End of Series Summary

1.    Introduction

My work experience has provided me with a unique perspective on IT as a result of having managed every IT Team. That is, I have been a CIO, IT Manager, Infrastructure Manager, Applications Development Manager, Technical Services Manager, Service Delivery Manager, Service Desk Manager, Data Centre Manager, Architecture Manager, Project Office Manager, as well as Database and Networking Manager. Many of these positions I have held more than once. I have managed 50 staff and 1000 staff. I have also been a Programmer and a Systems Analyst, starting my career with the build of an MVS Mainframe Data Centre. I contribute my success to this breadth and depth of experience.

2.    Performance Housekeeping

The bottom line is that this background allowed me to form a unique appreciation and understanding of how an IT Department works and how to get it to work at its best. It also allowed me to determine what essential Performance Housekeeping activities are required to obtain maximum performance within each IT Team and achieve the following benefits:

Best Practice IT Standards

From my work I developed the Best Practice IT Standards that came about as a result of taking note of what worked best in all of the IT Departments, I worked in. They became part of my Change blueprint for addressing operational performance issues and bringing about improvements. Over time all IT Departments suffer from a form of entropy in their performance capability. Progressively they become more complex, run a much higher risk of errors, suffer a decline in technical performance, they lose their IT memory and incur increasing operating costs, all as a result of doing nothing in particular other than running the day to day.

3.    A better IT Management model

The model I prefer and the one I have always implemented is an IT Performance Management model. I always moved quickly to implement this model which is a hybrid of the older Traditional and newer Transformational - management models. The model looks like this:

4.    Four things that contribute to 80% of IT problems

There are four problem areas common to virtually every IT department that account for around 70 to 80% of all of ITs problems and resource usage, those areas are:

1.     Workload Management.

2.     The Service Desk.

3.     Process and Intranet.

4.     Managed Services.

5.    IT Function matched with its Best practice IT Standard

Service Desk and ITSM

ITIL compliant Service Desk application and ITIL/ITSM Service Management framework.

Workload Management.

End-to-end process comprised of Gating, Work Management, Work Classifications and Management Reporting.

Process and Intranet

All work to be process driven, with documentation management and templates managed in accordance with the Capability Maturity Model (CMM Level 2).

All process, how to guidelines and other documentation to be sourced only from an Intranet. All documents to be baselined with a single production version. The Intranet acts as the IT memory and single source of truth

Managed Services

Contract manager with a outsource diary, detailed knowledge of SLAs and contract schedules and weekly contract reviews.

Staff Training

Vendor product training.

Infrastructure.

Fleet upgrade strategy.

Capacity Management function for servers and network.

Desktop refresh strategy.

Standard Operating Environment (SOE).

DBMS management function.

Server performance management function.

Formal naming standards for servers and network hardware.

Applications Development.

Methodologies.

Tailored SDLCs, Applications development suite, Documented legacy applications.

Documented methodologies, guidelines and policy on use of scripts.

Projects.

End to end project management delivery process with supporting templates, guidelines and reporting documents.

Project Management Office.

Active PMO (as against passive), project management processes, templates and guidelines.

Quoting, Scoping, Estimating.

Services catalogue, standard quotation template.

Security.

Five levels of security management with penetration testing.

Change Control.

Change Advisory Board (CAB) with evidential submission criteria.

Disaster Recovery.

BCP, DRP. Testing, back-up site.

Architecture.

Application. - Applications guidelines and catalogue.

Technical. - Hardware, Server, Desktop and Systems software guidelines and catalogue.

Data. - Database Tables, Records, Fields, Naming definitions, guidelines and dictionary.

Diagrams.

WAN, LAN, Server, Architecture.

Technical Resource Management.

Minimise number of technical resources, maximise number of project resources.

Data Centre.

Asset protection, error free batch processing, on time on-line availability.

Tools and Utilities.

Vendor supported with OS, systems software and applications upgrade paths

6.    Service Desk and ITSM

You can’t manage what you can’t measure

The IT Service Desk is the principal interface between IT and the business. The business mostly rates its IT experience based on the performance of the Service Desk. For IT on the other hand, the Service Desk is the window into the business in terms of the number and nature of problems it is experiencing and how efficiently they are resolved.

7.    Process and Intranet

Process maxim: If it’s not written down, it doesn’t exist

The best practice standard is the use of a document management system, a process driven environment, (wherever feasible, for all work practices) and use of a standard, common document template for process, how-to guidelines, and other documentation. The template must adhere to documentation management principles. All documentation types are to be stored on an intranet.

8.    Managed Services

“We do your mess for less”

I have been an Outsourcing Contract Manager for several large, complex Financial Services IT contracts. The key lesson I learnt is that unless carefully and skilfully managed, the promised services and improvements are not always forthcoming. This is despite the fact that the Outsourcing business model is a good one where the provider can make use of an IT shared services to standardise the clients’ environment, reduce their cost of delivering services and make it easier to achieve SLAs. But not all contracts or clients are moved under shared services as this involves up-front costs for the provider, rather the clients’ services are left as is (no change to platforms or software) with reduced chances of achieving SLAs. This is where the Outsourcer saying of “We do your mess for less” comes from.

9.    Staff Training

I am a great believer in keeping staff training levels up to date. Unfortunately, in times of cost cutting and budget restraints, training is usually the first cost centre to be cut, this I have always resisted as the benefits of keeping product training up to date are substantial. The importance of training cannot be overstated. Companies invest large amounts in hardware, software and services but often fail to train or fall behind in the training of their staff in these products (hardware, systems and applications software, software suites and utilities). Failing to train staff on products they use is simply an inefficient and often costly use of those assets. Having untrained staff using IT products is also a risk, and when training on new technologies falls behind, capability and productivity suffer as does staff morale and the professionalism of the IT department.

10.Infrastructure

There is a saying that CIOs lose their jobs because of bad Infrastructure Managers. I add to this that the Infrastructure Managers are bad because they fail to understand the basics and that the devil is in the detail. I have managed many Infrastructure departments small and large, and whilst I can say that they are indeed a challenge, if you put the basics in place, they are easy to manage. IT Infrastructure is complex and critical to all IT operations, consisting mainly of Service Delivery, Installations, Maintenance, SOEs, Server and Desktop refresh strategies and Networks and Communications. Pay attention to the basic needs of these and things look after themselves.

11.Applications Development

1.     A thoroughly documented and tailored where appropriate, development lifecycle methodology. (Systems Development Lifecycles-SDLC) with associated how-to guidelines and procedures.

2.     A vendor supported, integrated applications development toolset.

3.     Development and test databases refreshed daily.

4.     As the applications portfolio is usually a mix of packaged solutions and in-house developments, both require thorough documentation, especially legacy applications.

5.     Development work like enhancements requires rigorous functional gap analysis and review of business processes before work is undertaken.

6.     The use of scripts is minimised as they tend to organically grow which makes them problematic and requiring manual intervention to run.

12.Security

Five levels of managed security with penetration testing, underpinned by CARTA (a strategic approach to information security that was introduced by Gartner in 2017).

1.     IT security. Refers to securing digital data, through computer network security. It is accountable for preventing unauthorized access to organizational assets such as computers, networks, and data and it maintains the integrity and privacy of corporate information and the blocking of hackers.

2.     Information security, on the other hand, refers to the processes and tools designed to protect business information from unauthorised access.

3.     Network security. Used to prevent unauthorized or malicious users from getting into a network, ensures that capacity, reliability, and integrity are not compromised. The Network security risk profile increases as business increase the number of endpoints and migrates services to the public cloud.

4.     Endpoint security. Protects mobile phones, laptops, and desktops. It restricts access to malicious and typically includes malware protection and device management.

5.     Internet security. The protection of information that is sent and received in browsers. Includes network security involving web-based applications. These protections come in the form of firewalls, anti-malware, and anti-spyware, ransomware.

6.     Cloud security. Applications and data held in a cloud-based data centre. The usual security measures do not protect users who are connecting to the internet. Cloud security secures software-as-a-service (SaaS) applications and the public cloud.

13.Projects and Project Management Office

How do Projects Fail? (One day at a time)

A rigorous end to end, project management lifecycle with supporting how-to guidelines and templates.

Is an active PMO. An active PMO receives standardised reporting from project managers, provides common traffic light style management reporting to the business and IT, actively monitors and polices project progress against cost and schedule and holds project managers accountable for their performance. Additionally, it provides a suite of project management processes, templates and how-to guidelines, such as how to estimate, create a schedule or produce a weekly progress report. It provides clearly defined project roles and responsibilities and an end-to-end projects delivery process that combines business and IT. An active PMO should be considered once the average number of small to medium-sized projects exceeds 15 per annum.

14.Quotations and Change Control

A quotation template that formalizes and integrates the three processes of scoping, estimating and quoting. The quote requires the scoping of hardware, software and services with prices from an IT services catalogue and/or an architecture products catalogue. The quote should have a fixed validity period.

Around 50% of business work requests disappear after a proper quotation has been prepared. Using the ‘Mandatory, Highly Desirable, Nice to Have’ technique when determining scope in conjunction with a IT services catalogue improves accuracy and rapidly speeds up the quoting process.

15.Disaster Recovery

A detailed Business Continuity Plan (BCP) with a matching Disaster Recovery Plan (DRP) and a back-up site agreement. The BCP and DRP should at minimum have been paper tested several times.

Most of us think of a disaster as being a data centre that has been gutted by fire or hit by an aircraft, in other words, it’s off the air. While these disaster types rarely happen, flooding however is a common cause, as is power outages, that's when the generators don’t kick in (murphy’s law), sabotage is another and data corruption is a big contender. Each of these can have catastrophic consequences for a business. Back-up data centres are the best protection you can get, and then they are only as good as the WAN link that connects them, and they can fail when needed (murphy’s law again). It’s all an insurance game where by and large you get what you pay for.

16.Architecture and Diagrams

An architecture team that owns data, infrastructure and applications architectures supported by architecture guidelines and a technical architecture catalogue. A technical architecture catalogue is essential; it helps with products standardisation, reduces product redundancy, sets product strategy and guides purchasing decisions. Architecture principles are also required.

Not every IT department has an architecture function, although at minimum IT architecture works on a set of principles that guide the use and deployment of all IT resources and assets across the company. They are developed to make the IT environment as productive and cost-effective as possible. The principles are used in a several different ways.

17.Data Centre and Operations

Protection of data centre assets, completion of the nights batch processing, successful completion and verification of back-ups and on-line systems availability ready for the next day’s business opening hours. The performance and capability of data centre operations are assessed every night and every morning. Production and development batch processing, scripts, job scheduling and job run sheets are assessed daily. Confirmation of database availability, completion of overnight back-ups through to the successful initiation of on-line production systems ready for business opening hours is also assessed daily. As a result, a thorough health check is usually not warranted unless there have been recurring problems.

18.Technical Resource Management

The best practice standard is a resource management approach that uses minimal technical and applications resources. This means that available resources require skillsets and knowledge to be able to service production support and projects needs at the same time. Projects and production support are equally important. One keeps the production environment running, the other fosters business growth, preferably they should not be traded off against each other.

End