Managing the IT Capability
The IT function was traditionally seen as the provider of one-off IT services and solutions. In order to fulfil its role as the instigator of innovation and continual business improvement however, the IT function has to proactively deliver — and be seen to deliver — a stream of new and improved IT services and solutions. This macro-capability provides a systematic approach to adopting that role, by effectively and efficiently maintaining existing services and solutions, and developing new ones.
Critical Capabilities
- CAMCapability Assessment Management
The Capability Assessment Management (CAM) capability is the ability of the organization to conduct current state evaluations and plan improvements for its portfolio of IT capabilities. Current state evaluations involve gathering and documenting data about the specific IT capabilities in the organization. The results then inform the planning and execution of improvement actions to deal with any deficiencies. The Capability Assessment Management (CAM) capability covers:
- Selecting an overarching capability framework and mapping other frameworks used in the organization to it.
- Managing continuous improvement of the organization’s IT capabilities.
- Securing appropriate senior management sponsorship for IT capability improvement.
- Promoting organizational buy-in and incentivizing participation in capability improvement evaluation and planning.
- Planning, preparing, and conducting capability evaluations.
- Setting IT capability targets and defining development roadmaps for key IT capabilities.
- EAMEnterprise Architecture Management
The Enterprise Architecture Management (EAM) capability is the ability to plan, design, manage, and control the conceptualization of systems, processes, and/or organizations, and the relationships between them. The conceptualization may be layered to represent specific types of relationships – for example, those between applications, business services, internal IT services, security, networking, data storage, and so on. The Enterprise Architecture Management (EAM) capability covers:
- Establishing principles to guide the design and evolution of systems, processes, and/or organizations.
- Providing a framework, including models or templates, that articulates the business, the technical architecture, and the relationships between them.
- Providing the architecture vision, roadmap, and governance, together with the approaches required for managing their life cycle.
- Managing the architectural skills and architecture resourcing.
- Communicating the impact of enterprise architecture activities.
- ISMInformation Security Management
The Information Security Management (ISM) capability is the ability to manage approaches, policies, and controls that safeguard the integrity, confidentiality, accessibility, accountability, and usability of digitized information resources5. The Information Security Management (ISM) capability covers:
- Preventing unauthorized access, use, disclosure, disruption, modification, or destruction of digitized information resources.
- Establishing an information security governance model, including allocating roles, responsibilities, and accountabilities.
- Measuring the effectiveness of existing security approaches, policies, and controls – for example, by applying security standards and conducting internal audits.
- Managing security-related communications and training of employees.
- Assessing, prioritizing, responding to, and monitoring information security risks and incidents.
- Securing physical IT components and IT areas.
- Providing expertise to protect, preserve, and/or destroy data in line with business, regulatory, and/or other security requirements.
- Reporting on information security activities and compliance levels.
- KAMKnowledge Asset Management
The Knowledge Asset Management (KAM) capability is the ability to identify, capture, profile, classify, store, maintain, protect, and exploit the organization’s knowledge assets in pursuit of business outcomes. The Knowledge Asset Management (KAM) capability covers:
- Establishing a knowledge management policy, strategy, and programme.
- Assigning roles and accountabilities, and determining requisite employee skills.
- Fostering a knowledge-sharing culture.
- Providing tools, technologies, and other resources to support knowledge management activities.
- Managing the knowledge asset life cycle, from identifying, capturing, profiling, classifying, storing, and maintaining, to archiving or discarding, as appropriate.
- Assessing the impact of knowledge asset management activities.
- PAMPeople Asset Management
The People Asset Management (PAM) capability is the ability to meet the organization's requirements for an effective IT workforce.
- PDPPersonal Data Protection
Personal data differs from other business data in that its ownership lies with the person to whom it refers and not the custodian company. This confers rights on the data subject, including the right to the privacy of the data. The custodian can vindicate the data subjects' right to privacy partly by protecting data from unauthorised access through access controls and other protection approaches, such as firewalls and physical isolation. Such measures (discussed in chapter 22, Information Security Management (ISM)), are designed to safeguard all data and information, while ‘data protection’ as discussed in this chapter refers primarily to the additional measures needed to protect personal or sensitive personal data, and to satisfy the legal obligations imposed on the custodian.
The Personal Data Protection (PDP) capability is the ability to develop, deploy, and implement policies, systems, and controls for processing personal and sensitive personal data relating to living persons in all digital, automated, and manual forms. It ensures that the organization safeguards the right to privacy of individuals whose information it holds, and that the organization uses personal data strictly for legitimate business purposes.
Policies, systems, and controls encompass and give effect to relevant standards and regulations, which may differ from country to country. The organization must consider the jurisdictions in which the data is acquired, processed, stored, and in some cases through which it is transmitted to identify what regulations are relevant.
The Personal Data Protection (PDP) capability covers:
- Processing personal data throughout its life-cycle.
- Maintaining the quality and integrity of personal data.
- Identifying and communicating data protection regulations and standards.
- Raising awareness and establishing a privacy culture.
- Managing data protection relationships and agreements with third parties.
- Communicating information (on database registrations, data breaches, audit data and so on) with statutory data protection officers.
- Managing data privacy risks and conducting privacy impact analysis assessments.
- Managing data subject rights.
- Identifying and applying applicable data protection standards and regulations.
- Verifying the effectiveness of data protection policies.
- PPMProgramme and Project Management
The Programme and Project Management (PPM) capability is the ability to initiate, plan, execute, monitor, control, and close programmes and projects in line with the business objectives, and to manage associated risks, changes, and issues. The Programme and Project Management (PPM) capability covers:
- Establishing governance structures, such as programme/project reporting lines, stage gate reviews, and the roles, responsibilities, and accountabilities required to support programme and project management.
- Establishing and adopting approaches to initiate, plan, execute, monitor, control, and close individual programmes and projects.
- Identifying and using appropriate programme/project management methodologies, tools, and techniques.
- Defining and developing the necessary programme/project management competences of individuals.
- Managing programme/project risks, changes, and other issues.
- Implementing lessons learned from programme and project execution.
- REMRelationship Management
The Relationship Management (REM) capability is the ability to analyse, plan, maintain, and enhance relationships between the IT function and the rest of the business.
- RDEResearch, Development and Engineering
The Research, Development and Engineering (RDE) capability is the ability to investigate, acquire, develop, and evaluate technologies, solutions, and usage models that are new to the organization and might offer value. The Research, Development and Engineering (RDE) capability covers:
- Ensuring that research into new technologies is managed appropriately, so that risk to the organization is minimized, while opportunities are maximized.
- Linking research into new technology to potential usage models that can benefit business units.
- Coordinating a research pipeline of promising new technology projects, through a series of phased investment decisions, as understanding of feasibility and relevance is enhanced.
- Managing the research portfolio to better align with business goals.
- Instilling an organizational culture that promotes research and innovation.
- Measuring the value contributed by technology research activities.
- SRPService Provisioning
The Service Provisioning (SRP) capability is the ability to manage the life cycle of IT services to satisfy business requirements. This includes ongoing activities relating to operation, maintenance, and continual service improvement, and also transitional activities relating to the design and introduction of services, their deployment, and their eventual decommissioning. The Service Provisioning (SRP) capability includes:
- Defining and describing the services provided by the IT function.
- Managing the IT services catalogue.
- Managing IT service configuration.
- Managing IT service availability.
- Managing the IT service desk.
- Managing requests, incidents, and problems.
- Managing access to IT services.
- Addressing requests for new IT services and decommissioning unwanted IT services.
- Managing IT service levels and service level agreements (SLAs).
- SDSolutions Delivery
The Solutions Delivery (SD) capability is the ability to design, develop, validate, and deploy IT solutions that effectively address the organization's business requirements and opportunities. The Solutions Delivery (SD) capability covers:
- Managing requirements (functional and non-functional) and their traceability throughout the IT solution's delivery life cycle.
- Developing IT solutions based on the output from requirements analysis and the solution's architecture.
- Selecting appropriate methods and IT solutions delivery life cycle models (for example, waterfall, incremental, agile).
- Reviewing and testing IT solutions throughout the development process.
- Managing changes and releases that occur during the IT solution's delivery life cycle.
- SUMSupplier Management
The Supplier Management (SUM) capability is the ability of the IT function to manage interactions with its suppliers in line with the sourcing strategy. The Supplier Management (SUM) capability covers:
- Developing relationships with suppliers to improve levels of performance, quality, and innovation.
- Managing risks associated with the organization's use of outside suppliers.
- Validating that suppliers' performance is in accordance with contract terms.
- Facilitating lines of communication with suppliers.
- Managing procurement activities with suppliers.
- Building two-way performance evaluation between the IT function and its suppliers.
- TIMTechnical Infrastructure Management
The Technical Infrastructure Management (TIM) capability is the ability to manage an organization's IT infrastructure across the complete life cycle of:
- Transitional activities including building, deploying, and decommissioning infrastructure.
- Operational activities including operation, maintenance, and continual improvement of infrastructure.
- IT infrastructure is comprised of:
- Physical devices — for example, servers, storage, and mobile devices.
- Virtual devices/resources — for example, virtual storage and virtual networks.
- Infrastructure-related software — for example, middleware, operating systems, and firmware.
- Communications components — for example, LAN/WAN, Wi-Fi, MPLS, and voice infrastructure.
- Platform services — for example, content management and web services.
- IT infrastructure governance — for example, asset management and configuration management.
- UEDUser Experience Design
The User Experience Design (UED) capability is the ability to proactively consider the needs of users at all stages in the life cycle of IT services and solutions.
- UTMUser Training Management
The User Training Management (UTM) capability is the ability to provide training that will improve user proficiency in the use of business applications and other IT-supported services.