Showing posts with label CIO Support Services Framework. Show all posts
Showing posts with label CIO Support Services Framework. Show all posts

October 6, 2017

People, Process, and Technology Lifecycles

The table describes the alignment of the various people, process, and technology lifecycles commonly used in Information Technology to the CIO Support Services Framework (CSSF).

The CIO Support Services Framework describes the six key functional roles of the Office of Chief Information Officer (OCIO)--it includes:

1) Enterprise Architecture (Architect)
2) Capital Planning and Investment Control (Invest)
3) Project Management Office (Execute)
4) CyberSecurity (Secure)
5) Business Performance Management (Measure)
6) IT Service (and Customer Relationship) Management (Service)

All these OCIO Functions align to the lifecycles for process improvement (Process), project management (People), and systems development (Technology).

- The Deming Life Cycle describes the steps of total quality management and continuous process improvement (Kaizen) in the organization.

- The Project Management Life Cycle describes the phases of managing (IT) projects.

- The Systems Development Life Cycle describes the stages for developing, operating and maintaining application systems.

Note: I aligned cybersecurity primarily with doing processes, executing projects, and designing/developing/implementing systems.  However, cybersecurity really runs through all phases of the lifecycles!

My hope is that this alignment of people, process, and technology life cycles with the roles/functions of the OCIO will help bridge the disciplines and make it easier for people to understand the underlying commonalities between them and how to leverage the phases of each with the others, so that we get more success for our organizations! ;-)

(Source Graphic: Andy Blumenthal)
Share/Save/Bookmark

June 19, 2011

Crashing The Internet--Are We Prepared?


Almost week after week, I read and hear about the dangers of cyber attacks and whether "the big one" is coming.

The big one is what some experts have called a pending "digital Pearl Harbor."

Just last week, the Federal Times (13 June 2011) wrote that the "U.S. government computer networks are attacked about 1.8 billion times per month."


The Center for New American Security (CNAS) states that deterring and preventing cyber attacks will require "stronger and more proactive leadership."

Charles Dodd, a cyber security consultant in D.C. warns that "You've bought a stick to a gunfight, and you're arrogant about your capabilities."
So the question is--are we really paying attention to and being realistic about the probability and magnitude of the impact of the cyber threat out there?

Certainly, with so much critical infrastructure--from government, military, and private industry--dependent on the Internet, the effects of a concerted or prolonged cyber attack on our country would be devastating as documented most recently in The Lipman Report (October 2010) on "Threats to the Information Highway: Cyber Warfare, Cyber Terrorism, and Cyber Crime" as follows:

--"There is a great concern regarding the types of destructive attacks that are already occurring, but an even greater concern for the unknown that is yet to happen but is almost certainly even now in development. Cyberspace touches nearly every part of our daily lives."

It is in this regard that I read with serious concern today in ID Magazine (August 2011) that the University of Minnesota has "demonstrated in a simulation how an attack with a large botnet (a network of remotely-controlled PCs) could shut down the Internet."

And it took only 20 minutes to trigger the chain reaction in which "manipulated routers overloaded all other Internet routers worldwide...mak[ing] it impossible for Internet address to be found."
Granted it would take around 250,000 computers to carry out such an attack, but with the billions of people online with computer devices of all sorts...that does not seem like an inordinate amount to press forward with for a coordinated attack.

So the Internet in theory can be crashed!

Just think for a moment about how that would impact you and what you do every day...would anything be the same? Could we even function normally anymore?

As we move more and more of our applications, data, and infrastructure online to the cloud, we need to consider what additional risks does this bring to the individual, the organization, and the nation and how we can respond and recover should something happen to the Internet.

In the Federal government there are many agencies, commands, task forces, and groups working to secure the Internet, and at the same time, there are separate efforts to modernize and reform IT and reduce unnecessary expenditures, so what we need to do is better integrate the drive to the cloud with the urgency of securing our data, so that these efforts are strong and unified.
This is one of the things that I was trying to achieve when I created the CIO Support Services Framework in synthesizing the functions of IT Security with the other strategic CIO functions for Enterprise Architecture, IT Investment Management, Project Management, Customer Relationship Management, and Performance Management.

If the Internet can indeed be crashed, we had all better be prepared and make the right IT investment decisions now, so that we won't be sorry later.
(All opinions are my own)

(Source Photo: Heritage and History.com)

Share/Save/Bookmark

May 25, 2010

CIOs, Earning The Right To Peer Parity

There are a lot of jokes about being a CIO—it is one of the toughest professional level jobs and has a high turnover rate (average is barely 24 months according to Public CIO Magazine 2009)—hence the moniker “Career Is Over.”

Depending on the organization, CIO’s may be up against a host of daunting challenges—the fast pace of technological change, an organizational culture that can’t or doesn’t want to keep up, resource constraints, inflated expectations, vague requirements, and shifting priorities.

On top of these, the CIO is typically last in the executive pecking order, and so carries less authority than his/her peers. This is the subject of an article in the Wall Street Journal, 24 May 2010, called “Why CIOs Are Last Among Equals.”

According to the article, “most CIOs don’t have the broad business understanding, strategic vision and interpersonal skills that it takes to runs a company.”

The authors call out the following common CIO deficiencies:

  1. Leadership—“Too many CIOs and IT managers fail to take the lead in determining how technology can help the company,” instead relying on those outside the IT department.
  2. Strategic Thinking—“IT managers are seriously deficient in their knowledge of strategy,” most can’t articulate their organizations or IT’s strategy, “and (they) don’t appreciate the importance of strategy in guiding both long-term and short-term actions.”
  3. Communication Skills—“IT people don’t communicate effectively due to the absence of good questioning, listening, and sales skills.”
  4. Influence Skills—“Most CIOs are not good at marketing themselves and their IT organizations…[they] need to be out in front of every major technology, educating their senior corporate team on what it does and what it means for the company.”
  5. Relationship Skills—“IT managers know what characterizes strong relationships, but lack the skills to build such relationships at work.”

While, of course, these deficiencies do not apply to all CIOs—i.e. they are generalities—they are indicative of where as a profession IT and leadership need to focus on and look for ongoing improvement.

Clearly, IT leaders must be not only experts in the technology and operations, but must become true strategic leaders of the organization, able to formulate a way-ahead, articulate it, build consensus around it, and drive it to a successful execution. Keeping the proverbial IT “lights on” is no longer a viable CIO option.

What got us into this situation?

In my opinion, the notion of promoting for technical skills alone is mistaken. Rather, we need a holistic approach that emphasizes what I call “The Total CIO,” which is broad-based and includes the people, process, AND technology skills to truly see the big picture, and know how to drive real change.

While technology operations is critical for keeping our organizations running, they must be supported by strategic IT functions, such as those that I have called for in “The CIO Support Services Framework” including: enterprise architecture, IT governance, project management, customer relationship management, IT security, and performance management.

I believe that the leadership skills of “The Total CIO” and the strategic support functions of “The CIO Support Services Framework” will drive us to successfully progress our organizations, “earn our daily keep,” and achieve the right to peer parity based on executive skills and competencies that are expected and necessary.


Share/Save/Bookmark

March 12, 2010

The Many Faces of the CIO


The Chief Information Officer is a complex and challenging role even for those highly experienced, well educated, and innately talented. In fact, Public CIO Magazine in 2009 stated that the average tenure for a CIO is barely 24 months. What is it that is so challenging about being a CIO?

Well of course, there is the technology itself, which some may consider challenging in terms of keeping pace with the quick and ever changing products and services and roles that the IT plays in our society.

But one of the reasons not so frequently addressed is that the CIO role itself is so multi-faceted and requires talents that span a broad range of skills sets that not a lot of people have mastered.

In the CIO Support Services Framework (CSSF), I talked about this in terms of the varied strategic functions and skills that the CIO needs in order to plan and execute effectively (instead of just being consumed in the day-to-day firefighting)—from enterprise architecture to IT governance, from program and project management to customer relationship management, and from IT security to performance management—the CIO must pull these together seamlessly to provide IT capabilities to the end-user.

I came across this concept of the multifaceted CIO this week, in a white paper by The Center for CIO Leadership called “Beyond the Crossroads: How Business-Savvy CIOs Enable Top-Performing Enterprises and How Top-Performing Enterprise Leverage Business-Savvy CIOs.” The paper identifies multiple CIO core competencies, including a generic “leadership” category (which seems to cross-over the other competencies), “business strategy and process” reengineering, technology “innovation and growth”, and organization and talent management.

Additionally, the white paper, identifies some interesting research from a 2009 IBM global survey entitled “The New Voice of the CIO” that points to both the numerous dimensions required of the CIO as well as the dichotomy of the CIO role. The research describes both “the strategic initiatives and supporting tactical roles that CIOs need to focus upon,” as follows:

Insightful Visionary Able Pragmatist
Savvy Value Creator Relentless Cost Cutter
Collaborative Business Leader Inspiring IT Manager

Clearly, the CIO has to have many functions that he/she must perform well and furthermore, these roles are at times seemingly polar-opposites—some examples are as follows:
  • Developing the strategy, but also executing on it.
  • Growing the business through ongoing investments in new technologies, but also for decommissioning old technologies, streamlining and cutting costs.
  • Driving innovation, modernization, and transformation, but also ensuring a sound, stable, and reliable technology infrastructure.
  • Maintaining a security and privacy, but also for creating an open environment for information sharing, collaboration, and transparency.
  • Understanding the various lines of business, but also running a well honed IT shop.
  • Managing internal, employee resources, but also typically managing external, contracted resources.
  • Focusing internally on the mission and business, but also for reaching outside the organization for best practices and partnerships.
However, what can seem like contradictions in the CIO role are not really incongruous, but rather they are mutually supportive functions. We develop the strategy so we can faithfully execute. We invest in new technology so we can decommission the legacy systems. We invest in new future capabilities, while maintaining a stable present day capacity, and so on. The role of the CIO is truly multifaceted, but also synergistic and a potent platform for making significant contributions to the organization.

While certainly, the CIO does not accomplish all these things by him/herself, the CIO does have to be able to lead the many facets of the job that is required. The CIO must be able to talk everything from applications development to service oriented architecture, from data center modernization to cloud computing, from server and storage virtualization to mobility solutions, from green computing to security and privacy, and so much more.

The CIO is not a job for everybody, but it is a job for some people—who can master the many facets and even the seeming contractions of the job—and who can do it with a joy and passion for business and IT that is contagious to others and to the organization.

Share/Save/Bookmark

November 22, 2009

Personal Technology Trumps Work IT

The pendulum has definitely swung—our personal and home technology is now often better than what we are using in the office.

It wasn’t always that way. Early on, technology was mysterious to those not professionally engaged as system engineers or IT professionals. Technology was expensive and made sense for business purposes, but not for home use. IT was a professional enabler to get the job done, but consumer applications were scarce and not intuitive for anything but the office.

The world has turned upside down. Now as consumers, we are using the latest and greatest computers, smart phones, gaming devices, and software applications, including everything social media and e-Commerce, while in the office, we are running old operating systems, have nerdy phones, locked down computers, applications that aren’t web-enabled, and social media that is often blocked.

The Wall Street Journal (16 November 2009) summed up the situation this way:

“At the office, you’ve got a sluggish computer running aging software, and the email system routinely badgers you to delete message after you blow through the storage limits set by your IT department. Searching your company’s internal website feels like being transported back to the pre-Google era of irrelevant results…This is the double life many people lead: yesterday’s technology for work, today’s technology for everything else…The past decade has brought awesome innovations to the marketplace--Internet search, the iPhone, Twitter, and so on, but consumers, not companies, embrace them first and with the most gusto.”

What gives and why are we somehow loosing our technical edge in the workplace?

Rapid Pace of Change—We have been on technological tear for the last 20 years now; virtually nothing is the same—from the Internet to cloud computing, from cell phones and pagers to smart phones and iPhones, from email to social media, and so much more. From a consumer perspective, we are enamored with the latest gadgets and capabilities to make our life easier and more enjoyable though technology. But at work, executives are tiring from the pace of technological change and the large IT budgets that are needed to keep up with the Jones. This is especially the case, as financial markets have seized in the last few years, credit has tightened, revenue and profitability has been under extreme pressure, and many companies have laid off employees and others have even gone kaput.

Magnificent Technology Failures—Along with the rapid pace of change, has come huge IT project failure rates. The Standish group reported this year that 82% of IT projects are failing or seriously challenged. Why in the world would corporate executives want to invest more money, when their past and present IT investments have been flushed down the toilet? Executives have lost faith in IT’s ability to upgrade their legacy systems and fulfill the promises behind the slew of IT investments already made. Related to this is the question of true cost-benefit and total cost of ownership of all the new technologies and their associated investments—if we haven’t been able to achieve or show the return on investment on all the prior investments, why should we continue investing and investing? Is the payoff really there? Perhaps, we are better off putting the dollars into meeting core mission requirements and not overhead, like IT?

Security Risks Abound—With all the technology has come a whole new organizational risk set in terms of IT security. Organizations are hostage to cyber criminals, terrorists, and hostile nation states who can with a few keyboard strokes or mouse clicks disable the company transaction capability, wipe out its memory, steal its information, or otherwise neutralize it from functioning. And the more technology we add, the more the risk level seems to increase. For example, the thinking goes that we were safer when we ran everything in a locked down, tightly controlled, mainframe environment. The more we push the envelope on this and have moved to client server, the web, and now to even more transparency, information sharing, and collaboration—through social media, cloud computing, and World 2.0—the thinking is that we are potentially more open to local and global threats than ever before. Further, with the nation under virtually constant cyberattack and our capabilities to slow or stop these attacks seemingly not existent at this time, executives are reluctant to open up the technology vulnerability spigot any further.

While there are many other reasons slowing or impeding our technology adoption at work, we cannot stop our march of IT advancement and progress.

We are in a global competitive marketplace and the world waits for no one. The problems resulting from the speed and cost of change, the high IT project failure-rate, and the cybersecurity danger/challenges cannot be allowed to inhibit us from progress. We must address these issues head on: We have got to achieve efficiencies from technological advancement and plow the cost-savings into next generation technologies. We have got to drastically improve our IT project success rate though mature implementations of enterprise architecture, IT governance, project management, customer relationship management, and performance measurement (Reference: The CIO Support Services Framework). And we must invest heavily in IT security—with money, people, policy, training, new technology safeguards, and more.

Innovation, technological prowess, and information superiority is what gives us our edge—it is tip of our spear. So yes, we must carefully plan/architect, wisely invest, execute well, and secure our IT. But no, we cannot dismiss the evolving technologies outright nor jump in without proper controls. We must move rationally, but determined into the future.


Share/Save/Bookmark

August 7, 2009

How to Strengthen the Office of the CIO - Part II

Punlished at Government Technology

[Editor's Note: This article is the second in a series that explores the CIO Support Services Framework in government.]

In Part 1 of The CIO Support Services Framework, I presented the six major components needed to support the public CIO in managing IT strategically and proactively. In this article, I will explain what IT best practices framework inform these six components and propose a structure for implementing it.

The six CIO Support Services Framework (CSSF) functions are distinct areas that require subject-matter expertise and need to be managed based on the various IT best practice frameworks. While I am not endorsing any particular best practice government or industry framework, below is a sampling according to CSSF functional area:

Enterprise Architecture (EA) -- Federal Enterprise Architecture (FEA), Department of Defense Architecture Framework (DoDAF), and The Open Group Architecture Framework (TOGAF).

Capital Planning and Investment Control (CPIC) -- Office of Management and Budget (OMB) Circular A-130--"Management of Federal Information Resources" and the Control Objectives for Information and related Technologies (COBIT) by the Information Systems Audit and Control Association (ISACA) and the IT Governance Institute (ITGI).

Project Management Office (PMO) -- the Project Management Book of Knowledge (PMBOK) by the Project Management Institute is the de facto standard project management best practices from initiation through project closeout.

Customer Relationship Management (CRM) -- the IT Infrastructure Library (ITIL) by the United Kingdom's Office of Government Commerce (OGC) and International Standards Organization (ISO) 20000--"IT Service Management." While both are very much operational frameworks, they can also be used to guide service and support at a strategic level in the OCIO.

IT Security (ITS) -- the Federal Information Security Management Act (FISMA), various Federal Information Processing Standards (FIPS) from the National Institute of Science and Technology (NIST), and International Organization for Standardization ISO/IEC 17799 -- Information Technology Code of Practice for Information Security Management.

Business Performance Measurement (BPM) -- the Balanced Scorecard (BSC) by Kaplan and Norton from Harvard Business School -- examines financial, customer, internal business process, and learning and growth measures for the organization.

Although each of the six main functional areas and their supporting best practice frameworks are unique, they can and will overlap, and it is imperative that the OCIO develop a simple and streamlined process for managing these, so that IT and business personnel are not confused or burdened by redundant or circuitous IT processes that hinder, rather than spur innovation and agility. For example, while EA planning guides CPIC IT investment decisions, those decisions inform the next round of EA planning -- it is inherently cyclical. Nevertheless, we must ensure that the overall process flow between all six areas is as clear and simple as possible.

I like to use the example of a Monopoly game board as an analogy for how IT processes should ideally progress from "Go" all the way through -- logically, and more or less sequentially -- without project mishap, ending up on the OMB Watch List for risky IT projects, the equivalent of landing in Monopoly "jail."

The CSSF provides the functional resources to fully support the OCIO and provide the capability to move from simply fighting day-to-day operational problems to strategically managing IT service provision, improving performance and increasing program and project success, through:

Planning (EA)

Investing (CPIC)

Executing (PMO)

Servicing (CRM)

Securing (ITS)

Measuring (BPM)

Each of these OCIO component functions is helpful in managing IT by providing the CIO the capability to better plan, invest, execute, service, secure and measure -- but these are not stand-alone functions -- they are all necessary and complementary.

An organization can have the best EA plan, but without the structured investment processes of CPIC, the plan will not drive, guide, influence and shape IT investment decision-making. In fact, I would propose that CPIC is an enforcement mechanism for carrying out the EA plan.

Similarly the organization can have a wonderful CPIC process for making IT investment decisions, but without a PMO to develop and enforce sound PM policies and practices, IT projects will continue to fail miserably. With an effective PMO, we will have more successful project execution, but without CRM to manage customer requirements and service and support issues, we run a very high risk of rolling out IT capabilities that the customer neither wants nor is happy with. Further, CRM will increase customer satisfaction, but without ITS, CIOs will not ensure the security of the information and systems that the users are depending on.

Finally, with ITS, CIOs will provide users for information security, but without BPM, will miss the opportunity to perform structured performance measurement and management, so that the CIO has visibility to how IT is performing in all areas and on an ongoing basis and can take timely corrective action as needed.

Most organizations either don't do any of these CSSF functions well or they don't do them all. The six components need to be executed together -- the whole being greater than the sum of its parts. Further, I would propose that the six CSSF functions be implemented under the auspices of the CTO of the organization in order to centralize and holistically manage the functions in support of the CIO.

The result is that the CIO is better supported, without being overwhelmed, and the CTO has a clear mandate for strategically implementing the CIO's vision for the organization.

Of course, one of the biggest challenges to implementing the CSSF is finding and allocating the needed funding to support these OCIO functions. IT operations tend to be underfunded already and stuck in the perpetual firefighting mode. Executives often fearf siphoning the needed money or people away from the short-term firefight to work on long-term strategy and implementation. This is a serious mistake!

Firefighting is a losing battle if you attack only the symptoms, but never address the cause or core strategic issues. Moreover, in the fast-paced technology environment of the 21st century, no IT leader can afford to be looking backward -- managing legacy systems that do not leverage modern technologies, techniques and methodologies for information sharing, collaboration and business intelligence.

If you are spending close to 100 percent on IT operations today, is it really unreasonable to allocate 3 to 5 percent of this to strategy, planning and control? Of course, this needs to adjust when IT budgets get extremely large or small and as the complexity of the organization shifts.

As the prior chief enterprise architect of the U.S. Coast Guard and of the United States Secret Service, I have always been a deep proponent of EA and CPIC to drive better IT investment decision-making. However, now as the chief technology officer (CTO) of the Bureau of Alcohol, Tobacco, Firearms and Explosives, I more fully understand how the CSSF functions and interplay are needed for the CIO to perform effectively.

Clearly EA and CPIC are not enough to adequately support the CIO's needs, and thus, they need to be extended with PMO, CRM, ITS and BPM. Moreover, these areas function best that function together for the reasons I mentioned prior -- it's a clear domino effect, where astute planning, sound governance, skilled project management practices, competent customer service, solid IT security and meaningful performance measurement are all necessary for the CIO to manage IT more strategically and effectively.??This is why I firmly believe that the CIO Support Services Framework is how we are going to have to manage IT to achieve genuine success for the CIO in the 21st century and beyond.

_______________________________________

Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.


Share/Save/Bookmark

August 6, 2009

How to Strengthen the Office of the CIO - Part I


Published at Government Technology
[Note: This is a two-part article on strengthening the office of the CIO to improve IT operations. Part 1 examines the six components of a CIO Support Services Framework. Part 2 will explore best practices and implementation.]
Information technology is plagued with what federal CIO Vivek Kundra recently called "magnificent failures." A recent research survey by theStandish Group identified that more than 80 percent of IT projects were either failing or significantly at risk. Another article described the CIO's role as a nearly impossible job, trying to manage day-to-day firefighting with limited to no ability to get control and manage strategically.
We are investing massive sums of money, time and effort, only to disappoint customers, miss the mark on requirements and fail to deliver on time, within budget and to specifications.
The CIO Support Services Framework (CSSF) is an approach for changing the dynamic of failed IT projects and putting the CIO and other IT leadership back in the driver's seat, by ensuring that the structural components for success are identified, elevated and resourced appropriately.
The focus of this article is to identify, describe and link the core elements that make up and support an Office of the CIO for the purpose of demonstrating how that will lead to improved IT operations. When the CIO is properly supported, program and project management can be executed with strategic intent and alignment.
It is not my aim to discuss the pros and cons of the many solid approaches to IT project and program management today, such as the Federal Enterprise Architecture (FEA), Information Technology Infrastructure Library (ITIL), Control Objectives for Information and related Technology (COBIT), Project Management Body of Knowledge (PMBOK), Federal Information Processing Standards (FIPS) and International Organization for Standardization (ISO) 20000. I will say that while each is comprehensive in its own right, they are skewed by a particular emphasis on a particular function. For instance, FEA looks at architecture planning, ITIL on service support and delivery, PMBOK on project management and so on. What the CIO needs for ultimate success is a way to incorporate elements of all of these perspectives into a bigger picture.

Image copyright by Andy Blumenthal
So what is the CSSF? It is an IT framework aimed at standing up and strengthening an office of the CIO so that it can lead strategically and drive improved IT operations. The idea is that just as business drives (or ought to drive) technology within the greater organization, so too within the function of IT, the CIO and his or her strategy must drive technology operations rather than just fighting fires.
In the typical IT organization, CIOs are expected to be both strategist and problem-solver, with little supporting strategic infrastructure to guide, influence, shape and drive their key decisions about IT operations. All too often, problems crop up and even the most skilled and well intentioned CIOs are left to make decisions based on gut, intuition, politics and subjective management whim.
Even if the CIO has an IT governance board to shoulder some of this responsibility, together they are still like blind people grasping in the dark for answers. This framework corrects the structural defects in today's IT organization that cause this situation to occur.
The CSSF has six major components:
1. Enterprise Architecture (EA) -- for strategic, tactical, and operational planning in the organization. EA includes all perspectives of the organization's architecture including: performance, business, information (data and geospatial), services or systems), technology, security, and human capital (this last one is currently missing from the Federal Enterprise Architecture).
In EA planning, we develop the current architecture--where we are today in terms of business and technology resources, the target--where we want to be in the future through business process improvement and technology enablement, and the transition plan--how do we get from where we are today to where we want to be in the future.
More mature EA's provide business, data, and systems models, and identify gaps, redundancies, inefficiencies, and opportunities in the business and IT and recommend business process improvement, reengineering, and new technologies to improve organizational performance.
2. Capital Planning and Investment Control (CPIC) or IT governance -- manages the IT investment decision processes of selecting, controlling, and evaluating new or major changes to the IT portfolio ( i.e. to put those plans to work and make them pay-off). CPIC can ensure that IT investments maximize return on investment, minimize or mitigate risk and provide for strategic alignment to the business.
CPIC also helps make IT investments technically compliant by ensuring that desirable IT behaviors are followed, such as information sharing and quality, interoperability, component reuse, standardization, simplification, cost-efficiency, and of course security.
3. Project Management Office (PMO) -- oversees the effective execution on the IT projects. These projects derive from the EA technical roadmap and transition strategy and from IT investment decisions coming out of the governance board(s) in CPIC. Project management is how we manage all facets of a project to include scope, schedule, cost, quality, project resources, integration, communications, and more, from the initiation of a project through its closeout. Project managers typically develop the work breakdown structures, project schedules, and monitor and manage progress to these.
4. Customer Relationship Management (CRM) or IT service management -- for managing service and support to our customer with "one call does it all". As opposed to customer management within IT operations which is focused on helpdesk, availability, break-fix, and support issues, CRM in support of the CIO is focused on serving as IT liaisons to the business responsible for overall customer satisfaction, generating and managing customer requirements, supporting business case development, and handling internal business complaints, issues, and coordinating problem resolution with IT operations.
5. IT Security (ITS) -- how we conduct IT security policy and planning. This function encompasses how we plan, assess, and enforce IT security, and not the actual implementation of IT Security, which is an operational IT function. This functional area includes preparing certifications and accreditations, risk assessments, security plans, vulnerability testing, security awareness training, and security policies. IT security ensures the confidentiality, availability, integrity, and privacy of the organizations information.
6. Business Performance Management (BPM) -- how we measure and drive performance, so we know whether we are hitting the EA target or not. BPM involves identifying performance measures, capturing, analyzing and reporting on metrics, and providing the CIO with IT executive dashboard views to inform which programs and projects that are on track, challenged and in jeopardy of failure.
Typically BPM provides for a drill-down capability, so high-level "red-yellow-green" program/project indicators and milestones can be decomposed into lower levels of detail for trends, analysis and making course corrections. BPM should provide a feedback mechanism for how the IT function is performing and drive continuous process and performance improvement in the CIO organization.
Together these six areas make up a holistic and synergistic set of support functions constitute a fully capable Office of the Chief Information Officer (OCIO) in the center.
In creating a strong OCIO, the CIO Support Services Framework wisely separates the policy, planning and oversight functions from the IT operations. This is beneficial in two main ways: First, this enables the CIO to strategically and proactively direct IT operations, rather than being in perpetual firefighting and reactive mode. Second, the separation of duties -- strategy from operations -- creates a healthier organizational dynamic and interplay in IT, where the fox is not left guarding the chicken coop.
Part 2 of this article will explore IT best practice frameworks and implementation of the CIO Support Services Framework.
_____________________________________
Andy Blumenthal is chief technology officer at the Bureau of Alcohol, Tobacco, Firearms and Explosives. A regular speaker and published author, Blumenthal blogs at User-Centric Enterprise Architecture and The Total CIO. These are his personal views and do not represent those of his agency.

Share/Save/Bookmark

July 4, 2009

CIO Support Services Framework

The CIO Support Service Framework (CSSF) has 5 major components:
  1. Enterprise Architecture--for strategic, tactical, and operational planning
  2. Capital Planning & Investment Control (or IT governance)--for managing the IT investment decision process (i.e. "putting those plans to work")
  3. Project Management (or a project management office)--to effectively execute on the programs and projects in the transition strategy
  4. Customer Relationship Management (or IT service management)--for managing service and support to our customer (i.e. with a single--belly button; one call does it all)
  5. Business Performance Management--how we measure & drive performance (like with an IT executive dashboard--so we know whether we are hitting the target or not!)
Together these five areas make up a holistic and synergistic set of CIO support functions.

So that we move the mindset of the CIO from fighting day to day operational problems to instead strategically managing IT service provision through:
  • Planning
  • Investing
  • Executing
  • Servicing
  • Measuring
This is how we are going to achieve genuine success for the CIO in the 21st century and beyond.


Share/Save/Bookmark