Technology Portfolio Management (TPM) Best Practices

Overview

Technology Currency governance does not apply only to the assessment of technologies at their current lifecycle stage — it applies continuously throughout the operational lifecycle of every technology in the Approved, Strategic, Sustained, and Deprecated stages. A technology that is current at the point of adoption and then left unmonitored will accumulate version drift at the rate at which the vendor releases updates and the organization fails to apply them. Currency failures that accumulate over time create the compounding debt and security exposure that make eventual currency remediation dramatically more expensive than continuous currency maintenance would have been.

Best Practice

Govern Technology Currency as a continuous operational discipline rather than a periodic assessment. For every technology in the Approved, Strategic, Sustained, and Deprecated lifecycle stages, define and enforce: the maximum acceptable version lag between the organization’s current deployed version and the vendor’s current supported release; the patch currency standard that defines the maximum acceptable lag between the vendor’s release of a security patch and the organization’s deployment of that patch across all instances of the technology; and the support currency standard that defines the maximum acceptable duration of operation on a version that the vendor has moved to end-of-support status. Technologies that fall outside these standards should generate automatic governance alerts to the Technology Owner and the TPM governance function, triggering a currency remediation process with a defined timeline.

The concept of IT Currency and its management as a continuous planned remediation discipline has been developed and referenced in enterprise technology management contexts by technology portfolio governance practitioners and tooling providers who have built dedicated currency planning and remediation workflow capabilities around it. (Reference: EOS Software ITPM, Technology Currency Management.) Adopt the term Technology Currency as the IF4IT vocabulary for this concept, applying it across all relevant Technologies Inventory types as a standard governance discipline.

Benefit(s)

Continuous Technology Currency governance prevents the version drift and support currency failures that create the security exposure, compliance risk, and remediation complexity that crisis-driven currency management produces. Currency standards define a clear line between acceptable and unacceptable currency status, enabling objective governance decisions about when remediation is required and when it is optional. And the Technology Currency portfolio health metric — the distribution of all technologies across Current, Supported-Behind, End-of-Support, and End-of-Life currency statuses — gives leadership a continuously updated view of the organization’s technology debt accumulation and security exposure profile.