Aligning your IT services with best practice is vital. By adopting frameworks such as ISO-27001 and Cyber Essentials, IT teams can not only meet regulatory standards but also drive business value and enable future transformation. This article therefore explores the benefits of creating and implementing a technical alignment framework.
There is a significant investment in adopting and maintaining a security framework. By implementing your own alignment measurement tool, you can maximise this investment, improve your security posture, drive future transformation and increase efficiency. With a solid framework, IT support services become more proactive rather than reactive, reducing disruptions and allowing your organisation to focus on its core objectives rather than firefighting problems.
Think proactive rather than reactive
Proactively identifying and addressing remediation opportunities through alignment with a set of agreed metrics offers several advantages over a reactive approach. By anticipating and resolving issues before they escalate, IT support becomes less disruptive, enabling businesses to maintain their focus on their core objectives. This proactive strategy minimises downtime, enhances system reliability and allows companies to allocate resources more effectively, rather than constantly diverting their attention to resolving unexpected problems.
Key benefits
- Reduced disruption: Reactive problem-solving is disruptive, potentially preventing critical tasks from being completed on time. Proactive remediation minimises these disruptions, helping the business to operate smoothly.
- Efficiency: Proactively implementing improvements leads to less impact on business operations, resulting in increased efficiencies.
- Better resource management: Monitoring the time spent on reactive vs. proactive work aids in managing resources effectively. The short-term goal is to proactively identify (through alignment), address and resolve problems more than reactively fixing them.
- Improved service levels: Proactive remediation reduces the number of incidents, improving overall service delivery. By focusing on prevention, IT departments can provide a more seamless experience for their end-users.
How can you grade your alignment?
Grading your alignment is essential. It helps to track your IT department’s performance against identified risks or changes since the last audit. Technical audits can cover anywhere from 60 to over 500 items, depending on the complexity of your infrastructure. In larger organisations, alignment can be assessed at the departmental, site or business unit level.
A simple scoring system, such as ‘pass’, ‘fail’ or ‘not applicable’ along with associated severity levels (high/medium/low), provides a structured way to assess performance. For example, a pass with a high severity might score 20 points, while a low-severity pass might score only five points. This alignment scoring system offers a valuable metric for continuous improvement within the organisation.
Service delivery benchmarking, both internally and externally, complements alignment scoring. Improved alignment leads to enhanced service delivery, but multiple methods can measure this. While resolving incidents quickly might meet traditional SLA metrics, it’s better to aim for a reduction in incidents altogether rather than just efficient problem resolution. In essence, address the root causes first.
- Reactive time vs. proactive effort: The real indicator of alignment success is how much reactive time you spend versus proactive effort. It’s important to measure how often your team is pulled into reactive tasks, as opposed to planned, proactive work. Reducing reactive time by increasing proactive efforts avoids disruptions, enabling smoother operations overall.
- Recording effort: Track the time your team spends on reactive versus proactive tasks. This data gives clear insights into where improvements can be made, supporting better resource management and increased efficiency.
The reactive to proactive metric (RHEM)
A useful metric for tracking performance is calculating reactive time per end-user. This can be applied across different organisations: (tickets in month / reactive time spent in month) / number of users.
This formula gives a standard measure of performance, showing how much reactive time is spent per user. A starting benchmark figure for this metric is 1.0, with lower values indicating better performance. For example: 0.5 is acceptable; 0.4 is good; and 0.3 or below indicates optimal performance.
In my organisation, our average RHEM across 30+ clients started at 0.88. Over six months, it was reduced to 0.33, demonstrating significant progress in reducing unplanned disruptions. For larger organisations on a journey of technological alignment, we’ve seen RHEM values as low as 0.15, which equates to reducing unplanned disruptions by approximately 144 hours per month for businesses with over 800 users.
Getting started with alignment
Process mapping: Start by documenting processes, even if they seem unnecessary for a smaller team. The size isn’t what matters; it’s recognising the relationships between processes. Missing these connections can lead to missed opportunities for improvement. Systems that ‘just work’ often get overlooked yet documenting their integration with other processes can unlock new potential. For example, a door-entry system may seem simple but it could integrate with an HR system to automate access control, leading to enhanced security and efficiency.
Automation: If a task needs to be completed repeatedly and you can control the process without introducing risk, automate it. Automating software provisioning and compliance tasks, for example, reduces manual intervention, freeing up valuable resources and providing a smoother experience for employees.
Outsource: The commoditisation of IT services presents opportunities to maintain control over the technology strategy while easing implementation. The continuous maintenance of standards like Cyber Essentials can be resource-draining. Today, previously-expensive services, such as 24×7 security operations centres (SOC), are now viable as commodity-based services. With the use of AI, these solutions are more affordable and accessible, helping organisations of all sizes to reduce their cyber risks.
One such solution is Microsoft Defender, a comprehensive Microsoft security service designed to enhance your IT security posture. Defender integrates Microsoft’s advanced threat protection, continuous monitoring and compliance checks into a single, streamlined solution. By proactively identifying and neutralising threats, it significantly reduces the time spent on reactive incident management, freeing up resources for more strategic tasks.
In addition to Defender, Microsoft Intune is another key component, offering robust device management and security. Intune ensures that all devices across your organisation remain compliant and up-to-date, further aligning with security frameworks like Cyber Essentials and ISO27001. Together, these solutions help businesses maintain ongoing compliance without the operational burden.
For IT teams in the housing sector, technical alignment frameworks aren’t just about meeting regulatory standards, they are about driving business value. By proactively managing your IT infrastructure, grading your alignment and investing in tools like Defender and Intune, you can minimise disruptions, optimise resource allocation and enhance overall efficiency. The goal is clear – move from a reactive stance to a proactive one, enabling your organisation to grow and adapt in an ever-changing digital landscape.
John Brett is the operations director at Nexus Open Systems.
