Author Archives: Morten Stender

  • -

Risk & Security Design (PIA, GDPR)

Category:EA Tags : 

Why buy a point-tool for GDPR? In fact, there is no reason why not to manage the data next to the data-driven portfolio information of processes and business applications that typically reside in EA. The unification between information security, information management and enterprise architecture leads to our unified approach to handle the GDPR regulation in line of EA. Our advisory services and fast-track implementations help you to be in control of your corporate information security to lower risk and confirm compliance.

We offer a unique solution to GDPR that guides you to get the right data being managed fast-track. It helps you to focus on the right data-gathering, simply by using an “outside-in” perspective to the most important business questions, assessment data, and portfolio data. By relying or avoiding too many point tools like small ISMS solution or GDPR offerings, we can provide the flexibility to connect your data to a data-driven digital platform that helps you manage your audit results, controls and risk assessments by connecting to the relevant responsible people in the organization. Try to minimize the risk of the annual auditor assessment, make it pass faster, and be in pro-active in planning.

GDPR? What is it? How do we tackle it?

How to tackle the GDPR from a CIO perspective?

There is today a lot of articles about GDPR and the importance of ensuring future compliance to the new rule set in order to be ‘better’ at handling and protecting sensitive personal data. What is new is not as such the procedure to do so; the new is the regulatory framework that makes the consequences of failing compliance to something that in case of non-compliance will be a board issue… What to do as a CIO, if you want to prepare in advance and simultaneously want to get a sustainable governance around the framework. This post will give you key 5 things to consider.

A little bit of background
By 2015 the European Parliament, the Council and the EU Commission finally completed and the parties agreed on a new regulatory framework for the protection of personal data, the so-called GDPR. The GDPR is a huge document of over 100 PDF pages of legal text. However, for IT and security folks who must implement relevant sections of the text, the key parts are in just a few of the Regulation’s articles.

In the GDPR, companies must document much better compliance to the presence and usage of personal data across the IT landscape. This means that every organisation needs to have a much better overview to classification and awareness to where personal data is stored and processed.

Personal data in this context means any information that is “an identified natural person or a natural person who can be identified, directly or indirectly”. That is names, security numbers, phone numbers, addresses, etc. The GDPR is not restricted only to the obvious identifiers such as emails and addresses, but anything that relates to a person including logs and geo data! The overall intention is clear, as a company you need to act professionally and know what and where you have personal data, and this data you have protect! Data that has been anonymized is not covered by the GPDR.

What is the new with Personal Data Protection?
What is new is not as such the procedure to do so; the new is the regulatory framework that makes the consequences of failing compliance to something that in case of non-compliance will be a board issue… However, incentive or not, the GDPR operates with a new tiered fine structure. The general conditions for imposing administrative fines can go up to 2% of a company’s global revenue for not having their records in order, and by not notifying the regulatory authority and data subject about a breach, or by not conducting impact assessments. Even more serious infringements merit up to a 4% fine. This includes violation of basic principles related to data security as violations of the core Privacy by Design concepts of the law. These fines will be valid from May 2018, so companies do have an incentive to provide mitigative actions to comply with the GDPR deadline.

Data protection and impact assessments
The GDPR includes also an article for data protection impact assessments (PIA, DPIAs). The Impact Assessments must be provided before new services or products are launched. So, it is acceptable to work with agile approaches and fail-fast approaches, but before the validated product goes live, there must be an impact assessment to secure personal data. This will force many project managers and IT departments to proactively consider what security measures that will be put in place to secure path for compliance assessments.

How to prepare for the GDPR?
May 2018 is soon, so for many companies the GDPR may come as something ­of a shock. An immediate action is to appoint a data protection officer who would will be accountable for advising on and monitoring GDPR compliance, as well as representing the company when contacting the supervising authority. Very often, this will have a call to the CIO or his/her delegate. However, this is a mandatory step to have an accountable person, but far from enough. The organisation must work with the responsibilities of the new GDPR, and this is where the EA and governance frameworks may be the hidden fuel.

Here is a list of focus areas to consider aligning best practice of governance frameworks:

  • Business Model Canvas – With the focus of dash-boarding and integrated reporting  to the business, it is important to lay out a Business Model . This business model will serve to understand what functions and overall processing that takes place ‘where’ in the business. With the Business Model, it is possible to pin-point what types of classified data that is expected in each business area. The outcome of such assessment is a recommendation for what types of personal data each business area should have access to. The GDPR will require a gap analysis to be part of the ongoing processes to minimize the access to classified personal data. Without the Business Model (process model or capability model), it will be difficult to provide a meaningful reporting of the gap analysis. It should be easy to demonstrate compliance and perspectives of where there is a high risk of personal data is accessed in much larger areas of the organisation. This is where information modelling, capability modelling and our business solutions can be helpful.
  • Business Applications Management – With the updated perspective of the Business Model, it is recommended to provide a Business Application Catalogue. Such a Catalogue should have strong relationships to the Business Model, hence, this is not an ITSM services catalogue. The Business Application Catalogue should be governed – so the federated solution needs to be agreed, which involves organisational change. If such an APM catalogue or Business Application Catalogue is not available and managed, this is highly recommended to get in place alongside the Business Model. This will serve as the foundation for the Data Classification and Data Retentions. This might be a simple cloud offering from us, or be a more integrated portfolio solution from us.
  • Data Classification– With knowledge to what business capabilities and what business applications, it is a simpler and more straight-forward task to assess where your personal data is stored. This includes structured electronic data as well as unstructured formats of documents, presentations, and spreadsheets. This is critical for both protecting the data and also to follow the impact of change of  personal data. To solve this puzzle, we would advise you to get the overall Business Model and Business Applications Catalogue in place first, then extend to master the presence of personal data with categorization. The categorized personal data is classified and mapped to the landscape of business applications and infrastructure information, and also against the intended usage – to pin-point irresponsible presence of personal data through-out the organisation.
  • Governance– With data comes also the operational processes to maintain this GDPR information daily. This will lead to establishing the processes to secure ‘data security by design’ and ‘data security by default’, alongside the roles and responsibilities of keeping the Business Applications Catalogue up to date and to understand ‘who has access to what’. We advise that companies first get the foundation in place, then the Data Classification, then to tailor and adapt this to the existing processes of the organisation. Some relevant frameworks would be IT4IT, TOGAF and COBIT to ensure there is a focus on controls, follow-up and management accountability.
  • Data Retention Policies– With its requirements for limiting data retention, there is no firm metrics to follow. This means you’ll need basic information on what data is collected, why it is collected, for how long it is supposed to be collected, and how the processes are for ‘releasing’ information again – tailored to metrics that are justifiable. This must be an integral part of the processes for managing data. Personal data residing in business applications should be periodically reviewed to see whether it needs to be kept or removed. It is important that the Data Retention is supported and supporting the Governance. Reports and alerts to non-compliance should be an integrated part of the Governance. This is where toolsets like MooD can be very helpful to operationalise the reporting and democratize the data updates.

So how to get started?
What is new is not as such the procedure to do so; the new is the regulatory framework that makes the consequences of failing compliance to something that in case of non-compliance will be a board issue…

To implement a framework is something that requires adaption and experience to lead the change. Very often, the need for a senior advisor coming-in externally to help the change agenda is crucial. However, if this the change-agent is very process-oriented, there is a risk of poor tool-implementation, and if he is very tool-centric, he will favour data and there is a risk of poor process-implementation. The right senior advisor is a hybrid executive with deep knowledge into tooling, processes and people management. Very often, just a minor catalyst from senior executives can get icebergs to flip. Please don’t hesitate to call for advice.

 


  • -

Digital Boardroom (Digital Board Pack)

Category:EA Tags : 

As boardroom member or strategy executive, you have a need to follow the shifts in the regulatory, identify new ways apply new technology to provide competitive services, which require you to adapt and thrive under these evolving market conditions. Why not convert your next boardroom session to digital experience?

We help you with a Digital Board Deck – no longer powerpoints and old reports – the connected insigth brings data alive to your Boardroom. While you are implementing the strategy, you often need to divert, as changes still happen in the market space. What we can provide to you is a decision-support cockpit that allow business-executives get results much faster than classic BI projects, and which will allow you to understand cause-and-effect, simply to get a situational awareness to your position in business impact and strategy execution.

If you are business executives or strategy officer, you will gain by getting a near-real-time cockpit to the business operations and planning.

So if plant A is not working, or flight B is cancelled, then what is the direct consequence in terms of customers or segments affected? In a similar way, if projects are delayed, maybe not so much the cost focus is your main pain, but do we manage to get the goods delivered before season sales?

With the Digital Boardroom, we provide solutions for connecting data, to provide the dashboard of the large web of complex dependencies of information.

If you are interested in a demo of how we fast and agile may provide a digital boardroom, please contact us.


  • -

Business Design – A solution to increase performance

Category:EA Tags : 

With the solution for Business Design, we provide a data-driven solution to your big data and business architecture, helping organizations with the vast amount of variations of data located in excel sheets, databases, tools etc. Very often, these data are neither 'connected' nor applied to a common understanding of working together. The potential of these data is to wire the contents to the business design, architecture the insight to your business.

Grow or stagnate – it is part of your new business design to plan the future. We help with solutions to provide more agile approaches to innovation and strategy execution.

With the increased globalization, new technologies, and disruptive business models all support the need of a journey to get more insight from the vast amount of 'big data' that resides in larger enterprises. With the Business Design Solution, you may analyze future products and services, assess the impact of new technologies, and connect to the many data sources offering an opportunity to rich inside of what drives what. With our strong digital platform for building data-driven business design, you avoid the pitfalls and long timeline of classic BI-techniques, and instead gain the insight of a democratized decision-support in your planning and governance.

Data-driven business design can ensure differentiation to your business, increase the agility and arm your strategy execution in terms of achieving business outcomes. The result is a solid foundation for business development and better margin than competitors.

Whitepaper on this topic

To download out paper on Project Portfolio Management enter your details below and we will email you the file as an attachment. Make sure to double-check your email to receive the file.

Your Name (required)

Your Company (required)

Your Phone

Your Email (required)


  • -

Key Success Factors in Digital Transformation

Category:EA,Services Tags : 

Based on a conversation this week where the topic of digital transformation was discussed, we synthesized the following:

Many talk about ‘digital transformation’; fewer agree on what it means and doesn’t mean; and too few succeed in doing it!

Using the term as defined in our recent post, then digital transformation represents the change to a different business model where the future business achieves a different market position with (maybe radical) different services, offerings, delivery methods, locations and meet-up. Using this definition, a lot of organisations will today maybe work with digitization, but not the same as digital transformation. Companies that strategically seek to change the paradigm and business model are radically different than those companies which talk about digitizing some processes. To quote recent post,

 “Digital transformation is the strategy to execution toward a new business model which is based on a different paradigm, that it splits rather than fits the existing processes, and for that you need to map-out your future business model. Don’t start with your existing processes; start with your future operating business model!”

It becomes more evident that the discipline to succeed requires a top-down approach to define the target business model. Some may suggest that ‘digitization’ could be a step towards the ‘digital transformation’, however, if the digitization is based on fitting processes, and digital transformation is based on splitting processes, one will almost never lead to the other!  To succeed with digital transformation, there is at least a handful of key success factors to consider. Let’s discuss some of the important ones:

  1. Map-out your future business models. Digital transformation is about getting to the open-minded discussion of where we want to ‘move to’ in terms of future products, future services, future customers in order to innovate the business model. This has nothing to do with optimizing the existing business processes but is a pure forward-thinking exercise. As highlighted in the McKinsey Quarterly, organizations are embracing digital transformation to knock down traditional industry boundaries and disrupt conventional business models.
  2. Drive-out your business model for time and space. Digital transformation is also about exploiting digital advances and to couple digital technologies, then to use these advances and couplings to optimize the business model to eliminate or optimize the value chain and customer experience in time and space. This may be barriers or man-power works today, it may be self-service or differently delivered in the future. We often say, that Michael Porter is still valid reading, just to be seen in the new digital context! Eg. if one can deliver an email rather than a physical paper envelope, it opens a lot of future services and delivery models.
  1. Plan with Scenarios. No-one has the full insight to the future, so to plan and make it realistic often involves scenario-based planning or risk considerations. As discussed in the recent post, the quote of Dwight D. Eisenhower is still valid, “In preparing for battle, I always found that plans are useless but planning is indispensable”. We always recommend the exercise of information management to provide risk-based or scenario-based planning, which is typically where tooling such as  MooD or similar digital transformation suites can help. Reason is, that for a company to survive coming 3 or 10 years, it is hard to argue that no considerations of external threats, new technologies, emergent legislation should be not be considered. May well be that the forecast is poor and the prediction ends up being wrong or displaced, but planning as the preparation and improving the agility of what to respond as an enterprise is indispensable.
  1. Make it business-led on a digital platform. If you want to make an impact, try to avoid too many barriers. Focus on the strategic change with focus on strategy-to-execution. This is most easily accomplished by enabling the strategy-to-execution with modern technology. With a core focus on the strategy implementation, it is possible provide actionable insights. This may or may-not be solved with agile approaches, which is another topic.
  1. Be first in the game. Unless protected by borders or regulation, the front-runner is most often the winner. The only constant is the change – and as highlighted in the McKinsey Quarterly article, organizations are embracing digital transformation to knock down traditional industry boundaries and disrupt conventional business models. In other words, the first ones to see the potential of the new business model are likely given a better chance to reach it.

If you look for advise how to start and implement a digital transformation initiative, please do not hesitate to contact us.

We power your digital MooD!


  • -

Do you dare _not_ to invest in new EA?

Category:EA Tags : 

Key focus for next generation EA is transparency, portfolio planning and collaboration in the cloud. Previous generations of EA focused on either drawing capabilities or solution architecture with lots of modelling in “thick clients”. The new generation of EA has a business audience, who needs a platform that is an intuitive cloud based web-portal, managing an eco-system of data-sources and much interaction with your colleagues. This is what helps you to create success with your IT strategy, business processes and portfolio management!

A next generation EA with proper advice and implementation will drive-up maturity of governance and process optimisation of your company. It offers collaboration to build a unified view of the business; it is a living architecture with portfolio updates so that data is fresh and updated; it is managed by people in your organisation. This is a giant leap to get factual insights to make better decisions.

Next Insight® is our digital cloud-offering of a market-leading next generation management solution to master strategy execution and Enterprise Architecture (EA). Connectivity is key! You get the digital automation that offers adaptors to e.g. ServiceNow CMDB, ARIS, MEGA toolsets. This enables a user-friendly full-stack transparency between technology and business, between planning and operations, between architecture and sourcing.

This helps companies to make scenarios and strategic planning to do value forecasting. It allows us to interview and assess your stakeholders and business executives to interpret what the strategy formulation means in terms of business priorities and execution – shared and communicated to the organisation – updated and enriched back to the stake holders.

With our approach you will learn how to create rapid results to align processes and data to build up information layers and a digital model of your business that supports learning and performance monitoring.  we offer you overview, analysis and management perspectives on portfolios such as

-Your business processes

-Your compliance, risk, GDPR

-Your applications and systems

-Your products and services

-Your technologies (servers etc.) with ServiceNow Adaptor

-Your investments (projects, demands, etc.)

-Your governance (decision boards, members, etc.)

Next Insight® is the market leading cloud offering with an agile thinking behind. We are in the business of digitalisation and digital transformation – offering the obvious choice to any large organisation that needs to succeed with strategy execution and transformation.

The true value of such a management system is the ability to manage large amount of data, using rapid results and prebuild adaptors to AD, Finance, ServiceNow CMDB etc. This approach offers you a digital model, by Gartner referred to as the digital twin of how the organisation behaves compared to real data.

Our next-generation platform offers you the planning option to compare model data and real-world data. As build on proven and leading technologies and methodology, some refer to this as enterprise intelligence – something that is more interactive and cloud-enabled than classical approaches, and something that helps you to get processes and master data in control.

If you have questions or queries to get started, please call for advice.
We power your digital mood.


  • -

Do digital board packs help your organisation to comply with GDPR?

Category:Services,UK Blog Tags : 

Do you have governance around your board back? Do you have meta-data and master data supporting your generation of the board packs? 

Now, first, we did pass the May 25th – and large organisations are still struggling with GDPR! No longer as a project, but typically more to absorb the endless amount of excels and small GDPR tools that eventually were delivered as the project outcome. Now another phase takes over – what to do with the project outcome?

This calls for another maturity level that cannot be provided by small point tools or excel. This calls for a larger piece of collaboration to make ‘stuff’ updated; typically, by having the GDPR processes embedded into a larger solution flexible enough for helping the executive team to steer the boat – it calls for the governance around the digital board pack!

That was then…

A lot was written about the impact the EU General Data Protection Regulation (GDPR) in the period up to May 25th 2018. And even though up to 60% may have slipped the deadline, see a recent survey, the fact is more likely that most organisations completed the GDPR project during 2018, but still will be working with GDPR also in 2019 – how can that be?

As mentioned in a recent blogpost, there is a natural progression towards being better at compliance, and also for GDPR – and that is way beyond the project outcome ending 2018. It is the progression..

  • to move from project to line organisation
  • to onboard managers and specialists to keep information fresh
  • to transition from project into process – and what is the IMACD of person-related data process activities are solved
  • to simplify the Article 30 report generation
  • to remove simple risk tools to consolidate the governance in the digital platform
  • to make ownership up to the board for the updated compliance views.

The data of the GDPR compliance will continue its journey to be alive, and it will continue down the maturity ladder to distinguish dataprocessors from data controllers, move away from text fields and into elements of meta-data to oversee the ocean of GDPR.

But most importantly, the transition is about getting the organisational ownership, where managers act on their responsibility and accountability to be compliant. Where the project 2018 was driven by fear of potential penalties, the new demand is much more to make it actionable within the line organisations where ‘stuff’ gets updated and the executive board can make decisions based on new evidence. This is often referred to as “EA”, the grid or architecture (A) space of an entire enterprise (E ).

How does this tie into my executive team?

Once you have completed the project, you may have data. Once you have moved it into a point tool, you may have reached slightly modified data so see the first patterns. It still doesn’t bring you much further. The heavy lifting involves more:

  • First, you need to move from free text and text fields into meta-data. This means that you don’t type pay-slip in a text field, but you check ‘pay-slip’, and you can afterwards analyse where ‘pay-slip’ is being processed by systems and processing or controlling activities
  • Second, you need to transition into the architecture portal where governance is typically managed, that is, who is the system owner? Who is the data process owner? Who should update this piece of data. Very often, we see BI solutions reporting long lists of data – but that is very distinct from the next maturity level where these people can do actionable reviews and updates. This if often is referred to as digital platforms or EA platforms (like MooD, ERP, etc).
  • Third, you need the escalation route embedded to the executive team. It is the management team that is accountable and needs to have the blind eye opened. Without their eyes open and provided insight – only the one-eyed will be king among the blinds.

So anyone within the board should be trained, concerned and be kept updated!

The way forward?

There is a natural progression towards maturity – but only if it is guided. You need to find an advisor who can helpyou to make a living architecture.

With a living architecture, you onboard the ‘softer’ side of and provide decision insight to your management.  When used properly, you get the connected enterprise where boards act when things start to drift. So, anyone within the board should be trained, concerned and be kept updated! That is what we provide as part of our digital board pack service.

Working with different next generation technologies, we offer a digital platform that help large organisations to have a digital board pack, not a PowerPoint! Online views where you can drill into data, updated by the responsible people in the organisation, supplemented by technical data so you can view the online portal and stay compliant. We talk about powering your digital ability.

Giving all your directors access to the information they need to know about your GDPR policies in one place, makes it much easier for them to find the information they need and ask the right questions when it is discussed – all managed as meta-data and by the relevant people. No more emails – no more point tools.

If you have questions, please do not hesitate to make contact. We are the leading organisation in digital governance helping large organisations to succeed with their business transformation. We power your digital mood!

 

 


  • -

Integrate to succeed with your governance and architecture!

Category:EA,UK Blog Tags : 

This week we ran into a customer dialog where the conversation concluded, that to succeed with governance and Enterprise Architecture Management (EAM), you need a technology than can integrate to many data-sources and many user-input to provide an updated picture of the estate, something that is not done only in PowerPoints, Visios or an operational CMDB-tool.

In this case, the customer had just removed the office of enterprise architects, as he said, “they did piles of Power Points with deep thinking  – they never  changed anything –  so now we hire a new team”. This we see as an interesting statement. It means essentially that enterprise architects (EA) that don’t make an impact, eventually are failing. And to make an impact, you need to transform and produce tangible outcomes near real-time. If you don’t provide impact and change as an enterprise architect, your role is obsolete and better to leave it for operational people.

In our conversation, the customer after ‘someone’ had done piles of documents difficult to use in a larger context for anyone else; documents which were structured in a PowerPoint container (read SharePoint), poorly connected (meaning not connected at all),  and finally relying on distributed versions of excel (read no meta-data) and with little focus on change. The likelihood of people reading such presentations declines for every month it has situated in the PowerPoint container becoming more and more obsolete. It happens a lot of places, and this is where our approach to Enterprise Architecture Management (EAM) can help you. Our EAM solutions are based on proven technology and can easily connect to many different data-sources such as CMDB’s, Finance, etc. Only with a living approach where data is stored as meta-data, and data is kept fresh via strong focus on IT Governance – will it be possible to make sustainable change. This is what makes enterprise architects and the EAM practice successful.


What is a living architecture?
At our office we work with ‘Living Architecture’. Living, because it is not a dead end of a document output. Living, as it  still breathes, as opposed to static and dead architectures that once they were built, they never received more updates. With living architecture, we interact with more people, update the data, and enrich on properties subject to roles and delegates. This is easily accomplished in modern toolsets we can provide, but also relies on the approach to focus on stakeholders and outcomes, rather than frameworks and static drawings.

 

Why do we need a living architecture?
Because pace of change is increasing, and management calls for better ways to get insight to data and relationships, such as which product is the most important one? Which services should we plan to use coming years? Where are the candidates for take-out? Such analysis should not be project deliverables, but be part of an ongoing process where data may be connected and viewed in new ways to support few-clicks to better fact-based decision support. By revitalize the architectural information you can move the data governance to be automated and part of the strategic analytics agenda. It is also important leave-out the CMDB tools in this context. Only by working with semi-structured and strategic information, will it be become possible to plan and prepare roadmaps for the future IT operations.

 

Is the strategic agenda related to architecture?
Many people have different perspectives to what-is-what and what-connects-to-what. The only way to get the larger organisation to view this in the same way is to share actively the interpretations and definitions to get consensus to what an enterprise means by this or that. This is not something that is thought-up in the architecture office as an ivory-tower exercise. Only by federating data and expressions you will get to the collaboration of the enterprise to view things in the same way, then to realize that many of the ‘things’ mean different to different stakeholders. A living architecture serves the need to embrace it all, connect it all, and structure the information with updates and relationships to make it relevant for as many people in the business as possible. Good Governance and MooD in terms of managing metadata, or Signavio in terms of business processes and process intelligence can help you on this journey to master this across the entire business!

 

Does this mean there is only one truth?
It means that information should be mastered where they are master best! With MooD you gain the overall business logic to master master-data and information management. And with such a solution, you get a living architecture. MooD eventually becomes the connected truth, helping  Enterprise Architecture to connect and structure information.  A living architecture is about the perspectives are different – so that different people will see different things – from whatever they find interesting! It’s not about making many large documents with ‘dead’ artefacts. Information management and process management is about managing meta-data – then to export to documents for compliance reporting, only.

A living architecture is about connecting the many types of data that are continuously changing at different frequencies in an organization and relate to each other. A good architecture description exhibits and collaborate with all stakeholders so that they can all see their perspective. A living architecture is the vibrant mean to succeed in the digital transformation. It provides the living links between the data. It may be useful for projects, but it may also be a subset to carry-on after projects are completed.

The living architecture creates insight by building bridges between concepts and the many data in the real-world. If you like architecture – and enterprise architecture in particular –  then make sure you deliver to people in the business constantly updated views of the estate. This is where we can help you to succeed. Don’t waste your energy of detailed drawings that no managers will understand, but master the living updates of information in the EAM solution. This is how digital transformation is managed.

We help to align long-term planning with short-term planning, which is an ongoing process – and a digital process of information management. Long-live the digital planning. If you have questions, please make contact. We are a consulting house with senior profiles and business solutions; we provide deep expertise in digital planning, digital governance and process automation. We power your digital mood!

 


  • -

May 25th – is this the start or ending of GDPR?

Category:EA

A lot of organisations have run General Data Protection Regulation (GDPR)  projects to gather a solution to demonstrate compliance by May 25th earlier this year. Now that May 25th has passed, summer has gone and most projects have closed-down. What is left? What was the outcome?

Does it mean the compliance is now resolved?

Do you now get automatic updates to your GDPR meta-data?

Do you have any plans for improving the quality of the information?

If May 25th was a milestone, was that the end or the start of a new era?

Now a few months later, we start to see the first cases of leakages; but still we don’t know the fines, and still we have not seen all the legal interpretations. Although it may sound a little like the hype at Y2K, it is quite different:

“Back in Y2K, all prepared with equally large projects, and finally,
the clocks tipped over midnight and the world discovered, the world still existed.  
There was no big Y2K global disaster.  Then we were in the new millennium, business was as usual”.

With GDPR it has been just the same preparations, but since the clocks tipped over May 25th, there has not been much unusual. But Y2K was just an event; GDPR is a new regulation that will demand attention in future! No-one will know for sure what we can expect to see.

– Hacking groups will be working to find ways into some companies and will only collect and leak the data when GDPR is alive, either to gain profit or stimulate fines.

– Once a leakage is done, it will hit media. This will eventually lead to reputation-damaging incidents.

– It is hard to predict who will be first audited, or first to have a leakage.But it will have an effect.

– Most likely the compliance processes need to improve considerably in the future to stay out of the mess. Once the first fines are given, this will also add to the requirement to keep GDPR compliance up-to-date.

So yes, there has been much ballyhoo about the GDPR and the potential impact. We have passed May 25th and have noticed limited impact, however, we might just be at the beginning of a new era where optimisation will become a need to stay compliant.  We often advice people to create a journey with a sufficient set of maturity levels. Subject to industry this does vary. However, it is relatively easy to identify a set of maturity levels like the following:

Ad-hoc (Step 1): This is where interviews and data capture has taken place typically with loads of excels and word documents to capture all processing and controller activities, linking this with free text to services, systems and data types. As most consulting organisations have limited tool experience, this has often been solved in word, excel or simpler point-tools developed for GDPR. Typically this relates to the lowest maturity level.

Mature  (Step 2): This is where automation will remove the free text, the word and the excel reports are gone, simply to produce tangible meta-data between Data Subjects, Processing and Controlling Activities and 3rd Parties. The dependencies are collected and visualised in web-based solutions. Although this may still be possible to do with point-tools, it is the divide into digital governance tools where RACI-models are used to democratize data-updates.

Architecture  (Step 3): This is the level where GDPR is just a subset of the enterprise information model. This is where GDPR is just one of more regulations, based on the data of the eco-system sharing data across services, customers, servers, databases etc. This allows automatic data flows and full compliance against the IT landscape. This is architectural maturity based on enterprise architecture (EA) or information management (IM). This stage supports democratisation of input to collectively share the burden of all related updates. Far beyond GDPR point-tools, typically we advise MooD solutions for this stage.

MDD Reporting (Step 4): This is the automation of model-driven documents. Remember all the word or excels of step 1; they are now automatically output every night, fully updated! All the 3rd party reports and paragraph 30 reporting is provided by the solution, either as a night-job or as a single-click. The role of the DPO has now changed to an information manager, managing the data quality.

Process Intelligence (Step 5): Linking the ecosystem to process management and workflows is the final step. This will provide the continuous learning and the updated view to “how” processing activities take place. This is e.g. where we recommend Signavio with MooD providing a single portal for managing all of IT – including the GDPR compliance.

So all-in-all, GDPR projects may have closed down. But if you haven’t automated through the 5 maturity steps, then you are not done!

If you want assistance, please make contact.

We power your digital mood!


  • -

Long live the Digital Planning

Category:EA,UK Blog,Uncategorized Tags : 

Digital Planning is the discipline to work with long-term strategic actions without being detailed of how to implement activities. It provides an overall investment focus to values and outcomes and how this ties into the investment streams to provide digital road-maps for planning. While the old approach of power-point based IT Road-map planning seems dead, e.g. see the post by Patrick Gray,  then the digital formulation of it may survive  – in particular in the form of mindset and direction-setting that keeps the the main purpose of planning.

Planning may be situational, just like detailed plans always will depend on the specific case, situation and conditions. The difficult part of planning is the uncertainty of the future: One may shorten the horizon to improve the likelihood of estimate,  improve the underlying model, or reduce the feedback from the prediction to mitigate the uncertainty. However, does it in context of strategy and market remove the need for planning? The answer is “no”. The ubiquitous purpose of strategic planning is to become aware and be prepared – and that clearly involves more stakeholders and is very different from the actual plans or project performance. We came to the conclusion that there are five fundamentals as to why strategic planning is important – and despite their inherent uncertainty, they are more required than ever!

  1. The opposite of Planning is not no-planning; the opposite seems to be detailed plans that are excelled into beyond the point of validity. Planning serves a higher purpose.
  2. Projects differ in uncertainty – to what degree are they repetitive and common? Should we really apply the same methodology to all types of development?
  3. Situational transition dictates what methodology to apply  – How to secure the right toolbox for the right type of development?
  4. The definition of Planning is that well defined? If you ask the chef, planning is to have the groceries for the dinner same day, whereas for the farmer to produce the crop for harvesting season. Do we mean the same even though we use the same wording?
  5. Not to mention the data-connectivity – only an old-school architects would do IT Road-maps in PowerPoint. If planning is democratized, poor planning is the same as a poor information based on no-connectivity and silo-approach.

Let’s go through these fundamentals one-by-one:

A: The opposite of Planning is not no-planning

The ubiquitous purpose of planning is to become aware and prepare. So planning has a value to understand, e.g. why a competitive product or service is challenging a revenue, and very different from executing a marketing plan without changing it – or changing the product or service, if indicators show the battle will not be won. Dwight D. Eisenhower once said,

“In preparing for battle, I always found that plans are useless but planning is indispensable”.
– Dwight D. Eisenhower

For a company to survive the coming 3 or 10 years,  it is hard to argue that no considerations of external threats, technology changes, emergent legislation should not be considered. But equally fair to guess, that even considered, the actual impact will not be fully understood until later in time. May well be that the forecast is poor and the prediction ends up being wrong or displaced, but planning as the preparation and improving the agility of what to respond as an enterprise is indispensable. The purpose of keeping the foundation of the planning intact is crucial in a digital world. Scenarios of what-if alternatives might be understood, and the opposite is not no-planning. The opposite is a constant pressure on doing the execution of the approved plans.

B: Projects differ in uncertainty

To what degree are they repetitive and common? Should we really apply the same methodology to all projects? Agile is certainly something we advocate for open-ended discussion, but if you happen to have more close-ended solutions, the construct of agile approach may be much too time-consuming. Agile goes well when everyone is uncertain – that will eventually lead to planning. However, if the project is to setup yet another new shop, the type of project may not be new, and the approach to seek experiments and agility may be less urgent.

C: Situational transition dictates what methodology to apply

The STARS approach by Michael D. Watkins ought to be mandatory reading for all information architects.

If you have something to protect such as knowledge, services, brands or patents, you will likely be in a sustain or realignment situation where you have time to act and provide planning of how to secure your assets as part of a business transformation.

Typically architects asked to help in a turn-around or start-up’s will have a much harder time, when speed of action weighs higher than thinking to protect parts of as-is. One could argue, that that the act of planning, in case of a change in oil prices is really to prepare for a worst case scenario, such as a 50% cut in price per barrel, before it happens. But as we don’t know the prices in the future, the specific plans are likely of no use – but if we can carve-out the actions to take given specific what-if conditions, that may be indispensable as the new way to do long-term planning.

D: The definition of Planning is that well defined?

Is the definition of Planning that well defined? If you ask a chef, planning is to have the groceries for the dinner that evening the same day, whereas the farmer needs to know what to grow before harvesting season. Do we mean the same even though we use different wording?

According to Wikipedia,

“Planning is the process of thinking about and organizing the activities required to achieve a desired goal. It involves the creation and maintenance of a plan, such as psychological aspects that require conceptual skills. As such, planning is a fundamental property of intelligent behavior.”

So even here planning has a wide range of meanings, and provided the desired goal is to continue as an enterprise, we should all maintain a plan of how to survive in the market. Maybe that is different from the actual 3-year road-map, however, if the plan mandates to migrate to a new payment platform or banking platform – how can we do this without more detailed planning?

E: Not to mention the data-connectivity

Only an old-school architect would collect excels for planning, so is poor planning the same as a poor architecture? Or could it be that poor planning is often the immediate outcome of poor information management? As described in other posts, we see the concept of living architecture or new architecture as a fundamental for successful planning. Because pace of change is increasing, and management calls for better ways to get insight to what-if. the objective of digital planning is collectively to prepare more for these events.

Which services should we expect to use the coming years? Where are the candidates for take-out? What new offerings will fuel our revenue? Such analysis should not be project deliverables, but be part of an ongoing planning where data may be connected and viewed in new ways to support few-clicks to better fact-based decision support. By revitalize the architectural information you can move the data governance to be automated and be part of the strategic agenda.

We tend to say that long-term planning needs to align with short-term planning, which is an ongoing process – and a digital process of information management. Long-live the digital planning – may be part of the digital transformation!

We power your digital mood!

 


  • -

Do you grow your digital governance?

Category:EA,Services,UK Blog Tags : 

Whatever term one might use, the meaning of ‘digital governance’ seems to be what we all care about in larger organisations – how to automate digital information to provide a better collective transparency and insight of the enterprise. It is not just about data and it is not just about processes; it is about people –  how we work smarter and more automated as an enterprise with data and processes to improve our digital ability to drive forward better decision-making. Sometimes ‘digital’ is simply loose for data, but underneath, it  is associated with either digitization and/or digital transformation – and don’t mix up these two terms…

“Increasingly, the work we do is enabled more and more by new IT, including automation, robotics, and intelligent platforms”.
                                                                                                                                                                                — Pierre Nanterme

Working with decision processes, we need to consider that such decision-making processes are very different from business processes of a value chain; simply the characteristics of cause-and-effect are less tangible and more ‘soft’. Trying to understand the complexity and nature of the decision-making processes, we need to adapt to the company tongue, the stakeholders and the way such a business is driving decisions. It means we can still implement smarter solutions of digital governance, which is what we normally refer to when we talk ‘how we make decisions’; however, it also means that to succeed with such solutions we need to consider how to digitize and successfully grow the governance when data is not enough on its own.

“I think the automation of vision is a much bigger deal than the invention of perspective”.
— Trevor Pagien

We often talk  ‘digital governance’  in context of ‘automation’ because a digital governance will automate manual tasks. A growing governance is where we continuously get more data into the fact-based decision support, and where we achieve this by managing the organisational change federating more data to collectively become wiser. This is what enterprise information management (EIM) is all about, the outcome of enterprise architecture (EA) in a nut-shell mastering the terms and information architecture.

Governance requires corporate information as fuel, and needs to be flexible enough to accommodate to ever-changing market conditions. A digital governance will benefit from our approach to agile information management. Today there is almost a hype around business models but only few enterprises have conceptual models connecting this to business models and providing a closed-loop approach by ‘wiring’ these models to real-time operational data and planning input.

The objective of the governance of the information management is the agile construct of an enterprise-wide business model which  serves the purpose of better decision insight and strategic planning. Digital governance cannot be achieved without people, stakeholders and data. It is not about making another calif ERP; it is about recognizing the eco-system, where we provide the technology and methodology to maintain the logic model, where data can be interchanged, communicated, enriched – via  a (digital) web front end or via (digital) integration to other (digital) systems. This is about applying information management, growing it in a DevOps or agile way, to support the open-ended construct of improving the way “we make decisions”. For this, we have chosen to work with award-wining world-leading software.

“It is not about making another calif ERP; it is about seeing the eco-system, where we provide the technology and methodology to maintain the logic business model where data can be interchanged, communicated, enriched – via web front end or via integration to other systems”.

So what is it that we solve with a growing digital governance? We build a connected truth as business models providing a closed-loop approach by ‘wiring’ these models to real-time operational data and planning input. We don’t like building architecture tools for architecture, or bakeries that bake for bakers. We like to connect the users of an enterprise by re-using data, by re-using the knowledge maintained in other systems such as data warehouses, service management tools, financial systems, HR systems, etc. We apply design thinking, so instead of the old-school of “learn a framework, buy a tool, draw some processes, then hope”, then work with rapid development tooling to apply automation processes and data by pretotyping the decision support, simply to avoid middle-layers of requirements analysts interpreting coders. So enterprise architects and strategists working with this methodology will grow the governance as DevOps, and it will keep the customer-facing activities along a succesful growing of digital governance.

Sometimes, we also see words used in this context:

  • EIM – As the overall Enterprise Information Management discipline, continuously automating information that else would be manually handled in SharePoint, Excel, Access or similar silo-based system. EIM is what provides the digital platform for execution.
  • PI – As the solution to Process Intelligence, of how to gain insight to decision support from our business processes. This typically is an automation of drawings, diagrams and emails, that otherwise would reside in distributed mailboxes with visio, powerpoints etc. With a process intelligence setup, people can collaborate on the same set of process insight as re-usable meta data.
  • CMDB – As the specific solution to service desk and IT operations. With a CMDB, people can start automate ticket flows, email and chat notifications, to automate the configuration items of IT operations.

To make the digital governance succesful, it needs to grow. To mature the governance, make it actionable and follow the data and the people in the room to discuss how decisions are taken, and then grow the outcome to make it tangible.This is what digital growing governance is all about.

We power your digital mood!