Karen and Matthew explore the benefits of SFIA to both the individual and the organisation and how organisations are using the framework.
Karen asks Matthew about a case study in the use of SFIA and they discuss the recently announced SFIA V6.
Many organisations are looking at Service Integration and Management (SIAM) as the next big thing. Others are scratching their heads and wondering what it is all about.
For starters, Service Integration and Management has been around for some time, although often referred to as Supplier Integration or Service Aggregation. As a model, SIAM helps define the interconnects between the suppliers of services and the consumers of services, and is used in many of our larger organisations to manage complex supplier activities.
Within the SIAM model, there are several defined processes. These processes are variants of the ITIL© (IT Infrastructure Library) processes, mainly used in Service Operations, Service Transition and Service Design. SIAM process models call out several elements that need to be defined within a process model. What is defined and the level of definition is often at the discretion of the SIAM design team, but at a minimum, the model should include: –
For example, let’s take an Incident Management process, one very typical in most Service or Help Desks environments. An Incident comes in to the Service Desk and is triaged by the Service Desk Analyst. If they are unable to resolve the incident they will transfer the incident to a 2nd level resolver group. That resolver group may well be a Service Provider who accepts the incident and eventually resolves it. The Incident Management process with its SIAM ‘interconnects’ defines how the incident is transferred between the two organisations. Each person will have a defined Role within the process, which will be the same for each service provider. What is transferred between the Service Provider and the Service Desk is defined in the data elements. Lastly, who owns the data when the Service Provider is disengaged is also defined.
Different processes will have different levels of integration. Processes like Incident Management and Change Management are tightly integrated like a relay race, with a well defined ‘baton’ exchange between different runners. Other processes are more coordinated, like a high jump. As long as only one person jumps at one time (and no one gets hit with a Javelin), all is good.
Defining the skills required for each of the roles within the SIAM model is where SFIA, the Skills Framework for the Information Age, comes in. SFIA defines the skills within roles and helps define development gaps within individuals. Each of the SIAM roles within the process model will have a set of skills. Making sure people have the right skills for each role they perform ensures the model works smoothly.
If the SIAM process model defines the how, and the SFIA roles define the who, then COBIT defines the what. COBIT 5, from ISACA, is an all-encompassing framework that covers all aspects of IT Governance and Management, and helps define what each role within the SIAM model is responsible for. It is not prescriptive like other process frameworks, instead it has a pragmatic approach as to what needs to occur in a well-managed and governed environment. COBIT has often been a tool used by Information System Auditors; it is now a framework of choice for those wanting to create a Top Down operating model for IT. Choose what you want to govern and manage via COBIT, decide how you do it from the vast array of process methodologies in the market, and then choose who does what based on their SFIA Skills. By including the Responsibilities from COBIT into Role Profiles and Position Descriptions, you close the loop between what you want to do and who is responsible and accountable.
For organisations who need to baseline their current capability, we turn to ISO\IEC 20000. The International Standard for Service Management helps us determine the ability for an organisation to adopt a SIAM model, either as a SIAM Manager (the Service Integrator) or a Service Line (Service Provider or Service Tower). For SIAM to be successful, a level of compliance needs to be achieved across all Service Providers, especially in the Integrated processes. Identifying where you have gaps in your maturity now will save you lots of heartache and pain in the future, as a fully functional SIAM model will put undue stress on your existing processes and capabilities. Whilst many external Service Providers may already be ISO20000 compliant, internal IT organisations may not. This is the biggest challenge for many organisations. All service providers are treated equal in a pure play SIAM model. Therefore, if an internal IT function is delivering services, then it is performing the role of a Service Provider, and needs to adhere to the same processes as the other Service Providers. This can create a conflict within the model if not handed effectively, as many Service Providers want to take on the role of the SIAM Manager, or Service Integrator, thereby creating a conflict of interest. The same can be said if special treatment is given to Internal Service providers by an Internal SIAM Manager. SIAM needs to have strong Governance for it to be effective.
So given the challenges in creating a SIAM based model, why are organisations going down this path? One reason is the amount of Service Providers organisations are using. According to Gartner in 2014, back in 2000 most outsourcing arrangements were confined to a single prime Service Provider. In 2005 it became more of a Best of Breed approach, with maybe 3-4 providers. Multi-sourcing became popular in 2010, with maybe 10+ providers. Today many organisations have 15-20 Service Providers, some of these being cloud based. Many organisations have wanted to embrace the cloud for some time, and have even created a ‘Cloud-1st’ strategy. What has been missing was how to do it. SIAM, for many organisations, has provided that missing piece of the puzzle, and helped enable their cloud strategy.
As more organisations struggle to transform to a Digital economy, and harness all that the cloud can offer, SIAM will cease to be such a puzzle, and become more the answer they have been looking for.
Simon Roller is a Director and Principal Consultant for BSMimpact. He is an authority in Governance and Management frameworks, and an expert in Service Integration and Management. He is an ITIL v3 Expert, Certified Information Systems Auditor, Certified in Governance Enterprise IT and a Certified Information System Security Professional. Simon is also an Accredited SFIA consultant and on a number of global expert groups for Governance, SFIA and SIAM.
This week I attended and spoke at the ISACA Oceania CACS event in the Gold Coast in Queensland. The annual event is a regular haunt for those involved with Auditing and IT Security, and the event had a great turn out with over 200 delegates attending, plus a number of sponsors.
My presentation was well supported, mainly by those who focus on governance and audit. The presentation looked at how we can map COBIT and SFIA together, and the value of this mapping. We have talked about this before at other events, as we are great fans of both these frameworks, but this time we incorporated elements of Management (ITIL) as well as workload analysis. There was some great feedback from those who attended, as most had not realised the linkages between COBIT and SFIA, and how COBIT can be used to define the core responsibilities within a role and SFIA the core skills to support a role. Many of the auditors had “aha!” lightbulb moments, as they could see the potential value of including COBIT activities and SFIA skills in position descriptions, and using that to ensure that all the core COBIT processes were supported by people within their organisations.
Earlier in the day, I attended a keynote presentation where the ‘T’ shaped roles were discussed. “Mr T”, as us ‘non Millenniums’ like to call him, is an individual who has a detailed set of skills in one area and a broad set of skills in another.
Mr T first got mentioned when we discussed Agile Development, and now is included in DevOps and other operating model variants. Using the mapping between COBITs responsibilities, SFIA skills and COBIT activities, we can see which of Mr T’s skills (punching people – SFIA skill: HPWF) are core versus additional qualities like modelling gold jewels (SFIA skill: WTGN) are important to his role.
After the session, a number of people spoke about the value of this, and one individual mentioned that the presentation made the whole conference worthwhile – great feedback indeed! Most also agreed they would start to use SFIA as part of their auditing activities and discuss its adoption in their respective organisations.
If you are interested in the presentation, just reach out to us and we can send it on to you.
By the way, both the SFIA skills HPWF (Hitting People With Fists) and WTGN (Wearing Tacky Gold Necklaces) are not real SFIA skills, although with version 7 being discussed, watch this space…
Simon Roller | Director | BSMimpact
Matthew Burrows wrote a blog that was featured on the ISACA website, focusing on the area that has grown considerably since the publication of SFIA V5: cybersecurity.
Matthew states that “SFIA works well with the various cybersecurity frameworks and information security standards. However, it covers a much wider scope, defining skills needed across the complete digital information and communications technology landscape. A number of new skills were defined and some existing skills re-worded in version 6 to account for the massive changes that have taken place in this area.
It’s not just about determining the headcount gap regarding the number of cybersecurity professionals, it assists in understanding HOW organisations can build their own cybersecurity capability.
By understanding the unique skills required, organisations can determine if the gaps are in knowledge, role design and/or professional skills. It helps determine who needs upskilling, which roles may require a re-design, and identify the relevant training, mentoring, knowledge transfer and other development activities.
An article focusing on the changes to SFIA in version 6, specifically around the Digital Forensics and Cyber Security space were discussed in an article written by Matthew Burrows for Digital Forensics magazine. The article explains that SFIA works well with various cybersecurity frameworks and information security standards, but covers a much wider scope, defining skills needed across the complete digital information and communications technology landscape.
Matthew explains some of the ways that SFIA helps in regard to digital forensics, cybersecurity and information security, SFIA is being used to:
Once you have a baseline of the skills you have, there is a lot you can do with it:
Download the full article here.
This white paper explores the range of skills that make up a Project Manager role, utilising both the PRINCE2 methodology and the Skills Framework for the Information Age (SFIA).
These insights will help to show that there are other factors influencing what makes a Project Manager “good”, and challenge the statement that “good” Project Managers are hard to find!
What are the barriers to success?
If we accept the PRINCE2 view of the world, and we acknowledge the different activities and skills required to run a project, we see the diversity of skills for a Project Manager is probably one of the greatest within the ICT profession. There are a number of clues that can help us to determine what skills are really needed for each project, and they include:
Given the complexity and the diversity of business and IT projects, and the pressures to time, cost and quality, perhaps the issue is not that good Project Managers are hard to find. We need to be more selective as to how Project Managers are used, and recognise the risks associated with skills gaps.
US-based DTRA – Defence Threat Reduction Agency has one main focus: to keep Weapons of Mass Destruction out of the hands of terrorists and other enemies by locking down, monitoring, and destroying weapons and weapons related materials. DTRA J6, Information Operations, serves as the underlying information technology and knowledge services entity for all of DTRA.
As the IT practitioner’s role is increasingly moving from a strict “technology” orientation to a more collaborate “innovating together” orientation, it was felt that the Skills Framework for the Information Age (SFIA) was a good fit to help transition the department from being technology focused to that of collaborative innovation.
BSMimpact were asked to conduct an “Understanding SFIA” training course and following this, perform a SFIA self-assessment using BSMimpact’s online tool.
“Matthew was a great instructor, experienced and insightful in his sharing of important SFIA-driven procedures and practices for world-class IT professionals. And the SFIA concepts appear to be a great fit for what our DTRA J6 is trying to accomplish – transition us to the brave, new world of future IT concepts and practices”.
– Donald Minner, DTRA J6 Information Operations Lead, Quality-Analysis-Synchronization Team.
Click on the link below to read the full case study.
Vodafone had been going through an extended period of growth with an attendant expansion of its IT. This had led to the emergence of a disparate set of standards and processes, with a number of uncoordinated projects. The result was unsatisfactory levels of service performance and inefficient operations. With its heavy reliance on technology to deliver its business, these issues undermining the relationship between IT and the Business. In recognition of these issues, Vodafone created a Service Operations function to introduce formal Service Management discipline within IT. This function however needed additional skills and experience to give direction and focus to achieving its objectives.
Starting with a small and focused Service Management implementation for one department, BSMimpact were able to identify the cause of wider service inefficiencies across IT. BSMimpact then presented a remedial plan designed to address the customers’ issues. Employee engagement is fundamental to business success in any service industry and this was a corner stone in our activity with Vodafone. Feedback was collected from employees within Service Operations and from internal customers and stakeholders across Vodafone. We also held workshops with key stakeholders to agree a set of design principles.
In addition to cost savings resulting from the removal of inefficient practices and duplicated projects, Vodafone realised benefit through the increased recognition of the value delivered by IT to the Business. This led to a more mature relationship between IT and the Business which supported future investment and development.
Read the full case study by clicking on the link below.
Matthew Burrows joined the ITSM Global Podcast team at SITS15 to talk about SFIA, what’s changing in Version 6 and the benefits organizations can get out of using SFIA!
Matthew Burrows presents a webinar with Accredited SFIA Partner, Learning Tree, in February 2016. In it he discusses how organisations can identify the skills they have and the skills they need using SFIA.
Developing staff skills to prepare for the Department’s transformation to a services organisation.
Land and Property Information (LPI) is a division of the Department of Finance, Service and Innovation. They are the key provider of land information services in New South Wales, Australia, which includes spatial information, titling information and valuations.
Steven Woodhouse, the Chief Information Officer of the Department had created a strategy to turn the ICT department from a traditional environment into a services organisation.
“I wanted us to work as a service organisation within LPI” commented Steven. To do this, he had to set up a vision of what the organisation would look like. In order to see this ‘future state’, they needed to understand their current situation. LPI turned to SFIA to understand what skills they had currently, and to determine what skills they needed in the future.
Download the full case study (link below) to view their SFIA Assessment findings and an outline of Phase 2 – Performance Management.
“We needed to get a flatter, more streamlined structure that allowed for the movement of skills from one place to another, plus we needed to enhance some skills and not worry about others. The performance management component was recognised as a logical next step, where our aim was to make people want to participate in performance management. That’s why we tied our next phase of our SFIA journey in with performance management.“
Karen Ferris of Macanta talks to BSMimpact’s Managing Director, Matthew Burrows, about SFIA, the Skills Framework for the Information Age.
Karen and Matthew explore the benefits of SFIA to both the individual and the organisation and how organisations are using the framework.
Karen asks Matthew about a case study in the use of SFIA and they discuss the recently announced SFIA V6.
The All Things ITSM team catches up with Matthew Burrows at the itSMF Australia Conference in August 2015. Here he discusses the SFIA 6 launch in Sydney, explains the global spread of the uptake of SFIA, where it fits amongst Cobit and ITIL, and much more! Take a look at the video by clicking the link below.
Matthew Burrows and Mike Chad provide an update at the Developing Digital Talent conference (July 1, 2015), on the latest release of SFIA (v6). They share the detailed changes between version 5 and version 6.
SFIA Version 6 was released in 2015. each described at one or more of 7 levels of responsibility. To aid navigation, SFIA structures the skills into 6 categories, each with a number of sub-categories…. check out this 2&1/2 minute video for more information!
Understanding individual skills of current staff at CenSus using SFIA provided invaluable data.
Central Sussex (CenSus) Partnership ICT provides ICT Infrastructural support services for the Horsham, Mid-Sussex District Councils and the Adur-Worthing Partnership. The organisation was formed in 2006 with Adur, Horsham and Mid-Sussex participating. Worthing subsequently joined in 2011. The CenSus ICT team also supports the CenSus Revenues and Benefits Service that provides benefit processing for Adur, Horsham and Mid-Sussex councils.
The CenSus ICT Team has three principal locations (Horsham, Haywards Heath & Worthing) and has been formed from the respective Council teams.
The intention and plan at CenSus was to form a single team capable of providing ICT support services for the participating organisations, both for Business As Usual (BAU) activities and for transformational and developmental projects. To do this, it was necessary to understand the skills and capability of each team member to ensure that the right people were in the right roles.
It was determined that the Skills Framework for the Information Age (SFIA) was a framework that could be used to identify ICT skills and understand if there were any skills gaps. BSMimpact were engaged to help CenSus implement SFIA. With the arrival of the new Interim Head Of CenSus ICT (himself SFIA accredited) it had been determined that a skills assessment for the 46 staff involved should be undertaken prior to any possible reorganization of the service. To make sure that the service was able to meet current and future demands in a rapidly changing environment, they needed to know what skills and capabilities were present within the team. This included not only technical skills, but also professional and customer service skills.
“An excellent service provided by a thoroughly professional organisation. BSMimpact’s Consultants were knowledgeable and had sufficient experience to be able to put the information gathered into a suitable context.” – Ian Henderson, Interim Head Of CenSus ICT
For the full Case Study, download the PDF below.
Telefonica is one of the world leading integrated operators in the telecommunication sector, providing communication, information and entertainment solutions, with presence in Europe and Latin America. Operating in 24 countries, Telefonica’s customer total amounts to 313.1 million*, with over 23 million customers in the UK.
As the commercial brand of Telefonica UK Limited, O2 is a leading digital communications company. With over 450 retail stores, O2 runs 2G, 3G and 4G networks across the UK. Telefonica UK’s vision is to be “the most trusted provider of brilliant digital services for our customers”.
To underpin this vision and purpose, Telefonica wanted to achieve ISO/IEC 20000 certification, as it was a recognized international standard that can demonstrate professional standards in service management. It was believed that the achievement of this certification would further demonstrate and underpin their ambition to develop an industry leading service based organization and enhance the value of service to their customers.
Whilst several organisations have achieved ISO/IEC 20000 (ISO20k) certification, reports of successful projects indicate that it usually takes 12 to 18 months. This was seen as a major risk to the project within Telefónica.
By working in partnership with BSMimpact, using an agile-like approach, Telefónica UK fast tracked their certification, taking only 5 months to design, implement and embed the SMS ready for the further 3 months of evidence and records required by the external auditors for certification. BSMimpact brought expertise, assessment and tools support to Telefonica and ensured that the following principles were adhered to:
“Part of our vision is to be industry leading in service management. Telefonica UK now has an ITIL aligned and ISO20K certified Service Management System that allows us to demonstrate excellence and prove best practice in the way we manage Services for our customers. Furthermore, industry experts agree that the timelines in which we have achieved it are unheard of and they are keen to talk to us!“
– Eva Franconetti, Continual Improvement Manager, Telefonica UK
Why is value so hard to sustain? What is the secret to making best practice stick? How do you make process improvement and good governance last when the consultants leave?
Most process consultants talk volumes about “Adopt and Adapt”; the importance of adopting best practice frameworks and then adapting them to suit the business and organisation. The problem is that when most consultants leave the building, the value leaves with them. In order to preserve the value in best practice, we need to embed best practice into the organisation.
SFIA, the Skills Framework for the Information Age is a “people” framework. It focuses on the skills and the capabilities required in supporting good governance, and it is the missing link in governance adoption. This white paper describes a case study that was conducted within a large organisation in 2013. We were asked to perform some analysis against a set of roles. SFIA version 5 was used to both analyse the roles required by the organisation and then rate the individuals currently performing those roles. We wanted to explore the hidden value of SFIA in tangible terms.
There is great value in adopting frameworks like ITIL, Prince2, COBIT and the like to standardise on process and implement good governance. Unless we define the roles effectively that support these frameworks, then people will be challenged in performing their tasks and being effective in their roles. By implementing a skills framework like SFIA, we can better align the skills required for the roles we build. The cost of skills development and career progression can also be justified. If we understand the value of a skill or set of skills, we can choose whether tyo build the capability ourselves or buy it in. We can track where our human assets are, and calculate the return on our human capital.
Finally, by aligning the roles people have to the skills they require, we are much more likely to get them to adhere to the processes they need to follow. SFIA is truly the missing or forgotten framework, and a critical component to both embedding and delivering IT Governance.
Fear of the unknown, or fear of change can upset the balance of any project being undertaken. SFIA, the Skills Framework for the Information Age is a “people” framework. It focuses on the skills and the capabilities required in supporting good governance. This paper outlines the ‘people’ skills required by Project Managers as opposed to the more technical, or tangible skills, plus discusses 3 key areas that must be considered in any project, but particularly for SFIA implementations when the focus is on assessment of individual skills. They include:
SFIA implementations are sometimes met with a lot of resistance because it is seen to be a way to rate individuals, and assess their performance. Quite often it is usually the opposite: organisations want to understand what skills they already have in place, and determine what skills might need developing.
This ultimately saves time and money in recruiting new staff, provides a positive message to current staff that they are valued, and if they do need to recruit, organisation know exactly what skills they need to complement the team they already have. If we can transmit this message to individuals from the outset, perhaps there would be less resistance to change and they might actually get something out of the exercise.
If you are looking to implement SFIA in your organisation, first consider what the benefits are to both the organisation AND the individual, then prepare a number of different messages and use different methods to transmit the message.
You’ll reap the rewards at the end of the exercise if staff can easily see the benefits of the implementation from the outset.