Your Next ITSM Tool Should be Neither

TL,DR; decouple IT operations from customer service and development. Then realize the incredible savings and benefits thereof.

The term “ITSM” has always bugged me, and I think I know why.

The primary customer of ITSM is IT; everything else is lumped into “customer service” and “customer experience”.

ITSM_WikiEven Wikipedia says there are too many “fluff words” and that ITSM has an unclear definition.

But in IT, we know better. We understand what we’re talking about when we say Service Management. It’s a standard way of operating so we don’t fail.

So why would any business person buy Service Management?

To keep the lights on.

“But that’s what we hired you for! We don’t care what you call it. We don’t want to buy it, we want you to DO IT!”

Then I’ll need $1.5m every three years to replace my tools, redesign processes and…

Wait, $1.5m? Don’t you remember when last year we were managing changes via email? Don’t you remember the spreadsheets of Assets? Why $1.5m?

Technology has become complex and our colleagues want to reduce risk. Some also want to understand the value and depreciation of assets. ITSM is just IT Operations Management + Customer Service.

DING DING DING DING DING DING – we have a winner! Here’s your $1.5 million. But why every three years?

Think of ITSM tools like a car lease. Three years comes along, and it’s time for a fresh smelling one, the latest one with all the bells and whistles.

Do the bells and whistles keep the lights on?

No.

Then why keep upgrading and rebuilding your operations empire?

The tools and practices that surround Service Management change, and they change often.  Have you considered who benefits from that change?

Consider separating your systems of operation from your systems of service. It gives you the freedom to change platforms without impacting your customers.

The impact of this is far greater than you realize. We believe in building systems of engagement separate from systems of record. To understand the nature of this problem:

 

systems-of-recordDoes this image describe your problem? If so, you’ll be interested in understanding our approach to enterprise software. Read more here, or just call us directly: 1-651-556-1030

8 Things We DON’T Hate About IT

It’s easy to bash the IT department; to deride it as the land of no and slow, a roadblock rather than a resource, a group it’s easier to work around than to work with when addressing urgent and rapidly changing business needs.

But given the current and on-the-horizon risks of digital disruption of business models (example: one-hour photo shops were a rapidly growing business in 1988, but their numbers have plunged from more than 3,000 shops across the U.S. in 1998 to less than 200 today) from developments like 3D printing, cloud computing, and the Internet of Things (IoT), technology is playing a bigger role than ever in businesses of all kinds.

8 reasons NOT to hate ITThat makes IT’s role more vital than ever. Practices, processes, and in some cases even attitudes need to change, to be sure, but now is the time to engage IT, not hate it. Forward-thinking companies like Nordstrom and Starbucks—while not “technology companies”—are embracing IT internally and externally to improve both operational efficiency and the user experience for customers and employees alike.

Yet inside many corporations, IT is viewed as an impediment rather than an enabler in embracing digital change. In her article 8 Things We Hate About IT, Susan Cramm acknowledges that “nobody hates the people in IT—it’s the system that’s broken. Continue reading “8 Things We DON’T Hate About IT”

Five Ways to Use Process Automation to Prevent Corporate Data Breaches

The increasing sophistication of data thieves, proliferating number of potential breach points, and growing value of stolen data combined to drive the number and cost of data breaches to new highs last year. And the risks to enterprises continue to expand.

How automation can prevent data breachesBut despite the growing threats, many enterprises remain woefully unprepared—even after investing in IT security solutions. According to recent research from Lieberman Software reported in Infosecurity magazine, “69 percent of (IT professionals) do not feel they are using their IT security products to their full potential. As a result, a staggering 71 percent…believe this is putting their company, and possibly customers, at risk.”

Continue reading “Five Ways to Use Process Automation to Prevent Corporate Data Breaches”

How to Improve Enterprise Data Security AND Increase Efficiency

From serious breaches of customer data at Target, Home Depot and other major retailers to leaked private celebrity photos, data security issues seem to be everywhere in the news.

The circumstances and causes behind each intrusion vary. But the costs to business are substantial and nearly always include lost sales, legal expenses, and reduced customer confidence.

Improve data security and process efficiency with ERMAs the malicious exploits become more sophisticated, enterprises must constantly reassess their tools, policies and processes to keep sensitive information secure. In some instances, security improvements require significant new investments. But often, access—both digital and physical—can be made more secure while efficiency is simultaneously improved.

Frequently, organizations optimize security based on best practices within each functional area. This may (or may not) be effective, but from the perspective of the enterprise, it’s clearly not efficient.

A new white paper explains how enterprise request management (ERM) provides a a better approach to securing access, both to facilities and systems. An ERM strategy combines a single, centralized web portal for requesting any type of enterprise service with a workflow automation engine that orchestrates approvals, scheduling and fulfillment by communicating with and between in-place enterprise and department management and control systems.

In the ERM approach, all of information needed to arrange for specific security clearances for a new employee, contractor, or project team, is entered (and validated) only once. All back-end tasks (e.g., conducting background checks, setting up a corporate email account, printing a security badge) are automated per pre-defined rules and workflows.

The result is more accurate information, reduction or elimination of manual tasks, and reduced risk of any aspect of the secure access process being missed. Security and efficiency are both enhanced.

Download the new white paper, Safe and Sound: How Enterprise Request Management Improves Process Efficiency While Reducing Security Risks, to get the complete story.

Generating Returns from IT Governance, Risk Management and Compliance (GRC)

IT Governance, Risk Management and Compliance Enables Competitive Differentiation, Cost Reduction and Growth.

By Nancy Nafziger

No one can deny that IT departments are under constant change. This is a huge challenge considering that IT departments are consistently under pressure to deliver greater number of services faster, with more approvals, more complex processes, budget cuts, and to top it off, greater regulatory requirements.

How does IT keep up with the demands of increased operational efficiency and governance, risk management and compliance mandates at the same time?

Wikepedia defines, Governance, Risk Management, and Compliance or GRCas the umbrella term covering an organization’s approach across these three areas. Being closely related concerns, governance, risk management and compliance activities are increasingly being integrated and aligned to some extent in order to avoid conflicts, wasteful overlaps and gaps.

Wikepedia’s Diagram: GRC Frame of Reference

IT governance, IT risk management and IT compliance are three well-defined disciplines that, in the past, existed in silos within large organizations.

Michael Rasmussen at Corporate Integrity, LLC defines GRC as follows:

  • Governance is the culture, policies, processes, laws, and institutions that define the structure by which companies are directed and managed.
  • Risk Management is the coordinated activities to direct and control an organization to realize opportunities while managing negative events.
  • Compliance is the act of adhering to, and demonstrating adherence to, external laws and regulations as well as corporate policies and procedures.

Rasmussen continues, “GRC is an approach to business. It is about individual GRC roles across the organization working in harmony to provide a complete view of governance, risk, and compliance. It is about collaboration and sharing of information, assessments, metrics, risks, investigations, policies, training, and losses across these business roles and processes.”

A successful integrated GRC strategy uses a single set of control material, mapped to all of the primary governance factors being monitored.

What are the three most common individual GRC roles?

  • Financial GRC. Relates to the activities that ensure the correct operation of all financial processes, as well as compliance with any finance-related mandates.
  • IT GRC. Relates to the activities that ensure the IT (Information Technology) department supports the current and future needs of the business, and complies with all IT-related mandates.
  • Legal GRC. Relates to tying all three roles together via a legal department and Chief Compliance Officer.

What exactly is IT GRC?

  • Using IT to manage the various Governance, Risk Management and Compliance Management processes of an organization.
  • Ensuring proper governance, risk management and compliance management of all IT systems and processes that support the business operations.

Implementing a unified IT GRC approach, and managing the associated processes coherently will create operational efficiencies, provide visibility into IT processes and ensure accountability. IT plays a significant role in integrating GRC process.

Okay, so how does IT keep up with the demands of increased operational efficiency, governance, risk and compliance mandates and reduce costs—all at the same time?

Daniel Magid outlines the Top Six Cost-Cutting Strategies for IT Compliance:

  1. Encapsulate compliance processes into an automated system
  2. Create structured, controlled software development processes
  3. Apply Best Practice Methodologies
  4. Collaborate, Collaborate, Collaborate
  5. Develop Specific Compliance Reports/Templates
  6. Bring on New Technology

In my opinion, encapsulating compliance processes into an automated system and bringing on new technology are most important.

Magid continues, a strong software compliance solution should: 

  •  Establish repeatable, automated compliance and change processes.
  • Link change lifecycle workflow to Best Practice Methodologies .
  •  Include Compliance-related report templates supporting standards.
  • Create centralized management and visibility of IT assets, and progress reporting for auditing and performance improvement.
  • Provide a collaborative communication infrastructure that ensures IT services and software initiatives support overall business goals.
  • Reduce IT costs by ensuring project teams build the application correctly the first time around.
  • Enable communication between stakeholders of all changes in projects, and ensure appropriate notification, reviews and approvals.
  • Provide a secure, visible repository of all application artifacts.

If you are looking for a way to manage your IT GRC processes now is the time to implement a request management system and an advance workflow engine such as Kinetic Request and Kinetic Task. With this powerful system you can automate your IT GRC processes such as: 

  • Audit and Risk Processes. Includes the processes necessary for establishing internal audit and risk teams, conducting internal audits, and audit reporting.
  • Configuration Processes. Includes all the processes required for hardware and software configuration.
  • Human Resources Processes. Today’s IT organization mandates a detailed description of the IT organizational structure and additional hiring practices such as security requirements. This HR process starts with the hiring process and moves through training, job descriptions, job performance, and the end of a staff”s job cycle (job transfer to another department, promotion, or leaving the organization).
  • Operational Processes. Includes everything from roles and responsibilities though help desk processes, managing IT configurations, capacity management, allocating costs, accountability, and all other processes that keep an IT organization on track.
  • Acquisition Processes. Includes the processes necessary for planning and the documentation crucial for acquiring new software and hardware.

Kinetic Request and Kinetic Task enable you to reduce costs, streamline your IT GRC processes, improve IT efficiency and gain full control of complex GRC approvals and tasks.