IT Maturity – Mind the Gap!

Something that IT assessment tools such as the NIMM can do is identify where there are major gaps in maturity. Now this becomes very interesting when you are a service provider or shared service. I have had a number of NHS IT Directors who run a shared service ask me “at whet level should we use the NIMM?”, “should I assess my own capabilities or the capabilities of the organizations I provide service to?”. The answer really depends upon what you want to get out of the assessment.

1. If you want to benchmark and improve your own capabilities, then assessing the shared service is the way to go.
2. If you want to measure and improve the way your customers use IT services then you should assess them.
3. If you want to highlight problems you have in serving your customers do both

I worked with a large NHS IT provider who followed option 3. What they did was to assess themselves and each of their NHS customers. What soon became very clear was that the NIMM showed where there were large maturity gaps and these gaps actually accounted for why there were service issues.

For example, the provider assessed themselves as being at NIMM Level 4 for Change Management while their customers varied from NIMM Level 1 to NIMM Level 3. The NHS client organisation that was at NIMM Level 1 was the one which had major issues traceable back to a lack of change control. So while the provider was a NIMM Level 4 the Consumer was at NIMM Level 1 effectively “dragging down” the perception of the provider.

Now this is not rocket-science, however, what this does show is that using a common benchmark between supplier and consumer really helps show where maturity gaps are and helps the provider anticipate the type of problems that will result from this gap.

Hopefully the picture below shows what I mean..

NHS CIO Network Group on Linkedin

I have created a CIO Network group in Linkedin. The purpose of this group is to help connect those people responsible for Health Informatics across the NHS. This group is aimed at CIOs, IT Directors and Associate Directors etc. This group is not intended to replace any of the existing internal communications mechanisms, hopefully members of this group will find it a useful tool for connecting with their peers.

If you work for the NHS in a CIO capacity, please take a look. Thanks.

Here is the link to the group http://www.linkedin.com/groups?gid=2074660

NIMM Maturity Levels

In this post I summarise what life is like at the each of the 5 maturity levels at the core of the NHS Infrastructure Maturity Model (NIMM).

Level 1 (Basic)
At this level, the focus is to avoid downtime. Organisations at level 1 are characterised by ad-hoc manual infrastructure management and support processes. There is no effective control of the infrastructure with non-existent or unenforceable infrastructure principles, standards, procedures and guidelines (PSPG) for the most basic capabilities such as IT security, desktop management, network services and common infrastructure services. There is a general lack of configuration information about the existing infrastructure making it difficult to assess the impact of changes and difficult to effectively diagnose problems. The overall health of infrastructure devices and services is unknown because there is a lack of tools or architecture to enable remote service monitoring; this forces the IT department to operate in a purely reactionary mode. There is no vehicle for sharing accumulated knowledge across IT. Some individuals take the time to capture their lessons in any number of folders and databases. These are rarely refreshed, few contribute, even fewer search. Organisations with level 1infrastructure find their environments extremely hard to control, have very high desktop and server management costs, are generally reactive to security threats, and have very little positive impact on the ability of the business to benefit from IT.

Level 2 (Controlled)
At this level, the focus is to get control of the infrastructure. Organisations at level 2 are able to exercise adequate levels of monitoring and control to the key infrastructure components such as IT security, desktop management, network services and common infrastructure services. Most people IT recognise that sharing know-how is important to the IT organisations success. People are using some tools to help with learning and sharing.  Some IT managers give people the time to share and learn, but there is little visible support from the top. Most IT teams capture lessons learned after a project. Teams look for knowledge before starting a project. Investments have been made in people, process and technology that will enable IT to have remote management capabilities. These remote capabilities allow IT to be more responsive to users as well as being able to remotely effect changes to the infrastructure without the need for physical access to the devices being managed.

Level 3 (Standardised)
At this level, the focus is to standardise the infrastructure and adopt proven best practice. Organisations at level 3 have a highly standardised infrastructure which uses the control capabilities achieved in level 2 to implement principles, standards, procedures and guidelines for managing the key infrastructure capabilities such as IT security, desktop management, network services and common infrastructure services. IT staff are using a number of tools to help with learning and sharing. There is some isolated awareness on the importance of the organisations ability to develop and leverage its intellectual assets. A number of collaboration initiatives exist but these are not linked to business results. The standardisation achieved at this level provides IT with up-to date, complete and accurate configuration information about the existing infrastructure and will have a configuration management function established which maintains a configuration management database (CMDB). This CMDB enables better decisions to be made about planned and emergency changes to the infrastructure allowing the IT department to be pro-active, anticipating problems before they impact the business.

Level 4 (Optimised)
At this level, the focus is to achieve infrastructure optimisation. Organisations at level 4 have optimised infrastructure, where the costs involved in delivering and managing core infrastructure are low when compared to similar industry norms. At this level, processes and policies have also been optimised so that they can support technology,  enabling agility and helping the organisation to achieve its strategic goals.
Security is very proactive; response to threats and challenges is rapid and controlled. The use of zero-touch business desktop deployment helps minimise cost and speed up deployment providing the agility needed to ensure that services are available to users when they need them without delay. There is a managed portfolio of baselined PC images as well as a very low touch process for managing PCs reducing the total cost of ownership for PCs, to levels in line with other world-class organisations. Effective software asset management is in place ensuring that organisations fully comply with software licensing and only purchase those licenses that they need. There is general awareness and recognition on the importance of the organisations ability to develop and leverage its intellectual assets. A collaboration strategy exists but is not always linked to business results. A clear framework and set of tools for learning is widely communicated and understood IT Security & Information Governance is extremely proactive with well defined and fully enforced policies from the PC to server to firewall to extranet.

Level 5 (Innovative)
At this level, the focus is for IT infrastructure to enable innovation. Organisations at level 5 will have a dynamic infrastructure recognised as the catalyst for technical innovation. The executive team and other senior stakeholders recognise the strategic value that their IT infrastructure provides in helping them to achieve their stated goals efficiently. Costs are fully predictable; there is a close partnership culture between executive, business stakeholders, users and IT. Collaboration is viewed as a core infrastructure service that enables knowledge sharing between users across traditional organisational boundaries. Mobile users have ‘near on-site’ levels of service and capability regardless of device and location. Processes are fully automated, often incorporated into the technology itself, allowing IT to be aligned and managed according to the business needs. There is a programme of investments in innovative technology yielding specific, rapid and measurable benefits for the business.  There is a culture of innovation, working in partnership with stakeholders across the organisation.  A document collaboration and knowledge sharing strategy exists that is embedded in the business strategy. Framework and tools enable learning before, during and after projects. Organisational knowledge is easy to find, easy to retrieve and re-use, it is constantly refreshed and distilled. Relevant knowledge is pushed to those that want it. The IT infrastructure is seen as being secure, open and able to stimulate new ideas. There are no hard-wired inhibitors enabling the business to engage with specialist and niche organisations to develop new ways of working in order to meet long term and strategic objectives.

Taxonomies used by the NIMM

Continuing on from my description of the NHS Infrastructure Maturity Model (NIMM), this post describes the categories that make up the Business and Technology aspects of IT Infrastructure as defined in the NIMM.

Business Scope in the NIMM

There are 6 classes in the Business taxonomy of the NIMM.  These focus on the non-technical aspects of IT infrastructure and cover the following:
1. Governance – how well is the IT infrastructure governed? How does this fit into the overall governance structure for IT? Are recognised IT governance frameworks such as COBIT  being used?
2. Business Alignment – how well is the alignment between the business needs and the IT infrastructure? How are stakeholders from the business represented in the needs analysis for developing new infrastructure services? What processes are in place to measure how well IT infrastructure is aligned to the business needs?
3. Procurement – How effective is the procurement of infrastructure products & services? How well are suppliers managed?
4. People & Skills – Do the people delivering and supporting infrastructure services have the right skills? Is staff involved in delivering and supporting infrastructure services used in the most effective way? How well is the impact of change on people anticipated and managed?
5. Value Management – How is the business value of IT infrastructure evaluated? Are there disciplines in place to ensure that the realisation of benefits is managed? Are business cases developed for infrastructure investment?
6. Processes & Automation – What administrative processes are in place to support the delivery of infrastructure services? To what extent are processes automated to reduce costs and improve quality? Is process effectiveness measured and improved when needed?

Technology Scope in the Model

There are 7 classes in the Technology taxonomy of the NIMM, these classes form the basis of a simplified IT infrastructure model used throughout the NIMM.

1. Patterns & Practices – The Principles, Standards, Procedures & Guidelines (PSPG) used to create and deliver infrastructure services.
2. IT Security & Information Governance – Technology, relating to authentication and access control to both systems and information.
3. End User Devices – Devices used by end users to access infrastructure services, this will include PC, peripheral devices, PDAs etc.
4. Common Applications & Services – Shared applications provided by the infrastructure which is used by end users or other infrastructure components, this includes electronic mail, collaboration platforms, directory services, common desktop applications such and browsers, word processors etc.
5. Operating Systems – Software platforms including PC operating systems, server operating systems and appliance operating systems etc.
6. Infrastructure Hardware Platforms – Hardware platforms used to deliver shared infrastructure services.
7. Network Devices & Services – Devices and services that provide networking capabilities.

Two key points to note about the Technology Classes are:

1. IT Security & Information underpins all of the technical classes (Network, Hardware, Operating System, Common Services and User Devices). Although IT Security & Information Governance is shown as a separate technology class, elements of this class will appear in all NIMM classes.
2. Patterns & Practices is a foundation class for standardising and optimising the way the infrastructure is delivered. Re-using proven best practices avoids “re-inventing the wheel” and improves quality through the sharing of knowledge.

NHS Infrastructure Maturity Model – Introduction

NHS Needs from an Infrastructure Maturity Model

Maturity modelling is a useful approach used in many different contexts (software development, process optimisation, operations etc) where there s a need to benchmark and improve capabilities. My work at NHS Connecting for Health recognises the important role that Maturity Models (and associated best practice) can play in introducing a consistent baselined approach to benchmarking as-is capabilities and evaluating what the required to-be capabilities need to be to achieve the desired outcomes.

A number of modelling techniques were considered along with two popular infrastructure maturity models from Gartner and Microsoft. None of the models considered were ideally suited to the needs of the NHS, so it was decided to develop an NHS specific infrastructure maturity model that included to most appropriated elements from the models reviewed.

In this blog I will post entries on different aspects of the NHS Infrastructure Maturity Model (“NIMM“), hopefully providing a useful insight to those working in the area of infrastructure, especially in large complex organisations (such as the NHS) where IT infrastructure plays a key part in delivering services to the end users (patients, clinicians, support staff etc).

Some of the high level design goals driving the development of the NIMM are that it should:

1. be simple and intuitive to use written in “plain English”
2. be calibrated to be most relevant for the NHS
3. be technology and vendor independent
4. consider both technical and management aspects of IT infrastructure provision
5. take into account of any significant dependencies between infrastructure capabilities to highlight what the primary & secondary effects of change may be
6. have clear ownership and be easily maintainable by the NHS as it’s needs and priorities change
7. be modular in the use of maturity levels, recognising that an organisations IT infrastructure capabilities will be at different levels of maturity
8. be easily customisable to allow deployment groups to use the model to create profiles of capabilities needed for different services to be deployed
9. usable in a descriptive and prescriptive mode to accelerate adoption
10. recognise that it will constantly evolve and business needs change and technology evolves

Do NHS top 10 tips apply to you?

In his recent speech during the 60th birthday celebrations of the NHS, President and CEO Institute for Healthcare Improvement USA Don Berwick offered 10 tips for the NHS to get even better.

I have chosen one of his top ten tips and changed references from patient and healthcare to customer and service, could this apply to your business?

First, put the customer at the center – at the absolute center of your business. Put the customer at the center for everything that you do. In its most helpful and authentic form, this rule is bold; it is subversive. It feels very risky to both managers and thye board, especially at first. It is not focus groups or surveys or token representation. It is the active presence of customers, partners and stakeholders in the design, management, assessment, and improvement of the products and services you provide. It means customizing your products and services literally to the level of the individual customer needs. It means asking, “How would you like this done?” It means equipping every customer for self-service as much as each wants. It means total transparency – broad daylight. It means that customers have their own profiles, and that any barriers to serving customers are eliminated. It means, “Nothing about me without me.” It means that we who offer products and services stop acting like we have a captive market and a right to sell, and start acting like stakeholders in their value chain. For professionals made anxious by this extreme image, let me simply remind you how you probably begin every encounter when you are following your best instincts; you ask, “How can I help you?” and then you fall silent and you listen.

Here is the complete list, could his be usefully applied to your business?

1. First, put the patient at the center – at the absolute center of your system of care.
2. Second, stop restructuring
3. Third, strengthen the local health care systems – community care systems – as a whole.
4. Fourth, to help do that, reinvest in general practice and primary care.
5. Fifth, please don’t put your faith in market forces.
6. Sixth, avoid supply-driven care like the plague.
7. Seventh, develop an integrated approach to the assessment, assurance, and improvement of quality.
8. Eighth, heal the divide among the professions, the managers, and the government.
9. Ninth, train your health care workforce for the future, not the past.
10. Tenth, and finally, aim for health.

To access the full transcript of Don’s speech click on the following link:
http://www.wales.nhs.uk/sites3/page.cfm?orgId=781&pid=32953