Below are some questions from organisations taking the 12-Box maturity assessment. I’ll post further questions and answers on this post as they arise. Any questions please give me a shout. Thanks, Martin
Q. SCOPE – Will this assessment work in a decentralised environment?
A. Decentralised SAM is surprisingly common. Best practice says you should centralise things to take advantage of economies of scale and simplify the administration of everything and enjoy a clear view of risk across your whole estate. But it is very common for local departments or regions to have autonomy. Is your role to govern these departs or regions or are they responsible for their own risks – that should help you decide what scope to apply to the assessment.
Q. AUTHORITY – The authority questions make reference to senior management – I have the support and backing of my manager (IT Manager) and his manager (VP of IT) – is this considered Senior Management or are you looking more for support by C level management?
A. The goal of senior management advocacy is to ensure you have management buy-in to get things done, can create or argue for budget, can escalate things if your policies or processes are not being adhered to, can thump the table or otherwise help your business change its habits.
Q. SAM BUSINESS PLAN – We do not have a formalized SAM business plan, but this does not mean that we are starting from scratch, on the contrary many measures are in place to reduce risk and report on compliance.
A. The SAM plan is to show how you intend to improve things and what you’ll measure to demonstrate improvement.
Q. TEAM We have two dedicated SAM individuals, myself and an administrator who looks after our SAM tool. This is the ‘Team’ however there are individuals responsible for compliance and software licensing/purchasing in other countries who could be considered members of a virtual SAM team. I have answered the questions with the inclusion of the skills and tasks performed by individuals from this fragmented ‘team’. Is this correct?
A. Correct. If your role is governance and to oversee performance of the whole company then your maturity should be measured on the whole company and should include your extended virtual team.
Q. TRANSITION Can you please expand on the first question in this section and perhaps provide an example?
A. Most organisations have some form of change control process for making changes to production servers. I.e. The exchange server needs to be patched because of a security issue and a formal change request is logged to make sure the change is authorised. Are you aware of such changes?
Q. REQUEST Is question 4 (Request) hinting to Total Cost of Ownership (TCO) or just direct costs such as initial purchase expenditure and support costs?
A. If it’s costing the business $2,000 to buy a piece of software, it’s letting them know so they are aware that it’s costing the business money and is not a consumable item. It’s just an indication of cost and doesn’t have to be total cost of ownership.
Q. DEPENDENCIES: Can you please elaborate on what is meant by ‘relationship’ In question 3 and 4?
A. “The relationship between IT services and systems and assets that underpin them are managed” – For the most business critical services delivered by the IT department– do you know which assets underpinning them?
A. “High priority business services are identified and understood by the SAM team” – The SAM team understands which services are most important – i.e. it would be incredibly damaging to the company and it’s customers if those services failed.
Q. DEPENDENCIES: Can you please clarify what a virtual a means?
A. It is simply the relationship between virtual environments and their physical counterparts.
Q. INVENTORY: Can you please advise what is meant by an ‘inventory data model’?
A. An inventory data model is what inventory data is required to satisfy an audit. For example my inventor data model for Oracle databases would be all the inventory details required to satisfy an audit with Oracle (usually all the data required to populate the Oracle Server sheet such as how many instances do we have, what versions, what underlying power, what options and packs and so on). If you don’t know the inventory data model – you are powerless in an audit.
Any further questions please do not hesitate to contact me.
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.