1 MultiTek LLC A Prfessinal Data Center Relcatin Cmpany Applying Gvernance t Data Center Migratin Prjects White Paper Written by: Bb Fitch, PMP, Engagement Manager July 2014
2 Table f Cntents Cntents IT Gvernance...3 Gverning Prcesses...5 Gverned Prcesses...6 Operatinal Gvernance... 10
3 MultiTek helps cmpanies with data center relcatin, migratin and cnslidatin prjects. An imprtant aspect f these types f prjects is the rigr and discipline f fllwing a prcess f cmmunicatin alng with checks and balances thrughut the prject. The fllwing paper describes hw MultiTek applies gvernance standards t prjects. IT Gvernance MultiTek will assess, develp and review the current IT gvernance prcesses and framewrk within a crpratin and identify pprtunities t expand r imprve the current envirnment. During the review and analysis phase f the gvernance assessment, MultiTek utilizes and cnsiders industry best practices and gvernance mdels frm varius surces such as ITIL, Service Oriented Architecture (SOA), SOA Gvernance Reference Mdel (SGRM), COBIT and thers t make recmmendatins in the custmizatin t the rganizatin s IT gvernance envirnment. The gvernance slutin will be cmpsed f many kinds f IT gvernance entities called gvernance disciplines. MultiTek s apprach t IT gvernance is based n several basic principles that can be applied t any enterprise. The apprach starts with the definitin and principles f IT gvernance. IT gvernance is abut the way in which leadership accmplishes the delivery f imprtant business capability using IT strategy, gals and bjectives. It is cncerned with strategic alignment between the gals and bjectives f the business and the utilizatin f its IT resurces t effectively achieve the desired results. Gvernance is used fr imprving alignment between IT services and business needs, and ensuring that IT-related risks are visible and effectively managed. Similar t risk management, gvernance is anther ne f the key business prcesses fr the assembly f rganizatinal structures, wrkflws, authrizatin pints and disseminatin f decisin rights fr the purpse f integrating the multifaceted agendas f an rganizatin.
4 Principle 1 IT gvernance is abut the whle rganizatin, nt just IT. Business and IT alignment Principle 2 Yu must develp yur IT gvernance slutin as an architecture that aligns multiple IT gvernance disciplines with the strategic bjectives f yur cmpany (yur cmpany s perating mdel). Principle 3 Develping rganizatinal transparency is critical in the adptin f effective IT gvernance. The value f yur IT gvernance slutin may be cmprmised at yur rganizatinal bundaries. While addressing any r all f these areas, the enterprise must be certain that the value f the business internally and the value prvided t its custmers are maintained r imprved. Executives fcus n hw they structure, sustain, grw, transfrm and manage the enterprise t meet challenges including the crprate plicies, prcesses and IT infrastructure and systems that are required. MultiTek defines gvernance as a prcess r a series f actins, changes r functins bringing abut a result. Therefre, gvernance is the prcess f establishing: Chains f respnsibility, authrity and cmmunicatin t empwer peple (decisin rights). This defines the structure f the enterprise, hw it functins and the rles and respnsibilities fr each member f the enterprise. Measurement, plicy, standards and cntrl mechanisms t enable peple t carry ut their rles and respnsibilities. The gal is t als define the measurement and cntrl mechanisms that will enable peple t perfrm their jbs. The enterprise defines and institutes crprate plicies, identifying the standards they will fllw and specifying a set f measures and cntrls. In turn, these plicies are enfrced by business prcesses. Artifacts that are prduced t define the dynamic view f gvernance include a plicies library and gvernance effectiveness measures. Gvernance prcesses ensure the strategic initiatives f a given cmpany are carried ut apprpriately. They als ensure apprpriate versight f the strategic initiatives that are currently planned r underway, and that these gals are met prudently and efficiently. It is dne by using the ptimal number f business resurces available. A management prcess is the utput frm the gvernance prcess. Unlike a gvernance prcess, a management prcess implements the specific chain f respnsibility, authrity and cmmunicatin that empwers peple t d their day-t-day jbs. MultiTek s apprach als incrprates definitins and principles frm Service Oriented Architecture (SOA) and SOA Gvernance Reference Mdel (SGRM) mdel and framewrks. SOA gvernance is an augmentatin f IT gvernance and fcuses n the gvernance f services within a life-cycle cntext. SOA gvernance ften drives changes t ther dmains f gvernance, such as crprate gvernance, as businesses re-examine their existing gvernance prcesses t make them mre efficient and agile based n SOA architectural cnstructs.
5 The SOA Gvernance Reference Mdel (SGRM) is a generic mdel that is utilized as a baseline t expedite the prcess f tailring an SOA Gvernance Mdel fr an rganizatin. All aspects f the SGRM are reviewed and cnsidered fr custmizatin t the rganizatin s envirnment. SOA gvernance guiding principles include aspects f peple/rles, prcesses and technlgy. In additin, it shuld be utilized t aid an rganizatin t achieve stakehlder cmmitment. It is expected that a subset f these principles will be selected and mdified. It is als expected that the principles will be expanded upn with sme that are unique t the rganizatin. Organizatins may need t create their wn SOA and gvernance principles that target their needs. The SOA principles wuld include, but are nt limited t: Prmting the alignment f business and IT: The SOA gvernance prgram shuld supprt the business and IT drivers. Business and IT stakehlders must participate in gverning and enfrcing the rganizatin s SOA prgram. Cnfrm t rganizatin's gvernance: SOA gvernance activities shall cnfrm t Business, IT and Enterprise Architecture gvernance principles and standards develped and established by the rganizatin. Prvider and cnsumer cntracts: Cntracts shuld exist between service prviders t ensure the crrect delivery f service. Service metadata: Enables decisins and descriptins relating t services and their cntracts be stred in a well-knwn lcatin, including relatinships amng services and their assciated artifacts. Business cntinuity impact analysis: Helps cmpanies understand what dwntime means t the business financially and therwise. Identified gvernance Stakehlders: Stakehlders shall be identified and accept respnsibility fr the gvernance prcess. Service re-use: Existing services shuld always be cnsidered first when creating new SOA slutins. Service descriptin: Descriptins shall be adequate t supprt cnsumer decisin t use the service. Gverning prcesses realize the gvernance intentins f the rganizatin. These are the prcesses that a gvernance mdel uses t gvern any particular prcess. Gverned prcesses are the actual prcesses being cntrlled, mnitred and measured (e.g., testing, design and deplyment). Gverning Prcesses The SGRM defines three Gverning Prcesses: cmpliance, dispensatin and cmmunicatin, which are perfrmed n an nging basis. It is expected that rganizatins will define cmpliance prcesses, but they shuld be custmized and extended as apprpriate fr the SOA slutin. Cmpliance This activity is t define a methd t ensure the SOA plicies, guidelines and standards are adhered t. The cmpliance prcess prvides the mechanism fr review and apprval r rejectin against the criteria established in the gvernance framewrk (e.g., principles, standards, rles and respnsibilities, etc.). In many cases, it is an add-n t the existing quality review prcess and is nging. When a checkpint review is nt apprved r passed, then an exceptin t the cmpliance prcess has ccurred. The cause f the exceptin shuld be adjusted r realigned in rder t meet the cmpliance requirements. Determining adherence r nncnfrmance is based upn the established SOA gvernance cmpliance criteria and strategies. Dispensatin This prcess is the exceptin and appeals prcess that allws a prject r applicatin team t appeal nncmpliance t established prcesses, standards, plicies and guidelines as defined within the gvernance regimen. Examples include service funding, service wnership, service identificatin, etc. Dispensatin Prvides an alternative rute t cnfrmance by granting permissin t remain nncnfrmant. Cmply If dispensatin is nt granted, then the surce f the failing checkpint assessment must be brught back int cmpliance. Appeal If the activity has caused an exceptin in a checkpint and cannt r shuld nt be adjusted t pass cmpliance, the activity exceptin can begin the appeals prcess t ask gvernance authrity fr a re-evaluatin f the dispensatin decisin. Escalatin Shuld the appeal nt bring abut a satisfactry result, an escalatin prcess can begin with the next level f gvernance authrities. Cmmunicatin Cmmunicatin prcesses educate, cmmunicate and supprt the SOA gvernance and SOA plicies, guidelines and standards acrss the rganizatin. This als includes ensuring the gverning prcesses are acknwledged within the gverned prcesses. Cmmunicatin prcesses shuld ensure the gvernance is
6 understd. It shuld als ensure access t and use f gvernance infrmatin. Cmmunicatin and infrmatin shuld be easily accessible via the use f technlgies such as repsitries. Essential infrmatin t be cmmunicated and available may include: Value f gvernance Plicies, standards and guidelines Cmpliance prcesses Dispensatin prcess including escalatins and appeals Organizatin, rles and respnsibilities Technlgy being gverned and used by the gverning prcesses Gverned prcesses and checkpints Gverned Prcesses These start with alignment f rganizatinal gvernance and cncludes with cntinuus enfrcement and cmpliance during peratin. The gverned prcesses include planning, design and peratinal aspects. The rle f IT gvernance in relatin t the ther activities that need t be perfrmed fr the delivery f IT services is shwn in the fllwing diagram. IT Gvernance Decisins abut: ec Principles Pr Architecture Ar Infrastructure Infrastructure ;margi IT Service management Prcesses Prcesses needed t maintain cmmitted service levels IT Operatins Operatinal activities Hierarchy f IT activities
7 IT Service Management (ITSM) prcesses are needed in rder t maintain the service quality that is specified in Service Level Agreements (SLAs) and matched t business requirements. These are frequently referred t as ITIL (IT Infrastructure Library) prcesses. MultiTek uses the ITIL framewrk f gd practice fr IT service management evaluatin and assessment. The rle f IT gvernance in relatin t the ITSM prcesses is t make the decisins which cannt be made at the individual prcess level, either because they require additinal resurces beynd thse already budgeted r they affect mre than ne service management prcess. ITIL prcesses are a requirement fr effective IT gvernance, but ITIL des nt prvide an IT gvernance framewrk n its wn. A gvernance layer cntaining a decisin-making prcess, structures and accuntabilities is als needed, sitting abve the ITSM layer. IT gvernance decisins cncerning changes t the infrastructure, new r changed business applicatins and prpsals fr prcess imprvement are, fr the mst part, made in respnse t prpsals cming frm the ITSM prcesses. Fr example, the capacity plan prduced by the capacity management prcess cntains prpsals fr changes t the IT infrastructure in rder t respnd t a need fr increased (r reduced) capacity r t prvide imprved price/ perfrmance. IT gvernance als receives infrmatin abut the perfrmance f service management prcesses perfrmed by the IT functin. The cmbinatin f prcess perfrmance infrmatin and prpsals fr change, wrks fr activities that are perfrmed in-huse by the IT functin. MultiTek s apprach in reviewing and assessing an rganizatin s service management lifecycle is that it emphasizes the crdinatin and cntrl acrss the varius functins, prcesses and systems necessary t manage the full lifecycle f IT services in which it cnsiders and understands the five cre elements f It services: strategy, design, transitin, peratin and cntinuus imprvement. The transfrming f resurces int a valuable service is the cre f service management. MultiTek reviews the rganizatin s service management rles, functins and prcesses t ensure they are clearly defined, structured, cmmunicated and prvide the value t the custmers. MultiTek uses the fllwing definitins as a base fr the review and evaluatin f the service management lifecycle. Functins: A team r grup f peple and the tls they use t carry ut ne r mre prcesses r activities (e.g. service desk). The characteristics f functins are as fllws: Have their wn bdy f knwledge Prvide structure and stability Are self-cntained units with capabilities and resurces Crdinate between functins thrugh shared prcesses in the rganizatinal design Rles: A set f respnsibilities, activities and authrities granted t a persn r team. The rle is defined in a functin. Prcess: A structured set f activities designed t accmplish a specific bjective which includes all rles, respnsibilities, tls and management cntrls required t reliably deliver the utput. Prcess cntrl: The activity f planning and regulating a prcess, with the bjective f perfrming a prcess in an effective, efficient and cnsistent manner. MultiTek uses the basic prcess mdel frm ITIL practices t assess n rganizatin s prcess structure in rder t evaluate the reliable delivery f services. Prcess Cntrl Triggers Prcess Plicy Prcess Owner Prcess Dcumentatin Prcess Objective Prcess Feedback Prcess Inputs Prcess Prcess Metrics Prcess Activities Prcess Wrk Instructins Prcess Rles Prcess Imprvement Prcess Outputs Prcess Mdel Prcess Enablers Prcess Resurces Prcess Capabilities
8 Each rganizatin has varius functins under the service management lifecycle that are custmized t their rganizatin. MultiTek will review the varius functin appraches t the cre elements (strategy, design, transitin, peratin and cntinuus imprvement) within the enterprise. Typical types f functins include: Service desk: Primary pint f cntact fr users during a service disruptin and service requests. Technical management: Custdian f technical knwledge related t managing the IT Infrastructure and prvides resurces t supprt ITSM lifecycle. IT peratin management: Respnsible fr the nging management and maintenance f the rganizatin s IT infrastructure t ensure delivery f the agreed level f IT services. Applicatin management: Custdian f technical knwledge related t managing applicatins and prvides resurces t supprt ITSM lifecycle. Prject prtfli management: The strategy that mves the selectin and implementatin f prjects within a structure and discipline, and aligns prjects with strategic gals. Infrmatin security management: Prvides a fcus fr all aspects f IT security and manage all IT security activities. Vendr management: Supplier management and service level management prcesses help manage suppliers and the services they supply, t prvide quality f IT services t the business ensuring value is btained. Architecture management- The rganizing, integrating and analyzing infrmatin abut the key architecture elements f an enterprise. Enterprise architecture (EA) gvernance is t ensure that an rganizatin s IT investments are clsely aligned with business gals and prcesses, s that limited IT resurces are allcated t areas f highest impact n rganizatinal perfrmance. Prject prtfli management is a strategy f selectin and implementatin f prjects in a structured prcess and discipline used t align prjects with the strategic gals and bjectives fr a mre effective and efficient rganizatin. Randm selectin f prjects withut cnsideratin fr the enterprise s strategic directin can have adverse cnsequences. MultiTek will assess and analyze the prcesses and functins f the prject prtfli management structure. Prject selectin shuld always be cnsidered as building blcks t an rganizatin s success. MultiTek will assess and analyze the SOA selectin mdel within the prject prtfli management t ensure the mdels allw fr cnsistent applicatin f criteria fr an infrmed prject selectin prcess, and that they can be ptimized and supprt strategic gals and bjectives. Objective selectin criteria shuld prvide a better understanding f the prject cnsideratin and prmised benefits. MultiTek will review the methdlgies and criteria variables f the prject selectin prcess that need t be cnsidered in the selectin prcess. These criteria variables are custmized fr each rganizatin. Such criteria may include, but are nt limited t: Prject risk: Assess the risk f the prject t meet the users expectatins r whether the prject can be cmpleted within the established gals fr cst, schedule and technical perfrmance. Prcess change Assess the impact f a prject that wuld require prcess changes within the rganizatin, the cst f a prcess change and if the change is aligned r nt aligned t the rganizatin gals. Resurces: Human and nnhuman resurces bth internally and externally f the rganizatin which wuld include special materials r equipment, special qualificatins and tls need t be cnsidered. Financial: Cash flw may be impacted by large initial expenditures. The cst f utsurcing can have majr impact. Technlgy: The degree f maturity f a technlgy r whether the technlgy is t be develped r it it will require new technlgy that is cmpatible with the existing cre cmpetency grwth plan. Prject duratin: Questin whether prject duratin fits int the nrmal wrk arrangements, and whether prjects are nly shrt-term r lng-term prjects. Urgency f need: Questin the urgency f need t determine whether delivery is pssible and if resurces are available. Cre cmpetencies: Ask if the prject fits int the rganizatins cmpetencies. Business risk: Is there a risk t their business r ther areas within the business and will it have a high degree f success (90 percent r mre). Prject mix: Review the balance f prject sizes (less than $10K, between $ 10k and $100K, ver $100k) and prject types (lw-risk, medium-risk, high-risk etc.). Managing by prject prtflis prvides high visibility t the rganizatin s ttal prjects withut fcusing n just ne prject at a time. Applicatin prtfli management is similar t prject prtfli management. MultiTek will assess and analyze the methds gverning the applicatin prtfli, applicatin selectin and the applicatin investment in service acrss the enterprise. MultiTek will review which f the fur basic management methds (scring system, ad hc methd, strategic planning and mathematical ptimizatin techniques) best fits the cmpany s applicatin prtfli management. MultiTek s apprach t the management methd used by an rganizatin is that it supprts the rganizatin s business prcesses by helping identify functinal and manageability requirements fr applicatin sftware and shuld assist in the design and deplyment f applicatins and nging supprt f thse applicatins. MultiTek will review the management methd t ensure it is based n five basic criteria: reality, rbustness, flexibility, ease f use and cst. As part f the applicatin prtfli management selectin prcess, MultiTek will assess the selectin criteria s it meets the applicatin management bjectins f: Applicatins that are well designed, resilient and cst-effective Ensuring the required functinality is available and meets the business requirements That there are adequate technical skills t maintain applicatin in ptimum perating cnditins
9 That the use f technical skills and methds are available and in place t quickly diagnse and reslve technical failures that ccur Architecture management is anther discipline f IT gvernance entities. The primary purpse is t ensure that an rganizatin s IT investments are clsely aligned with business gals and prcesses, s that limited IT resurces are allcated t areas f highest impact n rganizatinal perfrmance. MultiTek s view is that there are tw bjectives t EA gvernance. Ensure that the EA prgram is prperly managed and that it prduces artifacts and plans truly representative f rganizatinal gals and needs. Ensure that the IT investment decisins are being cntinually aligned with the EA frm the pint they are initiated until implemented. MultiTek uses a basic apprach t the framewrk in EA gvernance and will assess and review SOA s architecture management and gvernance framewrk. The basic apprach framewrk is: Identify Prgram Life Cycle Phases Identify Activities that require Gvernance Identify Entities and Stakehlders invlved in Gvernance Define Rles and Authrities Map Rles and Authrities t Prgram Activities Develp EA Metrics The basic EA gvernance framewrk prvides the when, what, and wh. Fr the gvernance prcess t becme peratinal, it will als be necessary t develp sme detailed perating prcedures ( hw ) fr selected activities. The framewrk currently used will be reviewed by MultiTek using the basic framewrk abve as a guideline: Phase 1: Identify EA Prgram Life Cycle Phases Within this life-cycle, seven distinct steps f the EA prgram must be identified: Step 1 EA prgram authrizatin and start-up: This phase describes the activities and related decisins typically required during EA prgram authrizatin and start-up and subsequent prgram re-apprval. Step 2 Develp baseline: A baseline is develped in strategy, business, applicatin, data and technlgy areas including security. Step 3 Develp target: The future architecture is develped. The target architecture based n this visin is develped als in the strategic, business, applicatin, data and technlgy areas including security as well. Step 4 Perfrm gap and pprtunity analysis: This phase utilizes baseline and target architecture infrmatin as inputs and identifies the gaps in and pprtunities fr IT supprt. Each gap r pprtunity must be evaluated in terms f its cst, benefits and risks, and is used t priritize the gaps and pprtunities and t develp the transitin sequencing plan. Step 5 Develp transitin strategy and sequencing plan: The gaps and pprtunities are translated int IT prjects. Individual prject csts, benefits and risks are summarized fr the entire IT prject prtfli and presented fr funding apprval. Step 6 Utilize EA t manage IT investments: EA is utilized t supprt management f the IT investment prtfli(s). The IT prject is either inserted in the apprpriate pririty slt in the transitin sequencing plan, r if it has the highest pririty it is apprved fr immediate implementatin. Step 7 Maintain EA: As changes specified in the target EA are implemented, bth the baseline and target EA must be updated. Phase 2: Identify EA Activities That Require Gvernance Oversight The EA activities that require gvernance versight shuld be identified. EA activities shuld be maintained t reflect the impact f nging changes in strategy, business prcesses, data, applicatins and technlgy. This will enable the EA t cntinually supprt the prcess s that nly the smartest, mst effective IT investments are made t supprt the rganizatin s strategy. Phase 3: Identify Organizatinal Entities and Stakehlders Invlved in EA Gvernance The rganizatinal entities and stakehlders invlved in EA gvernance must be identified and shuld include members frm the strategy, business, infrmatin technlgy and prgram/prject ffices t ensure that business prcesses and technlgy are accurately reflected in the EA. The gvernance structure shuld be respnsible fr ensuring that the EA prvides the best pssible infrmatin and guidance t infrmatin technlgy prjects and stakehlders, and that systems develpment effrts are prperly aligned with the technlgy standards, data standards and business prcesses identified in the EA.
10 Phase 4: Identify and Define Gvernance Rles and Authrities f Key Organizatinal Entities and Stakehlders Several EA gvernance rles and authrities shuld als be identified. They are defined as fllws: Respnsible rle: The rganizatinal entity r an individual assigned this rle wns (i.e., has the primary respnsibility fr) a specific EA activity and is accuntable fr its initiatin and executin. Wrk rle: The rganizatinal entity r an individual assigned this rle has the primary respnsibility fr perfrming the wrk required by the specific EA activity. Prvide input rle: The rganizatinal entity r an individual assigned this rle prvides inputs that are required fr the specific EA activity (i.e., cnsultative meetings, brainstrming sessins, prviding cpies f dcuments, etc.). Apprve/disapprve authrity: The rganizatinal entity r an individual assigned this authrity prvides interim r final apprvals/disapprvals n specific EA activities. The apprvals r disapprvals must be based n published and apprved rganizatinal prcedures, plicies, plans, guidelines and/r strategies. Need t knw rle: The rganizatinal entity r individuals assigned this rle typically receive infrmatin abut EA activities and use this infrmatin t be cgnizant f the status and/r utcme f a specific EA activity, r as additinal input t add value in their wn business activities. Phase 5: Map Gvernance Rles and Authrities t EA Prgram Activities The perating charters and missin statements f the rganizatinal entities and stakehlders invlved shuld be reviewed and their EA gvernance rles and authrities identified. Additinally, system dcumentatin shuld be reviewed and analyzed, primarily with respect t IT prject gvernance thrughut system develpment life cycle (SDLC). Frm this analysis, the EA gvernance rles f the rganizatinal entities prpsed fr each phase f the EA prgram can be mapped t phase-specific EA activities. Phase 6: Develp Enterprise Architecture Metrics The ultimate gal is nt t simply build and maintain infrmatin stres and mdels, but t use them t make effective management decisins. Organizatins shuld develp a set f perfrmance metrics t evaluate the agency s ability t develp, maintain and use the EA. Mrever, metrics shuld be develped t evaluate whether EA prducts being develped are f high quality. Develping perfrmance metrics t evaluate cmpliance and measure the degree t which the EA is utilized in decisins regarding IT investments is imprtant. Operatinal Gvernance Operatinal gvernance addresses hw a cmpany s decisins are made and executed. Operatinal gvernance is very different than crprate gvernance, which fcuses n versight by a cmpany s Bard f Directrs and sharehlders. In cntrast, peratinal gvernance is a management activity that centers arund key perating decisins by cmpany managers and executives. Majr elements include: Effective decisin making thrugh clear rganizatinal rles, respnsibilities, wnership and cmmunicatin Systematic cmmunicatin linked t business needs Efficient delivery f supprt and ther services Cntinuus imprvement thrugh effective practices, plicy setting and knwledge sharing Withut clearly defined decisin making rles and respnsibilities, a prject may nt be agile enugh t respnd quickly t changes. MultiTek will assess and review the effective peratinal gvernance based n a three step prcess. This basic three step prcess is analyzed by MultiTek t verify and validate the effectiveness f the defined rles and respnsibilities, decisin making prcess and the cmmunicatin f rles, respnsibilities and plicies acrss the entire enterprise. The basic framewrk used by MultiTek is: Strategic rles. The first step is defining decisin making rles within the prject and clearly dividing respnsibilities between crprate and business units. They help answer questins such as what are the rles assigned t crprate and business units in defining a cmpany s strategic directins and wh makes what decisins? Effective peratinal gvernance requires an additinal level f detail. Operatinal gvernance breaks respnsibilities int three rles decide, execute and mnitr and specifies wh has primary and secndary respnsibility. In a strategic guidance business mdel, business units cntinue t have primary respnsibility fr cre and staff functins; hwever, crprate begins t exert mre influence ver staff functins. Business units have primary respnsibility fr making and executing decisins, while crprate has primary respnsibility fr mnitring results. In a strategic cntrl mdel, a greater balance exists between crprate and business units. Business units wn the cre functins and are primarily respnsible fr executin. Crprate wns the staff functins and has primary respnsibility t make decisins and mnitr results. MultiTek will assess which mdel is currently used and what are advantages r dis-advantages. Operatinal respnsibilities. The secnd step invlves identifying key decisins that need t be made and defining decisin making prcesses fr each ne. It answers what are the key decisins and hw will they be made? It als invlves identifying yur cmpany s key decisins, defining prcesses and detailing respnsibilities fr hw these critical decisins will be made. This includes identifying wh the decisin maker is, wh needs t be invlved and what is the specific timing and sequence f their interactins. Whether the issue is prcurement, applicatin selectin r prject implementatin, an rganizatin needs clear plicies and prcedures that define wh has the authrity t make decisins, wh reviews and prvides input and wh simply needs t be infrmed. This secnd step ges well beynd the rles and respnsibilities defined in step ne, systemically clarifying the key interactins needed fr timely and sund decisins. Typical examples f decisin making tpics are: 1. Strategic planning
11 Resurce allcatins Business unit strategies (develpment and prcess) Management f link t financial and perating plans Measurement/mnitring f plans 2. Supprt Hiring Staff reductins/additins Cmpensatin plans 3. Prcurement f utside vendrs Marketing/research/agencies Cnsultants Key business frums. The third step is prviding frums such as cmmittees and cuncils t fster the kind f crdinatin and infrmatin sharing that prduces gd decisins and t cnfirm that decisins are actually executed. Answering the questin what are the key business frums used fr interactin and strategic and perating decisins between crprate and business units happens in this third step. Sample frums Executive cmmittee Operatinal cmmittee Functinal cuncil Frums supplement structured decisin making prcesses. They can help imprve the quality f decisins by bringing peple frm different parts f the rganizatin tgether t exchange ideas, set directin, crdinate activities and discuss effective practices. They can als prvide an nging mechanism t cnfirm that decisins are executed and mnitred. Frums can help imprve the effectiveness and efficiency f decisin making by clearly establish bjectives, rles and utcmes f different functins and prmte cntinuus imprvement thrugh the pen sharing f infrmatin, ideas and lessns learned. Frums are nt intended t add new layers f cntrl. Typically, three levels f frums are used: (1) executive cmmittees, (2) perating cmmittees and (3) functinal r crss-functinal cmmittees fr areas such as HR, finance, marketing, investments, due diligence, legal review and real estate. MultiTek will review the current levels f cmmittees fr the best fit: Executive Cmmittee Operating Cmmittee Functinal Cmmittee Functinal Cmmittee Many frums meet mnthly and are part f a quarterly business review. Hwever, the exact frequency and timing varies based n what a particular frum needs t accmplish. MultiTek fllws the IT gvernance Institute s recmmended five fcus areas fr the supplier gvernance prcess. These fcus areas are: 1. Perfrmance measurement: Cmmitted service levels, dcumented in SLAs shuld be available fr external services. Reprts f actual achievement against these when the service is in peratin will nrmally be delivered by the service supplier. These prvide useful infrmatin fr the gvernance prcess t verify the supplier is in cmpliance r if a trigger fr nn-cmpliances has been reached and further actin/decisins are required. 2. Resurce management: The resurces required fr external services are usually financial in nature. Hwever there may be csts in additin t the price f the service, fr instance the need fr training t prvide new skills fr staff. Any such csts need t be identified and included in the business case t be cnsidered by the gvernance prcess. 3. Value delivery: The tw main value criteria are cst and service quality. The infrmatin n bth f these shuld be readily available frm the supplier f an external service. 4. Strategic alignment: It is als critical that this shuld be reviewed prir t making the decisin t use a particular service. the mst imprtant criteria fr assessing the alignment f services with business strategy are thse cncerning the capability t cpe with change agility (hw quickly), scalability (up and dwn), flexibility (change in any directin) and elasticity (changes can be easily reversed). It is necessary t have infrmatin abut these characteristics fr external services. It is als critical that this shuld be reviewed prir t making the decisin t use a particular service. This review shuld include nt nly the capability f the supplier t change the service itself but als the flexibility f the cntract with the supplier.
12 5. Risk management: Risk management is an activity that is perfrmed at tw levels within the hierarchy f IT activities within the IT service management prcesses and as part f IT gvernance. Risk management at the gvernance level shuld prvide versight f the peratinal risk management and ensure that risks are being managed in accrdance with the risk plicies f the rganizatin. MultiTek will review and asses risk management categries f externally-delivered services Thse different risk categries are: a. Operatinal: Infrmatin is needed frm the supplier t prvide assurance that this is being dne. This culd include infrmatin abut the peratinal availability f the service in the past and details f the resilience built int the service. b. Technlgy: The risks t the external service caused by technlgy changes are the primary cncern f the supplier. The chice f technlgy is under their cntrl. Hwever, the adptin f new technlgy by the supplier may prvide the pprtunity t imprve the service. c. Service develpment: The capability t develp the existing service r t create new services in respnse t changing business requirements is under the cntrl f the supplier. Therefre infrmatin abut this is needed, fr example the supplier s track recrd in ding this in the past and their service develpment plans fr the future. In additin t these three categries f risk, the use f an external service intrduces a number f cmpletely new risks that gvernance needs t be aware f. These are: Maturity f service Stability f the supplier Service integratin risk (hw easy r difficult is it t integrate int the peratinal envirnment) Security f infrmatin Infrmatin abut all f these additinal risks als needs t be btained befre the IT gvernance prcess can make an infrmed decisin abut using a particular service. Fllwing these disciplines fr IT gvernance within the ITIL and SOA architectures may seem like verkill fr a data center relcatin prject. Hwever, if yu are ging t disrupt yur cmpany s business by taking the critical systems dwn fr any amunt f time, yu must ensure that the business gals are understd and that the plan is apprved by the business per the gvernance prcesses. The rigr and dcumentatin as applied abve will help ensure a smth prject and prper cmmunicatins thrughut the prject. Surces cited: Univ f Michigan- DAC Replacement Prject: Gvernance Mdel (n authr r cpyright PDF file) Clt- White Paper Adapting IT Gvernance fr Tday s IT Slutins Kerry Litten, Senir Cnsultant March PDF n cpyright inf IBM IT Gvernance Apprach: Business Perfrmance thrugh IT Executin February 2008 Cpyrighted IT Infrastructure Gvernance and IT Investment Perfrmance: An Empirical Analysis- Bin Gu Univ f Texas Austin, Ling Xue Univ f Scrantn, Gautam Ray Univ f Minn-PDF N cpy right inf IT PROJECT GOVERNANCE GUIDE P1133-ITGG-NNA V1.2 4/24/06 UCLA Office f Infrmatin Technlgy-PDF n cpyright inf The SOA Surce Bk appendix The Open Grup.-Website n cpyright inf SOA Gvernance Technical Standard: SOA Gvernance Reference Mdel (SGRM)- The Open Grup.- Website n cpyright inf Frmalizing Operatinal Gvernance:Ensuring the well-managed enterprise- Vitria Technlgy, Inc PDF N cpyright inf Prject Management-Strategic Design and Implementatin fifth ed. David Cleland (text bk) Fundatins in IT Service Management Versin 3 (ITIL training) Cpyrighted MultiTek LLC is a cmpany that specializes in relcatin data centers and related prjects. Yu can reach us at