How to determine the level of IT maturity of your company - and what they are

Let's look at the maturity levels of IT processes using the example of incident management. This is all that pours on the IT department in the form of tickets from users, the boss, current tasks and everything that needs to be done. Looking ahead a little, I’ll say that, on average, a large business with incidents is pretty good in the country, in most cases it’s 4th level. Well, simply because malfunctioning is the first thing that is judged on by the IT department.

The first level is when:

• The IT department works without distribution of duties and specializations. Everyone is responsible for everything (more precisely, for nothing), the principle of choosing the performer is “Vasya, you are free, well, make them there.”
• There is no responsibility: if Vasya has forgotten, it is not clear to whom to write, it is not clear how and what he influences, users do not understand at all who does what. And sometimes they fight hysterically.
• No documentation.
• There is no automation (or there is at the level of the task list in notepad).
• Users decide almost everything on personal acquaintances, referring to those who have already helped them once.

At the second level, there appears a basic distribution of duties and the isolation of logical sequences of actions.
')
More specifically, the second level:

• Distribution of duties. Inside the IT department, everyone knows what part of the work is responsible and what are the flaws in whose conscience.
• There are sequences of actions. These are not processes and best practice, but what happens when building a new residential building. First (on the first level) the tenants walk to the subway who is like, and then a path appears diagonally across the lawn. It is unspoken, but it works. Nobody knows, maybe it will block it, but as long as it works, do not touch it. So it is with the processes. They are usually not documented, but the intended algorithm is already there.
• The process is transmitted by agreements between people and traditions.
• There is a conceptual understanding of terms (most often at the level of what the main admin knows, for which his department is being scolded). In case of errors, users still complain to their boss, because they do not understand how everything works. He already writes to the operating director, he is the CIO, the CIO descends to enikey Vasya.
• The composition is stable - "We are helping people with a friendly zoo."
• Education is, but based on tradition.
• In the role of automation, the Vkontakte group for tickets or the company's internal forum.
• If there is a report, then it is from the series “The surgeon reads an ECG” - it is not clear to whom, why, and what is there.

The third level is the time to collect stones and write documentation:

• Agreements are formalized. There are instructions and work regulations, the word “ITIL” is beginning to emerge more and more often. New people explain no longer on the fingers, and on the check-list. Total on paper yet, but the standards are already clear. What is “prepare a workplace” is unambiguously clear: there is already a list of 20 points where nothing can be passed.
• There is a basic automation - a ticket system. At this level, the type of ticket is already assigned by the person in charge, the system knows that after the application has been completed, the user must be notified. Part of the documented actions like “closed the task - told the user” falls on the system.
• Business begins to participate in the life of IT - if before the sysadmins were kept as pets (they do not seem to be crap and help - and that’s life), now they are planning with them. True, while at the level of “Boys, we are opening 18 new branches and we urgently need to go to the regions. To hell with them, with brakes on all tickets, except accounting, we open points for the next two months. ”
• There is reporting and the need to tell what the department generally does. However, while it is stupid the number of applications.
• The probability of actions to bypass the processes is average. It happens, non-standard glands are bought, applications are sometimes closed without a report, there are applications by the system of acquaintances and so on.
• Formal requirements for candidates appear, an understanding of what kind of training they should have.
• A knowledge base appears at the level of some internal wikiportal, but there is no process for entering new data there.
• Non-centralized systems - each branch can have its own software and have its own service desk.

The fourth level - the time to connect with the business and refactor all that ponakystyly on the third:

• Previously, there was just a report, and now the report is read, and it is analytical. Based on his data, the processes are changing, the budget is planned.
• What used to be done poorly or slowly (and what can be improved) is improved in processes.
• There is a regularly updated knowledge base, it is also the main source of data for young interns.
• The tools are centralized, the software tends to homogeneity.
• Tritely, everything became structured, refactored in comparison with the third level (from the state “these freaks want a report” to “a, so according to this report, our budget counts”) and works like a clock. As far as it's possible.
• There is a budget for emergency purchases by processes. We have, for example, a vodka box for washing the air conditioner of a data center (https://habrahabr.ru/company/croc/blog/268169/).
• Training. It is and has already grown into quite conscious. So conscious that they can even allocate a whole budget article and plan ahead, and in profile companies. And at this level the question of certification comes up. Here in my time, we had to pass an exam for MCP (Microsoft Certified Professional) for technical support during the trial period.
• The importance of solving tickets is measured in stars from the authorities, but priorities are being measured and correctly set.

The fifth is when IT people are perceived not as mysterious guys from the basement, but as partners in business:

• CIOs and team leaders are aware of their business development plans, adjust their IT plans accordingly. And in general, the CIO is approaching the heads of business units, at least he is called to the main meetings and is being listened to.
• Constantly improve processes in the right direction, often telling business how to do better strategically.
• Decentralization. Tasks are solved by the owners of the processes, that is, now the person in charge is fully and completely deciding what and how to do it (and does not ask the manager every time), but also bears full responsibility. Appeals do not go through the head, but directly responsible.
• Introduced the best world practices in the directions. About ITIL, COBIT and ISO 20 000 not only heard everything, but also read. Some are forced.
• Automation subsystems have penetrated each other completely and set related tickets, upload data to each other and generally work correctly. Minimum handmade routine.
• Personnel thumps along with accounting (although, of course, this is specifically not a criterion of maturity), there is an exchange of experience (when lectures are given within the company, for example), there is external training like “Fundamentals of user psychology”, “Self-defense in an enterprise”, “How from manure and sticks to collect DGU ". Industry leaders and external experts come to consult when a difficult or new topic comes up.

So, in Russia, on average - 4 or so. It is incident management. The configuration management (accounting for information on the composition of the infrastructure, environments) and change management (coordination of changes and their implementation) is about 3 out of 5. This is true for the average hospital, medium-sized and enterprise companies.

References:

• You can determine it yourself here by a fairly quick test . This is a XLS file, you select items, you are shown the result directly in the table.
• The methodology of division into levels came from ITIL, and there it came from CMMI / CMM. Initially, the maturity model ( CMM ) appeared in 1991, in which the maturity levels of processes for development are structured.
• In 2010, the CMMI methodology was created - a more extensive description, already about the maturity of processes in an organization in general:
• My mail is dmkorolev@croc.ru.