NHS Infrastructure Maturity Model Andy Savvides Benchmarking Event Taunton 8th October 2008
by user
Comments
Transcript
NHS Infrastructure Maturity Model Andy Savvides Benchmarking Event Taunton 8th October 2008
NHS Infrastructure Maturity Model Benchmarking Event Taunton 8th October 2008 Andy Savvides http://nww.connectingforhealth.nhs.uk/pspg/ Sound Familiar? No infrastructure roadmap so we just react to demands on our IT infrastructure as best we can Not enough time to plan ahead, too many projects! How do I compare with other Trusts? What IT Infrastructure initiatives should I invest in next? Has somebody else done this before? We are locked in to old software that we cannot upgrade Infrastructure Challenges Summary • Too many IM&T Managers rely on just gut feel when setting investment priorities • Infrastructure is mostly “invisible” which makes it difficult to understand its value as an enabler • Hard to justify and prioritise investment • Difficult to measure return on investment • Often not viewed in a strategic context • We are undervaluing our own intellectual property • Lack of visibility and focus - NHS is not getting the full value of some excellent local infrastructure work • Nationally we don’t share knowledge, patterns and practices which means we re-invent the wheel and the NHS pays twice • Lack of strategy aligned infrastructure roadmaps means that many essential capabilities loose out to “my favourite project” • Some suppliers don’t create infrastructure solutions that NHS Trusts request, actually need or are ready for NHS Infrastructure - a day in the life IT vendors triggering change Increasing need for accountability Increasing demands to manage TCO & show ROI Constant Change IT Infrastructure Standards & Best Practice Emerging Technology Legacy Systems & Components Tacit Knowledge Methodologies & Frameworks Product Guidance from Vendors GPG from NHS CFH IG Toolkit CUI Guidance Enterprise Wide Agreements Constant Pressure to Deliver Local Projects (Many reinventing the wheel) Growing IT security attack surface Increasing IT complexity Increasing need for business & process alignment Greater choice & awareness means the business demands a better service Regulatory and accreditation demands Greater expectations of what IT can deliver Keep an Eye on the Bigger Picture? Create a Path to Increased Maturity NIMM Key Features • Intuitive and easy to use IT management tool • Developed in “plain English” by the NHS for the NHS • Modular allowing Trusts to focus on high priority areas first • Will be adapted and extended to reflect feedback changing priorities • Can be used in either Descriptive and/or Prescriptive modes • Provides the big picture - knowledge driven self assessment approach, calibrated for the NHS • Technology & vendor independent, focus is on capabilities, standards and NHS needs • Holistic approach covering both the technology and management scope of IT infrastructure • Being linked to other complementary initiatives • Can be shared with suppliers to help NHS Trusts become smart(er) buyers Infrastructure Numbers Game Estimated Number of PCs in the NHS NIMM “Scope” for Guidance Management “Scope” of Infrastructure Technology “Scope” of Infrastructure NIMM Benchmarking using KPIs Credible, measurable & relevant metrics to measure achievement What factors are critical for a specific capability to be successfully exploited? What do you have to get right? Capability body of knowledge KPIs Critical Success Factors Best Practice, Standards, Patterns & Practices Infrastructure Maturity Level Summary Level 1 Basic Level 2 Controlled Level 3 Standardised Level 4 Optimised Not Drawn to Scale Level 5 Innovative Disjointed, manual Infrastructure Coordinated, manual Infrastructure. Standardized Infrastructure Consolidated and virtualized Infrastructure IT & business stakeholders work in partnership Knowledge not shared Knowledge silos exist Individual Level collaboration and knowledge sharing Team level knowledge sharing & collaboration Enterprise level knowledge sharing & collaboration Reactive & adhoc Reactive with some planning in place Reactive & becoming proactive Proactive & accountable Strategic asset Unpredictable service performance Services manageable & getting predictable Stable & architected IT Infrastructure Continuous service improvement Drives service innovation User driven “who shouts loudest” Problem driven Request driven Service driven Value driven Focus is to Avoid Downtime Focus is to Get Control Focus is to Adopt Standards & Best Practice Focus is on Efficiency Focus is to become a Catalyst for Innovation NIMM to Microsoft IO Model Mapping Basic Standardized Rationalized Dynamic Identity & Access Management Directory services, User provisioning, Directory-based authentication Desktop, Server, and Device Management Software distribution, Patch management, Mobility, Imaging, Virtualization Security and Networking Policy, Anti-malware, Firewall, Access control, Network protection, Quarantine Data Protection and Recovery Backup, Restore, Storage management IT and Security Process Best practice guidance on cost-effective solution design, development, operation, and support NIMM to Gartner Model Mapping Basic Uncoordinated infrastructure Objective React Standardized Standard resources, configurations Rationalized Consolidate to fewer Virtualized Infrastructure resources pooled Reduce complexity Economies of scale Flexibility, reduce costs ServiceBased Services managed holistically Servicelevel delivery Ability to Change Months to weeks Weeks Weeks to days Weeks to minutes Minutes Pricing Scheme None, ad hoc Fixed costs Reduced, fixed costs Fixed shared costs Variable usage costs Business Interface No SLAs Class-ofservice SLAs Class-ofservice SLAs Flexible SLAs End-to-end SLAs Resource Utilization Unknown Known Rationalized Shared pools None Central control Consolidated Chaotic – Reactive Proactive Life cycle management Organization IT Management Reactive Processes Ad hoc Proactive Mature problem mgmt Pooled ownership Proactive Prediction, dynamic capacity Servicebased pools Serviceoriented Service End-to-end service management Policy/ValueBased Dynamic optimization to meet SLAs Business agility Minutes to seconds Variable business costs Business SLAs Policy-based sharing Businessoriented Value Policy management Infrastructure Numbers Game Number high severity vulnerabilities in Windows XP discovered during 2007 according to National Vulnerability Database (NIST) Typical Start Point for Many Trusts Focus on “Weakest” Capabilities Drive Standardisation Optimise & Innovate NIMM Prescriptive Guidance “Package” NIMM Capability Data Set Description & CSF Description of the capability at level n. This will include the critical success factors which describe what characteristics the capability must have and why they are important. A set of metrics that can be used to measure and monitor achieving this capability at level n. Metrics & KPIs to get there Investment (TCO) to get there Benefits (ROI) when there Dependencies & Secondary Effects What will it take (financial and non-financial) to achieve this level of capability. To be used in creating a business case. What benefit can realistically be expected (financial and nonfinancial) when operating at this level of capability. To be used in determining the to-be profile. Major impact/effect on other upstream or downstream capabilities when this capability reaches level n. Weighting Weighting used when calculating overall Class or Trust maturity level When will the NIMM be Finished? Infrastructure Numbers Game No of Electronic Identities a typical NHS Worker has NIMM Applications Financial Management Maturity Infrastructure TCO Challenge Mythical Gartner TCO Benchmark Some government departments and the wider public sector have paid at least £2,000 per PC, partly because this is regarded as the standard price for fully supported, networked PCs. John Suffolk told Gartner, "I think we have fundamentally failed …. to understand the cost of what we do. And I roundly blame Gartner for this, because you guys are the ones who come up with TCO [total cost of ownership] benchmarking. It has become a self-fulfilling prophecy. "So, I go out and I pick boring desktop infrastructure. What price do you think the suppliers broadly pitch? You will not be shocked to know that it is somewhere around the Gartner TCO benchmark." Suffolk said a business will be told that the price of a desktop is value for money because it is the same or a little below Gartner's benchmark. Value Management Framework Level 1 Basic Level 2 Controlled Level 3 Standardised Level 4 Optimised Level 5 Innovative “Little visibility of true costs” “Controls in place, some consistency” “Consistency enables TCO benchmarking” “ROI Enabled” “Portfolio driving the business agenda” Little or no visibility of costs Costs visible Standardised cost control Costs and benefits visible Dashboard performance review Ad-hoc Chart of Accounts Locally Consistent chart of accounts Nationally Consistent chart of accounts Consideration of risk and time value of money Portfolio risk return perspective Gut feel and subjective measures Appropriate categorisation of spend Follows Best Practice Detailed business case based on ROI IT influencing business agenda Non repeatable processes Some consistency in Process Repeatable Process Performance and value benchmarking External industry benchmarking TCO Model • In order to drive standardisation the NIMM TCO Model supports Level 3 Financial Management and provides: • Common Chart of Accounts • Takes into account Organisational Complexity • Adjusts results for Confidence based upon NIMM maturity Feedback? Questions? Ideas? [email protected] http://nww.connectingforhealth.nhs.uk/pspg/