Managing the IT Capability
The IT function was traditionally seen as the provider of one-off IT services and solutions. In order to fulfil its role as the instigator of innovation and continual business improvement however, the IT function has to proactively deliver — and be seen to deliver — a stream of new and improved IT services and solutions. This macro-capability provides a systematic approach to adopting that role, by effectively and efficiently maintaining existing services and solutions, and developing new ones.
Critical Capabilities
- CAMCapability Assessment Management
The Capability Assessment Management (CAM) capability is the ability of the organization to conduct current state evaluations and plan improvements for its portfolio of IT capabilities. Current state evaluations involve gathering and documenting data about the specific IT capabilities in the organization. The results then inform the planning and execution of improvement actions to deal with any deficiencies. The Capability Assessment Management (CAM) capability covers:
- Selecting an overarching capability framework and mapping other frameworks used in the organization to it.
- Managing continuous improvement of the organization’s IT capabilities.
- Securing appropriate senior management sponsorship for IT capability improvement.
- Promoting organizational buy-in and incentivizing participation in capability improvement evaluation and planning.
- Planning, preparing, and conducting capability evaluations.
- Setting IT capability targets and defining development roadmaps for key IT capabilities.
- EAMEnterprise Architecture Management
The Enterprise Architecture Management (EAM) capability is the ability to plan, design, manage, and control the conceptualization of systems, processes, and/or organizations, and the relationships between them. The conceptualization may be layered to represent specific types of relationships – for example, those between applications, business services, internal IT services, security, networking, data storage, and so on. The Enterprise Architecture Management (EAM) capability covers:
- Establishing principles to guide the design and evolution of systems, processes, and/or organizations.
- Providing a framework, including models or templates, that articulates the business, the technical architecture, and the relationships between them.
- Providing the architecture vision, roadmap, and governance, together with the approaches required for managing their life cycle.
- Managing the architectural skills and architecture resourcing.
- Communicating the impact of enterprise architecture activities.
- ISMInformation Security Management
The Information Security Management (ISM) capability is the ability to manage approaches, policies, and controls that safeguard the integrity, confidentiality, accountability, usability, and availability of information.
- KMKnowledge Management
The Knowledge Management (KM) capability is the ability to identify, capture, classify, analyse, share, and exploit knowledge to improve organizational performance.
- PAMPeople Asset Management
The People Asset Management (PAM) capability is the ability to meet the organization's requirements for an effective IT workforce.
- PDPPersonal Data Protection
Personal data differs from other business data in that its ownership lies with the person to whom it refers and not the custodian company. This confers rights on the data subject, including the right to the privacy of the data. The custodian can vindicate the data subjects' right to privacy partly by protecting data from unauthorised access through access controls and other protection approaches, such as firewalls and physical isolation. Such measures (discussed in chapter 22, Information Security Management (ISM)), are designed to safeguard all data and information, while ‘data protection’ as discussed in this chapter refers primarily to the additional measures needed to protect personal or sensitive personal data, and to satisfy the legal obligations imposed on the custodian.
The Personal Data Protection (PDP) capability is the ability to develop, deploy, and implement policies, systems, and controls for processing personal and sensitive personal data relating to living persons in all digital, automated, and manual forms. It ensures that the organization safeguards the right to privacy of individuals whose information it holds, and that the organization uses personal data strictly for legitimate business purposes.
Policies, systems, and controls encompass and give effect to relevant standards and regulations, which may differ from country to country. The organization must consider the jurisdictions in which the data is acquired, processed, stored, and in some cases through which it is transmitted to identify what regulations are relevant.
The Personal Data Protection (PDP) capability covers:
- Processing personal data throughout its life-cycle.
- Maintaining the quality and integrity of personal data.
- Identifying and communicating data protection regulations and standards.
- Raising awareness and establishing a privacy culture.
- Managing data protection relationships and agreements with third parties.
- Communicating information (on database registrations, data breaches, audit data and so on) with statutory data protection officers.
- Managing data privacy risks and conducting privacy impact analysis assessments.
- Managing data subject rights.
- Identifying and applying applicable data protection standards and regulations.
- Verifying the effectiveness of data protection policies.
- PGMProgramme Management
The Programme Management (PGM) capability is the ability to assemble and assign resources to identify, select, approve, oversee, and deliver value from programme co-ordinated components (i.e. subprogrammes and projects). Managing the programme will prioritize, monitor, track, analyse, and report on programmes and programme components. It will also leverage component synergies.
- PMProject Management
The Project Management (PM) capability is the ability to assign resources to initiate, plan, execute, monitor, control, and close projects that deliver project objectives within agreed variances of cost, timeliness, quality, and scope of works. Projects are temporary (PMI, 2017b) and may deliver temporary or semi-permanent infrastructure, new capabilities, unique or new products or services, learning and awareness that a business can leverage.
- REMRelationship Management
The Relationship Management (REM) capability is the ability to analyse, plan, maintain, and enhance relationships between the IT function and the rest of the business.
- RDEResearch, Development and Engineering
The Research, Development and Engineering (RDE) capability is the ability to investigate, acquire, develop, and evaluate technologies, solutions, and usage models that are new to the organization and might offer value. The Research, Development and Engineering (RDE) capability covers:
- Ensuring that research into new technologies is managed appropriately, so that risk to the organization is minimized, while opportunities are maximized.
- Linking research into new technology to potential usage models that can benefit business units.
- Coordinating a research pipeline of promising new technology projects, through a series of phased investment decisions, as understanding of feasibility and relevance is enhanced.
- Managing the research portfolio to better align with business goals.
- Instilling an organizational culture that promotes research and innovation.
- Measuring the value contributed by technology research activities.
- SRPService Provisioning
The Service Provisioning (SRP) capability is the ability to manage the life cycle of IT services to satisfy business requirements. This includes ongoing activities relating to operation, maintenance, and continual service improvement, and also transitional activities relating to the design and introduction of services, their deployment, and their eventual decommissioning. The Service Provisioning (SRP) capability includes:
- Defining and describing the services provided by the IT function.
- Managing the IT services catalogue.
- Managing IT service configuration.
- Managing IT service availability.
- Managing the IT service desk.
- Managing requests, incidents, and problems.
- Managing access to IT services.
- Addressing requests for new IT services and decommissioning unwanted IT services.
- Managing IT service levels and service level agreements (SLAs).
- SDSolution Delivery
The Solutions Delivery (SD) capability is the ability to design, develop, validate, and deploy IT solutions that effectively address the organization's business requirements and opportunities.
- TIMTechnical Infrastructure Management
The Technical Infrastructure Management (TIM) capability is the ability to manage an organization's IT infrastructure across its complete life cycle of:
- Transitional activities including building, deploying, and decommissioning.
- Operational activities including day-to-day operations, maintenance, and continuous improvement.
- UEDUser Experience Design
The User Experience Design (UED) capability is the ability to proactively consider the needs of users at all stages in the life cycle of IT services and solutions.
- UTMUser Training Management
The User Training Management (UTM) capability is the ability to provide training that will improve user proficiency in the use of business applications and other IT-supported services.