DS7
M ANAGEMENT G UIDELINES
Goals and Metrics
PO7 Users’ skills and competencies, including individual training; specific training requirements
AI4 Training materials, knowledge transfer requirements for solutions
implementation DS1 OLAs
DS5 Specific training requirements on security awareness
DS8 User satisfaction reports
Process performance reports ME1 Required documentation updates AI4
• Frequency of updates to training curricula
• Time lag between identification of a training need and the delivery of the training
• Amount of improvement in employee productivity as a result of better understanding of systems
• Percent of increase in user satisfaction with the rollout in services, systems or new technologies
• Number of service desk calls for training or to answer questions
• Percent of stakeholder satisfaction with training provided
• Percent of employees trained
Activities
• Establishing training curricula
• Organising training
• Delivering training
• Monitoring and reporting on training effectiveness
IT
• Ensure satisfaction of end users with service offerings and service levels.
• Ensure proper use and performance of the applications and technology solutions.
• Optimise the IT infrastructure, resources and capabilities.
Process
• Establish a training programme for users at all levels using the most cost-effective methods.
• Transfer knowledge to users of the applications and technology solutions.
• Increase awareness of risks and responsibilities involved in the use of applications and technology solutions.
Activities
RACI Chart Functions
CEO CFO Business ExecutiveCIO Business Process OwnerHead Oper ations
Chief Ar chitect
Head Development Training Depar
tment A RACI chart identifies who is Responsible, Accountable, Consulted and/or Informed.
DS7 Educate and Train Users
Deliver and Support
Educate and Train Users DS7
From Inputs Outputs To
measure measure measure
drive drive
set set
GoalsMetrics
DS7 Educate and Train Users
Management of the process of Educate and train users that satisfies the business requirement for IT of effectively and efficiently using applications and technology solutions and ensuring user compliance with policies and procedures is:
0 Non-existent when
There is a complete lack of a training and education programme. The organisation does not even recognise that there is an issue to be addressed with respect to training, and there is no communication on the issue.
1 Initial/Ad Hocwhen
There is evidence that the organisation has recognised the need for a training and education programme, but there are no standardised processes. In the absence of an organised programme, employees identify and attend training courses on their own.
Some of these training courses address the issues of ethical conduct, system security awareness and security practices. The overall management approach lacks any cohesion, and there is only sporadic and inconsistent communication on issues and approaches to address training and education.
2 Repeatable but Intuitive when
There is awareness of the need for a training and education programme and for associated processes throughout the organisation.
Training is beginning to be identified in the individual performance plans of employees. Processes are developed to the stage where informal training and education classes are taught by different instructors, whilst covering the same subject matter with different approaches. Some of the classes address the issues of ethical conduct and system security awareness and practices. There is high reliance on the knowledge of individuals. However, there is consistent communication on the overall issues and the need to address them.
3 Defined when
A training and education programme is instituted and communicated, and employees and managers identify and document training needs. Training and education processes are standardised and documented. Budgets, resources, facilities and trainers are being established to support the training and education programme. Formal classes are given to employees on ethical conduct and system security awareness and practices. Most training and education processes are monitored, but not all deviations are likely to be detected by management. Analysis of training and education problems is only occasionally applied.
4 Managed and Measurable when
There is a comprehensive training and education programme that yields measurable results. Responsibilities are clear, and process ownership is established. Training and education are components of employee career paths. Management supports and attends training and educational sessions. All employees receive ethical conduct and system security awareness training. All employees receive the appropriate level of system security practices training in protecting against harm from failures affecting availability, confidentiality and integrity. Management monitors compliance by constantly reviewing and updating the training and education programme and processes. Processes are under improvement and enforce best internal practices.
5 Optimised when
Training and education result in an improvement of individual performance. Training and education are critical components of the employee career paths. Sufficient budgets, resources, facilities and instructors are provided for the training and education
programmes. Processes are refined and are under continuous improvement, taking advantage of best external practices and maturity modelling with benchmarking against other organisations. All problems and deviations are analysed for root causes, and efficient action is expediently identified and taken. There is a positive attitude with respect to ethical conduct and system security principles.
IT is used in an extensive, integrated and optimised manner to automate and provide tools for the training and education programme. External training experts are leveraged, and benchmarks are used for guidance.
M ATURITY M ODEL
© 2007 IT Governance Institute. All rights reserved. www.itgi.org
128
Deliver and Support
Educate and Train Users
DS7
P ROCESS D ESCRIPTION
Control over the IT process of Manage service desk and incidents
that satisfies the business requirement for IT of
enabling effective use of IT systems by ensuring resolution and analysis of end-user queries, questions and incidents
by focusing on
a professional service desk function with quick response, clear escalation procedures, and resolution and trend analysis
is achieved by
• Installing and operating a service desk
• Monitoring and reporting trends
• Defining clear escalation criteria and procedures and is measured by
• Amount of user satisfaction with first-line support
• Percent of incidents resolved within agreed-upon/acceptable period of time
• Call abandonment rate