Published Article

I’ve been lucky enough to have an article published over at The ITSM Review.

My article is about Process Owners vs Process Managers vs Process Engineers – what they have in common and what separates them. You can find it here!

Advertisements

Ideas on Categorizing Changes and Problems…

Categorization

Everybody categorizes changes and problems. But what I find is that the categories are typically too narrow and don’t allow for broader understanding of  what is driving your IT shop.

Usually data will show that you do a lot of work in a certain application or service. Or that your changes are only planned 8 days in advance or your emergency changes are 15% of all changes. Or maybe you had 13 problems in Email last year.

But this doesn’t help explain what is driving these numbers

Change Categories

I am a big fan of not just capturing if your Change effort was an Emergency or not but what the real driver for the change was.

In particular, I believe you can “categorize” your change efforts into just a few buckets:

Break/fix – something is broken and you have to fix it.

Planned Maintenance – Maybe this is a planned patch or reboot or even upgrade of your application. This is just to keep things going, maybe to maintain support with a vendor or close a security hole. There is no “additional benefit” to the client  that is driving this effort there might be some, but it isn’t the driver. How do you know if it is the driver? Well, how are you selling the effort? Are you selling it the change effort as something that will change the way the client works (additional features) or will they even notice? Is it more for your IT support staff or for the client? If it is for your IT staff – it is PM (unless it has already broken, then it is B/F).

Enhancement – This one is tricky. Most people in IT will want their work to go here but in reality, it is probably PM. Enhancement is for change efforts that will ‘enhance’ the way the client does work today. It will cause some Business change as a result. If your change doesn’t do this, or doesn’t intend to do this, it isn’t an Enhancement. Some examples:

I have a plain old telephone system. I am switching it all out for IP telephony at some considerable expense. This requires a lot of IT engineering and transition planning. When it is done, the business will be able to make phone calls just like they do today.

So, what kind of change is that?

If you answered Enhancement – you would be wrong. Nothing about how the business functions will be changed because of this effort. They will still make phone calls like they used to. The underlying technology has changed but that did not “enhance” the business did it? No, it did not.

Another example: I am using Exchange 2003 and I’m upgrading to Exchange 2010. There are a lot of new features that we may take advantage of in the future. This change though is just getting us to the new infrastructure. There is a lot riding on this because our company lives and dies with email.

What kind of change is this?

Planned Maintenance. Again, it does not change the way the business works. It is a background change for IT. That doesn’t take away from the hard work, the long hours, or the importance of the work. It just categorizes it for what it is.

One more example: When a new person is hired, the hiring manager (or office manager) can now click a single link from the Companies Home page and fill out a small form. This will kick off all the tickets that need to be created for laptop provisioning, phone provisioning, and account provisioning. The master ticket will then be emailed to you. You no longer have to call the Service Desk and track multiple tickets.

Finally, an Enhancement!  This is taking current service provided and making them better. Crucially, this is going to change the way your client works – not a drastic change, but a change nevertheless.

Transformative – This change is fairly rare. This is really transforming the way the client does business. This isn’t a fairly small step (Enhancement) this is a large step requiring extensive training and probably new/changed business processes.

Example: We are integrating Email, Voice Mail, Instant messaging and creating “soft phones” on your laptops. We are also introducing camera’s for all laptops/desktops so we can do video conferencing. We are calling this Unified Communications.

This can be a fairly dramatic change to an organization requiring a lot of training to your customer base. There are also a lot of new features (voice mail accessible in email, ability to “see” each other) that need to be discussed and explained so we can make the best use of them. One of the biggest might be the “soft phone” on the laptop. Now your work phone travels…so we expect you to pick it up. : – )

Perhaps though, this isn’t a big enough change for you to qualify as “transformative” so you may only call it a “enhancement” – that is fine. The point here is that you have to think about it and you can’t call everything you do “transformative” or an “enhancement” because of the impact it has on IT – the impact has to be on the customer!

Finally, the last type of change I would categorize is:

Legal or M&A – Any type of change that is dictated by legal requirements or because of merger and acquisition activity. Typically there is little lead time for this work – so it is actually “interrupt” work. This is probably coming across as an “Emergency” change – but the reason it is an emergency change is very different than say B/F. You probably need to know that so you can explain why Emergency changes have gone up or why you can’t get them below a certain point. If your business is buying/merging or heavily regulated with lots of rule changes – there is only so much an IT department can “predict” – the rest is reactionary.

Problem Categories

Now with all that in mind, I was thinking of Problems. What are the main categories of Problems?

The list I came up with are:

Hardware – Rather simple one here. A hardware error. I suspect you won’t see many of these but still, they happen from time to time.

Engineering/Configuration – This is an error that was introduced in engineering or configuration of the system, application or service. This could be vendor caused or internal engineering caused. This type of error is typically troublesome, hard to find, and takes awhile to fix. If you are lucky it is something relatively straightforward like a setting was wrong on your Load Balancer so it wasn’t actually distributing the load properly.

Administrative/Operational – This is an error caused by the inattention of the operational staff due to a) ineptitude b) ignorance or c) understaffed (other priorities). Things like, a disk filling up is an Administrative/Operational issue. Patches not being applied in a timely manner causing a security hole to be exploited is a Administrative/Operational error. A redundant NIC failure that isn’t noticed, then when the primary fails…the server is offline – is a mixture of Hardware and Administrative/Operational error.

That is it. All errors I can think of will fall into one of those 3 categories.

So, what do these categories tell you?

Well, for changes it tells you what type of work you are doing – Break/Fix and Planned Maintenance are KTLO (keep the light on) type work. They are “operational” in nature. They don’t excite the business at all (they do however, keep it running).

Enhancements and Transformative changes are all about BITA (Business IT Alignment) – what are you doing to help the business grow?  Do think you are aligned with the business? Why then are only 10% of all your changes either Enhancements or Transformative?

Legal, M&A – is a mixture of KTLO and BITA. You have to do it keep the lights on but it isn’t IT driven, it is business driven. This data can show them that you do jump when needed.

You can even use these categories to help set urgency (or priority if you are so inclined). What is more important – KTLO or BITA? Where do you put more of your attention, more of your star players? Probably BITA, but that is for you to decide.

On the Problem data, the Hardware category might be interesting but it probably won’t be. What will be interesting to know is if most of your Problems are Engineering related or Operational related. Is it because you are not doing a good enough job in Service Design/Transition or because you are not doing enough in Operations?

They require different organizational responses so it is probably quite helpful to know the answer. Should you invest in a new Testing team, testing manager, testing software or should you spend more on hiring (or outsourcing) Operational efforts? Maybe you have poor processes, or poor operational tools (like an Event tool or alerting tool).

Categorizing your changes and problems in this manner can help you make these decisions in a way that the traditional category methods cannot.

Vendor Management – some thoughts…

Not for the first time I’m working to help establish better ‘vendor management’ Mainly my work is falling into 2 broad  – keeping track of licenses and vendor relationship management.

Keeping track of Licensing and Support

I break this down into 3 main buckets of information that needs to be captured, tracked, reported and analyzed.

What did we buy

First we need to know what we bought. I think the following bits of information is important. Now Purchasing may want more/different information but for IT staff, we will want to know:

  • What licenses did we buy from Vendor X
    • By Product
    • By Purchase Order (date)
    • By Internal Team (It is possible more than 1 internal team bought the same product at different times – for different amounts)
  • What support did we buy from Vendor X
    • By Product
    • Number of Licenses supported  (Not all licenses are always supported – for instance, maybe we bought 100 but only got support on 75 because the other 25 are in our lab for testing)
    • By Purchase Order (date)
    • By Internal Team
  • When will licenses purchased from vendor X expire
    • By Product
    • By Purchase Order (date)
    • By Internal Team
  • How many licenses are currently active from vendor X (Sometimes licenses are superseded by other purchases or by coterminating efforts or other consolidation efforts)
    • By Product
    • By Purchase Order (date)
    • By Internal Team
  • What is the total amount (sum of all active licenses) spent on vendor X
    • By Product
    • By Purchase Order (date)
    • By Internal Team

If you have all this information you will be able to see if you have multiple teams buying the same stuff (this happens), if you are not taking advantage of bulk purchasing (by buying smaller amounts at different times), as well as just getting a clear idea of how many licenses you (believe) you have in total and how much it is costing you.

What Are We USING

Next we will want to know what we are currently using. We will then use the output of this data to compare it to the output of “What Did We Buy” so we can see how are doing

  • How many licenses are we using from Vendor X
    • By Product
    • By Internal Team 
    • Last Audit Date (Audit Date for each Internal Team using a product)
  • How many times did we contact/use support from Vendor X
    • By Product
    • By Internal Team
    • Last Audit Date (Audit Date for each Internal Team using a product)

So, it doesn’t seem like a lot of information here – but the issue here is actually getting this data. This will require various audit processes and probably some manual work. I’d recommend you do this at least 2x a year though.

Once you have this information you can compare what you are using to what you have purchased and see where you are with capacity (under, over?). This can then be used to help you plan future purchases. You can also see if one team is using a product more than another team – this could lead to consolidation and management by the team that uses it the most while the other team just becomes a subscriber.

On the support information – you may find that you are paying for 24/7 support but don’t need it. It isn’t always a question of how often you’ve contacted support though – some applications (or hardware) are business critical so, even if you don’t call support often you may want to have 24/7 support. Otherwise, you may find some cost saving opportunities by reducing the amount of support you are paying for.

THE VENDOR’s RECORDS

The previous two parts seem “obvious” to most (even if they don’t actually do it) – this one though is usually less “obvious.”

The vendor should also have records of what you’ve purchased and how many times you’ve contacted support. This part is to ask them for their records and then you compare this to your records.

You may be surprised to find that you think you purchased 100 licenses while the vendor thinks you have 110 or maybe 90. You may think you have 24/7 support but the vendor thinks you only have 8/5.

This however shouldn’t just be a report or spreadsheet provided by the vendor. Hopefully you use this opportunity to meet with and discuss this with your vendor. You should for instance cover things like – how the licenses work, or what is the future of the product. You may be surprised to know that you are not using the licenses in the intended manner (maybe this is a good thing or a bad thing – maybe you are applying them to your test environment and you don’t have to do that – or maybe you aren’t and you should) that the product will soon be discontinued.

Information you will  want to collect from the vendor:

  • What licenses did we buy from Vendor X
    • By Product
    • By Purchase Order (date)
    • Last Audit date (this should be done at least once a year, hopefully 2x)
  • What support did we buy from Vendor X
    • By Product
    • Number of Licenses supported  
    • By Purchase Order (date)
    • Last Audit date (this should be done at least once a year, hopefully 2x)
  • When will licenses purchased from vendor X expire
    • By Product
    • By Purchase Order (date)
    • Last Audit date (this should be done at least once a year, hopefully 2x)
  • How many licenses are currently active from vendor X (Sometimes licenses are superseded by other purchases or by coterminating efforts or other consolidation efforts)
    • By Product
    • By Purchase Order (date)
    • Last Audit date
  • What is the total amount (sum of all active licenses) spent on vendor X
    • By Product
    • By Purchase Order (date)
    • Last Audit date
  • How many times did we contact/use support from Vendor X
    • By Product
    • By Internal Team
    • Last Audit Date (Audit Date for each Internal Team using a product)

Using the information

Hopefully it is fairly clear what you can now do with this information. This can be a very useful tool in your budget planning, vendor relationship management, internal auditing practices, and even improving your procurement or license management processes.

Vendor Relationship Management

Beyond just leveraging your vendor to help you keep track (verify) all your product purchases and support calls you can leverage your vendor to help you plan for the future.

Your vendor should be able to meet with you and tell you their product lifecycles:

  • What is new
    • What business opportunity does this help create or problem it helps solve
    • Can you help write a business case
  • What product is going away
    • When
    • What does that mean for support
    • Why – is it replaced with something else
  • What product is being upgraded
    • When
    • What are the new features
    • What is the upgrade path
    • Does licensing change
      • If so, how
  • How do your products integrate
    • Which versions of your products integrate with which other versions
    • Will future upgrades change any of the intergration points
  • What products versions you are no longer supporting
    • What versions
  • Is there a “local user group” meeting
  • Is there a vendor conference
    • Can you help fund the cost of going
    • Can we meet developers or product managers
    • Can we meet other customers in our area

You should meet with your vendor and discuss these things at least every 18 months. In my experience these can be hours long and usually require a NDA.

The output of these meeting though can be hugely influential on your own internal roadmaps. You may also get to go to a conference! (Worked for me more than once).

Beyond that you should qualify your vendor as either a strategic, supporting, or periphery type vendor. Meaning, does this vendor supply you with services, software or hardware that is key to your business? Or something quite useful but not quite key. Or something used by can easily be replaced.

You want to spend your time mostly with strategic type vendors and not that much with those on the periphery – although I suggest you do meet with all of them. You never know when someone can move from the periphery to supporting or strategic!

When you meet with your vendor try to keep up with the following:

  • Who is your account manager(s)
    • By services, products
  • Who is their technical resource
    • By services, products
  • Who are their VARs or partners
    • By services, products
  • Who is your account manager’s boss

You should always try to have your technical resources meet with their technical resource and have your management meet with account manager (and above). Not everyone needs to have a full meetings with everyone else. It is not much value to have your Director, VP or CIO to spend a lot of time with their technical resource or have your technical resource in a 2 hour meeting with their regional account manager.

Don’t abuse your vendor…but also don’t be afraid to fire them

Vendor’s can be a terrific resource and be very helpful beyond even “normal” – of course this depends on your relationship. Don’t abuse them. Even if the product does’t seem to be working the way you want (or were sold) it to – that is rarely the fault of the Account Manager or Service Desk you are calling for support. Your Account Manager can provide faster access to 3rd tier support or even directly to the developers. I’ve even had the head of development fly from Germany over to our office to talk about our technical issues. This can happen, if your relationship is good. They are people, just like you.

But also, if they are just not working out, they aren’t really helping you, or being responsive to your requests – fire them. I don’t mean that you just stop doing business with the vendor (although that is an option) I mean, just tell the vendor (usually a regional manager) you don’t want to see that Account Manager anymore. They are off your account. Usually this requires some meetings with a Director, VP or even CIO in your organization with some higher ups in their organization – but if that is what it takes….do it. I’ve done it, and it was worth it.

You want a good relationship, your vendor actually does want a good relationship too. Sometimes, it just doesn’t work out with some personalities, don’t fret about it, just get a new person to deal with.

Project Management, Change Management and Release Management

Change Management

It seems that most people view ITIL Change Management as the recording and approval of “operational” work being done in the production environment.

Typically what I’ve read, heard and discussed with people is some concept of putting in a “RFC” a few weeks, maybe a few days, before the implementation of the change. The Schedule of Change then becomes the go to resource to see what is being “released” in the environment when.

This (what I may call “traditional”) view of Change Management is entirely too limited.

First it completely crushes Release Management to the point where a lot of organizations don’t do this, don’t do it well, and really don’t understand how Release works with and/or is different from Change Management.

Second, it creates limited interaction with Project Management, Service Design functions, or even Service Strategy functions. If you are just considering the risk of a change 8 days before implementation, when the majority of the money, time, and other resources have already been spent…you are not doing much of a “risk evaluation.”

Project Management

All projects are essentially the organization/management of resources with the purpose of implementing change(s). There are of course lots of work that goes into doing that and doing that well. Scope statements, stakeholder communications, requirements gathering, budgeting, coordination across multiple “line” teams and the utilization of various IT processes.

Some things to consider when thinking about Project Management and the (real) role of Change Management…

  • How do we ‘prioritize’ this project vs other organizational efforts?
    • Not just priority vs other proposed work but priority vs current efforts?
  • How do we assess the risk of the project from multiple facets (before work is actually started)
    • Such as “Capacity”, “Availability”, Business Continuity”, “Portfolio/Catalog”,  or “Security”
  • How are we determining, documenting, and then managing what “gateways” this effort must pass through in order to progress from Design to Operations?
    • Not every “change” needs a detailed design review or a new pricing model – how do you determine which does and how do you ensure they go through those checkpoints?
  • How do we document and manage any changes to scope or to risk to the ‘change’ when it is in Design or Transition?

If you are not doing a RFC until a week or so you are moving to Production – you can’t possibly be capturing and managing this type of information using Change Management – so then how are you doing it….or are you doing it at all?

Release Management

The often forgotten and neglected process. Sad and lonely. Do you have a Release Management Board? How does it work with the CAB? Who actually sets the schedule for ‘release’?

In most places it seems that the Schedule of Change (to include date/time) is set by the Change Advisory Board. In doing so, I believe, you force Release to march to that tune and so curtail some of the power/authority a Release Management Process can (should) have.

The Release Management process should dictate the actual schedule of the implementation. The CAB should only state the change is “authorized” – the actual date/time, type of release, resources used in the release, artifacts required are determined by Release not by Change. Change is the ‘macro’ and Release is the ‘micro’.

How they can work together…

A need or idea for a change starts the Change Management process. Some of these will also be Projects, some will not.

Change Management can start months, maybe a year, prior to the actual implementation date. Change Management may review an RFC multiple times.

Consider the following:

  1. Need/Idea
    1. These are: Customer/Business Requirement, Customer/Business Request, Service Improvement, Service Correction
    2. Our new idea is “New Service Desk” tool.  Since it is coming from IT, it is most likely a “Service Improvement” effort.
  2. A high level business case should be put together and then you have your first CAB review
    1. Define problem, define scope/urgency, define benefits/risks, define estimate of resources needed
  3. CAB provides approval to move towards RFP and proof of concept
  4. The ‘project team’ then develops RFP and/or POC, meets with vendors, obtains testing equipment/software, performs POC, reviews POC…
  5. Team updates RFC with POC/RFP information – updates Business Case as needed. Goes back to the CAB. The CAB can then approve/deny continuation of the effort.
  6. At this stage the ‘project team’ must create Design plan, what artifacts (Capacity Plan, Security Plan…etc) will be required/updated , schedule of significant milestones (such as: requirements signoff by stakeholders, beginning of testing) and resource allocation.
  7. The ‘project’ goes back to the CAB – the Design plan is reviewed and denied (maybe they didn’t include the Business Continuity Plan, or maybe the planning seems to include things beyond initial scope) or approved
  8. The ‘project’ moves to development/design – any deviation of dates to significant milestones require an update to the RFC – which requires review by the CAB.
    1. Why was testing pushed back 1 month?
    2. What other efforts will that impact? Are resources still available? How does that impact future ‘change’ requests?
    3. Normal progression through milestones just has updates to RFC (change in sub-status could be helpful here for reporting purposes)
  9. During Design/Development – Release Management starts to become involved. They are the gate keeper to some significant milestones (such as Acceptance of Testing, Implementation Plan Acceptance) – they approve the RFC to migrate through these ‘sub-status’
  10. As the effort moves through testing but prior to implementation – the CAB reviews the change again and then provides “approval” for implementation. The schedule is set by Release Management.
  11. Release Management provides approval for the Implementation Plan and sets the date/time for the release.
  12. After implementation Release Management reviews the “release” and provides input to Change Management to assess overall success/failure of Change.
    1. The ‘release’ component can be successful while the overall change effort can be viewed as less than successful due to schedule/resource overruns, or failure to adequately address customer/business needs. This separates the assessment of the Change from the assessment of the Release.

But let’s just say that you are not doing something that large. You are just doing a  a upgrade to an existing application or maybe you are just adding capacity to a service by putting in more “servers” – Do you have to go through ALL of this stuff?

The answer is a bit of yes and no. You still need to put in the initial RFC. You list it as “Service Correction” or “Service Improvement” and you still need some high level business case (this is your justification or reason for doing the work). It will get approved and you don’t need a RFP or maybe even a POC so you move right to documenting your Develop/Design plan and identifying which documents you will create/update. This is then approved (let’s say your work does not impact Availability, or Security – so you just say you won’t be updating or creating those documents). It is then approved to move to the next stage – which then you will start to engage with Release Management. You have to progress through their stages and you can then get to implementation in production.

Of course you can always create “standard changes” which can speed this process up by “pre-approving” many steps but that of course means you’ve at least gone through this exercise at least once.

Recap…

Project Management is to manage discreet efforts. The may be large in scope but they have a defined scope. They may even have PM Boards which discuss project management practices, or certain artifacts related to Project Management (status reports). Project Management is more about “who” and “how” is something is getting done.

Change Management is to manage ALL change efforts to the enterprise. Big or small. Project or Operational. They must all be recorded, assessed, and balanced against all other requests and business needs. We cannot allow ‘rogue’ work on change efforts without governance. Change Management is more about “why” and “what” is getting done.

Release Management is to manage the transition from the ‘test environment’ to the ‘production environment.’ It is concerned with the details of those plans. Release Management is about “how” and “when” something is getting done.

The “where” is defined in your policies. I’d recommend that this type of structure apply to production as well as applying Release Management controls over your test environment.

What are your thoughts?