As an IT or information security professional, you cannot read a blog, book or paper without crossing paths with these three words; people, process, technology.
Popularized in the infosec world at the end of last century by Bruce Schneier, these three nouns have been at the heart of the ITIL set of practices since their birth in the 1980s, and has its origins linked to Harold Leavitt’s Diamond Model theorized in 1965 (with the organization’s tasks representing the fourth component).
It has also been referred to as the “golden triangle”, the 3 keys to successful project implementations and organisational change, and a back-to-basics approach to solving complex business problems.
The reason for this triangular focus comes down to one very important fact:
To get sh!t done effectively in any organization requires an approach that optimises the relationships between people, process & technology.
By focusing on only one or two areas an imbalance is created. The result will be that you waste lots of money and time, and your best people will look for a job elsewhere.
Take a new technology for example, many organizations believe that by implementing a new shiny tool, all of their problems will go away.
But what they’re not seeing is that technology is only as good as the processes that are implemented around it, and processes are only as good as the people who execute them.
But how do you get the balance right?
Always start with your people
> Identify your key players & understand what each of them want, and what they bring to the table.
> Ensure that your team consists of the right people with the right skills, experience and attitude to help you solve your problem. Practical experience is priceless, too many organizations have only theorists and consultants.
Once your people are committed, consider the process
> A process is defined as a series of actions or steps taken in order to achieve a particular end. So with that in mind, ask the question: What processes do we need in order to solve this business problem?
> A good place to start is by identifying the big, key steps. Once those are in place you can then focus on a more detailed level by looking at process variations, exceptions, interdependencies and supporting processes.
> Now review these processes with your stakeholders. Ensure that they’re aware of what’s expected from them and let them guide you with regards to possible gaps and issues.
And as last you select the technology
> With your people and processes in place, you can now look at technologies which will support them.
> It’s never a good idea to force a technology and then attempt to retrofit the people and processes around it. At the same time you should understand and accept that SaaS means “Software as a Service” and is not the same as custom software development.
> Technology should always be the final consideration once the problem is clearly understood and the solution requirements have been clearly defined.
This is all nothing new, but it seems to be forgotten time and again.
In a nutshell: To get sh!t done effectively in any organization requires optimising the relationships between people, process & technology. In exactly that order!
Originally published at https://www.henricodolfing.com.