can put the organization at risk.
    • Only partner with insured ITAD vendors
      • You are never completely out of danger with regards to liability, but partnering with an insured vendor is potent risk mitigation.
    • Work these rules into your disposition policy to mitigate data loss risk.

      Support your HAM efforts with a comprehensive disposition policy

      3.2.3 Build a Hardware Asset Disposition Policy

      Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.

      Use Info-Tech’s Hardware Asset Disposition Policy to:

      1. Establish and define clear standards, procedures, and restrictions surrounding disposition.
      2. Ensure continual compliance with applicable data security and environmental legislation.
      3. Assign specific responsibilities to individuals or groups to ensure ongoing adherence to policy standards and that costs or benefits are in line with expectations.

      Phase 3 Guided Implementation

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Guided Implementation 3: Maintain & Dispose

      Proposed Time to Completion: 4 weeks

      Start with an analyst kick-off call:

      • Discuss inventory management best practices.
      • Build process for moves, adds, and changes.
      • Build process for hardware maintenance.
      • Define policies for maintaining asset security.

      Then complete these activities…

      • Build a MAC policy and request form.
      • Build workflows to document user MAC processes.
      • Design processes and policies for hardware maintenance, warranty, and support documentation handling.
      • Build an asset security policy.

      With these tools & templates:

      • Standard Operating Procedures
      • Asset Security Policy

      Step 3.2: Dispose or Redeploy Assets

      Review findings with analyst:

      • Discuss when to dispose vs. redeploy assets.
      • Build process for redeploying vs. disposing of assets.
      • Review ITAD vendors.

      Then complete these activities…

      • Identify challenges with IT asset recovery and disposal.
      • Design hardware asset recovery and disposal workflows.
      • Build a hardware asset disposition policy.

      With these tools & templates:

      • Standard Operating Procedures
      • Asset Recovery Workflow
      • Asset Disposal Workflow
      • Hardware Asset Disposition Policy

      Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      3.1.4 Revise or create an asset security policy

      Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.

      3.2.2 Design hardware asset recovery and disposal workflows

      Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.

      Phase 4

      Plan Budget Process and Build Roadmap

      Implement Hardware Asset Management

      Cisco deployed an enterprise-wide re-education program to implement asset management

      CASE STUDY

      Industry Networking

      Source Cisco IT

      Challenge

      Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.

      An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.

      Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.

      Solution

      The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.

      These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.

      Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.

      Results

      By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses

      Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.

      A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.

      Step 4.1: Plan Hardware Asset Budget

      Phase 4: Plan Budget & Build Roadmap

      4.1 Plan Budget

      4.2 Communicate & Build Roadmap

      This step will walk you through the following activities:

      4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

      This step involves the following participants:

      • IT Director
      • Asset Manager
      • Finance Department

      Step Outcomes

      • Know where to find data to budget for hardware needs accurately
      • Learn how to manage a hardware budget
      • Plan hardware asset budget with a budgeting tool

      Gain control of the budget to increase the success of HAM

      A sophisticated hardware asset management program will be able to uncover hidden costs, identify targets for downsizing, save money through redistributing equipment, and improve forecasting of equipment to help control IT spending.

      While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:

      • Be more involved in negotiating pricing with suppliers.
      • Build better relationships with stakeholders across the business.
      • Forecast requirements more accurately.
      • Inform benchmarks for hardware performance.
      • Gain more responsibility and have a greater influence on purchasing decisions.
      • Directly impact the reduction in IT spend.
      • Manage the asset database more easily and have a greater understanding of hardware needs.
      • Build a continuous rolling refresh.

      Use ITAM data to forecast hardware needs accurately and realistically

      Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.

      What type of data should I take into account?

      Plan for:

      • New hardware purchases required
        • Planned refreshes based on equipment lifecycle
        • Inventory for break and fix
        • Standard equipment for new hires
        • Non-standard equipment required
        • Hardware for planned projects
        • Implementation and setup costs
        • Routine hardware implementation
        • Large hardware implementation for projects
        • Support and warranty costs

      Take into account:

      • Standard refresh cycle for each hardware asset
      • Amount of inventory to keep on hand
      • Length of time from procurement to inventory
      • Current equipment costs and equipment price increases
      • Equipment depreciation rates and resale profits

      Where do I find the information I need to budget accurately?

      • Work with HR to forecast equipment needs for new hires.
      • Work with the Infrastructure Manager to forecast devices and equipment needed for approved and planned projects.
      • Use the asset management database to forecast hardware refresh and replacement needs based on age and lifecycle.
      • Work with business stakeholders to ensure all new equipment needs are accounted for in the budget.

      Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget

      4.1.1 Build HAM budget

      This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.

      The hardware budget should serve as a planning and communications tool for the organization

      The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.

      One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.

      There are several things you can do to overcome this barrier:

      • Avoid using technical terms or jargon. Terms many would consider common knowledge, such as “WLAN,” are foreign to many.
      • Don’t assume the business knows how the technology you’re referring to will impact their day-to-day work. You will need to demonstrate it to them.
      • Help the audience understand the business impact of not implementing each initiative. What does this mean for them?
      • Discuss the options on the table in terms of the business value that the hardware can enable. Review how deferring refresh projects can impact user-facing applications, systems, and business unit operations.
      • Present options. If you can’t implement everything on the project list, present what you can do at different levels of funding.

      Info-Tech Insight

      Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.

      Help users understand the importance of regular infrastructure refreshes

      Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.

      Example: Your storage environment is nearing capacity.

      Don’t:

      Explain the project exclusively in technical terms or slang.

      We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”

      Do:

      • Explain impact in terms that the business can understand.

      Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”

      • Be ready to present project alternatives and impacts.

      Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”

      • Connect the project to business initiatives and strategic priorities.

      This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.

      Step 4.2: Build Communication Plan and Roadmap

      Phase 4: Plan Budget & Build Roadmap

      4.1 Plan Budget

      4.2 Communicate & Build Roadmap

      This step will walk you through the following activities:

      4.2 Develop a HAM implementation roadmap

      This step involves the following participants:

      • CIO
      • IT Director
      • Asset Manager
      • Service Desk Manager

      Step Outcomes

      • Documented end-user hardware asset management policies
      • Communications plan to achieve support from end users and other business units
      • HAM implementation roadmap

      Educate end users through ITAM training to increase program success

      As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.

      All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.

      ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.

      Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.

      New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.

      Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.

      "The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator

      Info-Tech Insight

      During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.

      Include policy design and enforcement in your communication plan

      • Hardware asset management policies should define the actions to be taken to protect and preserve technology assets from failure, loss, destruction, theft, or damage.
      • Implementing asset management policies enforces the notion that the organization takes its IT assets and the management of them seriously, and will help ensure the benefits of ITAM are achieved.
      • Designing, approving, documenting, and adopting one set of standard ITAM policies for each department to follow will ensure the processes are enforced equally across the organization.
      • Good ITAM policies answer the “what, how, and why” of IT asset management, provide the means for ITAM governance, and provide a basis for strategy and decision making.

      Info-Tech Insight

      Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.

      Use Info-Tech’s policy templates to build HAM policies

      4.2.1 Build HAM policies

      Use these HAM policy templates to get started:

      Information Technology Standards Policy

      This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.

      Desktop Move/Add/Change Policy

      This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.

      Purchasing Policy

      The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.

      Hardware Asset Disposition Policy

      This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.

      Additional policy templates

      Info-Tech Insight

      Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.

      Create a communication plan to achieve end-user support and adherence to policies

      Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:

      • Gain support from management at the project proposal phase.
      • Create end-user buy-in once the program is set to launch.
      • Maintain the presence of the program throughout the business.
      • Instill ownership throughout the business from top-level management to new hires.

      Use the variety of components as part of your communication plan in order to reach the organization.

      1. Advertise successes.
      • Regularly demonstrate the value of the ITAM program with descriptive statistics focused on key financial benefits.
      • Share data with the appropriate personnel; promote success to obtain further support from senior management.
    • Report and share asset data.
      • Sharing detailed asset-related reports frequently gives decision makers useful data to aid in their strategy.
      • These reports can help your organization prepare for audits, adjust asset budgeting, and detect unauthorized assets.
    • Communicate the value of ITAM.
      • Educate management and end users about how they fit into the bigger picture.
      • Individuals need to know that their behaviors can adversely affect data quality and, ultimately, lead to better decision making.
    • Develop a communication plan to convey the right messages

      4.2.2 Develop a communication plan to convey the right messages

      Participants

      • CIO
      • IT Director
      • Asset Manager
      • Service Desk Manager

      Document

      Document in the HAM Communication Plan

      1. Identify the groups that will be affected by the HAM program as those who will require communication.
      2. For each group requiring a communication plan, identify the following:
      • Benefits of HAM for that group of individuals (e.g. better data, security).
      • The impact the change will have on them (e.g. change in the way a certain process will work).
      • Communication method (i.e. how you will communicate).
      • Timeframe (i.e. when and how often you will communicate the changes).
    • Complete this information in a table like the one below and document in the Communication Plan.
    • Group Benefits Impact Method Timeline
      Service Desk Improve end-user device support Follow new processes Email campaign 3 months
      Executives Mitigate risks, better security, more data for reporting Review and sign off on policies
      End Users Smoother request process Adhere to device security and use policies
      Infrastructure Faster access to data and one source of truth Modified processes for centralized procurement and inventory

      Implement ITAM in a phased, constructive approach

      • One of the most difficult decisions to make when implementing ITAM is: “where do we start?”
      • The pyramid to the right mirrors Maslow’s hierarchy of needs. The base is the absolute bare minimum that should be in place, and each level builds upon the previous one.
      • As you track up the pyramid, your ITAM program will become more and more mature.

      Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.

      • Asset Data
      • Asset Protection: safely protect and dispose of assets once they are mass distributed throughout your organization.
      • Asset Distribution: determine standards for asset provisioning and asset inventory strategy.
      • Asset Gathering: define what assets you will procure, distribute, and track. Classifying your assets by tier will allow you to make decisions as you progress up the pyramid.

      ↑ ITAM Program Maturity

      Integrate your HAM program into the organization to assist its implementation

      The HAM program cannot perform on its own – it must be integrated with other functional areas of the organization in order to maintain its stability and support.

      • Effective IT asset management is supported by a comprehensive set of processes as part of its implementation.
      • For example, integration with the purchasing/procurement team is required to gather hardware and software purchase data to control asset costs and mitigate software license compliance risk.
      • Integration with Finance is required to support internal cost allocations and charge backs.

      To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.

      Short-term goal Long-term goal
      Identify inventory classification and tool (hardware first) Hardware contract data integration (warranty, maintenance, lease)
      Create basic ITAM policies and processes Continual improvement through policy impact review and revision
      Implement ITAM auto-discovery tools Software compliance reports, internal audits

      Info-Tech Insight

      Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.

      Develop an IT hardware asset management implementation roadmap

      4.2.3 Develop a HAM implementation roadmap

      Participants

      • CIO
      • IT Director
      • Asset Manager
      • Service Desk Manager

      Document

      Document in the IT Hardware Asset Management Implementation Roadmap

      1. Identify up to five streams to work on initiatives for the hardware asset management project.
      2. Fill out key tasks and objectives for each process. Assign responsibility for each task.
      3. Select a start date and end date for each task. See tab 1 of the tool for instructions on which letters to input for each stage of the process.
      4. Once your list is complete, open tab 3 of the tool to see your completed sunshine diagram.
      5. Keep this diagram visible for your team and use it as a guide to task completion as you work towards your future-state value stream.

      Focus on continual improvement to sustain your ITAM program

      Periodically review the ITAM program in order to achieve defined goals, objectives, and benefits.

      Act → Plan → Do → Check

      Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:

      • Remain in sync with the business: your asset management program reflects the current and desired future states of your organization at the time of its creation. But the needs of the business change. As mentioned previously, asset management is a dynamic process, so in order for your program to keep pace, a focus on continual improvement is needed.
        • For example, imagine if your organization had designed your ITAM program before cloud-based solutions were an option. What if your asset classification scheme did not include personal devices or tablets or your asset security policy lacked a section on BYOD?
      • Create funding for new projects through ITAM continual improvement: one of the goals is to save money through more efficient use of your assets by “sweating” out underused hardware and software.
        • It may be tempting to simply present the results to Finance as savings, but instead, describe the results as “available funds for other projects.” Otherwise, Finance may view the savings as a nod to restrict IT’s budget and allocate funds elsewhere. Make it clear that any saved funds are still required, albeit in a different capacity.

      Info-Tech Best Practice

      Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.

      Phase 4 outline

      Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.

      Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.

      Step 4.1: Plan Budget

      Start with an analyst kick-off call:

      • Know where to find data to budget for hardware needs accurately.
      • Learn how to manage a hardware budget.

      Then complete these activities…

      • Plan hardware asset budget.

      With these tools & templates:

      HAM Budgeting Tool

      Step 4.2: Communicate & Roadmap

      Review findings with analyst:

      • Develop policies for end users.
      • Build communications plan.
      • Build an implementation roadmap.

      Then complete these activities…

      • Build HAM policies.
      • Develop a communication plan.
      • Develop a HAM implementation roadmap.

      With these tools & templates:

      HAM policy templates

      HAM Communication Plan

      HAM Implementation Roadmap

      If you want additional support, have our analysts guide you through this phase as part of an Info-Tech workshop

      Book a workshop with our Info-Tech analysts:

      • To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
      • Info-Tech analysts will join you and your team onsite at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
      • Contact your account manager (www.infotech.com/account), or email Workshops@InfoTech.com for more information.

      The following are sample activities that will be conducted by Info-Tech analysts with your team:

      4.1.1 Build a hardware asset budget

      Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.

      4.2.2 Develop a communication plan

      Identify groups that will be affected by the new HAM program and for each group, document a communications plan.

      Insight breakdown

      Overarching Insights

      HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.

      ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.

      Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.

      Phase 1 Insight

      For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.

      Phase 2 Insight

      Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.

      Phase 3 Insight

      Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.

      Phase 4 Insight

      Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.

      Related Info-Tech research

      Implement Software Asset Management

      Build an End-User Computing Strategy

      Find the Value – and Remain Valuable – With Cloud Asset Management

      Consolidate IT Asset Management

      Harness Configuration Management Superpowers

      IT Asset Management Market Overview

      Bibliography

      Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.

      “CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.

      Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.

      Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.

      Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.

      “How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.

      Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.

      “IT Asset and Software Management.” ECP Media LLC, 2006. Web.

      Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.

      Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.

      “The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.

      Improve IT Operations With AI and ML

      • Buy Link or Shortcode: {j2store}454|cart{/j2store}
      • member rating overall impact: 10.0/10 Overall Impact
      • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
      • member rating average days saved: Read what our members are saying
      • Parent Category Name: Operations Management
      • Parent Category Link: /i-and-o-process-management
      • Many IT departments experience difficulty with meeting the business' expectations for service delivery on a regular basis.
      • Despite significant investment in improving various areas of IT operations, you still feel like you’re constantly firefighting.
      • To tackle these issues, businesses tend to invest in purchasing multiple solutions. This not only complicates their IT operations, but also, in some cases, deteriorates functionality.

      Our Advice

      Critical Insight

      • To leverage AI capabilities, you first need to assess the current state of your IT operations and know what your priorities are.
      • Contemplate use cases that will get the most benefit from automation and start with processes that you are relatively comfortable handling.
      • Analyze your initial plan to identify easy wins, then expand your AIOps.

      Impact and Result

      • Perform a current state assessment to spot which areas within your operations management are the least mature and causing you the most grief. Identify which functional areas within operations management need to be prioritized for improvement.
      • Make a shortlist of use cases that will get the most benefit from AI-based technology.
      • Prepare a plan to deploy AI capabilities to improve your IT operations.

      Improve IT Operations With AI and ML Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out about the latest improvements in AIOps and how these can help you improve your IT operations. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Assess the current state of IT operations management

      Identify where your organization currently stands in its operations management practices.

      • AIOps Project Summary Template
      • AIOps Prerequisites Assessment Tool

      2. Identify initiatives that align with operations requirements

      Recognize the benefits of AI and ML for your business. Determine the necessary roles and responsibilities for potential initiatives, then develop and assess your shortlist.

      • AIOps RACI Template
      • AIOps Shortlisting Tool

      3. Develop the AI roadmap

      Analyze your ROI for AIOps and create an action plan. Communicate your AI and ML initiatives to stakeholders to obtain their support.

      • AIOps ROI Calculator
      • AIOps Roadmap Tool
      • AIOps Communications Plan Template
      [infographic]

      Endpoint Management Selection Guide

      • Buy Link or Shortcode: {j2store}65|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: End-User Computing Applications
      • Parent Category Link: /end-user-computing-applications

      Endpoint management solutions are becoming an essential solution: Deploying the right devices and applications to the right user and the need for zero-touch provisioning are indispensable parts of a holistic strategy for improving customer experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

      Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering a concrete business value.

      Our Advice

      Critical Insight

      Investigate vendors’ roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements, without any unnecessary investment in features that are not currently useful for you. Make sure you don’t purchase capabilities that you will never use.

      Impact and Result

      • Determine what you require from an endpoint management solution.
      • Review the market space and product offerings, and compare capabilities of key players.
      • Create a use case and use top-level requirements to determine use cases and shortlist vendors.
      • Conduct a formal process for interviewing vendors using Info-Tech’s templates to select the best platform for your requirements.

      Endpoint Management Selection Guide Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Endpoint Management Selection Guide Storyboard – A structured guide to walk you through the endpoint management market.

      This storyboard will help you understand endpoint management solution core capabilities and prepare you to select an appropriate tool.

      • Endpoint Management Selection Guide Storyboard

      2. UEM Requirements Workbook – A template to help you build your first draft of requirements for UEM selection.

      Use this spreadsheet to brainstorm use cases and features to satisfy your requirements. This document will be help you score solutions and narrow down the field to a list of candidates who can meet your requirements.

      • UEM Requirements Workbook
      [infographic]

      Further reading

      Endpoint Management Selection Guide

      Streamline your organizational approach to selecting a right-sized endpoint management platform.

      Endpoint Management Selection Guide

      Streamline your organizational approach toward the selection of a right-sized endpoint management platform.

      EXECUTIVE BRIEF

      Analyst Perspective

      Revolutionize your endpoint management with a proper tool selection approach

      The endpoint management market has an ever-expanding and highly competitive landscape. The market has undergone tremendous evolution in past years, from device management to application deployments and security management. The COVID-19 pandemic forced organizations to service employees and end users remotely while making sure corporate data is safe and user satisfaction doesn't get negatively affected. In the meantime, vendors were forced to leverage technology enhancements to satisfy such requirements.

      That being said, endpoint management solutions have become more complex, with many options to manage operating systems and run applications for relevant user groups. With the work-from-anywhere model, customer support is even more important than before, as a remote workforce may face more issues than before, or enterprises may want to ensure more compliance with policies.

      Moreover, the market has become more complex, with lots of added capabilities. Some features may not be beneficial to corporations, and with a poor market validation, businesses may end up paying for some capabilities that are not useful.

      In this blueprint, we help you quickly define your requirements for endpoint management and narrow down a list to find the solutions that fulfill your use cases.

      An image of Mahmoud Ramin, PhD

      Mahmoud Ramin, PhD
      Senior Research Analyst, Infrastructure and Operations
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      Endpoint management solutions are becoming increasingly essential – deploying the right devices and applications to the right users and zero-touch provisioning are indispensable parts of a holistic strategy for improving customers' experience. However, selecting the right-sized platform that aligns with your requirements is a big challenge.

      Following improvements in end-user computation strategies, selection of the right endpoint management solution is a crucial next step in delivering concrete business value.

      Common Obstacles

      Despite the importance of selecting the right endpoint management platform, many organizations struggle to define an approach to picking the most appropriate vendor and rolling out the solution in an effective and cost-efficient manner. There are many options available, which can cause business and IT leaders to feel lost.

      The endpoint management market is evolving quickly, making the selection process tedious. On top of that, IT has a hard time defining their needs and aligning solution features with their requirements.

      Info-Tech's Approach

      Determine what you require from an endpoint management solution.

      Review the market space and product offerings, and compare the capabilities of key players.

      Create a use case – use top-level requirements to determine use cases and short-list vendors.

      Conduct a formal process for interviewing vendors, using Info-Tech's templates to select the best platform for your requirements.

      Info-Tech Insight

      Investigate vendors' roadmaps to figure out which of the candidate platforms can fulfill your long-term requirements without any unnecessary investment in features that are not currently useful for you. Make sure you don't purchase capabilities that you will never use.

      What are endpoint management platforms?

      Our definition: Endpoint management solutions are platforms that enable IT with appropriate provisioning, security, monitoring, and updating endpoints to ensure that they are in good health. Typical examples of endpoints are laptops, computers, wearable devices, tablets, smart phones, servers, and the Internet of Things (IoT).

      First, understand differences between mobile management solutions

      • Endpoint management solutions monitor and control the status of endpoints. They help IT manage and control their environment and provide top-notch customer service.
      • These solutions ensure a seamless and efficient problem management, software updates and remediations in a secure environment.
      • Endpoint management solutions have evolved very quickly to satisfy IT and user needs:
      • Mobile Device Management (MDM) helps with controlling features of a device.
      • Enterprise Mobile Management (EMM) controls everything in a device.
      • Unified Endpoint Management (UEM) manages all endpoints.

      Endpoint management includes:

      • Device management
      • Device configuration
      • Device monitoring
      • Device security

      Info-Tech Insight

      As endpoint management encompasses a broad range of solution categories including MDM, EMM, and UEM, look for your real requirements. Don't pay for something that you won't end up using.

      As UEM covers all of MDM and EMM capabilities, we overview market trends of UEM in this blueprint to give you an overall view of market in this space.

      Your challenge: Endpoint management has evolved significantly over the past few years, which makes software selection overwhelming

      An mage showing endpoint management visualzed as positions on an iceberg. at the top is UEM, at the midpoint above the waterline is Enterprise Mobile Management, and below the water is Mobile Device Management.

      Additional challenges occur in securing endpoints

      A rise in the number of attacks on cloud services creates a need to leverage endpoint management solutions

      MarketsandMarkets predicted that global cloud infrastructure services would increase from US$73 billion in 2019 to US$166.6 billion in 2024 (2019).

      A study by the Ponemon Institute showed that 68% of respondents believe that security attacks increased over the past 12 months (2020).

      The study reveals that over half of IT security professionals who participated in the survey believe that organizations are not very efficient in securing their endpoints, mainly because they're not efficient in detecting attacks.

      IT professionals would like to link endpoint management and security platforms to unify visibility and control, to determine potential risks to endpoints, and to manage them in a single solution.

      Businesses will continue to be compromised by the vulnerabilities of cloud services, which pose a challenge to organizations trying to maintain control of their data.

      Trends in endpoint management have been undergoing a tremendous change

      In 2020, about 5.2 million users subscribed to mobile services, and smartphones accounted for 65% of connections. This will increase to 80% by 2025.
      Source: Fortune Business Insights, 2021

      Info-Tech's methodology for selecting a right-sized endpoint management platform

      1. Understand Core Features and Build Your Use Case

      2. Discover the Endpoint Management Market Space and Select the Right Vendor

      Phase Steps

      1. Define endpoint management platforms
      2. Explore endpoint management trends
      3. Classify table stakes & differentiating capabilities
      4. Streamline the requirements elicitation process for a new endpoint management platform
      1. Discover key players across the vendor landscape
      2. Engage the shortlist and select finalists
      3. Prepare for implementation

      Phase Outcomes

      1. Consensus on scope of endpoint management and key endpoint management platform capabilities
      2. Top-level use cases and requirements
      1. Overview of shortlisted vendors
      2. Prioritized list of UEM features

      Guided Implementation

      What does a typical GI on this topic look like?

      Phase 1 Phase 2

      Call #1: Understand what an endpoint management platform is and learn how it evolved. Discuss core capabilities and key trends.
      Call #2: Build a use case and define features to fulfill the use case.

      Call #3: Define your core endpoint management platform requirements.
      Call #4: Evaluate the endpoint management platform vendor landscape and shortlist viable options.
      Review implementation considerations.

      A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

      The endpoint management purchase process should be broken into segments:

      1. Endpoint management vendor shortlisting with this buyer's guide
      2. Structured approach to selection
      3. Contract review

      Info-Tech's approach

      The Info-Tech difference:
      Analyze needs

      Evaluate solutions

      Determine where you need to improve the tools and processes used to support the company.

      Determine the best fit for your needs by scoring against features.

      Assess existing solution

      Features

      Determine if your solution can be upgraded or easily updated to meet your needs.

      Determine which features will be key to your success

      Create a business case for change

      Use Cases

      A two-part business case will focus on a need to change and use cases and requirements to bring stakeholders onboard.

      Create use cases to ensure your needs are met as you evaluate features

      Improve existing

      High-Level Requirements

      Work with Info-Tech's analysts to determine next steps to improve your process and make better use of the features you have available.

      Use the high-level requirements to determine use cases and shortlist vendors

      Complementary research:

      Create a quick business case and requirements document to align stakeholders to your vision with Info-Tech's Rapid Application Selection Framework.
      See what your peers are saying about these vendors at SoftwareReviews.com.

      Info-Tech offers various levels of support to best suit your needs

      DIY Toolkit

      “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

      Guided Implementation

      “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

      Workshop

      “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

      Consulting

      “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

      Diagnostics and consistent frameworks used throughout all four options

      Phase 1

      Understand core features and build your business case

      Phase 1

      Phase 2

      Define endpoint management platforms

      Explore endpoint management trends

      Classify table stakes & differentiating capabilities

      Streamline the requirements elicitation process for a new endpoint management platform

      Discover key players across the vendor landscape

      Engage the shortlist and select finalist

      Prepare for implementation

      This phase will walk you through the following activity:

      Define use cases and core features for meeting business and technical goals

      This phase involves the following participants:

      • CIO
      • IT manager
      • Infrastructure & Applications directors
      Mobile Device Management

      Enterprise Mobile Management

      MDM applies security over corporate-owned devices.

      What is MDM and what can you do with it?

      1. MDM helps manage and control corporate owned devices.
      2. You can enforce company policies, track, monitor, and lock device remotely by an MDM.
      3. MDM helps with remote wiping of the device when it is lost or stolen.
      4. You can avoid unsecure Wi-Fi connections via MDM.

      EMM solutions solve the restrictions arose with BYOD (Bring Your Own Device) and COPE (Corporate Owned, Personally Enabled) provisioning models.

      • IT needs to secure corporate-owned data without compromising personal and private data. MDM cannot fulfill this requirement. This led to the development of EMM solutions.
      • EMM tools allow you to manage multiple device platforms through MDM protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.

      MDM solutions function at the level of corporate devices. Something else was needed to enable personal device management.

      Major components of EMM solutions

      Mobile Application Management (MAM)

      Allows organizations to control individual applications and their associated data. It restricts malicious apps and enables in-depth application management, configuration, and removal.

      Containerization

      Enables separation of work-related data from private data. It provides encrypted containers on personal devices to separate the data, providing security on personal devices while maintaining users' personal data.

      Mobile Content Management (MCM)

      Helps remote distribution, control, management, and access to corporate data.

      Mobile Security Management (MSM)

      Provides application and data security on devices. It enables application analysis and auditing. IT can use MSM to provide strong passwords to applications, restrict unwanted applications, and protect devices from unsecure websites by blacklisting them.

      Mobile Expense Management (MEM)

      Enables mobile data communication expenses auditing. It can also set data limits and restrict network connections on devices.

      Identity Management

      Sets role-based access to corporate data. It also controls how different roles can use data, improving application and data security. Multifactor authentication can be enforced through the identity management featured of an EMM solution.

      Unified endpoint management: Control all endpoints in a single pane of glass

      IT admins used to provide customer service such as installation, upgrades, patches, and account administration via desktop support. IT support is not on physical assistance over end users' desktops anymore.

      The rise of BYOD enhanced the need to be able to control sensitive data outside corporate network connection on all endpoints, which was beyond the capability of MDM and EMM solutions.

      • It's now almost impossible for IT to be everywhere to support customers.
      • This created a need to conduct tasks simultaneously from one single place.
      • UEM enables IT to run, manage, and control endpoints from one place, while ensuring that device health and security remain uncompromised.
      • UEM combines features of MDM and EMM while extending EMM's capabilities to all endpoints, including computers, laptops, tablets, phones, printers, wearables, and IoT.

      Info-Tech Insight

      Organizations once needed to worry about company connectivity assets such as computers and laptops. To manage them, traditional client management tools like Microsoft Configuration Manager would be enough.

      With the increase in the work-from-anywhere model, it is very hard to control, manage, and monitor devices that are not connected to a VPN. UEM solutions enable IT to tackle this challenge and have full visibility into and management of any device.

      UEM platforms help with saving costs and increasing efficiency

      UEM helps corporates save on their investments as it consolidates use-case management in a single console. Businesses don't need to invest in different device and application management solutions.

      From the employee perspective, UEM enables them to work on their own devices while enforcing security on their personal data.

      • Security and privacy are very important criteria for organizations. With the rapid growth of the work-from-anywhere model, corporate security is a huge concern for companies.
      • Working from home has forced companies to invest a lot in data security, which has led to high UEM demand. UEM solutions streamline security management by consolidating device management in a single platform.
      • With the fourth-generation industrial revolution, we're experiencing a significant rise in the use of IoT devices. UEM solutions are very critical for managing, configuring, and securing these devices.
      • There will be a huge increase in cyber threats due to automation, IoT, and cloud services. The pandemic has sped up the adoption of such services, forcing businesses to rethink their enterprise mobility strategies. They are now more cautious about security risks and remediations. Businesses need UEM to simplify device management on multiple endpoints.
      • With UEM, IT environment management gets more granular, while giving IT better visibility on devices and applications.

      UEM streamlines mundane admin tasks and simplifies user issues.

      Even with a COPE or COBO provisioning model, without any IT intervention, users can decide on when to install relevant updates. It also may lead to shadow IT.

      Endpoint management, and UEM more specifically, enables IT to enforce administration over user devices, whether they are corporate or personally owned. This is enabled without interfering with private/personal data.

      Where it's going: The future state of UEM

      Despite the fast evolution of the UEM market, many organizations do not move as fast as technological capabilities. Although over half of all organizations have at least one UEM solution, they may not have a good strategy or policies to maximize the value of technology (Tech Orchard, 2022). As opposed to such organizations, there are others that use UEM to transform their endpoint management strategy and move service management to the next level. That integration between endpoint management and service management is a developing trend (Ivanti, 2021).

      • SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. Further, the pandemic saw 47% of organizations significantly increase their use of BYOD (Cybersecurity Insiders, 2021).
      • Over 2022, 78% of people worked remotely for at least some amount of time during the week (Tech Orchard, 2022).
      • 84% of organizations believe that cybersecurity threat alarms are becoming very overwhelming, and almost half of companies believe that the best way to tackle this is through consolidating platforms so that everything will be visible and manageable through a single pane of glass (Cybersecurity Insiders, 2022).
      • The UEM market was worth $3.39 billion in 2020. It is expected to reach $53.65 billion by 2030, with an annual growth rate of 31.7% (Datamation, 2022). This demonstrates how dependent IT is becoming on endpoint management solutions.

      An image of a donut chart showing the current state of UEM Strategy.

      Only 27% of organizations have "fully deployed" UEM "with easy management across all endpoints"
      Source: IT Pro Today, 2018.

      Endpoint Management Key Trends

      • Commoditization of endpoint management features. Although their focus is the same, some UEM solutions have unique features.
      • New endpoint management paradigms have emerged. Endpoint management has evolved from client management tools (CMT) and MDM into UEM, also known as "modern management" (Ivanti, 2022).
      • One pane of glass for the entire end-user experience. Endpoint management vendors are integrating their solution into their ITSM, ITOM, digital workspace, and security products.
      • AI-powered insights. UEM tools collect data on endpoints and user behavior. Vendors are using their data to differentiate themselves: Products offer threat reports, automated compliance workflows, and user experience insights. The UEM market is ultimately working toward autonomous endpoint management (Microsoft, 2022).
      • Web apps and cloud storage are the new normal. Less data is stored locally. Fewer apps need to be patched on the device. Apps can be accessed on different devices more easily. However, data can more easily be accessed on BYOD and on new operating systems like Chrome OS.
      • Lighter device provisioning tools. Instead of managing thick images, UEM tools use lighter provisioning packages. Once set up, Autopilot and UEM device enrollment should take less time to manage than thick images.
      • UEM controls built around SaaS. Web apps and the cloud allow access from any device, even unmanaged BYOD. UEM tools allow IT to apply the right level of control for the situation – mobile application management, mobile content management, or mobile device management.
      • Work-from-anywhere and 5G result in more devices outside of your firewalls. Cloud-based management tools are not limited by your VPN connection and can scale up more easily than traditional, on-prem tools.

      Understand endpoint management table stakes features

      Determine high-level use cases to help you narrow down to specific features

      Support the organization's operating systems:
      Many UEM vendors support the most dominant operating systems, Windows and Mac; however, they are usually stronger in one particular OS than the other. For instance, Intune supports both Windows and Mac, although there are some drawbacks with MacOS management by Intune. Conversely, Jamf is mainly for MacOS and iOS management. Enterprises look to satisfy their end users' needs. The more UEM vendors support different systems, the more likely enterprises will pick them. Although, as mentioned, in some instances, enterprises may need to select more than one option, depending on their requirements.

      Support BYOD and remote environments:
      With the impact of the pandemic on work model, 60-70% of workforce would like to have more flexibility for working remotely (Ivanti, 2022). BYOD is becoming the default, and SaaS tools like Office 365 are built to be used on multiple devices, including multiple computers. As BYOD can boost productivity (Samsung Insights, 2016), you may be interested in how your prospective UEM solution will enable this capability with remote wipe (corporate wipe capability vs. wiping the whole device), data and device tracking, and user activity auditing.

      Understand endpoint management table stakes features

      Determine high-level use cases to help you narrow down to specific features

      Integration with the enterprise's IT products:
      To get everything in a single platform and to generate better metrics and dashboards, vendors provide integrations with ticketing and monitoring solutions. Many large vendors have strong integrations with multiple ITSM and ITAM platforms to streamline incident management, request management, asset management, and patch management.

      Support security and compliance policies:
      With the significant boost in work-from-anywhere, companies would like to enable endpoint security more than ever. This includes device threat detection, malware detection, anti-phishing, and more. All UEMs provide these, although the big difference between them is how well they enable security and compliance, and how flexible they are when it comes to giving conditional access to certain data.

      Provide a fully automated vs manual deployment:
      Employees want to get their devices faster, IT wants to deploy devices faster, and businesses want to enable employees faster to get them onboard sooner. UEMs have the capability to provide automated and manual deployment. However, the choice of solution depends on enterprise's infrastructure and policies. Full automation of deployment is very applicable for corporate devices, while it may not be a good option for personally owned devices. Define your user groups and provisioning models, and make sure your candidate vendors satisfy requirements.

      Plan a proper UEM selection according to your requirements

      1. Identify IT governance, policy, and process maturity
        Tools cannot compensate for your bad processes. You should improve deploying and provisioning processes before rolling out a UEM. Automation of a bad process only wraps the process in a nicer package – it does not fix the problem.
        Refer to InfoTech's Modernize and Transform Your End-User Computing Strategy for more information on improving endpoint management procedures.
      2. Consider supported operating systems, cloud services, and network infrastructure in your organization
        Most UEMs support all dominant operating systems, but some solutions have stronger capability for managing a certain OS over the other.
      3. Define enterprise security requirements
        Investigate security levels, policies, and requirements to align with the security features you're expecting in a UEM.
      4. Selection and implementation of a UEM depends on use case. Select a vendor that supports your use cases
        Identify use cases specific to your industry.
        For example, UEM use cases in Healthcare:
        • Secure EMR
        • Enforce HIPAA compliance
        • Secure communications
        • Enable shared device deployment

      Activity: Define use cases and core features for meeting business and technical goals

      1-2 hours

      1. Brainstorm with your colleagues to discuss your challenges with endpoint management.
      2. Identify how these challenges are impacting your ability to meet your goals for managing and controlling endpoints.
      3. Define high-level goals you wish to achieve in the first year and in the longer term.
      4. Identify the use cases that will support your overall goals.
      5. Document use cases in the UEM Requirements Workbook.

      Input

      • List of challenges and goals

      Output

      • Use cases to be used for determining requirements

      Materials

      • Whiteboard/flip charts
      • Laptop to record output

      Participants

      • CIO
      • IT manager
      • Infrastructure & Applications directors

      Download the UEM Requirements Workbook

      Phase 2

      Discover the endpoint management market space and select the right vendor

      Phase 1

      Phase 2

      Define endpoint management platforms

      Explore endpoint management trends

      Classify table stakes & differentiating capabilities

      Streamline the requirements elicitation process for a new endpoint management platform

      Discover key players across the vendor landscape

      Engage the shortlist and select finalist

      Prepare for implementation

      This phase will walk you through the following activity:
      Define top-level features for meeting business and technical goals
      This phase involves the following participants:

      • CIO
      • IT manager
      • Infrastructure & Applications directors
      • Project managers

      Elicit and prioritize granular requirements for your endpoint management platform

      Understanding business needs through requirements gathering is the key to defining everything about what is
      being purchased. However, it is an area where people often make critical mistakes.

      Risks of poorly scoped requirements

      • Fail to be comprehensive and miss certain areas of scope.
      • Focus on how the solution should work instead of what it must accomplish.
      • Have multiple levels of confusing and inconsistent detail in the requirements.
      • Drill down all the way to system-level detail.
      • Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow.
      • Omit constraints or preferences that buyers think are "obvious."

      Best practices

      • Get a clear understanding of what the system needs to do and what it is expected to produce.
      • Test against the principle of MECE – requirements should be "mutually exclusive and collectively exhaustive."
      • Explicitly state the obvious and assume nothing.
      • Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes.
      • Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors.

      Review Info-Tech's blueprint Improve Requirements Gathering to improve your requirements gathering process.

      Consider the perspective of each stakeholder to ensure functionality needs are met

      Best of breed vs. "good enough" is an important discussion and will feed your success

      Costs can be high when customizing an ill-fitting module or creating workarounds to solve business problems, including loss of functionality, productivity, and credibility.

      • Start with use cases to drive the initial discussion, then determine which features are mandatory and which are nice-to-haves. Mandatory features will help determine high success for critical functionality and identify where "good enough" is an acceptable state.
      • Consider the implications of implementation and all use cases of:
        • Buying an all-in-one solution.
        • Integration of multiple best-of-breed solutions.
        • Customizing features that were not built into a solution.
      • Be prepared to shelve a use case for this solution and look to alternatives for integration where mandatory features cannot meet highly specialized needs that are outside of traditional endpoint management solutions.

      Pros and Cons

      An image showing the pros and cons of building vs buying

      Evaluate software category leaders through vendor rankings and awards

      SoftwareReviews
      A screenshot of softwareReviews Data Quadrant analyis.. A screenshot of softwareReviews Emotonal Fotprint analyis
      • evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
      • Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
      • The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
      • Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

      Speak with category experts to dive deeper into the vendor landscape

      SoftwareReviews

      • Fact-based reviews of business software from IT professionals.
      • Product and category reports with state-of-the-art data visualization.
      • Top-tier data quality backed by a rigorous quality assurance process.
      • User-experience insight that reveals the intangibles of working with a vendor.

      CLICK HERE to ACCESS

      Comprehensive software reviews
      to make better IT decisions

      We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.

      SoftwareReviews is powered by Info-Tech

      Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today's technology.
      With the insight of our expert analysts, our members receive unparalleled support in their buying journey.

      Get to Know the Key Players in the Endpoint Management Landscape

      The following slides provide a top-level overview of the popular players you will encounter in the endpoint management shortlisting process in alphabetical order.

      A screenshot showing a series of logos for the companies addressed later in this blueprint. It includes: Ciso; Meraki; Citrix; IBM MaaS360; Ivanti; Jamf|Pro; ManageEngine Endpoint Central; Microsoft Endpoint Manager, and VMWARE.

      Vendor scores are driven by real-world practitioner reviews via SoftwareReviews. Composite, CX, EF, and NPS scores are pulled from live data as of January 2023.

      Secure business units and enhance connection by simplifying the digital workplace

      A good option for enterprises that want a single-pane-of-glass UEM that is easy to use, with a modern-looking dashboard, high threat-management capability, and high-quality customer support.

      CISCO Meraki

      Est. 1984 | CA, USA | NASDAQ: CSCO

      8.8

      9.1

      +92

      91%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      This is a Screenshot of CISCO Meraki's dashboard.

      Screenshot of CISCO Meraki's dashboard. Source: Cisco

      Strengths:

      Areas to improve:

      • Cisco Meraki offers granular control over what users can and cannot use.
      • The system is user friendly and intuitive, with a variety of features.
      • The anti-malware capability enhances security.
      • Users are very satisfied with being able to control everything in a single platform.
      • System configuration is easy.
      • Vendor relationship is very high with a rate of 96%.
      • System setup is easy, and users don't need much experience for initial configuration of devices.
      • Users are also mostly satisfied with the platform design.
      • Monitoring within the tool is easy.
      • According to SoftwareReviews' survey report, the primary reason for leaving Cisco Meraki and switching over to another vendor is functionality.
      • Regardless of the top-notch offerings and high-quality features, the product is relatively expensive. The quality and price factors make the solution a better fit for large enterprises. However, SoftwareReviews' scorecard for Cisco Meraki shows that small organizations are the most satisfied compared to the medium and large enterprises, with a net promoter score of 81%.

      Transform work experience and support every endpoint with a unified view to ensure users are productive

      A tool that enables you to access corporate resources on personal devices. It is adaptable to your budget. SoftwareReviews reports that 75% of organizations have received a discount at initial purchase or renewal, which makes it a good candidate if looking for a negotiable option.

      Citrix Endpoint Management

      Est. 1989 | TX, USA | Private

      7.9

      8.0

      8.0

      83%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of Citrix Endpoint Management's dashboard.

      Screenshot of Citrix Endpoint Management's dashboard. Source: Citrix

      Strengths:

      Areas to improve:

      • Citrix Endpoint Management is a cloud-centric, easy-to-use UEM with an upgradable interface.
      • The solution simplifies endpoint management and provides real-time visibility and notifications.
      • Citrix allows deployments on different operating systems to meet organizations' infrastructure requirements.
      • The vendor offers different licenses and pricing models, allowing businesses of different sizes to use the tool based on their budgets and requirements.
      • Some users believe that integration with external applications should be improved.
      • Deployment is not very intuitive, making implementation process challenging.
      • User may experience some lagging while opening applications on Citrix. Application is even a bit slower when using a mobile device.

      Scale remote users, enable BYOD, and drive a zero-trust strategy with IBM's modern UEM solution

      A perfect option to boost cybersecurity. Remote administration and installation are made very easy and intuitive on the platform. It is very user friendly, making implementation straightforward. It comes with four licensing options: Essential, Deluxe, Premier, and Enterprise. Check IBM's website for information on pricing and offerings.

      IBM MaaS360

      Est. 1911 | NY, USA | NYSE: IBM

      7.7

      8.4

      +86

      76%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of IBM MaaS360's dashboard.

      Screenshot of IBM MaaS360's dashboard. Source: IBM

      Strengths:

      Areas to improve:

      • IBM MaaS360 is easy to install and implement.
      • It has different pricing models to fit enterprises' needs.
      • MaaS360 is compatible with different operating systems.
      • Security management is one of the strongest features, making the tool perfect for organizations that want to improve cybersecurity.
      • Vendor support is very effective, and users find knowledge articles very helpful.
      • It has a very intuitive dashboard.
      • The tool can control organizational data, allowing you to apply BYOD policy.
      • AI Advisor with Watson provides AI-driven reporting and insights.
      • Working with iOS may not be as intuitive as other operating systems.
      • Adding or removing users in a user group is not very straightforward.
      • Some capabilities are limited to particular Android or iOS devices.
      • Deploying application packages may be a bit difficult.
      • Hardware deployment may need some manual work and is not fully automated.

      Get complete device visibility from asset discovery to lifecycle management and remediation

      A powerful tool for patch management with a great user interface. You can automate patching and improve cybersecurity, while having complete visibility into devices. According to SoftwareReviews, 100% of survey participants plan to renew their contract with Ivanti.

      Ivanti Neurons

      Est. 1985 | CA, USA | Private

      8.0

      8.0

      +81

      83%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of Ivanti Neurons UEM's dashboard.

      Screenshot of Ivanti Neurons UEM's dashboard. Source: Ivanti

      Strengths:

      Areas to improve:

      • The tool is intuitive and user friendly.
      • It's a powerful security management platform, supporting multiple operating systems.
      • Ivanti Neurons is very strong in patch management and inventory management. It helps a seamless application deployment.
      • Users can install their applications via Ivanti's portal.
      • The user interface is very powerful and easy to use.
      • AI-augmented process management automates protocols, streamlining device management and application updates.
      • Vendor is very efficient in training and provides free webinars.
      • Data integration is very easy. According to SoftwareReviews, it had a satisfaction score for ease of data integration of 86%, which makes Ivanti the top solution for this capability.
      • Data analytics is powerful but complicated.
      • Setup is easy for some teams but not as easy for others, which may cause delays for implementation.
      • Software monitoring is not as good as other competitors.

      Improve your end-user productivity and transform enterprise Apple devices

      An Apple-focused UEM with a great interface. Jamf can manage and control macOS and iOS, and it is one of the best options for Apple products, according to users' sentiments. However, it may not be a one-stop solution if you want to manage non-Apple products as well. In this case, you can use Jamf in addition to another UEM. Jamf has some integrations with Microsoft, but it may not be sufficient if you want to fully manage Windows endpoints.

      Jamf PRO

      Est. 2002 | MN, USA | NASDAQ: JAMF

      8.8

      8.7

      +87

      95%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of Jamf PRO's dashboard.

      Screenshot of Jamf PRO's dashboard. Source: Jamf

      Strengths:

      Areas to improve:

      • Jamf Pro is a unique product with an easy implementation that enables IT with minimum admin intervention.
      • It can create smart groups (based on MDM profile and user group) to automatically assign users to their pertinent apps and updates.
      • It's a very user-friendly tool, conducting device management in fewer steps than other competitors.
      • Reports are totally customizable and dynamic.
      • Notifications are easy to navigate and monitor.
      • Self-service feature enables end users to download their predefined categories of applications in the App Store.
      • It can apply single sign-on integrations to streamline user access to applications.
      • Businesses can personalize the tool with corporate logos.
      • Vendor does great for customer service when problems arise.
      • It is a costly tool relative to other competitors, pushing prospects to consider other products.
      • The learning process may be long and not easy, especially if admins do not script, or it's their first time using a UEM.

      Apply automation of traditional desktop management, software deployment, endpoint security, and patch management

      A strong choice for patch management, software deployment, asset management, and security management. There is a free version of the tool available to try get an understanding of the platform before purchasing a higher tier of the product.

      ManageEngine Endpoint Central

      Est. 1996 | India | Private

      8.3

      8.3

      +81

      88%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of ME Endpoint Central's dashboard.

      Screenshot of ME Endpoint Central's dashboard. Source: ManageEngine

      Strengths:

      Areas to improve:

      • It supports several operating systems including Windows, Mac, Linux, Android, and iOS.
      • Endpoint Central provides end-to-end monitoring, asset management, and security in a single platform.
      • Setup is simple and intuitive, and it's easy to learn and configure.
      • The reporting feature is very useful and gives you clear visibility into dashboard.
      • Combined with ME Service Desk Plus, we can call Endpoint Central an all-in-one solution.
      • The tool provides a real-time report on devices and tracks their health status.
      • It has multiple integrations with third-party solutions.
      • Tool does not automate updates, making application updates time-consuming.
      • Sometimes, patches and software deployments fail, and the tool doesn't provide any information on the reason for the failure.
      • There is no single point of contact/account manager for the clients when they have trouble with the tool.
      • Remote connection to Android devices can sometimes get a little tedious.

      Get device management and security in a single platform with a combination of Microsoft Intune and Configuration Manager

      A solution that combines Intune and ConfigMgr's capabilities into a single endpoint management suite for enrolling, managing, monitoring, and securing endpoints. It's a very cost-effective solution for enterprises in the Microsoft ecosystem, but it also supports other operating systems.

      Microsoft Endpoint Manager

      Est. 1975 | NM, USA | NASDAQ: MSFT

      8.0

      8.5

      +83

      85%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of MS Endpoint Manager's dashboard.

      Screenshot of MS Endpoint Manager's dashboard. Source: Microsoft

      Strengths:

      Areas to improve:

      • Licensing for the enterprises that use Windows as their primary operating system is more efficient and cost effective.
      • Endpoint Manager is very customizable, with the ability to assign personas to device groups.
      • Besides Windows, it manages other operating systems, such as Linux, Android, and iOS.
      • It creates endpoint security and compliance policies for BitLocker that streamlines data protection and security. It also provides SSO.
      • It provides very strong documentation and knowledgebase.
      • User interface is not as good as competitors. It's a bit clunky and complex to use.
      • The process of changing configurations on devices can be time consuming.
      • Sometimes there are service outages such as Autopilot failure, which push IT to deploy manually.
      • Location tracking is not very accurate.

      Simplify and consolidate endpoint management into a single solution and secure all devices with real-time, "over-the-air" modern management across all use cases

      A strong tool for managing and controlling mobile devices. It can access all profiles through Google and Apple, and it integrates with various IT management solutions.

      VMware Workspace ONE

      Est. 1998 | CA, USA | NYSE: VMW

      7.5

      7.4

      +71

      75%

      COMPOSITE SCORE

      CX SCORE

      EMOTIONAL FOOTPRINT

      LIKELINESS TO RECOMMEND

      DOWNLOAD REPORT

      Screenshot of Workspace ONE's dashboard.

      Screenshot of Workspace ONE's dashboard. Source: VMware

      Strengths:

      Areas to improve:

      • Workspace ONE provides lots of information about devices.
      • It provides a large list of integrations.
      • The solution supports various operating systems.
      • The platform has many out-of-the-box features and helps with security management, asset management, and application management.
      • The vendor has a community forum which users find helpful for resolving issues or asking questions about the solution.
      • It is very simple to use and provides SSO capability.
      • Implementation is relatively easy and straightforward.
      • Customization may be tricky and require expertise.
      • The solution can be more user friendly with a better UI.
      • Because of intensive processing, updates to applications take a long time.
      • The tool may sometimes be very sensitive and lock devices.
      • Analytics and reporting may need improvement.

      Review your use cases to start your shortlist

      Your Info-Tech analysts can help you narrow down the list of vendors that will meet your requirements.

      Next steps will include:

      1. Reviewing your requirements
      2. Checking out SoftwareReviews
      3. Shortlisting your vendors
      4. Conducting demos and detailed proposal reviews
      5. Selecting and contracting with a finalist!

      Activity: Define high-level features for meeting business and technical goals

      Input

      • List of endpoint management use cases
      • List of prioritized features

      Output

      • Vendor evaluation
      • Final list of candidate vendors

      Materials

      • Whiteboard/flip charts
      • Laptop
      • UEM Requirements Workbook

      Participants

      • CIO
      • IT manager
      • Infrastructure & Applications directors
      • Project managers

      Activity: Define top-level features for meeting business and technical goals

      As there are many solutions in the market that share capabilities, it is imperative to closely evaluate how well they fulfill your endpoint management requirements.
      Use the UEM Requirements Workbook to identify your desired endpoint solution features and compare vendor solution functionality based on your desired features.

      1. Refer to the output of the previous activity, the identified use cases in the spreadsheet.
      2. List the features you want in an endpoint solution for your devices that will fulfill these use cases. Record those features in the second column ("Detailed Feature").
      3. Prioritize each feature (must have, should have, nice to have, not required).
      4. Send this list to candidate vendors.
      5. When you finish your investigation, review the spreadsheet to compare the various offerings and pros and cons of each solution.

      Info-Tech Insight

      The output of this activity can be used for a detailed evaluation of UEM vendors. The next steps will be vendor briefing and having further discussion on technical capabilities and conducting demos of solutions. Info-Tech's blueprint, The Rapid Application Selection Framework, takes you to these next steps.

      This is a screenshot showing the high value use cases table from The Rapid Application Selection Framework.

      Download the UEM Requirements Workbook

      Leverage Info-Tech's research to plan and execute your endpoint management selection and implementation

      Use Info-Tech Research Group's blueprints for selection and implementation processes to guide your own planning.

      • Assess
      • Prepare
      • Govern & Course Correct

      This is a screenshot of the title pages from INfo-tech's Governance and management of enterprise Software Implementaton; and The Rapid Applicaton Selection Framework.

      Ensure your implementation team has a high degree of trust and communication

      If external partners are needed, dedicate an internal resource to managing the vendor and partner relationships.

      Communication

      Teams must have some type of communication strategy. This can be broken into:

      • Regularity: Having a set time each day to communicate progress and a set day to conduct retrospectives.
      • Ceremonies: Injecting awards and continually emphasizing delivery of value can encourage relationship building and constructive motivation.
      • Escalation: Voicing any concerns and having someone responsible for addressing those concerns.

      Proximity

      Distributed teams create complexity because communication can break down more easily. This can be mitigated by:

      • Location: Placing teams in proximity can close the barrier of geographical distance and time zone differences.
      • Inclusion: Making a deliberate attempt to pull remote team members into discussions and ceremonies.
      • Communication Tools: Having the right technology (e.g. video conference) can help bring teams closer together virtually.

      Trust

      Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:

      Accountability: Having frequent quality reviews and feedback sessions. As work becomes more transparent, people become more accountable.

      • Role Clarity: Having a clear definition of what everyone's role is.

      Implementation with a partner typically results in higher satisfaction

      Align your implementation plans with both the complexity of the solution and internal skill levels

      Be clear and realistic in your requirements to the vendor about the level of involvement you need to be successful.

      Primary reasons to use a vendor:

      • Lack of skilled resources: For solutions with little configuration change happening after the initial installation, the ramp-up time for an individual to build skills for a single event is not practical.
      • Complexity of solution: Multiple integrations, configurations, modules, and even acquisitions that haven't been fully integrated in the solution you choose can make it difficult to complete the installation and rollout on time and on budget. Troubleshooting becomes even more complex if multiple vendors are involved.
      • Data migration: Decide what information will be valuable to transfer to the new solution and which will not benefit your organization. Data structure and residency can both be factors in the complexity of this exercise.

      This is an image of a bar graph showing the Satisfaction Net Promotor Score by Implementation type and Organization Size.

      Source: SoftwareReviews, January 2020 to January 2023, N= 20,024 unique reviews

      To ensure your SOW is mutually beneficial, download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable.

      Consider running a proof of concept if concerns are expressed about the feasibility of the chosen solution

      Proofs of concept (PoCs) can be time consuming, so make good choices on where to spend the effort

      Create a PoC charter that will enable a quick evaluation of the defined use cases and functions. These key dimensions should form the PoC.

      1. Objective – Giving an overview of the planned PoC will help to focus and clarify the rest of this section. What must the PoC achieve? Objectives should be specific, measurable, attainable, relevant, and time bound. Outline and track key performance indicators.
      2. Key Success Factors – These are conditions that will positively impact the PoC's success.
      3. Scope – High-level statement of scope. More specifically, state what is in scope and what is out of scope.
      4. Project Team – Identify the team's structure, e.g. sponsors, subject matter experts.
      5. Resource Estimation – Identify what resources (time, materials, space, tools, expertise, etc.) will be needed to build and socialize your prototype. How will they be secured?

      An image of two screenshots from Info-Tech Research Group showing documentaton used to generate effective proof of concepts.

      To create a full proof of concept plan, download the Proof of Concept Template and see the instructions in Phase 3 of the blueprint Exploit Disruptive Infrastructure Technology.

      Selecting a right-sized endpoint management platform

      This selection guide allows organizations to execute a structured methodology for picking a UEM platform that aligns with their needs. This includes:

      • Identifying and prioritizing key business and technology drivers for an endpoint management selection business case.
      • Defining key use cases and requirements for a right-sized UEM platform.
      • Reviewing a comprehensive market scan of key players in the UEM marketspace.

      This formal UEM selection initiative will map out requirements and identify technology capabilities to fill the gap for better endpoint management. It also allows a formal roll-out of a UEM platform that is highly likely to satisfy all stakeholder needs.

      If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.

      Contact your account representative for more information

      workshops@infotech.com
      1-888-670-8889

      Summary of Accomplishment

      Knowledge Gained

      • What endpoint management is
      • Historical origins and evolution of endpoint management platforms
      • Current trends and future state of endpoint management platforms

      Processes Optimized

      • Identifying use cases
      • Gathering requirements
      • Reviewing market key players and their capabilities
      • Selecting a UEM tool that fulfills your requirements

      UEM Solutions Analyzed

      • CISCO Meraki
      • Citrix Endpoint Management
      • IBM MaaS360
      • Ivanti Neurons UEM
      • Jamf Pro
      • ManageEngine Endpoint Central
      • Microsoft Endpoint Manager
      • VMware Workspace ONE

      Related Info-Tech Research

      Modernize and Transform Your End-User Computing Strategy

      This project helps support the workforce of the future by answering the following questions: What types of computing devices, provisioning models, and operating systems should be offered to end users? How will IT support devices? What are the policies and governance surrounding how devices are used? What actions are we taking and when? How do end-user devices support larger corporate priorities and strategies?

      Best Unified Endpoint Management (UEM) Software | SoftwareReviews

      Compare and evaluate Unified Endpoint Management vendors using the most in-depth and unbiased buyer reports available. Download free comprehensive 40+ page reports to select the best Unified Endpoint Management software for your organization.

      The Rapid Application Selection Framework

      This blueprint walks you through a process for a fast and efficient selection of your prospective application. You will be enabled to use a data-driven approach to select the right application vendor for your needs, shatter stakeholder expectations with truly rapid application selections, boost collaboration and crush the broken telephone with concise and effective stakeholder meetings, and lock in hard savings.

      Bibliography

      "BYOD Security Report." Cybersecurity Insiders, 2021. Accessed January 2023.
      "Cloud Infrastructure Services Market." MarketsAnd Markets, 2019. Accessed December 2022.
      Evans, Alma. "Mastering Mobility Management: MDM Vs. EMM Vs. UEM." Hexnode, 2019. Accessed November 2022.
      "Evercore-ISI Quarterly Enterprise Technology Spending Survey." Evercore-ISI, 2022. Accessed January 2023.
      "5G Service Revenue to Reach $315 Billion Globally in 2023." Jupiter Research, 2022. Accessed January 2023.
      Hein, Daniel. "5 Common Unified Endpoint Management Use Cases You Need to Know." Solutions Review, 2020. Accessed January 2023.
      "Mobile Device Management Market Size, Share & COVID-19 Impact Analysis." Fortune Business Insights, 2021. Accessed December 2022.
      Ot, Anina. "The Unified Endpoint Management (UEM) Market." Datamation, 14 Apr. 2022. Accessed Jan. 2023.
      Poje, Phil. "CEO Corner: 4 Trends in Unified Endpoint Management for 2023." Tech Orchard, 2022. Accessed January 2023.
      "The Future of UEM November 2021 Webinar." Ivanti, 2021. Accessed January 2023.
      "The Third Annual Study on the State of Endpoint Security Risk." Ponemon Institute, 2020. Accessed December 2022.
      "The Ultimate Guide to Unified Endpoint Management (UEM)." MobileIron. Accessed January 2023.
      "Trends in Unified Endpoint Management." It Pro Today, 2018. Accessed January 2023.
      Turek, Melanie. "Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research." Samsung Insights, 3 Aug. 2016.
      "2023 State of Security Report." Cybersecurity Insiders, 2022. Accessed January 2023.
      Violino, Bob. "Enterprise Mobility 2022: UEM Adds User Experience, AI, Automation." Computerworld, 2022. Accessed January 2023.
      Violino, Bob. "How to Choose the Right UEM Platform." Computerworld, 2021. Accessed January 2023.
      Violino, Bob. "UEM Vendor Comparison Chart 2022." Computerworld, 2022. Accessed January 2023.
      Wallent, Michael. "5 Endpoint Management Predictions for 2023." Microsoft, 2022. Accessed January 2023.
      "What Is the Difference Between MDM, EMM, and UEM?" 42Gears, 2017. Accessed November 2022.

      Business Continuity

      • Buy Link or Shortcode: {j2store}36|cart{/j2store}
      • Related Products: {j2store}36|crosssells{/j2store}
      • member rating overall impact: 9.2/10
      • member rating average dollars saved: $30,547
      • member rating average days saved: 37
      • Parent Category Name: Security and Risk
      • Parent Category Link: /security-and-risk

      The challenge

      • Recent crises have put business continuity firmly on the radar with executives. The pressures mount to have a proper BCP in place.

      • You may be required to show regulators and oversight bodies proof of having your business continuity processes under control.
      • Your customers want to know that you can continue to function under adverse circumstances and may require proof of your business continuity practices and plans.
      • While your company may put the BCM function in facility management or within the business, it typically falls upon IT leaders to join the core team to set up the business continuity plans.

      Our advice

      Insight

      • Business continuity plans require the cooperation and input from all departments with often conflicting objectives.
      • For most medium-sized companies, BCP activities do not require a full-time position. 
      • While the set up of a BCP is an epic or project, embed the maintenance and exercises in its regular activities.
      • As an IT leader in your company, you have the skillset and organizational overview to lead a BCP set up. It is the business that must own the plans. They know their processes and know where to prioritize.
      • The traditional approach to creating a BCP is a considerable undertaking. Most companies will hire one or more consultants to guide them. If you want to do this in-house, then carve up the work into discrete tasks to make it more manageable. Our blueprint explains to you how to do that.

      Impact and results 

      • You have a structured and straightforward process that you can apply to one business unit or department at a time.
      • Start with a pilot, and use the results to fine-tune your approach, fill the gaps while at the same time slowly reducing your business continuity exposure. Repeat the process for each department or team.
      • Enable the business to own the plans. Develop templates that they can use.
      • Leverage the BCP project's outcome and refine your disaster recovery plans to ensure alignment with the overall BCP.

      The roadmap

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      Get started

      Our concise executive brief shows you why you should develop a sound business continuity practice in your company. We'll show you our methodology and the ways we can help you in completing this.

      Identify your current maturity and document process dependencies.

      Choose a medium-sized department and build a team. Identify that department's processes, dependencies, and alternatives.

      • BCP Maturity Scorecard (xls)
      • BCP Pilot Project Charter Template (doc)
      • BCP Business Process Workflows Example (Visio)
      • BCP Business Process Workflows Example (PDF)

      Conduct a business impact analysis to determine what needs to recover first and how much (if any) data you can afford to lose in a disaster.

      Define an objective impact scoring scale for your company. Have the business estimate the impact of downtime and set your recovery targets.

      • BCP Business Impact Analysis Tool (xls)

      Document the recovery workflow entirely.

      The need for clarity is critical. In times when you need the plans, people will be under much higher stress. Build the workflow for the steps necessary to rebuild. Identify gaps and brainstorm on how to close them. Prioritize solutions that mitigate the remaining risks.

      • BCP Tabletop Planning Template (Visio)
      • BCP Tabletop Planning Template (PDF)
      • BCP Project Roadmap Tool
      • BCP Relocation Checklists

      Report the results of the pilot BCP and implement governance.

      Present the results of the pilot and propose the next steps. Assign BCM teams or people within each department. Update and maintain the overall BCMS documentation.

      • BCP Pilot Results Presentation (ppt)
      • BCP Summary (doc)
      • Business Continuity Teams and Roles Tool (xls)

      Additional business continuity tools and templates

      These can help with the creation of your BCP.

      • BCP Recovery Workflow Example (Visio)
      • BCP Recovery Workflow Example (PDF)
      • BCP Notification, Assessment, and Disaster Declaration Plan (doc)
      • BCP Business Process Workarounds and Recovery Checklists (doc)
      • Business Continuity Management Policy (doc)
      • Business Unit BCP Prioritization Tool (xls)
      • Industry-Specific BIA Guidelines (zip)
      • BCP-DRP Maintenance Checklist (xls)
      • Develop a COVID-19 Pandemic Response Plan Storyboard (ppt)

       

      The Complete Manual for Layoffs

      • Buy Link or Shortcode: {j2store}514|cart{/j2store}
      • member rating overall impact: 10.0/10 Overall Impact
      • member rating average dollars saved: $30,999 Average $ Saved
      • member rating average days saved: 20 Average Days Saved
      • Parent Category Name: Lead
      • Parent Category Link: /lead

      When the economy is negatively influenced by factors beyond any organization’s control, the impact can be felt almost immediately on the bottom line. This decline in revenue as a result of a weakening economy will force organizations to reconsider every dollar they spend.

      Our Advice

      Critical Insight

      • The remote work environment many organizations find themselves in adds a layer of complexity to the already sensitive process of laying off employees.
      • Carrying out layoffs must be done while keeping personal contact as your first priority. That personal contact should be the basis for all subsequent communication with laid-off and remaining staff, even after layoffs have occurred.

      Impact and Result

      By following our process, we can provide your organization with the direction, tools, and best practices to lay off employees. This will need to be done with careful consideration into your organization’s short- and longer-term strategic goals.

      The Complete Manual for Layoffs Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Prepare for layoffs

      Understand the most effective cost-cutting solutions and set layoff policies and guidelines.

      • The Complete Manual for Layoffs Storyboard
      • Layoffs SWOT Analysis Template
      • Redeployment and Layoff Strategy Workbook
      • Sample Layoffs Policy
      • Cost-Cutting Planning Tool
      • Termination Costing Tool

      2. Objectively identify employees

      Develop an objective layoff selection method and plan for the transfer of essential responsibilities.

      • Workforce Planning Tool
      • Employee Layoff Selection Tool

      3. Prepare to meet with employees

      Plan logistics, training, and a post-layoff plan communication.

      • Termination Logistics Tool
      • IT Knowledge Transfer Risk Assessment Tool
      • IT Knowledge Transfer Plan Template
      • IT Knowledge Identification Interview Guide Template
      • Knowledge Transfer Job Aid
      • Layoffs Communication Package

      4. Meet with employees

      Collaborate with necessary departments and deliver layoffs notices.

      • Employee Departure Checklist Tool

      5. Monitor and manage departmental effectiveness

      Plan communications for affected employee groups and monitor organizational performance.

      • Ten Ways to Connect With Your Employees
      • Creating Connections
      [infographic]

      Activate Your Augmented Reality Initiative

      • Buy Link or Shortcode: {j2store}465|cart{/j2store}
      • member rating overall impact: 10.0/10 Overall Impact
      • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
      • member rating average days saved: Read what our members are saying
      • Parent Category Name: Customer Relationship Management
      • Parent Category Link: /customer-relationship-management
      • Augmented reality is a new technology and use cases are still emerging. Organizations have to work hard to stay ahead of the curve and predict how they will be impacted.
      • There are limited off-the-shelf augmented reality solutions in terms of business applications. IT not only needs to understand the emerging augmented reality hardware, but also the plethora of development platforms.

      Our Advice

      Critical Insight

      • Augmented reality presents a new avenue to solve problems that cannot be addressed efficiently with existing technology. It is a new tool that will impact the way you work.
      • Beyond addressing existing problems, augmented reality will provide the ability to differently execute business processes. Current processes have been designed with existing systems and capabilities in mind. Augmented reality impacts organizational design processes that are more complex.
      • As a technology with an evolving set of use cases, IT and the business must anticipate some of the challenges that may arise with the use of augmented reality (e.g. health and safety, application development, regulatory).

      Impact and Result

      • Our methodology addresses the possible issues by using a case-study approach to demonstrate the “art of the possible” for augmented reality.
      • With an understanding of augmented reality, it is possible to find applicable use cases for this emerging technology and get a leg up on competitors.
      • By utilizing Info-Tech’s Augmented Reality Use Case Picklist and the Augmented Reality Stakeholder Presentation Template, the IT team and their business stakeholders can confidently approach augmented reality adoption.

      Activate Your Augmented Reality Initiative Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why your organization should care about augmented reality’s potential to transform the workplace and how Info-Tech will support you as you identify and build your augmented reality use case.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Understand augmented reality

      Analyze the four key benefits of augmented reality to understand how the technology can resolve industry issues.

      • Activate Your Augmented Reality Initiative – Phase 1: Understand Augmented Reality
      • Augmented Reality Glossary

      2. Finding space for augmented reality

      Develop and prioritize use cases for augmented reality using Info-Tech’s AR Initiative Framework.

      • Activate Your Augmented Reality Initiative – Phase 2: Finding Space for Augmented Reality
      • Augmented Reality Use Case Picklist

      3. Communicate project decisions to stakeholders

      Present the augmented reality initiative to stakeholders and understand the way forward for the AR initiative.

      • Activate Your Augmented Reality Initiative – Phase 3: Communicate Project Decisions to Stakeholders
      • Augmented Reality Stakeholder Presentation Template
      [infographic]

      Workshop: Activate Your Augmented Reality Initiative

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Understand Augmented Reality and Its Use Cases

      The Purpose

      Understand the fundamentals of augmented reality technology and its real-world business applications.

      Key Benefits Achieved

      A prioritized list of augmented reality use cases.

      Activities

      1.1 Introduce augmented reality technology.

      1.2 Understand augmented reality use cases.

      1.3 Review augmented reality case studies.

      Outputs

      An understanding of the history and current state of augmented reality technology.

      An understanding of “the art of the possible” for augmented reality.

      An enhanced understanding of augmented reality.

      2 Conduct an Environmental Scan and Internal Review

      The Purpose

      Examine where the organization stands in the current competitive environment.

      Key Benefits Achieved

      Understanding of what is needed from an augmented reality initiative to differentiate your organization from its competitors.

      Activities

      2.1 Environmental analysis (PEST+SWOT).

      2.2 Competitive analysis.

      2.3 Listing of interaction channels and disposition.

      Outputs

      An understanding of the internal and external propensity for augmented reality.

      An understanding of comparable organizations’ approach to augmented reality.

      A chart with the disposition of each interaction channel and its applicability to augmented reality.

      3 Parse Critical Technology Drivers

      The Purpose

      Determine which business processes will be affected by augmented reality.

      Key Benefits Achieved

      Understanding of critical technology drivers and their KPIs.

      Activities

      3.1 Identify affected process domains.

      3.2 Brainstorm impacts of augmented reality on workflow enablement.

      3.3 Distill critical technology drivers.

      3.4 Identify KPIs for each driver.

      Outputs

      A list of affected process domains.

      An awareness of critical technology drivers for the augmented reality initiative.

      Drive Technology Adoption

      • Buy Link or Shortcode: {j2store}111|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Strategy and Organizational Design
      • Parent Category Link: /strategy-and-organizational-design

      The project isn’t over if the new product or system isn’t being used. How do you ensure that what you’ve put in place isn’t going to be ignored or only partially adopted? People are more complicated than any new system and managing them through the change needs careful planning.

      Our Advice

      Critical Insight

      Cultivating a herd mentality, where people adopt new technology merely because everyone else is, is an important goal in getting the bulk of users using the new product or system. The herd needs to gather momentum though and this can be done by using the more tech-able and enthused to lead the rest on the journey. Identifying and engaging these key resources early in the process will greatly assist in starting the flow.

      Impact and Result

      While communication is key throughout, involving staff in proof-of-concept activities and contests and using the train-the-trainer techniques and technology champions will all start the momentum toward technology adoption. Group activities will address the bulk of users, but laggards may need special attention.

      Drive Technology Adoption Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Drive Technology Adoption – A brief deck describing how to encourage users to adopt newly implemented technology.

      This document will help you to ensure that newly implemented systems and technologies are correctly adopted by the intended recipients.

      • Drive Technology Adoption Storyboard
      [infographic]

      Further reading

      Drive Technology Adoption

      The project is over. The new technology is implemented. Now how do we make sure it's used?

      Executive Summary

      Your Challenge

      Technology endlessly changes and evolves. Similarly, business directions and requirements change, and these changes need to be supported by technology. Improved functionality and evolvement of systems, along with systems becoming redundant or unsupported, means that maintaining a static environment is virtually impossible.

      Enormous amounts of IT budget are allocated to these changes each year. But once the project is over, how do you manage that change and ensure the systems are being used? Planning your technology adoption is vital.

      Common Obstacles

      The obstacles to technology adoption can be many and various, covering a broad spectrum of areas including:

      • Reluctance of staff to let go of familiar processes and procedures.
      • Perception that any change will add complications but not add value, thereby hampering enthusiasm to adopt.
      • Lack of awareness of the change.
      • General fear of change.
      • Lack of personal confidence.

      Info-Tech’s Approach

      Start by identifying, understanding, categorizing, and defining barriers and put in place a system to:

      • Gain an early understanding of the different types of users and their attitudes to technology and change.
      • Review different adoption techniques and analyze which are most appropriate for your user types.
      • Use a “Follow the Leader” approach, by having technical enthusiasts and champions to show the way.
      • Prevent access to old systems and methods.

      Info-Tech Insight

      For every IT initiative that will be directly used by users, consider the question, “Will the final product be readily accepted by those who are going to use it?” There is no point in implementing a product that no one is prepared to use. Gaining user acceptance is much more than just ticking a box in a project plan once UAT is complete.

      The way change should happen is clear

      Prosci specializes in change. Its ADKAR model outlines what’s required to bring individuals along on the change journey.

      AWARENESS

      • Awareness means more than just knowing there’s a change occurring,
      • it means understanding the need for change.

      DESIRE

      • To achieve desire, there needs to be motivation, whether it be from an
      • organizational perspective or personal.

      KNOWLEDGE

      • Both knowledge on how to train during the transition and knowledge
      • on being effective after the change are required. This can only be done
      • once awareness and desire are achieved.

      ABILITY

      • Ability is not knowledge. Knowing how to do something doesn’t necessarily translate to having the skills to do it.

      REINFORCEMENT

      • Without reinforcement there can be a tendency to revert.

      When things go wrong

      New technology is not being used

      The project is seen as complete. Significant investments have been made, but the technology either isn’t being used or is only partially in use.

      Duplicate systems are now in place

      Even worse. The failure to adopt the new technology by some means that the older systems are still being used. There are now two systems that fail to interact; business processes are being affected and there is widespread confusion.

      Benefits not being realized

      Benefits promised to the business are not being realized. Projected revenue increases, savings, or efficiencies that were forecast are now starting to be seen as under threat.

      There is project blowout

      The project should be over, but the fact that the technology is not being used has created a perception that the implementation is not complete and the project needs to continue.

      Info-Tech Insight

      People are far more complicated than any technology being implemented.

      Consider carefully your approach.

      Why does it happen?

      POOR COMMUNICATION

      There isn’t always adequate communications about what’s changing in the workplace.

      FEAR

      Fear of change is natural and often not rational. Whether the fear is about job loss or not being able to adapt to change; it needs to be managed.

      TRAINING

      Training can be insufficient or ineffective and when this happens people are left feeling like they don’t have the skills to make the change.

      LACK OF EXECUTIVE SUPPORT

      A lack of executive support for change means the change is seen as less important.

      CONFLICTING VIEWS OF CHANGE

      The excitement the project team and business feels about the change is not necessarily shared throughout the business. Some may just see the change as more work, changing something that already works, or a reason to reduce staff levels.

      LACK OF CONFIDENCE

      Whether it’s a lack of confidence generally with technology or concern about a new or changing tool, a lack of confidence is a huge barrier.

      BUDGETARY CONSTRAINTS

      There is a cost with managing people during a change, and budget must be allocated to allow for it.

      Communications

      Info-Tech Insight

      Since Sigmund Freud there has been endless work to understand people’s minds.
      Don’t underestimate the effect that people’s reactions to change can have on your project.

      This is a Kubler-ross change curve graph, plotting the following Strategies: Create Alignment; Maximize Communication; Spark Motivation; Develop Capability; Share Knowledge

      Communication plans are designed to properly manage change. Managing change can be easier when we have the right tools and information to adapt to new circumstances. The Kubler-Ross change curve illustrates the expected steps on the path to acceptance of change. With the proper communications strategy, each can be managed appropriately

      Analyst perspective

      Paul Binns – Principal Research Advisor, Info-Tech

      The rapidly changing technology landscape in our world has always meant that an enthusiasm or willingness to embrace change has been advantageous. Many of us have seen how the older generation has struggled with that change and been left behind.

      In the work environment, the events of the past two years have increased pressure on those slow to adopt as in many cases they couldn't perform their tasks without new tools. Previously, for example, those who may have been reluctant to use digital tools and would instead opt for face-to-face meetings, suddenly found themselves without an option as physical meetings were no longer possible. Similarly, digital collaboration tools that had been present in the market for some time were suddenly more heavily used so everyone could continue to work together in the “online world.”

      At this stage no one is sure what the "new normal" will be in the post-pandemic world, but what has been clearly revealed is that people are prepared to change given the right motivation.

      “Technology adoption is about the psychology of change.”
      Bryan Tutor – Executive Counsellor, Info-Tech

      The Fix

      • Categorize Users
        • Gain a clear understanding of your user types.
      • Identify Adoption Techniques
        • Understand the range of different tools and techniques available.
      • Match Techniques To Categories
        • Determine the most appropriate techniques for your user base.
      • Follow-the-Leader
        • Be aware of the different skills in your environment and use them to your advantage.
      • Refresh, Retrain, Restrain
        • Prevent reversion to old methods or systems.

      Categories

      Client-Driven Insight

      Consider your staff and industry when looking at the Everett Rogers curve. A technology organization may have less laggards than a traditional manufacturing one.

      In Everett Rogers’ book Diffusion of Innovations 5th Edition (Free Press, 2005), Rogers places adopters of innovations into five different categories.

      This is an image of an Innovation Adoption Curve from Everett Rogers' book Diffusion of Innovations 5th Edition

      Category 1: The Innovator – 2.5%

      Innovators are technology enthusiasts. Technology is a central interest of theirs, either at work, at home, or both. They tend to aggressively pursue new products and technologies and are likely to want to be involved in any new technology being implemented as soon as possible, even before the product is ready to be released.

      For people like this the completeness of the new technology or the performance can often be secondary because of their drive to get new technology as soon as possible. They are trailblazers and are not only happy to step out of their comfort zone but also actively seek to do so.

      Although they only make up about 2.5% of the total, their enthusiasm, and hopefully endorsement of new technology, offers reassurance to others.

      Info-Tech Insight

      Innovators can be very useful for testing before implementation but are generally more interested in the technology itself rather than the value the technology will add to the business.

      Category 2: The Early Adopter – 13.5%

      Whereas Innovators tend to be technologists, Early Adopters are visionaries that like to be on board with new technologies very early in the lifecycle. Because they are visionaries, they tend to be looking for more than just improvement – a revolutionary breakthrough. They are prepared to take high risks to try something new and although they are very demanding as far as product features and performance are concerned, they are less price-sensitive than other groups.

      Early Adopters are often motivated by personal success. They are willing to serve as references to other adopter groups. They are influential, seen as trendsetters, and are of utmost importance to win over.

      Info-Tech Insight

      Early adopters are key. Their enthusiasm for technology, personal drive, and influence make them a powerful tool in driving adoption.

      Category 3: The Early Majority – 34%

      This group is comprised of pragmatists. The first two adopter groups belong to early adoption, but for a product to be fully adopted the mainstream needs to be won over, starting with the Early Majority.

      The Early Majority share some of the Early Adopters’ ability to relate to technology. However, they are driven by a strong sense of practicality. They know that new products aren’t always successful. Consequently, they are content to wait and see how others fare with the technology before investing in it themselves. They want to see well-established references before adopting the technology and to be shown there is no risk.

      Because there are so many people in this segment (roughly 34%), winning these people over is essential for the technology to be adopted.

      Category 4: The Late Majority – 34%

      The Late Majority are the conservatives. This group is generally about the same size as the Early Majority. They share all the concerns of the Early Majority; however, they are more resistant to change and are more content with the status quo than eager to progress to new technology. People in the Early Majority group are comfortable with their ability to handle new technology. People in the Late Majority are not.

      As a result, these conservatives prefer to wait until something has become an established standard and take part only at the end of the adoption period. Even then, they want to see lots of support and ensure that there is proof there is no risk in them adopting it.

      Category 5: The Laggard – 16%

      This group is made up of the skeptics and constitutes 16% of the total. These people want nothing to do with new technology and are generally only content with technological change when it is invisible to them. These skeptics have a strong belief that disruptive new technologies rarely deliver the value promised and are almost always worried about unintended consequences.

      Laggards need to be dealt with carefully as their criticism can be damaging and without them it is difficult for a product to become fully adopted. Unfortunately, the effort required for this to happen is often disproportional to the size of the group.

      Info-Tech Insight

      People aren’t born laggards. Technology projects that have failed in the past can alter people’s attitudes, especially if there was a negative impact on their working lives. Use empathy when dealing with people and respect their hesitancy.

      Adoption Techniques

      Different strokes for different folks

      Technology adoption is all about people; and therefore, the techniques required to drive that adoption need to be people oriented.

      The following techniques are carefully selected with the intention of being impactful on all the different categories described previously.

      Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

      There are multitudes of different methods to get people to adopt new technology, but which is the most appropriate for your situation? Generally, it’s a combination.

      Technology Adoption: Herd Mentality; Champions; Force; Group Training; One-on-One; Contests; Marketing; Proof of Concept; Train the Trainer

      Train the Trainer

      Use your staff to get your message across.

      Abstract

      This technique involves training key members of staff so they can train others. It is important that those selected are strong communicators, are well respected by others, and have some expertise in technology.

      Advantages

      • Cost effective
      • Efficient dissemination of information
      • Trusted internal staff

      Disadvantages

      • Chance of inconsistent delivery
      • May feel threatened by co-worker

      Best to worst candidates

      • Early Adopter: Influential trendsetters. Others receptive of their lead.
      • Innovator: Comfortable and enthusiastic about new technology, but not necessarily a trainer.
      • Early Majority: Tendency to take others’ lead.
      • Late Majority: Risk averse and tend to follow others, only after success is proven.
      • Laggard: Last to adopt usually. Unsuitable as Trainer.

      Marketing

      Marketing should be continuous throughout the change to encourage familiarity.

      Abstract

      Communication is key as people are comfortable with what is familiar to them. Marketing is an important tool for convincing adopters that the new product is mainstream, widely adopted and successful.

      Advantages

      • Wide communication
      • Makes technology appear commonplace
      • Promotes effectiveness of new technology

      Disadvantages

      • Reliant on staff interest
      • Can be expensive

      Best to worst candidates

      • Early Majority: Pragmatic about change. Marketing is effective encouragement.
      • Early Adopter: Receptive and interested in change. Marketing is supplemental.
      • Innovator: Actively seeks new technology. Does not need extensive encouragement.
      • Late Majority: Requires more personal approach.
      • Laggard: Resistant to most enticements.

      One-on-One

      Tailored for individuals.

      Abstract

      One-on-one training sometimes is the only way to train if you have staff with special needs or who are performing unique tasks.
      It is generally highly effective but inefficient as it only addresses individuals.

      Advantages

      • Tailored to specific need(s)
      • Only relevant information addressed
      • Low stress environment

      Disadvantages

      • Expensive
      • Possibility of inconsistent delivery
      • Personal conflict may render it ineffective

      Best to worst candidates

      • Laggard: Encouragement and cajoling can be used during training.
      • Late Majority: Proof can be given of effectiveness of new product.
      • Early Majority: Effective, but not cost efficient.
      • Early Adopter: Effective, but not cost-efficient.
      • Innovator: Effective, but not cost-efficient.

      Group Training

      Similar roles, attitudes, and abilities.

      Abstract

      Group training is one of the most common methods to start people on their journey toward new technology. Its effectiveness with the two largest groups, Early Majority and Late Majority, make it a primary tool in technology adoption.

      Advantages

      • Cost effective
      • Time effective
      • Good for team building

      Disadvantages

      • Single method may not work for all
      • Difficult to create single learning pace for all

      Best to worst candidates

      • Early Majority: Receptive. The formality of group training will give confidence.
      • Late Majority: Conservative attitude will be receptive to traditional training.
      • Early Adopter: Receptive and attentive. Excited about the change.
      • Innovator: Will tend to want to be ahead or want to move ahead of group.
      • Laggard: Laggards in group training may have a negative impact.

      Force

      The last resort.

      Abstract

      The transition can’t go on forever.

      At some point the new technology needs to be fully adopted and if necessary, force may have to be used.

      Advantages

      • Immediate full transition
      • Fixed delivery timeline

      Disadvantages

      • Alienation of some staff
      • Loss of faith in product if there are issues

      Best to worst candidates

      • Laggard: No choice but to adopt. Forces the issue.
      • Late Majority: Removes issue of reluctance to change.
      • Early Majority: Content, but worried about possible problems.
      • Early Adopter: Feel less personal involvement in change process.
      • Innovator: Feel less personal involvement in change process.

      Contests

      Abstract

      Contests can generate excitement and create an explorative approach to new technology. People should not feel pressured. It should be enjoyable and not compulsory.

      Advantages

      • Rapid improvement of skills
      • Bring excitement to the new technology
      • Good for team building

      Disadvantages

      • Those less competitive or with lower skills may feel alienated
      • May discourage collaboration

      Best to worst candidates

      • Early Adopter: Seeks personal success. Risk taker. Effective.
      • Innovator: Enthusiastic to explore limits of technology.
      • Early Majority: Less enthusiastic. Pragmatic. Less competitive.
      • Late Majority: Conservative. Not enthusiastic about new technology.
      • Laggard: Reluctant to get involved.

      Incentives

      Incentives don’t have to be large.

      Abstract

      For some staff, merely taking management’s lead is not enough. Using “Nudge” techniques to give that extra incentive is quite effective. Incentivizing staff either financially or through rewards, recognition, or promotion is a successful adoption technique for some.

      Advantages

      Encouragement to adopt from receiving tangible benefit

      Draws more attention to the new technology

      Disadvantages

      Additional expense to business or project

      Possible poor precedent for subsequent changes

      Best to worst candidates

      Early Adopter: Desire for personal success makes incentives enticing.

      Early Majority: Prepared to change, but extra incentive will assist.

      Late Majority: Conservative attitude means incentive may need to be larger.

      Innovator: Enthusiasm for new technology means incentive not necessary.

      Laggard: Sceptical about change. Only a large incentive likely to make a difference.

      Champions

      Strong internal advocates for your new technology are very powerful.

      Abstract

      Champions take on new technology and then use their influence to promote it in the organization. Using managers as champions to actively and vigorously promote the change is particularly effective.

      Advantages

      • Infectious enthusiasm encourages those who tend to be reluctant
      • Use of trusted internal staff

      Disadvantages

      • Removes internal staff from regular duties
      • Ineffective if champion not respected

      Best to worst candidates

      • Early Majority: Champions as references of success provide encouragement.
      • Late Majority: Management champions in particular are effective.
      • Laggard: Close contact with champions may be effective.
      • Early Adopter: Receptive of technology, less effective.
      • Innovator: No encouragement or promotion required.

      Herd Mentality

      Follow the crowd.

      Abstract

      Herd behavior is when people discount their own information and follow others. Ideally all adopters would understand the reason and advantages in adopting new technology, but practically, the result is most important.

      Advantages

      • New technology is adopted without question
      • Increase in velocity of adoption

      Disadvantages

      • Staff may not have clear understanding of the reason for change and resent it later
      • Some may adopt the change before they are ready to do so

      Best to worst candidates

      • Early Majority: Follow others’ success.
      • Late Majority: Likely follow an established proven standard.
      • Early Adopter: Less effective as they prefer to set trends rather than follow.
      • Innovator: Seeks new technology rather than following others.
      • Laggard: Suspicious and reluctant to change.

      Proof of Concepts

      Gain early input and encourage buy-in.

      Abstract

      Proof of concept projects give early indications of the viability of a new initiative. Involving the end users in these projects can be beneficial in gaining their support

      Advantages

      Involve adopters early on

      Valuable feedback and indications of future issues

      Disadvantages

      If POC isn’t fully successful, it may leave lingering negativity

      Usually, involvement from small selection of staff

      Best to worst candidates

      • Innovator: Strong interest in getting involved in new products.
      • Early Adopter: Comfortable with new technology and are influencers.
      • Early Majority: Less interest. Prefer others to try first.
      • Late Majority: Conservative attitude makes this an unlikely option.
      • Laggard: Highly unlikely to get involved.

      Match techniques to categories

      What works for who?

      This clustered column chart categorizes techniques by category

      Follow the leader

      Engage your technology enthusiasts early to help refine your product, train other staff, and act as champions. A combination of marketing and group training will develop a herd mentality. Finally, don’t neglect the laggards as they can prevent project completion.

      This is an inverted funnel chart with the output of: Change Destination.  The inputs are: 16% Laggards; 34% Late Majority; 34% Early Majority; 13.3% Early Adopters; 2% Innovators

      Info-Tech Insight

      Although there are different size categories, none can be ignored. Consider your budget when dealing with smaller groups, but also consider their impact.

      Refresh, retrain, restrain

      We don’t want people to revert.

      Don’t assume that because your staff have been trained and have access to the new technology that they will keep using it in the way they were trained. Or that they won’t revert back to their old methods or system.

      Put in place methods to remove completely or remove access to old systems. Schedule refresh training or skill enhancement sessions and stay vigilant.

      Research Authors

      Paul Binns

      Paul Binns

      Principal Research Advisor, Info-Tech Research Group

      With over 30 years in the IT industry, Paul brings to his work his experience as a Strategic Planner, Consultant, Enterprise Architect, IT Business Owner, Technologist, and Manager. Paul has worked with both small and large companies, local and international, and has had senior roles in government and the finance industry.

      Scott Young

      Scott Young

      Principal Research Advisor, Info-Tech Research Group

      Scott Young is a Director of Infrastructure Research at Info-Tech Research Group. Scott has worked in the technology field for over 17 years, with a strong focus on telecommunications and enterprise infrastructure architecture. He brings extensive practical experience in these areas of specialization, including IP networks, server hardware and OS, storage, and virtualization.

      Related Info-Tech Research

      User Group Analysis Workbook

      Use Info-Tech’s workbook to gather information about user groups, business processes, and day-to-day tasks to gain familiarity with your adopters.

      Governance and Management of Enterprise Software Implementation

      Use our research to engage users and receive timely feedback through demonstrations. Our iterative methodology with a task list focused on the business’ must-have functionality allows staff to return to their daily work sooner.

      Quality Management User Satisfaction Survey

      This IT satisfaction survey will assist you with early information to use for categorizing your users.

      Master Organizational Change Management Practices

      Using a soft, empathetic approach to change management is something that all PMOs should understand. Use our research to ensure you have an effective OCM plan that will ensure project success.

      Bibliography

      Beylis, Guillermo. “COVID-19 accelerates technology adoption and deepens inequality among workers in Latin America and the Caribbean.” World Bank Blogs, 4 March 2021. Web.

      Cleland, Kelley. “Successful User Adoption Strategies.” Insight Voices, 25 Apr. 2017. Web.

      Hiatt, Jeff. “The Prosci ADKAR ® Model.” PROSCI, 1994. Web.

      Malik, Priyanka. “The Kübler Ross Change Curve in the Workplace.” whatfix, 24 Feb. 2022. Web.

      Medhaugir, Tore. “6 Ways to Encourage Software Adoption.” XAIT, 9 March 2021. Web.

      Narayanan, Vishy. “What PwC Australia learned about fast tracking tech adoption during COVID-19” PWC, 13 Oct. 2020. Web.

      Sridharan, Mithun. “Crossing the Chasm: Technology Adoption Lifecycle.” Think Insights, 28 Jun 2022. Web.

      Get the Best Discount Possible With a Data-Driven Negotiation Approach

      • Buy Link or Shortcode: {j2store}610|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Selection & Implementation
      • Parent Category Link: /selection-and-implementation
      • Vendors have well-honed negotiation strategies that don’t prioritize the customer’s best interest, and they will take advantage of your weaknesses to extract as much money as they can from the deal.
      • IT teams are often working with time pressure and limited resources or experience in negotiation. Even those with an experienced procurement team aren’t evenly matched with the vendor when it comes to the ins and outs of the product.
      • As a result, many have a poor negotiation experience and fail to get the discount they wanted, ultimately leading to dissatisfaction with the vendor.

      Our Advice

      Critical Insight

      • Requirements should always come first, but IT leaders are under pressure to get discounts and cost ends up playing a big role in decision making.
      • Cost is one of the top factors influencing satisfaction with software and the decision to leave a vendor.
      • The majority of software customers are receiving a discount. If you’re in the minority who are not, there are strategies you can and should be using to improve your negotiating skills. Discounts of up to 40% off list price are available to those who enter negotiations prepared.

      Impact and Result

      • SoftwareReviews data shows that there are multiple benefits to taking a concerted approach to negotiating a discount on your software.
      • The most common ways of getting a discount (e.g. volume purchasing) aren’t necessarily the best methods. Choose a strategy that is appropriate for your organization and vendor relationship and that focuses on maximizing the value of your investment for the long term. Optimizing usage or licenses as a discount strategy leads to the highest software satisfaction.
      • Using a vendor negotiation service or advisory group was one of the most successful strategies for receiving a discount. If your team doesn’t have the right negotiation expertise, Info-Tech can help.

      Get the Best Discount Possible With a Data-Driven Negotiation Approach Research & Tools

      Prepare to negotiate

      Leverage insights from SoftwareReviews data to best position yourself to receive a discount through your software negotiations.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      • Get the Best Discount Possible with a Data-Driven Negotiation Approach Storyboard
      [infographic]

      Prototype With an Innovation Design Sprint

      • Buy Link or Shortcode: {j2store}90|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Innovation
      • Parent Category Link: /innovation
      • The business has a mandate for IT-led innovation.
      • IT doesn’t have the budget it wants for high-risk, high-reward initiatives.
      • Many innovation projects have failed in the past.
      • Many projects that have moved through the approval process failed to meet their expectations.

      Our Advice

      Critical Insight

      • Don’t let perfect be the enemy of good. Think like a start-up and use experimentation and rapid re-iteration to get your innovative ideas off the ground.

      Impact and Result

      • Build and test a prototype in four days using Info-Tech’s Innovation Design Sprint Methodology.
      • Create an environment for co-creation between IT and the business.
      • Learn techniques for socializing and selling your ideas to business stakeholders.
      • Refine your prototype through rapid iteration and user-experience testing.
      • Socialize design thinking culture, tactics, and methods with the business.

      Prototype With an Innovation Design Sprint Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should evaluate your ideas using a design sprint, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Understand and ideate

      Define the problem and start ideating potential solutions.

      • Prototype With an Innovation Design Sprint – Day 1: Understand and Ideate
      • Prototyping Workbook

      2. Divide and conquer

      Split off into prototyping teams to build and test the first-iteration prototypes

      • Prototype With an Innovation Design Sprint – Day 2: Divide and Conquer
      • Research Study Log Tool

      3. Unite and integrate

      Integrate the best ideas from the first iterations and come up with a team solution to the problem.

      • Prototype With an Innovation Design Sprint – Day 3: Unite and Integrate
      • Prototype One Pager

      4. Build and sell

      Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.

      • Prototype With an Innovation Design Sprint – Day 4: Build and Sell
      [infographic]

      Workshop: Prototype With an Innovation Design Sprint

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Understand and Ideate

      The Purpose

      Align the team around a well-defined business problem and start ideating solutions.

      Key Benefits Achieved

      Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.

      Activities

      1.1 Frame the problem.

      1.2 Develop evaluation criteria.

      1.3 Diverge and converge.

      Outputs

      Problem statement(s)

      Evaluation criteria

      Ideated solutions

      2 Divide and Conquer

      The Purpose

      Break off into teams to try and develop solutions that address the problem in unique ways.

      Key Benefits Achieved

      Develop and test a first-iteration prototype.

      Activities

      2.1 Design first prototypes in teams.

      2.2 Conduct UX testing.

      Outputs

      First-iteration prototypes

      User feedback and data

      3 Unite and Integrate

      The Purpose

      Bring the team back together to develop a team vision of the final prototype.

      Key Benefits Achieved

      Integrated, second-iteration prototype.

      Activities

      3.1 Create and deliver prototype pitches.

      3.2 Integrate prototypes.

      Outputs

      Prototype practice pitches

      Second-iteration prototype

      4 Build and Sell

      The Purpose

      Build and test the second prototype and prepare to sell it to business executives.

      Key Benefits Achieved

      Second-iteration prototype and a budget pitch.

      Activities

      4.1 Conduct second round of UX testing.

      4.2 Create one pager and budget pitch.

      Outputs

      User feedback and data

      Prototype one pager and budget pitch

      First 30 Days Pandemic Response Plan

      • Buy Link or Shortcode: {j2store}418|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: DR and Business Continuity
      • Parent Category Link: /business-continuity
      • Given the speed and scope of the spread of the pandemic, governments are responding with changes almost daily as to what organizations and people can and can’t do. This volatility and uncertainty challenges organizations to respond, particularly in the absence of a business continuity or crisis management plan.

      Our Advice

      Critical Insight

      • Assess the risk to and viability of your organization in order to create appropriate action and communication plans quickly.

      Impact and Result

      • HR departments must be directly involved in developing the organization’s pandemic response plan. Use Info-Tech's Risk and Viability Matrix and uncover the crucial next steps to take during the first 30 days of the COVID-19 pandemic.

      First 30 Days Pandemic Response Plan Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Create a response plan for the first 30 days of a pandemic

      Manage organizational risk and viability during the first 30 days of a crisis.

      • First 30 Days Pandemic Response Plan Storyboard
      • Crisis Matrix Communications Template: Business As Usual
      • Crisis Matrix Communications Template: Organization Closing
      • Crisis Matrix Communications Template: Manage Risk and Leverage Resilience
      • Crisis Matrix Communications Template: Reduce Labor and Mitigate Risk
      [infographic]

      Adopt Design Thinking in Your Organization

      • Buy Link or Shortcode: {j2store}327|cart{/j2store}
      • member rating overall impact: 9.6/10 Overall Impact
      • member rating average dollars saved: $23,245 Average $ Saved
      • member rating average days saved: 13 Average Days Saved
      • Parent Category Name: Innovation
      • Parent Category Link: /innovation
      • End users often have a disjointed experience while interacting with your organization in using its products and services.
      • You have been asked by your senior leadership to start a new or revive an existing design or innovation function within your organization. However, your organization has dismissed design thinking as the latest “management fad” and does not buy into the depth and rigor that design thinking brings.
      • The design or innovation function lives on the fringes of your organization due to its apathy towards design thinking or tumultuous internal politics.
      • You, as a CIO, want to improve the user satisfaction with the IT services your team provides to both internal and external users.

      Our Advice

      Critical Insight

      • A user’s perspective while interacting with the products and services is very different from the organization’s internal perspective while implementing and provisioning those. A design-based organization balances the two perspectives to drive user-satisfaction over end-to-end journeys.
      • Top management must have a design thinker – the guardian angel of the balance between exploration (i.e. discovering new business models) and exploitation (i.e. leveraging existing business models).
      • Your approach to adopt design thinking must consider your organization’s specific goals and culture. There’s no one-size-fits-all approach.

      Impact and Result

      • User satisfaction, with the end-to-end journeys orchestrated by your organization, will significantly increase.
      • Design-centric organizations enjoy disproportionate financial rewards.

      Adopt Design Thinking in Your Organization Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should adopt design thinking in your organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. What is design thinking?

      The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.

      • Adopt Design Thinking in Your Organization – Phase 1: What Is Design Thinking?
      • Victor Scheinman's Experiment for Design

      2. How does an organization benefit from design thinking?

      This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.

      • Adopt Design Thinking in Your Organization – Phase 2: How Does an Organization Benefit From Design Thinking?
      • Trends Matrix (Sample)

      3. How do you build a design organization?

      The focus of this phase is to:

    • Measure the design-centricity of your organization and subsequently, identify the areas for improvement.
    • Define an approach for a design program that suites your organization’s specific goals and culture.
      • Adopt Design Thinking in Your Organization – Phase 3: How Do You Build a Design Organization?
      • Report on How Design-Centric Is Your Organization (Sample)
      • Approach for the Design Program (Sample)
      • Interview With David Dunne on Design Thinking
      • Interview With David Dunne on Design Thinking (mp3)
      [infographic]

      Workshop: Adopt Design Thinking in Your Organization

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 What Is Design Thinking?

      The Purpose

      The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.

      Key Benefits Achieved

      An intimate understanding of the design thinking

      An assessment of design-centricity of your organization and identification of areas for improvement

      Activities

      1.1 Discuss case studies on how designers think and work

      1.2 Define design thinking

      1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?

      1.4 Earmark areas for improvement to raise the design-centricity of your organization

      Outputs

      Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.

      2 How Does an Organization Benefit From Design Thinking?

      The Purpose

      In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.

      Key Benefits Achieved

      An in-depth understanding of the relevance of design in strategy formulation and service design

      An understanding of the trends that impact your organization

      A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those

      Activities

      2.1 Discuss relevance of design in strategy through case studies

      2.2 Articulate trends that impact your organization

      2.3 Discuss service design through case studies

      2.4 Identify critical customer journeys and baseline customers’ satisfaction with those

      2.5 Run a simulation of design in practice

      Outputs

      Trends that impact your organization.

      Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.

      3 How to Build a Design Organization

      The Purpose

      The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.

      Key Benefits Achieved

      An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.

      Activities

      3.1 Identify objectives and key measures for your design thinking program

      3.2 Structure your program after reviewing five main archetypes of a design program

      3.3 Balance between incremental and disruptive innovation

      3.4 Review best practices of a design organization

      Outputs

      An approach for your design thinking program: objectives and key measures; structure of the program, etc.

      Develop a Web Experience Management Strategy

      • Buy Link or Shortcode: {j2store}555|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: Marketing Solutions
      • Parent Category Link: /marketing-solutions
      • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
      • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

      Our Advice

      Critical Insight

      • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
      • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
      • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

      Impact and Result

      • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
      • Avoid making unnecessary new WEM investments.
      • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

      Develop a Web Experience Management Strategy Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Harness the value of web experience management

      Make the case for a web experience management suite and structure the WEM strategy project.

      • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
      • Web Experience Management Strategy Summary Template
      • WEM Project Charter Template

      2. Create the vision for web experience management

      Identify the target state WEM strategy, assess current state, and identify gaps.

      • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

      3. Execute initiatives for WEM deployment

      Build the WEM technology stack and create a web strategy initiatives roadmap.

      • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
      • Web Process Automation Investment Appropriateness Assessment Tool
      [infographic]

      Workshop: Develop a Web Experience Management Strategy

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Launch the WEM Selection Project

      The Purpose

      Discuss the general project overview for the WEM selection.

      Key Benefits Achieved

      Launch of your WEM selection project.

      Development of your organization’s WEM requirements. 

      Activities

      1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

      1.2 Conduct overview of the WEM market landscape, trends, and vendors.

      1.3 Conduct process mapping for selected marketing processes.

      1.4 Interview business stakeholders.

      1.5 Prioritize WEM functional requirements.

      Outputs

      WEM Procurement Project Charter

      WEM Use-Case Fit Assessment

      2 Plan the Procurement and Implementation Process

      The Purpose

      Plan the procurement and the implementation of the WEM solution.

      Key Benefits Achieved

      Selection of a WEM solution.

      A plan for implementing the selected WEM solution. 

      Activities

      2.1 Complete marketing process mapping with business stakeholders.

      2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

      2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

      2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

      2.5 Meet with project manager to discuss results and action items.

      Outputs

      Vendor Shortlist

      WEM RFP

      Vendor Evaluations

      Selection of a WEM Solution

      WEM projected work break-down

      Implementation plan

      Framework for WEM deployment and CRM/Marketing Management Suite Integration

      Modernize Your Corporate Website to Drive Business Value

      • Buy Link or Shortcode: {j2store}524|cart{/j2store}
      • member rating overall impact: 8.0/10 Overall Impact
      • member rating average dollars saved: $10,399 Average $ Saved
      • member rating average days saved: 10 Average Days Saved
      • Parent Category Name: Marketing Solutions
      • Parent Category Link: /marketing-solutions
      • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
      • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

      Our Advice

      Critical Insight

      Complication

      • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
      • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

      Insights

      • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
      • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

      Impact and Result

      • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
      • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
      • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

      Modernize Your Corporate Website to Drive Business Value Research & Tools

      Start here – read the Executive Brief

      Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Define UX requirements

      Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

      • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
      • Website Design Document Template

      2. Design UX-driven website

      Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

      • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
      [infographic]

      Workshop: Modernize Your Corporate Website to Drive Business Value

      Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

      1 Define Your UX Requirements

      The Purpose

      List the business objectives of your website.

      Describe your user personas, use cases, and user workflow.

      Identify current UX issues through simulations, website design, and system reviews.

      Key Benefits Achieved

      Strong understanding of the business goals of your website.

      Knowledge of the behaviors and needs of your website’s users.

      Realization of the root causes behind the UX issues of your website.

      Activities

      1.1 Define the business objectives for the website you want to optimize

      1.2 Define your end-user personas and map them to use cases

      1.3 Build your website user workflow

      1.4 Conduct a SWOT analysis of your website to drive out UX issues

      1.5 Gauge the UX competencies of your web development team

      1.6 Simulate your user workflow to identify the steps driving down UX

      1.7 Assess the composition and construction of your website

      1.8 Understand the execution of your website with a system architecture

      1.9 Pinpoint the technical reason behind your UX issues

      1.10 Clarify and prioritize your UX issues

      Outputs

      Business objectives

      End-user personas and use cases

      User workflows

      Website SWOT analysis

      UX competency assessment

      User workflow simulation

      Website design assessment

      Current state of web system architecture

      Gap analysis of web system architecture

      Prioritized UX issues

      2 Design Your UX-Driven Website

      The Purpose

      Design wireframes and storyboards to be aligned to high priority use cases.

      Design a web system architecture that can sufficiently support the website.

      Identify UX metrics to gauge the success of the website.

      Establish a website design process flow.

      Key Benefits Achieved

      Implementation of key design elements and website functions that users will find stimulating and valuable.

      Optimized web system architecture to better support the website.

      Website design process aligned to your current context.

      Rollout plan for your UX optimization initiatives.

      Activities

      2.1 Define the roles of your UX development team

      2.2 Build your wireframes and user storyboards

      2.3 Design the target state of your web environment

      2.4 List your UX metrics

      2.5 Draw your website design process flow

      2.6 Define your UX optimization roadmap

      2.7 Identify and engage your stakeholders

      Outputs

      Roles of UX development team

      Wireframes and user storyboards

      Target state of web system architecture

      List of UX metrics

      List of your suppliers, inputs, processes, outputs, and customers

      Website design process flow

      UX optimization rollout roadmap

      Collaborate Effectively in Microsoft Teams

      • Buy Link or Shortcode: {j2store}63|cart{/j2store}
      • member rating overall impact: N/A
      • member rating average dollars saved: N/A
      • member rating average days saved: N/A
      • Parent Category Name: End-User Computing Applications
      • Parent Category Link: /end-user-computing-applications

      Your organization has adopted Microsoft Teams, but users are not maximizing their use of it.

      • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end users to use Teams creatively.
      • IT must follow best practices for evaluation of new functionality when integrating Microsoft and third-party apps and also communicate changes to end users.
      • Due in part to the frequent addition of new features and lack of communication and training, many organizations don’t know which apps would benefit their users.

      Our Advice

      Critical Insight

      Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

      Impact and Result

      Use Info-Tech’s Collaborate Effectively in Microsoft Teams to help collaboration flourish:

      • Collate key organizational collaboration use cases.
      • Prioritize the most important Teams apps and features to support use cases.
      • Implement request process for new Teams apps.
      • Communicate new Teams collaboration functionality.

      Collaborate Effectively in Microsoft Teams Research & Tools

      Besides the small introduction, subscribers and consulting clients within this management domain have access to:

      1. Collaborate Effectively in Microsoft Teams Deck – Maximize the use of your chosen collaboration software solution.

      Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

      • Collaborate Effectively in Microsoft Teams Storyboard

      2. Microsoft Teams End-User Satisfaction Survey – Capture end-user feedback on their collaborative use of Microsoft Teams.

      The survey responses will inform your organization's collaboration use cases for Teams and help you to identify which features and apps to enable.

      • Microsoft Teams End-User Satisfaction Survey

      3. Microsoft Teams Planning Tool – A tool to help prioritize features to implement.

      Use this Excel tool to help you document the organization’s key collaboration use cases and prioritize which Teams apps to implement and encourage adoption on.

      • Microsoft Teams Planning Tool
      [infographic]

      Further reading

      Collaborate Effectively in Microsoft Teams

      Empower your users to explore Teams collaboration beyond the basics.

      Analyst Perspective

      Life after Teams implementation

      You have adopted Teams, implemented it, and painted an early picture for your users on the basics. However, your organization is not yet maximizing its use of Teams' collaboration capabilities. Although web conferencing, channel-based collaboration, and chat are the most obvious ways Teams supports collaboration, users must explore Teams' functionality further to harness the application's full potential.

      You should enable your users to expand their collaboration use cases in Teams, but not at the risk of being flooded with app requests, nor user confusion or dissatisfaction. Instead, develop a process to evaluate and integrate new apps that will benefit the organization. Encourage your users to request new apps that will benefit them, while proactively planning for app integration that users should be alerted to.

      Photo of Emily Sugerman, Research Analyst, Infrastructure and Operations, Info-Tech Research Group. Emily Sugerman
      Research Analyst, Infrastructure and Operations
      Info-Tech Research Group

      Executive Summary

      Your Challenge

      Your organization has adopted Microsoft Teams, but users are not getting the maximum benefit.

      • IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while enabling end-user creativity.
      • IT must follow best practices for evaluating new functionality when integrating Microsoft and third-party apps, while communicating changes to end users.
      • Due partly to the frequent addition of new features and lack of communication and training, many organizations don't know which apps would benefit their users.

      Common Obstacles

      • Users are unenthusiastic about exploring Teams further due to negative past experiences, preference for other applications, or indifference.
      • End users are unaware of the available range of features. When they become aware and try to add unapproved or unlicensed apps, they experience the frustration of being declined.
      • Users seek support from IT who are unfamiliar with new Teams features an apps, or with supporting Teams beyond the basics.
      • IT teams have no process to raise end-user awareness of these apps and functionality.

      Info-Tech's Approach

      Use Info-Tech's Collaborate Effectively in Microsoft Teams to help collaboration flourish:

      • Collate key organizational collaboration use cases
      • Prioritize the most important Teams apps and features to support use cases
      • Implement request process for new Teams apps
      • Communicate new Teams collaboration functionality

      Info-Tech Insight

      Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

      Are your users in a Teams rut?

      Are users failing to maximize their use of Teams to collaborate and get work done?

      Teams can do much more than chat, video conferencing, and document sharing. A fully-deployed Teams also lets users leverage apps and advanced collaboration features.

      However, IT must create a process for evaluating and approving Microsoft and third-party apps, and for communicating changes to end users.

      In the end, IT needs to support the business to get the best value out of Microsoft Teams: managing Teams effectively while also enabling end-user creativity.

      Third-party app use in Teams is rising:

      “Within Teams, the third-party apps with 10,000 users and above rose nearly 40% year-over-year.”
      Source: UC Today, 2023.

      Collaborate effectively in Microsoft Teams

      Set up your users for Teams collaboration success. Create a process that improves their ability to access, understand, and maximize their use of your chosen collaboration software solution.

      Challenges with Teams collaboration

      • Lack of motivation to explore available features
      • Scattered information
      • Lack of comfort using Teams beyond the basics
      • Blocked apps
      • Overlapping features
      • Confusing permissions

      Empowering Collaboration in Microsoft Teams

      1. Identify current collaboration challenges and use cases in Teams
      2. Create Teams app request workflows
      3. Set up communication hubs in Teams
      4. Empower end users to customize their Teams for effective collaboration

      Solution

      • Collate key organizational collaboration use cases
      • Prioritize the most important Teams apps and features to support use cases
      • Implement request process for new Teams apps
      • Communicate new Teams collaboration functionality

      Project deliverables

      Use these tools to develop your plan to enable effective collaboration in Microsoft Teams.

      Key deliverable:

      Microsoft Teams Planning Tool

      An Excel tool for documenting the organization's key collaboration use cases and prioritizing which Teams apps to implement and encourage adoption of.

      Sample of the Microsoft Teams Planning Tool deliverable.

      Additional support:

      Microsoft Teams End-User Satisfaction Survey

      Use or adapt this survey to capture user perception of how effectively Teams supports collaboration needs.

      Sample of the End-user satisfaction survey deliverable.

      Insight Summary

      Key Insight:

      Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

      Additional insights:

      Insight 1

      Users can browse the Teams app store and attempt to add unapproved apps, but they may not be able to distinguish between available and blocked apps. To avoid a bad user experience, communicate which apps they can add without additional approval and which they will need to send through an approval process.

      Insight 2

      Teams lets you customize the message users see when they request unapproved apps and/or redirect their request to your own URL. Review this step in the request process to ensure users are seeing the instructions that they need to see.

      Insight 3

      A Teams hub is where users can access a service catalog of approved Teams apps and submit service requests for new ones via the Make a Request button.

      Section 1: Collaborating Effectively in Teams for IT

      Section 1

      Collaborating Effectively in Teams for IT

      Section 2

      Collaborating Effectively in Teams for End Users

      Stop: Do you need the Teams Cookbook?

      If you:

      • are at the Teams implementation stage,
      • require IT best practices for initial governance of Teams creation, or
      • require end-user best practices for basic Teams functionality …

      Consult the Microsoft Teams Cookbook first.

      Understand the Microsoft vision of Teams collaboration

      Does it work for you?

      Microsoft's vision for Teams collaboration is to enable end-user freedom. For example, out of the box, users can create their own teams and channels unless IT restricts this ability.

      Teams is meant to be more than just chats and meetings. Microsoft is pushing Teams app integration so that Teams becomes, essentially, a landing page from which users can centralize their work and org updates.

      In partnership with the business, IT must determine which guardrails are necessary to balance end-user collaboration and creativity with the need for governance and control.

      Why is it difficult to increase the caliber of collaboration in Teams?

      Because collaboration is inherently messy, complex, and creative

      Schubert & Glitsch find that enterprise collaboration systems (such as Teams) have characteristics that reflect the unstructured and creative nature of collaboration. These systems “are designed to support joint work among people in the workplace. . . [They] contain, for the most part, unstructured content such as documents, blogs, or news posts,” and their implementations “are often reported to follow a ‘bottom up' and rather experimental introduction approach.” The open-endedness of the tool requires users to be able to creatively and voluntarily apply it, which in turn requires more enterprise effort to help increase adoption over time through trial and error.

      Source: Procedia Computer Science, 2015

      Info-Tech Insight

      Collaboration is as much an art as a science. IT can help users collaborate more effectively in Teams by removing friction – while still maintaining guardrails – for users attempting to build out and experiment with features and capabilities.

      Activity 1: Identify current challenges

      Input: Team input, Survey results
      Output: List of Teams challenges experienced by the organization
      Materials: Whiteboard (digital or physical)
      Participants: Teams collaboration working group

      First, identify what works and what doesn't for your users in Teams

      • Have users reported any challenges with Teams as their primary means of channel-based collaboration? Run a short survey to capture end-user sentiment on how Teams works for them. This survey can be set up and distributed through Microsoft Forms. Distribute either to the whole organization or a specific focus group. Gather feedback from users on the following: What are the major ways they need to collaborate to do their jobs? What IT-supported tools do they need to support this collaboration? What specific aspects of Teams do they want to better exploit?
      • If you send out transactional surveys on service desk tickets, run a report on Teams-related tickets to identify common complaints.
      • Brainstorm Teams challenges IT has experienced personally or have seen reported – especially difficulties with collaboration.
      • Once you have the data, group the challenges into themes. Are the challenges specifically related to collaboration? Data issues? Support issues? Access issues? Technical issues? Document them in tab 2 of the Microsoft Teams Planning Tool.

      Download the Microsoft Teams End-User Satisfaction Survey template

      Define your organization's key collaboration scenarios

      Next, identify what users need to do in Teams

      The term collaboration scenarios has been proposed to describe the types of collaboration behavior your software – in this case, Teams – must support (Schubert & Glitsch, 2015). A successful implementation of this kind of tool requires that you “identif[y] use cases and collaboration scenarios that best suit a specific company and the people working in it” (Schubert & Glitsch, 2016).

      Teams tends to support the following kinds of collaboration and productivity goals (see list).

      What types of collaboration scenarios arise in the user feedback in the previous activity? What do users most need to do?

      Be proactive: Configure Microsoft Teams to match collaboration scenarios/use cases your users must engage in. This will help prevent an increase in shadow IT, where users attempt to bring in unapproved/unreviewed software that might duplicate your existing service catalog and/or circumvent the proper review and procurement process.

      MS Teams Use Cases

      1. Gather feedback
      2. Collaboratively create content
      3. Improve project & task management
      4. Add media content
      5. Conduct knowledge management
      6. Increase meeting effectiveness
      7. Increase employee engagement
      8. Enhance professional development
      9. Provide or access support
      10. Add third-party apps

      Activity 2: Match your collaboration scenarios to Teams capabilities

      Input: Collaboration scenarios, Teams use cases
      Output: Ranked list of Teams features to implement and/or promote
      Materials: Microsoft Teams Planning Tool
      Participants: Teams collaboration working group

      Which features support the key collaboration use cases?

      1. Using the Microsoft Teams Planning Tool, list your organization's key collaboration scenarios. Draw on the data returned in the previous activity. List them in Tab 2.
      2. See the following slide for the types of collaboration use cases Teams is designed to support. In the planning tool, select use cases that best match your organizational collaboration scenarios.
      3. Dive into more specific features on Tab 3, which are categorized by collaboration use case. Where do users' collaboration needs align with Teams' inherent capabilities? Add lines in Tab C for the third-party apps that you are considering adding to Teams.
      4. In columns B and C of Tab 3, decide and prioritize the candidates for implementation. Review the list of prioritized features on tab 4.

      NB: Microsoft has introduced a Teams Premium offering, with additional capabilities for meetings and webinars (including customized banding, meeting watermarks, and virtual webinar green rooms) and will paywall some features previously available without Premium (live caption translations, meeting data on attendee departure/arrival times) (“What is Microsoft Teams Premium?”, n.d.)

      Download the Microsoft Teams Planning Tool

      MS Teams productivity & collab features

      Teams apps & collaboration features enable the following types of work. When designing collaboration use cases, identify which types of collaboration are necessary, then explore each category in depth.

      1. Gather feedback

        Solicit feedback and comments, and provide updates
      2. Collaboratively create content

        Compose as a group, with live-synced changes
      3. Improve project & task management

        Keep track of projects and tasks
      4. Add media content

        Enrich Teams conversations with media, and keep a library of video resources
      5. Knowledge management

        Pull together document libraries and make information easier to find
      6. Increase meeting effectiveness

        Facilitate interactions and document meeting outcomes
      7. Increase employee engagement

        Use features that enhance social interaction among Teams users
      8. Enhance professional development

        Find resources to help achieve professional goals
      9. Provide or access support

        IT and user-facing resources for accessing and/or providing support
      10. Add third-party apps

        Understand the availability/restrictions of the built-in Teams app catalog

      The Teams app store

      • The lure of the app store: Your users will encounter a mix of supported and unsupported applications, some of which they can access, some for which you have no licenses, some built by your organization, some built by Microsoft or third parties. However, the distinction between these categories may not be immediately apparent to users. Microsoft does not remove blocked apps from users' view.
      • Users may attempt to add unsupported apps and then receive error messages or prompts to send a request through Teams to IT for approval.
      • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that can provide value.
      • However, their third-party status introduces another set of complications.
      • Attempting to add third-party apps may expose users to sales pitches and encourage the implementation of shadow IT, circumventing the IT request process.

      Info-Tech Insight

      Users can browse and attempt to add unapproved apps in the Teams app store, but they may have difficulty distinguishing between available and blocked apps. To avoid a bad user experience, communicate to your users which apps they can add without additional approval, and which must be sent through an approval process.

      Decide how you will evaluate requests for new Teams apps

      • As you encourage users to explore and fully utilize Teams, you may see increased requests for admin approval for apps you do not currently support.
      • To prevent disorganized response and user dissatisfaction, build out a workflow for handling new/unapproved Teams app requests. Ensure the workflow accounts for Microsoft and third-party apps.
      • What must you consider when integrating third-party tools? You must have control over what users may add. These requests should follow, or build upon, your existing process for non-standard requests, including a process for communicating the change.
      • Track the fulfillment time for Teams app requests. The longer the user must wait for a response, the more their satisfaction will decline.

      icrosoft suggests that you regularly review the app usage report in the Teams admin center as “a signal about the demand for an app within your organization.” This will help you proactively determine which apps to evaluate for approval.

      Build request workflow for unsupported Teams apps

      What are the key steps?

      1. Request comes in
      2. Review by a technical review team
      3. Review by service desk or business analyst
      4. Additional operational technical reviews if necessary
      5. Procurement and installation
      6. Communication of result to requester
      7. App added to the catalog so it can be used by others

      Example workflow of a 'Non-Standard Software Request Process'.

      Info-Tech Insight

      Teams allows you to customize the message users see when they request an unapproved app and/or redirect their request to your own URL. Review this step in the request process to ensure your users are seeing the instructions that they need to see.

      Download the Service Request Workflow library

      Incorporate new approved service requests into a service request catalog

      Follow the process in Reduce Shadow IT With a Service Request Catalog to build out a robust request management process and service catalog to continuously incorporate new non-standard requests and advertise new Teams apps:

      • Design the service
      • Design the catalog
      • Build the catalog
      • Market the service

      Sample of the 'Reduce Shadow IT With a Service Request Catalog' blueprint.

      Add a company hub to Teams

      Use Teams to help users access the company intranet for organizational information that is relevant to their roles.

      This can be done in two ways:

      1. By adding a SharePoint home site to Teams.
      2. By leveraging Viva Connections: A hub to access other apps and Viva services. The user sees a personalized dashboard, feed, and resources.

      Venn diagram with two circles 'Viva Connections - App-based employee experience where individuals get their work done' and 'Home Sites - Portal that features organizational news, events, and supplemental resources'. The overlapping middle has a list: 'News, Shared navigation, Integrates with M365, Developer platforms & management, Audience targeting, Web parts, Permissions'. (Venn diagram recreated from Microsoft Learn, 2023.)

      Info-Tech Insight

      The hub is where users can access a service catalog of approved Teams apps and submit service requests for a new one via a Make a Request button.

      Communicate changes to Teams

      Let end users know what's available and how to add new productivity tools.

      Where will users find approved Teams apps? How will you inform people about what's available? Once a new app is available, how is this communicated?

      Options:

      • Communicate new Teams features in high-visibility places (e.g. the Hub).
      • Leverage the Power Apps Bulletins app in Teams to communicate regular announcements about new features.
      • Create a company-wide Team with a channel called “What's New in Teams.” Post updates on new features and integrations, and link to more detailed knowledgebase articles on how to use the new features.
      • Aim for the sweet spot of communication frequency: not too much nor too little.

      Measure your success

      Determine how you will evaluate the success of your efforts to improve the Teams collaboration experience

      Improved satisfaction with Teams: Increased net promoter score (NPS)

      Utilization of features: Increased daily average users on key features, apps, integrations

      Timeliness: % of SLAs met for service request fulfillment

      Improved communication to end users about Teams' functionality: Satisfaction with knowledgebase articles on Teams

      Satisfaction with communication from IT

      Section 2: Collaborating Effectively in Teams for End Users

      Section 1

      Collaborating Effectively in Teams for IT

      Section 2

      Collaborating Effectively in Teams for End Users

      For IT: Use this section to help users understand Teams collaboration features

      Share the collateral in this section with your users to support their deeper exploration of Teams collaboration.

      • Use the Microsoft Teams Planning Tool to prepare a simple service catalog of the features and apps available to your users.
      • Edit Tab 2 (MS Teams Collab Features & Apps) by deleting the blocked apps/features.
      • Share this document with your users by linking to it via this image on the following slides:
      Sample of the Microsoft Teams Planning Tool deliverable.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      End-user customization of Teams

      Consider how you want to set up your Teams view. Add the apps you already use to have them at your fingertips in Teams.

      You can . . .

      1. Customize your navigation bar by pinning your preferred apps and working with them within Teams (Microsoft calls these personal apps).
      2. Customize your message bar by adding the app extensions you find most useful. Screenshot of the message bar with the 3-dot highlighted.
      3. Customize chats and Teams by adding tabs with content your group needs frequent access to. Screenshot of MS Teams tabs with the plus sign highlighted.
      4. Set up connectors to send notifications from apps to a Team and bots to answer questions and automate simple tasks. Screenshot of the 'Set up a connector' button.

      Learn more from Microsoft here

      MS Teams productivity & collab features

      The Apps catalog includes a range of apps that users may add to channels, chat, or the navigation bar. Teams also possesses other collaboration features that may be underused in your organization.

      1. Gather feedback

        Solicit feedback and comments, and provide updates
      2. Collaboratively create content

        Compose as a group, with live-synced changes
      3. Improve project & task management

        Keep track of projects and tasks
      4. Add media content

        Enrich Teams conversations with media, and keep a library of video resources
      5. Knowledge management

        Pull together document libraries and make information easier to find
      6. Increase meeting effectiveness

        Facilitate interactions and document meeting outcomes
      7. Increase employee engagement

        Use features that enhance social interaction among Teams users
      8. Enhance professional development

        Find resources to help achieve professional goals
      9. Provide or access support

        IT and user-facing resources for accessing and/or providing support
      10. Add third-party apps

        Understand the availability/restrictions of the built-in Teams app catalog

      Samples of four features: 'Prioritize with a voting table', 'Launch a live meeting poll', 'Launch a survey', and 'Request an update'.

      Download the Microsoft Teams Collaboration Tool for an expanded list of features & apps

      Use integrated Teams features to gather feedback and provide updates

      • Vote: Create a list of items for teams to brainstorm pros and cons, and then tabulate votes on. This component can be edited inline by anyone with whom the component is shared. The edits will sync anywhere the component is shared.
      • Meeting polls: Capture instant feedback from teams, chat, and call participants. Participant anonymity can be set by the poll organizer. Results can be exported.
      • Create surveys and quizzes and share the results. Results can be exported.
      • Create, track, and review updates and progress reports from teams and individuals.

      Collaboratively create content

      Samples of four features: 'Add Office suite docs', 'Brainstorm in Whiteboard', 'Add Loop components', and 'Take notes in OneNote'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Use integrated Teams features composed as a group, with live-synced changes

      • Microsoft Office documents: Add/upload files to a chat or channel discussion. Find them again in the Files tab or add the file itself as a tab to a chat or channel and edit it within Teams.
      • Brainstorm with the Whiteboard application. Add a whiteboard to a tab or to a meeting.
      • Add Loop components to a chat: Create a list, checklist, paragraph, or table that can be edited in real time by anyone in the chat.
      • Add OneNote to a chat or channel tab or use during a meeting to take notes. Pin OneNote to your app bar if it's one of your most frequently-used apps.

      Improve project & task management

      Samples of four features: 'Request approvals and updates', 'Add & track tasks', 'Create a personal notespace', and 'Manage workflows'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Keep track of projects and tasks

      • Use the Approvals and Update apps to create, track, and respond to requests for approvals and progress reports within Teams.
      • Use Tasks by Planner & To Do to track both individual and team tasks. Pin the Tasks app to the app bar, add a plan as a tab to a Team, and turn any Teams message into a task by right-clicking on it.
      • Start a chat with yourself to maintain a private space to jot down quick notes.
      • Add Lists to a Teams channel.
      • Explore automation: Add pre-built Teams workflows from the Workflows app, or build new ones in PowerAutomate
      • IT teams may leverage Teams apps like Azure Boards, Pipelines, Repos, AD notifications, and GitHub.

      Add media content

      Samples of four features: 'Share news stories', 'Share YouTube videos', 'Share Stream content', and 'Add RSS feeds'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Enrich Teams conversations with media, and keep a library of video resources

      • Search for and add specific news stories to a chat or channel. See recent news stories in search.
      • Search, share, and watch YouTube videos.
      • Share video links from Microsoft Stream.
      • Add RSS feeds.

      Knowledge management

      Samples of four features: 'SharePoint Pages', 'SharePoint document library', 'SharePoint News', and 'Who'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Pull together document libraries and make information easier to find

      • Add a page from an existing SharePoint site to a Team as a tab.
      • Add a SharePoint document library to a Team as a tab.
      • Search names of members of your organization to learn about their role, place in the organizational structure, and contact information.

      Increase meeting effectiveness

      Samples of four features: 'Take meeting notes', 'Set up a Q&A', 'Use live captions', and 'Record and transcribe meetings'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Facilitate interactions and document meeting outcomes

      • Take simple notes during a meeting.
      • Start conversations and ask and answer questions in a dedicated Q&A space during the Teams meeting.
      • Turn on live captions during the meeting.
      • Record a meeting and automatically generate a transcript of the meeting.
      • Assign attendees to breakout rooms.
      • Track the effectiveness of the meeting by producing an attendance report with the number of attendees, the meeting start/end time, a list of the attendees, and participation in activities.

      Increase employee engagement

      Samples of four features: 'Send praise', 'Build an avatar', 'Add video effects', and 'Play games during meetings'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Use features that enhance social interaction among Teams users

      • Send supportive comments to colleagues using Praise.
      • Build out digital avatars to toggle on during meetings instead of your own video.
      • Apply different visual effects, filters, and backgrounds to your screen during meetings.
      • Games for Work: Launch icebreaker games during a meeting.
      • Translate a Teams message from another language to your default language.
      • Send emojis, GIFs, and stickers in messages or as reactions to others' messages. You can also send reactions live during meetings to increase meeting engagement.

      Enhance professional development

      Samples of four features: 'Launch Viva Learning', 'Turn on Speaker Coach', 'Viva Insights', and 'Viva Goals'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      Connect with learning resources and apply data-driven feedback based on Teams usage

      • Add learning materials from various course catalogs in Viva Learning.
      • Speaker Coach: Receive AI feedback on your performance as a speaker during a meeting.
      • Receive automatically generated insights and suggestions from Viva Insights on work habits and time allocation to different work activities.
      • Viva Goals: Track organizational "objectives and key results"/manage organizational goals

      Provide or access support

      Samples of four features: 'Access MS Support', 'Manage Teams & M365', 'Deploy power virtual agents', and 'Consult MS resource center'.

      Download the Microsoft Teams Planning Tool for an expanded list of features & apps

      IT and user-facing resources for accessing or providing support

      • Admin: Carry out simple Teams management tasks (for IT).
      • Power Virtual Agents: Build out chatbots to answer user questions (can be built by IT and end users for their customers).
      • Resource Center: A combination of pre-built Microsoft resources (tips, templates) with resources provided by organizational IT.
      • Support: Access Microsoft self-serve knowledgebase articles (for IT).

      Add third-party apps

      Understand the availability/restrictions of the built-in Teams app catalog

      • App add-ins are not limited to those built by Microsoft Corporation. The Teams app store also features a plethora of third-party apps that may provide value.
      • However, being able to view an app in the app store does not necessarily mean it's supported or licensed by your organization.
      • Teams will allow users to request access to apps, which will then be evaluated by your IT support team. Follow your service desk's recommended request process for requesting and justifying the addition of a new Teams app that is not currently supported.
      • Before making the request, investigate existing Teams features to determine if the functionality is already available.

      Research contributors

      Mike Cavanagh
      Global Service Desk Manager
      Clearwater Seafoods LP

      Info-Tech contributors:

      Benedict Chang, Senior Advisory Analyst

      John Donovan, Principal Research Director

      Allison Kinnaird, Practice Lead

      P.J. Ryan, Research Director

      Natalie Sansone, Research Director

      Christine West, Managing Partner

      Related Info-Tech Research

      Sample of the 'Reduce Shadow IT with a Service Request Catalog' blueprint.

      Reduce Shadow IT With a Service Request Catalog

      Foster business relationships through sourcing-as-a-service. There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

      Sample of the 'Microsoft Teams Cookbook' blueprint.

      Microsoft Teams Cookbook

      Recipes for best practices and use cases for Teams. Microsoft Teams is not a standalone app. Successful utilization of Teams occurs when conceived in the broader context of how it integrates with M365. Understanding how information flows between Teams, SharePoint Online, and OneDrive for Business, for instance, will aid governance with permissions, information storage, and file sharing.

      Sample of the 'Govern Office 365 (M365)' blueprint.

      Govern Office 365

      You bought it. Use it right. Map your organizational goals to the administration features available in the Office 365/M365 console. Your governance should reflect your requirements.

      Bibliography

      Mehta, Tejas. “The Home Site App for Microsoft Teams.” Microsoft Community Hub. https://techcommunity.microsoft.com/t5/microsoft-sharepoint-blog/the-home-site-app-for-microsoft-teams/ba-p/1714255.

      Overview: Viva Connections. 7 Mar. 2023, https://learn.microsoft.com/en-us/viva/connections/viva-connections-overview.

      Rogers, Laura. “SharePoint Home Site in Teams.” Wonderlaura, 24 Jun 2021. https://wonderlaura.com/2021/06/24/sharepoint-home...

      Schubert, Petra, and Johannes H. Glitsch. “Adding Structure to Enterprise Collaboration Systems: Identification of Use Cases and Collaboration Scenarios.” Procedia Computer Science, vol. 64, Jan. 2015, pp. 161–69. ScienceDirect, https://doi.org/10.1016/j.procs.2015.08.477.

      Schubert, Petra, and Johannes Glitsch. “Use Cases and Collaboration Scenarios: How Employees Use Socially-Enabled Enterprise Collaboration Systems (ECS).” International Journal of Information Systems and Project Management, vol. 4, no. 2, Jan. 2016, pp. 41–62.

      Thompson, Mark. “User Requests for Blocked Apps in the Teams Store.” Supersimple365, 5 Apr 2022, https://supersimple365.com/user-requests-for-apps-...

      “What is Microsoft Teams Premium?” Breakwater IT, n.d., https://breakwaterit.co.uk/guides/microsoft-teams-...

      Wills, Jonny. “Microsoft Teams Monthly Users Hits 280 Million.” UC Today, 25 Jan. 2023, https://www.uctoday.com/unified-communications/microsoft-teams-monthly-users-hits-280-million/.