MANAGEMENT
GUIDELINES
are measured by are measured by are measured by
Goals and Metrics
PO7 Users’ skills and competencies, including individual training; specific training requirements
AI4 Training materials; knowledge transfer requirements for solutions implementation
DS1 OLAs
DS5 Specific training requirements on security awareness
DS8 User satisfaction reports
Process performance reports ME1 Required documentation updates AI4
Key Performance Indicators
• Frequency of updates to training curricula • Time lag between identification of
training need and the delivery of the training
IT Key Goal Indicators
• Measured improvement in employee productivity as a result of better understanding of systems
• Increased user satisfaction with rollout of services, systems or new technologies Process Key Goal Indicators
• # of service desk calls for training or to answer questions
• % of stakeholder satisfaction with training provided
• % of employees trained Activity Goals
• Establishing training curricula • Organising training • Delivering training
• Monitoring and reporting on training effectiveness
IT Goals
• Ensure satisfaction of end users with service offerings and service levels. • Ensure proper use and performance of
the applications and technology solutions. • Optimise the IT infrastructure, resources
and capabilities. Process Goals
• Establish a training programme for users at all levels using the most cost-effective methods.
• Transfer knowledge to users of the applications and technology solutions. • Increase awareness of risks and
responsibilities involved in the use of applications and technology solutions.
Activities
RACI Chart Functions
CEO CFO Business ExecutiveCIO Business Process OwnerHead Oper ations
Chief Ar chitect
Head Development Training Depar tment Head IT Administr ation PMO Compliance, Audit,
Risk and Security
Identify and characterise users’ training needs. C A R C C C C C C R Build a training programme. C A R C I C C C I R Conduct awareness, education and training activities. I A C C I C C C I R Perform training evaluation. I A R C I C C C I R Identify and evaluate best training delivery methods and tools. I A/R R C C C C C C R
A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
DS7 Educate and Train Users
D r i v e D r i v e
Deliver and Support
Educate and Train Users
DS7
DS7 Educate and Train Users
Management of the process of Educate and train users that satisfies the business requirement for IT of effective and
efficient use of applications and technology solutions and user compliance with policies and procedures is:
0 Non-existent when
There is a complete lack of any training and education programme. The organisation has not even recognised there is an issue to be addressed with respect to training and there is no communication on the issue.
1 Initial/Ad Hocwhen
There is evidence that the organisation has recognised the need for a training and education programme, but there are no
standardised processes. In the absence of an organised programme, employees have been identifying and attending training courses on their own. Some of these training courses have addressed the issues of ethical conduct, system security awareness and security practices. The overall management approach lacks any cohesion and there is only sporadic and inconsistent communication on issues and approaches to address training and education.
2 Repeatable but Intuitive when
There is awareness of the need for a training and education programme and for associated processes throughout the organisation. Training is beginning to be identified in the individual performance plans of employees. Processes have developed to the stage where informal training and education classes are taught by different instructors, while covering the same subject matter with different approaches. Some of the classes address the issues of ethical conduct and system security awareness and practices. There is high reliance on the knowledge of individuals. However, there is consistent communication on the overall issues and the need to address them.
3 Defined Process when
The training and education programme has been institutionalised and communicated, and employees and managers identify and document training needs. Training and education processes have been standardised and documented. Budgets, resources, facilities and trainers are being established to support the training and education programme. Formal classes are given to employees in ethical conduct and in system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
4 Managed and Measurable when
There is a comprehensive training and education programme that yields measurable results. Responsibilities are clear and process ownership is established. Training and education is a component of employee career paths. Management supports and attends training and educational sessions. All employees receive ethical conduct and system security awareness training. All employees receive the appropriate level of system security practices training in protecting against harm from failures affecting availability, confidentiality and integrity. Management monitors compliance by constantly reviewing and updating the training and education programme and processes. Processes are under improvement and enforce best internal practices.
5 Optimised when
Training and education result in an improvement of individual performance. Training and education are critical components of the employee career paths. Sufficient budgets, resources, facilities and instructors are provided for the training and education programmes. Processes have been refined and are under continuous improvement, taking advantage of best external practices and maturity modelling with other organisations. All problems and deviations are analysed for root causes, and efficient action is
MATURITY
MODEL
Deliver and Support
Educate and Train Users
HIGH-LEVEL
CONTROL
OBJECTIVE
Control over the IT process of Manage service desk and incidents
that satisfies the business requirement for IT of
enabling effective use of IT systems by ensuring resolution and analysis of end-user queries, questions and incidents
by focusing on
a professional service desk function with quick response, clear escalation procedures, and resolution and trend analysis
is achieved by
• Installing and operating a service desk • Monitoring and reporting trends
• Defining clear escalation criteria and procedures and is measured by
• User satisfaction with first-line support
• Percent of incidents resolved within agreed/acceptable period of time • Call abandonment rate