An effective model for IT organization structure [best suited for service industry] , with a brief on why the model works and what are its key components.
High level it structure for consulting organizations v2
1. AN EFFECTIVE IT ORGANIZATION MODEL
‘STRUCTURE FOLLOWS STRATEGY’
By: Tabish Asifi
Sr IS GRC Consultant & Certified ISO 27001 Lead Auditor
M: +971 54 477 2728| O: +971 26425150
E: tabish@alhosninfosec.com | W: www.alhosninfosec.com
AL HOSN INFORMATION SECURITY CONSULTANCY
Address: P.O.Box 128441,Abu Dhabi,UAE
2. IT Gov & Strategy
IT Services Deliv
Enterprise Arch
Infosec Risk &
Compliance
IT Application IT Infrastructure
IT Technology &
Design
IT vendor
management
IT Hiring &
Training
IT Program
& Portfolio
IT Projects
Enterprise HR Enterprise
Procurement
ExternaltoIT
Enterprise Risk
Management
Enterprise
Business unit
ITFunction
3. IT GOVERNANCE & STRATEGY
• TAKE CARE PRIMARILY AT THE FOUR CORE AREAS: EA, IT PORTFOLIO, IT SERVICE DELIVERY AND
IT SECURITY & COMPLIANCE.
• MAKES SURE THEY ARE ALIGNED TO BUSINESS GOALS AND EXPECTATIONS IE DELIVERS VALUE
WHILE OPTIMIZING RISK.
• ADEQUATE INSIGHT IS PASSED TO OTHER SUB FUNCTIONS TO PREDICT AND ADAPT TO
UPCOMING BUSINESS AND TECHNOLOGICAL CHANGES
4. ENTERPRISE ARCHITECTURE
• ENSURES THAT ALL PEOPLE , PROCESS AND TECHNOLOGICAL ELEMENTS UNDER ‘IT’ FUNCTION
ARE IN ALIGNMENT TO IT ARCHITECTURAL GOALS AND ARE AGILE AND RESPONSIVE ENOUGH
FOR SUPPORTING RAPID ADAPTATION TO CHANGES [ SPECIALLY FROM DESIGN AND
ARCHITECTURE PERSPECTIVE] .
• SHOULD GOVERN AND MONITOR THE ‘TECHNOLOGY AND DESIGN’ FUNCTION TO ENSURE
THE ABOVE OBJECTIVE.
5. INFOSEC RISK AND COMPLIANCE
• THIS DEPARTMENT SHOULD ENSURE THAT ADEQUATE INPUT IS PROVIDED TO THE TOP LEVEL IN
REGARDS TO INFORMATION RISK, SECURITY AND COMPLIANCE ASPECTS OF THE IT FUNCTION.
• INITIATIVES FOR RELEVANT BEST PRACTISES OR STANDARDS LIKE ISO 27001, ITIL V3 ETC CAN BE
INITIATED AND CHAMPIONED BY THEM.
• THEY PRACTICALLY INTERFACE WITH ALL THE SUB-FUNCTIONS TO ENSURE THAT THE ESSENTIAL
COMPLIANCE REQUIREMENTS, APPROVED BEST PRACTISES ETC ARE FOLLOWED AND ANY RISK OR
GAPS ARE PROMPTLY REPORTED.
• IT ALSO NEEDS TO LIAISE WITH ITS ENTERPRISE COUNTERPART TO ENSURE THAT IT IS ALIGNED WITH
THE OVER ALL ENTERPRISE RISK MANAGEMENT INITIATIVES AND OTHER ENTERPRISE LEVEL
COMPLIANCE STANDARDS IN PLACE.
6. IT PROGRAM AND PORTFOLIO
• THIS FUNCTION SHOULD FEED INTO THE TOP LEVEL , ALL THE STRUCTURED, PLANNED AND
PRIORITIZED ELEMENTS OF IT INITIATIVES IN FORM OF IDENTIFIED AND APPROVED PROJECTS /
PORTFOLIO.
• PROJECT BUDGETING , BUSINESS CASE, PROJECT PRIORITIZATION , RESOURCE PLANNING,
APPROVALS ETC ARE ITS CORE FUNCTION WITH RESPECT TO PROJECT EXECUTION.
• WHILE THE PROJECT SUB FUNCTION UNDER THEM WORKS ON MONITORING AND REPORTING
ON THE PROJECT PROGRESS , RISKS AND CLOSURES.
7. IT SERVICE DELIVERY
• EVERYTHING THAT IT DOES FOR ANY OF THE OTHER BUSINESS UNIT MUST GO THROUGH THIS
CHANNEL IN FORM OF SERVICE REQUEST.
• DEVELOPING AND MANAGING SERVICE CATALOGUE IS THE KEY WORK AREA FOR THIS
FUNCTION
• SETTING UP SLA , UC , OLA ETC ARE THE SUPPORTING THAT NEEDS TO BE DONE BY THEM.
• AVAILABILITY MANAGEMENT , CAPACITY MANAGEMENT , SUPPORT FUNCTIONS ALL SHOULD
FALL WITHIN THIS.
8. IT APPLICATION AND INFRASTRUCTURE
• THESE ARE THE TWO CORE FOUNDATIONS OF IT SERVICE FUNCTION.
• BOTH NEED TO BE DRIVEN BY THE IT SERVICE FUNCTION AND SHOULD BE ALIGNED TO IT.
• IT SERVICE DELIVERY IS THEIR CLIENT AND BOTH NEED TO SUPPORT EACH OTHER FOR
CREATING, DELIVERING, SUPPORTING OR TERMINATING ANY OF THE SERVICES UNDER THE
SERVICE CATALOGUE.
• THEY NEED TO DO THIS WHILE BEING COMPLIANT WITH THE TECHNOLOGY AND DESIGN
CONSTRAINTS SET BY THE TECHN & DESIGN FUNCTION, WHICH HAS VISIBILITY OF THE LARGER
CONTEXT THROUGH EA.
9. IT TECHNOLOGY AND DESIGN
• PRIMARILY PROVIDES INPUT TO BOTH THE IT APPLICATION AND INFRASTRUCTURE TEAM IN TERMS
OF TECHNOLOGY OPTIONS, SCREENING, VETTING AND ADOPTION.
• THEY HAVE VISIBILITY TO THE ARCHITECTURAL AND DESIGN CONSTRAINTS THROUGH THE
GOVERNING ‘EA’ FUNCTION AND HENCE ARE IN A POSITION TO PROVIDE RELEVANT INPUT TO
BOTH THE CORE IT FUNCTION, WHILE ENSURING THE ARCHITECTURAL ALIGNMENT IS ALWAYS
THERE.
• THEY ALSO PROVIDE A MEANS FOR DEV-OPS TO OFFLOAD TECHNOLOGY SCREENING AND
SELECTION OVERHEADS TO THEM , SO DEV-OPS CAN FOCUS ON DEVELOPMENT, DELIVERY AND
SUPPORT OF RELEVANT IT SERVICES.
• THEY ALSO ARE THE GROUND FORCE TO TEST AND ENSURE THAT DESIGN AND ARCHITECTURAL
CONSTRAINTS ARE ADDRESSED BY THE ABOVE TWO SUB-FUNCTIONS.
10. IT HR AND PROCUREMENT
• THESE ARE BASICALLY SHADOW SUB FUNCTIONS OF ‘IT’ WHO LIAISE WITH THEIR ENTERPRISE
COUNTERPARTS AND ESSENTIALLY HELP PREVENT IT LOOSE FOCUS FROM ITS CRITICAL
FUNCTIONS WHICH IS ESSENTIALLY DELIVERING WELL ALIGNED , HIGH QUALITY ‘IT ENABLED
SERVICES’ WHILE SUPPORTING BUSINESS INNOVATION AND CHANGE.