Once you have used the maturity model to assess your current state in any given area and selected a goal, the gap between these two is filled with what we can term "best practices ." The term best practice gets thrown around a lot. For our purposes, we use the term to define activities that have four characteristics:
Best practices are usually evolutions of practices already being performed in your organization or in another. You can find out what others are doing by reading, going to conferences, networking in local and national industry associations, and hiring consultants.
Your organization must have a methodology for documenting what it does in a way that others can follow. People should be trained in how practices are documented.
Once practices have been documented, other groups can duplicate them. If the documentation is not sufficient to allow the practice to be repeated, then the documentation should be improved.
Like any good recipe, practices that are repeated in the same way should give the same results. The only way to tell if you're getting the same results is to have some way to measure the outcome of the practice. Metrics can be used to evaluate a practice, determine why the results are not adequate, and then change the practice.
As I stated earlier, there are many things you will change in your organization as part of building a functional digital identity infrastructure, but I believe the best approach is to build the process first. As part of building the process, tools will be bought and systems will be changed, but those technology pieces are done in response to a process need rather than the other way around. Using process creation to drive tool and system changes results in clearer requirements and systems that meet business needs.
This thinking is antithetical to how many IT organizations approach solving technical problems. When faced with a gap, many turn to a vendor and product to solve the problem. Once the product has been purchased, then the organization gets down to developing a process to use the tool.
Creating a process that leads to your goal state requires several steps:
Design a process and document it. Be sure to include workflows, any necessary automation, and metrics that can be used to evaluate the effectiveness of the process.
Put the process into action. This may include hardware and software changes and upgrades, training, new staffing, and other changes.
Measure the results. Don't be afraid to change the measurements themselves if they're not giving you data that can be used to improve the process.
Feed the data back into the process design, make changes, and start again. This fine-tunes the process until the goal state is achieved.
One of the most difficult tasks is to integrate similar processes across different systems. This can require significantly greater resources and much greater political skill, but is the key step in moving from the focused level to the standardized and onto the integrated levels.