portfolio - sourcing-international.org · 4 how to operationalise the challenges of a modern...
TRANSCRIPT
www.sourcing-international.org 1
PORTFOLIO
www.sourcing-international.org
We support our customers in meeting the challenges of the digital revolution using the tried and tested Sourcing International method.
Sourcing International SI1010 GMbH
Palais SavoyJohannesgasse 151010 ViennaAustria
CEO:Dr. Tobias HöllwarthMag. Oliver Lindlbauer
Telephone: +43 664 4060900Mail: [email protected]: sourcing-international.org
Company Registry: FN 441005 m (HG Wien)
Tax Number: 09 257 / 4375VAT: ATU69988524
Bank AccountIBAN: AT90 5300 0060 5500 1675 BIC: HYPNATWW
Data Processing Registration: 4019042
www.sourcing-international.org 3
About us
SOURCING INTERNATIONAL is not an exclusively Austrian undertaking. It is a joint venture formed by the fusion of Höllwarth Consulting and 42virtual.
The two companies have existed for many years and have frequently cooperated successfully on large projects.
This is because the previous cooperation among the partners of SOURCING INTERNATIONAL has led them to understand that the combination of their respective strengths, their many years of experience with large consulting mandates, and the country-specific peculiarities allows them to forge an exceptionally strong partnership.
The consolidation of these factors into a close and professional cooperation allows SOURCING INTERNATIONAL to provide excellent efficiency and offer a broad spectrum of services.
3two international partner companies
several locations in several countries
7years of experience in cloud evaluation
11countries with know-how transfer
37total years of IT sourcing experience
48successful migration projects
“The consolidation of experience in a close and professional cooperation allows SOURCING INTERNATIONAL to provide
high efficiency and offer a broad spectrum of services.”
Oliver LindlbauerPartner
5
www.sourcing-international.org4
How to operationalise the challenges of a modern sourcing life cycle.
Hardly anyone will deny that cloud services are a topic that can no longer be ignored by any enterprise, be it a global corporation or a small start-up. There are still uncertainties regarding how best to engage with these new technologies, however.
There are in fact different approaches: IT managers will have a different perspective on outsourcing and the cloud than the executive board. New competencies and organisational structures are required in order to optimally integrate external IT services into a company and save on costs and resources.
Data protection and compliance requirements need to be taken into account, and the introduction of cloud services also requires professional change management accompanying the migration from its first planning steps all the way to its successful implementation.
In order to negotiate these steps, it is helpful to organise the individual challenges into operationalisable work packages and tackle each of the packages in turn.
The digital transformation won’t happen by itself.
A practice-oriented one-day workshop will familiarise you with all work packages that help you manage the strategy, design, transformation and operation of hybrid multi-soucing environments successfully.
www.sourcing-international.org 5
Experts will walk you through the various strategic, technical and legal topics, facilitating your approach
to the individual work packages at your company.
“The EU GDPR demands accountability, which in turn requires responsible companies to control their IT
infrastructures and processes. And in order to control, one must understand. Too little attention is frequently
paid to the technical IT infrastructure during GDPR implementation projects. In this regard, our approach
stands out from the offerings of the competition.”
Dr. Christian Laux
“Life Cycle Snapshot”
“Shadow IT”
IT
“Requirement Templates”
“Knowledge Building”
“Data Protection and Sourcing”
“Certified SMS”
Info
rmat
on Security Management System
CERTIFIED
27001
“Transformation Supervision”
“Service Portfolio Management”
“Multiprovider Management”
“Service Management System”
“Roles and Competencies”
“Strategic Cloud Guideline”
“Additional Requirements”
“Sourcing Roadmap”“Social Media Profiling for IT
Services”
“Quality Reviews” “GDPR“
www.sourcing-international.org 7
Challenges of the Digital Transformation
The digital transformation entails various challenges and changes for businesses.
To help meet these challenges, SOURCING INTERNATIONAL has developed a model that is based on a life cycle and addresses each of the phases of such a transition: Strategy, Design, Transformation and Operation.
DesignOperation
Strategy
Transformation
“We support our clients in dealing with the challenges of the digital revolution using the tried and tested Sourcing International methodology.”
Dr. Tobias HöllwarthPartner
Digital transformation requires successful innovation management, suitable cloud services
and professional multi-provider management. The Sourcing International methodology prepares your
management system for these tasks.
“Transformation happens. To control it with proven methods, experience and openness is the strength of
our approach and our projects.”
Michael Kramer
www.sourcing-international.org 9
“Life Cycle Snap Shot” Package
Regardless of which phase of a transformation process your business is in, the “Life Cycle Snapshot” package is ideal for obtaining an overview of the current situation and your applications and organisation.
What is the current situation, who are the stakeholders and what are the goals? This in-depth analysis allows subsequent service packages to be configured according to your requirements.
www.sourcing-international.org10
“Shadow IT” Package
In most companies, various systems and applications outside of the official IT infrastructure are used by employees for business purposes without the knowledge of the IT department: Social media are used for communication, external cloud services are used for webmail and file sharing, etc. Even confidential information is frequently shared in this way. This “Shadow IT” requires proper risk and benefit analysis.
The “Shadow IT” package analyses the cloud services already in use within the company and the associated risks and advantages.
IT
www.sourcing-international.org 11
“Knowledge Building” Package
The use of externally provided cloud services is linked to numerous areas of expertise and thus affects internal knowledge bearers from many different departments. It also requires trans-departmental knowledge in terms of procurement, legal aspects and specialist areas.
Training of internal competence teams by way of company-specific use cases through the “Knowledge Building” package serves to increase understanding and knowledge of the relevant topics across department boundaries, thereby enabling the company to meet the challenges of cloud service usage efficiently and effectively.
www.sourcing-international.org12
“Requirement Templates” Package
Which cloud services can be used in what way and under what conditions at a specific company? The publicly available quality framework “StarAudit Areas and Controls” facilitates the decision for and selection of appropriate cloud services.
On the basis of company-specific use cases, the “Requirement Templates” package defines the fundamental requirements and quality attributes for the selection and sourcing of cloud services, which can subsequently be used for provider pre-selection.
www.sourcing-international.org 13
“Additional Requirements” Package
Based on the existing StarAudit requirements catalogue and the “Requirement Templates” package, this package defines additional company-specific controls and requirements.
This also allows company-specific branding in an online assessment tool.
“As a navigator and coach for the necessary transformation of processes, technologies and
employees, we guide our customers safely into the future during their journey of digital transformation.”
Martin Andenmatten
www.sourcing-international.org14
“Strategic Cloud Guideline” Package
A company-wide strategy on the topic of cloud sourcing is essential. Should cloud services be used, and if yes, which ones and in what way? The selection process needs to take organisational, functional, economic, and data protection aspects into consideration.
The “Strategic Cloud Guideline” package aims to develop a framework and roadmap for the introduction of cloud services into the company: identification of success factors, environment analysis, analysis of current state and potential, catalogue of measures, and finally implementation of the appropriate activities. This provides employees with a clearly defined track for the cloud sourcing process to follow.
www.sourcing-international.org 15
“Roles and Competences” Package
Cloud sourcing entails new tasks and issues in terms of personnel structure that need to be addressed and organised effectively. The “Roles and Competences” package deals with questions triggered by the use of cloud services: What needs to be done? Who will be doing it? How will it be implemented?
Comprehensive process and task analysis, the development of organisational structures, the definition of roles and the allocation of suitable personnel in combination with necessary adaptations in IT and spatial planning aim to enable efficient management of a multi-sourcing environment within the company.
www.sourcing-international.org16
“Transformation Supervision” Package
In order to implement the adaptations and measures defined in the sourcing roadmap, we initiate and accompany a transformation project. This package not only provides the typical project management tasks like structured planning, status tracking and reporting for the defined areas (governance, organisation, employees, processes, legal compliance and technology) of the Target Operating Model, but also includes training, coaching and coordination for the involved specialist personnel at the relevant interface points.
This is indispensable during the transformation to allow the specialists to concretise the necessary tasks within the overall context and implement them without jeopardising day-to-day operations.
www.sourcing-international.org 17
“Service Management System” Package
IT
What is the significance of IT within the company? The IT organisation of a company must strive to become an innovative, customer-focused service provider. Its contribution to the achievement of business goals as well as its risks and costs must be transparent and measurable, which in turn requires a functioning Service Management System.
This package provides an analysis of the existing systems and processes and, based on the sourcing strategy, develops a roadmap for the achievement of a business- and service-oriented IT management system.
www.sourcing-international.org18
“Service Portfolio Management” Package
What are the actual IT systems in question, and in what business processes are they supposed to be used? What are the involved applications, systems and infrastructures? Who will be providing the services, and what are their features and costs?
The “Service Portfolio Management” package pursues a clear definition of the services to be offered and the associated internal and external service components, i.e. a service architecture and a service catalogue in coordination with the involved departments.
All existing and future IT services should be concretely represented in a service architecture blueprint. The service portfolio manages the entire service life cycle from development to efficient operation.
www.sourcing-international.org 19
“Multi-provider Management” Package
How are outsourced services and their providers integrated into the remaining internal IT organisation – not just at the technological level, but in day-to-day operation? New operating models require adapted organisational structures in order to fulfil the new processes and tasks.
The “Multi-provider Management” package helps to find a service integration strategy and define roles, tasks, and responsibilities. To optimise cooperation, guidelines for the integration of future service providers and external tools are specified.
www.sourcing-international.org20
“Quality Reviews” Package
Once service management structures and processes have been introduced, they need to be evaluated regularly during the entire service life cycle. The sourcing partner and the quality of its performance should likewise be assessed at regular intervals so as to be able to recognise a need for adaptation as soon as possible and implement the required changes.
Within this package, the maturity of the management processes and the knowledge level of employees are evaluated along with the sourcing strategy, utilised IT tools, and possible risks and security issues.
www.sourcing-international.org 21
Info
rmat
io
n Security Management System
CERTIFIED
27001
“Certified SMS” Package
ISO 20000 and ISO 27001 are international standards for professional IT service providers and information security management, thereby forming a quality norm that builds trust between service providers and customers.
A Service Management System (SMS) as well as an Information Security Management System (ISMS) are part of these standards, as are a Service Management Plan, a Documentation Management System and a Quality Management System.
The “Certified SMS” package provides a training concept for employees and support for the development of the necessary certification requirements, thereby ensuring that the result of the audit process will be positive.
www.sourcing-international.org22
“Data Protection and Sourcing” Package
Questions and issues regarding data protection crop up regularly in the context of integrating external service providers. Data protection regulations must be taken into consideration during the development of the sourcing strategy and in the planning phase. This is easier said than done, since data protection laws are currently in the process of changing dramatically. The EU General Data Protection Regulation (GDPR) will come into full effect on 25 May 2018, and will have significant influence on all service contracts.
The “Basics” workshop introduces you to the legal foundations of the GDPR. Besides the general introduction, it focuses on the consequences of the GDPR for sourcing. Based on concrete information on your sourcing project provided by you, the Cross-Check conducts an initial legal assessment in regard to the provisions of the GDPR. In the course of the Legal Implementation, you will receive support for your strategic planning as well as for the design and/or implementation of your sourcing strategy in relation to the General Data Protection Regulation.
www.sourcing-international.org 23
“Sourcing Roadmap” Package
Once the decision to use cloud services has been made, a sourcing design needs to be established for the implementation. Following a Target Operation Model, it includes the areas of governance, organisation, employees, processes, technology and legal compliance, as well as partners and suppliers.
Where is there a need for adaptation or training? What must the infrastructure look like? Are the management structures still suitable? How can the observance of compliance requirements be ensured? The “Sourcing Roadmap” package integrates services from various other packages.
www.sourcing-international.org24
“Social Media Profiling for IT Services” Package
Resource Bottleneck: It is becoming more and more difficult for almost all businesses these days to find suitably qualified employees to competently assume responsibility for existing and new IT projects. Experienced and well-trained IT staff are hard to find on the market, and thus increasingly represent a limiting resource factor and critical bottleneck for businesses.
Selective Candidates: Potential candidates with experience are aware of this state of affairs and are choosing their future employers depending not only on salary, but increasingly on strategic factors. These factors include the question of how attractive the IT projects at a potential employer appear.
IT Reputation of Companies: For this reason, companies not only need to present themselves attractively and informatively on the market concerning their core activities, but also position themselves strategically in regard to their ongoing and future IT projects, strategies, cloud projects and digitalization topics.
Solution: Sourcing International supports these activities through targeted Social Media Profiling for IT departments and executive IT staff. Purposeful publications in social media channels support the personal profiling of important persons in the field of IT and promote the creation of a positive reputation for the company in regard to attractive IT topics.
www.sourcing-international.org 25
“GDPR Training Course“ Package
In this training course, participants learn: • which are the ten essential GDPR to-dos and why it is
important to deal with them in any case, • how to design a suitable GDPR project in three phases at
the company such that it is commensurate with the concrete framework conditions and manageable,
• that there are 24 work packages, how to structure them sensibly and in which order to process and complete them.
Training material: The participants receive guidelines and an infographic as work materials and are introduced to forms, templates and online tools that help them to achieve an appropriate GDPR status quickly.
Goal of the training course: The participants understand the challenges posed by the GDPR, are able to design a structured GDPR project and know which work packages, templates and tools to use in order to achieve appropriate GDPR status quickly and effectively at their company.
The Sourcing International method guarantees GDPR-readiness within a short time.
Duration of the training course: 1 day
www.sourcing-international.org26
GDPR-READY in 90 DaysHow to design a GDPR project smartly and achieve the best possible result within three months with reasonable effort.
Three goals should be pursued: (1) to achieve an overview of the necessary tasks quickly, (2) to master the challenge as cost-effectively as possible, and (3) to optimize the output of the project over a short period of time.
If a GDPR project is approached in a targeted, structured and systematic fashion using suitable tools and templates, the challenges posed by the GDPR can be mastered quickly without overburdening employees or lapsing into activism, while the risk of penalties can be minimized and a high level of legal compliance assured.
This guideline is intended to help in obtaining a good overview over the ten most important to-dos concerning the GDPR. It shows how to design a GDPR project in three phases and how to structure the individual challenges sensibly into 24 work packages.
Every company must prepare for the GDPR, but not every company needs to prepare with the same intensity. Not all tasks need to be completed before 25 May, and not every activity is mandatory for every business.
The decisive factor is that the implementation of a GDPR project must be adapted to the concrete situation and risk potential at the respective company, i.e. that it is appropriate.
www.sourcing-international.org 27
PHASE 1
It is essential to determine the CURRENT STATE first. A gap analysis identifies shortcomings in relation to the GDPR.
PHASE 2
In the next phase, the TARGET STATE can be defined. Implementation measures are taken on the basis of the gap analysis.
PHASE 3
The state achieved after completion of the project is documented in the shape of a final report in order to be able to prove GDPR readiness internally as well as to third parties.
Phases 1 and 2 are carried out according to the proven PDCA methodology:
PLAN Planning of the approach
DOImplementing actions
CHECKGap analysis or effectiveness analysis
ACTFull company-wide implementation and periodic review
Phases and Methods
“The GDPR entails a paradigm shift, with fewer obligations to report and more direct responsibility. Accountability is the new keyword. Time is short to prepare your organisation for the new regulations, and Sourcing International is the ideal professional partner for the necessary changes. Let us travel this road together.”
Dr. Clemens Thiele
What
The Work Packages to Choose From
#1 Initialization of the project
#2 Individualization of initial survey documents
#3 Current state survey: Systems, applications and data
#4 Current state survey: processes and measures
#5 Contractual due diligence
#6 Survey of existing directives and instructions; compliance
#7 Review and completeness analysis of current state
#8 Gap analysis
#9 Definition of target state
#10 Definition of implementation measures
#11 Privacy Impact Assessment: Evaluation of need
#12 Implementation of recommendations for target state
#13 GDPR in IT governance
#14 Establishment of privacy-related directives and instructions
#15 Performance of Privacy Impact Assessment
#16 Training of internal employees
#17 Creation of checklists and tools
#18 Implementation control from a legal perspective
#19 Evaluation of effectiveness
#20 Appointment of a Data Privacy Officer
#21 Ongoing data privacy consulting
#22 Final report
#23 Supplementary compliance documentation
#24 Planning coordination
© 2017 Sourcing InternationalDr. Christian LAUX, Dr. Tobias HÖLLWARTHVersion 2.3 / 29.11.2017 www.sourcing-international.org
What’s Next
BREADTHChoose processes to work on by weighing them according to relevance (importance, impact, risk)
WORK PACKAGESDecide which work packages you would
like to work on for the chosen processes
DEPTHDecide in how much detail to work on processes and work packages
Methodology
Design the Project3
Understand
KNOW-HOWThe organization should have a minimum understanding of the GDPR. Consult our Q+A documents to learn about the GDPR.
Do the Project5
Implement
Phase 3:Documentation(WP #22-24)
Phase 2:Target State(WP #9-21)
IMPLEMENT WORK PACKAGES TO CARRY OUT THE TO-DOS
Phase 1:Current State(WP #1-8)
Location or Target Market within EU Personal Data
Determine Applicability1
How
Workshop to determine the first elements of the status quo, set the expectations and specify outcomes in order to design the project
Initialize the Project2
Define Expectations
COMPLIANCE
INFORMATION GOVERNANCE
Motivation
What is the Baseline?
AUTOMATION
What is the Baseline?
PAPER PROCESS
Results
Specify Outcomes
Get the Tools4
COLLABORATION GUIDELINES
PRIVACY ANALYSIS TOOL
TEMPLATES
CHECKLISTSPROJECT PLAN
Indicates that there is a lot of room for maneuver. In these steps, the customer can and should fine-tune the project design.
MONITOR LEGAL CHANGES
MAINTAIN AND UPDATE
PREPARE FOR CERTIFICATION
Why
The Most Relevant GDPR To-dos
O�cers and Representatives
Representative in the EU (Art. 27 GDPR)
Data Protection Officer (DPO) (Art. 37 GDPR)
Measures
Organizational MeasuresTechnical Measures
Other Protective Measures (e.g. shield against liability)
Policies & Code of Conduct
Minimum
Records of Processing Activities(if more than 250 employees)
Documentation
Standard
Data Protection Impact Assessment
(Art. 35 GDPR)
Control over Processor (Art. 28 GDPR)
Cross-border Measures (Art. 44-49 GDPR)
Data Breaches (Process, Art. 33 and 34 GDPR)
Notices to Data Subjects (Art. 12-14 GDPR)
Requests by Data Subjects (Process, Art. 15-23 GDPR)
Consent from Data Subjects (Art. 6-11 GDPR)
Organisation of Employee Data
www.sourcing-international.org 29
Contact
Oliver LindlbauerExecutive Director
Vienna, [email protected]
Dr. Tobias HöllwarthExecutive Director
Vienna, [email protected]
Michael KramerVienna, Austria
www.sourcing-international.org30
Strategic Partners
Dr. Christian LauxZürich, Switzerland
Martin AndenmattenZürich, Switzerland
Dr. Clemens ThieleVienna, Austria
Dr. Jens EckhardtDüsseldorf, Germany
www.sourcing-international.org 31
Team
Mark SchieweckZürich, Switzerland
Alexander HofmannZürich, Switzewrland
Rareș PopescuVienna, Austria
www.sourcing-international.org32
Locations
Petar BalkovićBelgrade, Serbia
Keith PoonHong Kong, China
Tibor ŠtrajhBelgrade, Serbia
www.sourcing-international.org 33
Publications
GDPR: The 20 Most ImportantQuestions & Answers
Cloud ServicesSelection and Introduction – Processes and Organisation
Cloud and Annual AccountsGuideline for Accountants, Auditors, and Staff
in Finance, IT and Revision of Companies Subject to Statutory Audit
Preparing for the EU GDPRA Pragmatic Approach in Three Phases by
Means of Work Packages
Cloud & Data ProtectionThe Cloud Privacy Check (CPC)
Cloud Computing & Enterprise Mobility Management
Market, Products and Technical Approaches; Relevant Organisational and Legal Aspects
“We leverage the power of digital solutions to disrupt conventional business models, empower organizational culture and allow our customers’ businesses to reach
new heights.”
Keith Poon
“Innovation should proceed at a brisk pace, embracing solutions that integrate seamlessly with the business strategy and dropping those that do not as early as
possible.”
Rareș Popescu
“Technological solutions must go hand in hand with change management to bring a competitive edge to an organization. This is the pivotal point where Sourcing
International can impact your business.”
Tibor Štrajh
“We guide organizations and empower their culture to successfully adopt new digital solutions, making their operational model more efficient while securing their
clients’ trust.”
Petar Balković
The evaluation of cloud services is a massive challenge. The Sourcing International methodology helps our clients to perform an analysis
tailored to their area of application.
Strategic orientation, design and conversion into regular operation: The proven Sourcing
International methodology allows our clients to manage the entire cycle of digital transformation.
“An overview of the data collected and processed by the company is not just a requirement for compliance with the EU GDPR. It is also an overview of existing
assets.”
Mark Schieweck
“For many companies, implementation of the EU GDPR entails a considerable effort. It is therefore
essential to have a clear plan and proceed in a way that leads to real added value for the company—above
and beyond the GDPR.”
Alexander Hofmann
www.sourcing-international.org
Sourcing International
Palais SavoyJohannesgasse 15
1010 Vienna
+43 664 [email protected]
www.sourcing-international.org
Sourcing International
Palais SavoyJohannesgasse 15
1010 Vienna
+43 664 [email protected]