The Standard+Case approach to response management
Here is an exciting new approach to categorising and resolving any sort of activity "tickets", such as requests (including incidents) on a service desk, problems, or changes. It is called Standard+Case until somebody comes up with a better name. I know there is so much to read these days, but if you have anything to do with service support or change management, read this. It'll change your year.
Standard+Case is a synthesis of our conventional "Standard" process-centric approach to responding, with Case management, a discipline well-known in industry sectors such as health, social work, law and policing. This description is written from the perspective of Service Management within the IT industry (so please excuse some ITSM jargon), but it can be applied anywhere.
S+C addresses criticisms of approaches like ITIL for being too process-centric and not allowing customers and knowledge workers to be empowered. S+C does not seek to replace or change ITIL or other theory: it expands and clarifies that theory to provide a more complete description of managing responses.
It provides a good skills path for service desk analysts that fits well with gamification. And Standard+Case is applicable to Problem Management and Change Management (and Event Management...) as well as Service Desk activities. S+C applies to anything that requires a human response: there's either a standard response or there isn't.
Jump to about minute 14 if you want to skip discussion of other topics:
What think you? On to something?
Thanks to Charles Betz for pointing me to ACM
If you seek to break a rock, many types of stone have a crystal structure which create fracture planes: hit the rock in the right place and it drops into two; hit it in the wrong direction and it just chips.
When you attempt to categorise stuff into two or more types, if division comes easily and is clear to everyone then you have found a categorisation which reveals something about the underlying nature of the information. If it is hard to do and the results are messy and debatable, then you are trying to force an unnatural taxonomy onto the data.
Look at how we deal with responses in "classical" IT Service Management. By Responses I mean Request, Incident, Problem, Change, Event.... any "ticket" which requires a human response.
If you read the ITIL books or just about any other body of work on ITSM, it talks about following a process for dealing with the response, and that process coming from predefined models of how to deal with them. if we encounter an unknown "exception" condition, most guidance gets vague: it turns into a fuzzy cloud that says "resolve it". Problem Management is an area where almost every "ticket" is a previously unknown condition, so Problem Management guidance tends to have more information about dealing with un-defined situations, but the guidance is still generally vague outside of some formalism around root cause analysis.
I had been puzzling about how to deal with these non-standard exception conditions. This thinking re-surfaced as I read this:
[Business Process Modelling] and [Adaptive Case Management] are useful for different kinds of business situations.
Highly predictable and highly repeatable business situations are best supported with BPM.
For example signing up for cell phone service: it happens thousands of times a day, and the process is essentially fixed.
Unpredictable and unrepeatable business situations are best handled with ACM.
For example investigation of a crime will require following up on various clues, down various paths, which are not predictable before hand. The are various tests and procedures to use, but they will be called only when needed.
Case Management is about managing "cases", where each new situation must be dealt with differently. Cases are dealt with by knowledge workers, known here as case workers. Examples are medical, crime, legal, social work, audits, emergency responses, military attacks ... or many IT requests, incidents, problems and changes that don't fit a standard model.
I have become more and more convinced that approaches derived from shop-floor manufacturing methods - such as ITIL, Lean, TQM, Six Sigma - don't work so well for knowledge workers. There's too much emphasis on efficiency and not enough on effectiveness. Knowledge professionals find those approaches de-humanising. E.g. this resonated with me:
the system has to be ready when the flow comes: you need the idle resources that BPM or LEAN want to cut as waste
I'm moving away from process-oriented approaches in general, hence Tipu's informality.
Now I understand why. The natural split in user "tickets" is Standard vs Case. Current ITSM theory is good on dealing with the stuff we know about, the pre-defined standardised responses. It is not so good on dealing with unfamiliar or unknown situations: that is why we need to bring in Case Management thinking.
But first a bit more about what Case management is.
A case is a situation to be dealt with, e.g a medical case, a legal case, a traffic accident, a crime.
- A case has a series of execution states and a goal(s), not a process, steps or a lifecycle.
- A case might still have decision gateways or milestones (Rob's opinion)
- The states are determined dynamically as the situation unfolds.
- External events can change the state.
- There are multiple options for what to do at each state. The actions are determined dynamically as the situation unfolds
- Some of those actions might be well-understood, pre-defined sub-processes
- Those actions will involve the use of resources, which the case worker chooses dynamically. The case worker assembles resources as necessary. Resources include templates, checklists, content, policy, procedures, tools, people...
- The states and actions are unpredictable
- Even the specific goals will change as the case develops
- So planning is part of execution, not (entirely) a design activity.
- Because process is loose or undefined, good policy is essential, to define the principles, rules, bounds and guidelines.
- A case has an owner and a currently assigned individual(s)
- Data is central. Case is driven by data, with process secondary (the opposite of BPM).
- Because Case is data driven, Change Management is integral to execution, to manage dynamic (and adaptive) changes to that data
- Input and output content is added as necessary (although there may be defined outputs as goals, and required inputs as policy rules)
- That content will be large volumes of unstructured data in a wide variety of formats
- Visibility and record of communications between all parties is an essential part of the data
- Enterprise architecture as input to Case is required, to model business (markets, channels, partners...), organisation, capabilities, processes, IT.
- Security is about auditability not just authentication
- A case ends, is resolved
There is an Adaptive Case Management movement within the IT community. Case Management is "Adaptive" when the ACM system changes in response to the external environment to make Case Management more successful. E.g. learning from past cases to improve stored knowledge, templates, checklists or procedures.
Some of this section draws from the ideas in Mastering the Unpredictable .
In addition to talking about Case, we also need to discuss Standard Models, before we put them together to make Standard+Case.
ITIL talks about Models for dealing with Requests (SO2011 22.214.171.124, 126.96.36.199) and Incidents (SO2011 188.8.131.52) and Changes (ST2011 184.108.40.206), and even Problems (SO2011 220.127.116.11) though these will be rare.
Since Event Management is a process, I think you can have Event models too, though ITIL doesn't explicitly mention them.
ITIL also talks about Incident models and some Change models being Standard. In the case of Change, Standard means pre-approved but the bit we care about is that it is well understood and repeatable.
For the purposes of S+C a Standard model must be:
- assessed on risk not scale of activity. Big activities can be standardised if low risk, and small activities aren't automatically standard ones until proven to be low risk
- fully documented and tested: this is the "standard" bit.
- [Most of all] unambiguously defined. Before you open the standard door, it has to be agreed and clear what constitutes that type of activity... and what doesn't.
Case Management talks about "templates" as guides to how to resolve a case. These can be thought of as partial models, or models that have not yet been standardised. We could call templates "non-standard models", or stick with the ACM terminology of "templates". What do you think?.
The Standard+Case approach
The combination of Standard and Case concepts gives a complete description of ticket handling, for any sort of activity from Incidents to Changes.
- Standard tickets are predefined because they deal with a known situation. They use a standard process to deal with that situation. They can be modelled by BPM, controlled by workflow, and improved by the likes of Lean IT and ITIL.
- Case tickets present an unknown or unfamiliar situation. They rely on the knowledge, skills and professionalism of the person dealing with them. They are best dealt with by ACM, being knowledge-driven and empowering the operator to decide on suitable approaches, tools, procedures and process fragments.
Note: ITIL and Lean do fit this S+C paradigm, if you use them in the right situation: Standard responses. S+C extends them with better tools for non-Standard cases: ACM, Kanban, Knowledge Centered Support(KCS)... Better still, this S+C approach might let the ITIL and anti-ITIL camps live in peace and harmony at last.
Standard responses are:
Case responses are:
This isn't about abandoning the "ITIL" processes: request fulfilment, incident management, problem management, change management. The only part of the process that Case will replace is the Resolution step.
See the diagram: is there a standard model for responding to this ticket? If yes, then it is a Standard ticket. If no, then we need to use Case to resolve it.
Standard+Case is about having little or no process for the Resolve step in Case tickets (so I used a fuzzy cloud not a process box), and otherwise process is pretty much unchanged.
There are any number of procedures we can use as resources and assemble as needed during Resolve. Some of those procedures one might glorify with the title of "sub-process" but I don't like that term when there is no parent process.
And there is no parent process for the Resolve step. The case changes state in response to information uncovered and external events, and actions taken. This is unpredictable.
We also have checklists of certain things that must happen in the case before it is done, and of things that should or could happen. MoSCoW. We also list input and output data artifacts that must, should or could be included.
And of course we have policy which defines principles, strategy, rules, guidelines and bounds.
That's the whole point of Case: there is no process but it can still be highly structured and controlled. We get locked into this thinking in IT that process provides controls. It is only one way and it doesn't work in unfamiliar situations.
It's not a new way of working: good knowledge workers resort to case management to deal with "hard" tickets already. But S+C formalises the non-process-driven "exceptions" into a methodology and defines rules around who and when.
The "adaptive" part of ACM is supported by our existing ITSM improvement processes, where present. Cases should be reviewed for improvements to all the Case resources, especially the templates/models and the knowledgebase.
Service desks have always struggled to offer challenges and growth to professional SD analysts. Gamification is a cool new solution to that issue.
S+C links up with gamification to give a career path:
- Rank the Standard models by difficulty in executing them
- Give SD analysts training in each model (maybe an hour? could be online CBT)
- Give staff a badge for being certified for a model (gamification)
- Some models we prefer they be executed by a certified staff member, some models the staff member must be certified (e.g sensitive data)
- Only the most senior, Case-certified staff members (those who have "leveled up": gamification) get to do Case Management, to deal with non-standard tickets.
Now the SD Analyst is not faced with the prospect of resetting passwords or adding people to Active Directory groups for the rest of their lives.
And the new guy doesn't get tossed into the deep end of coordinating techs and knowledge to resolve tricky cases.
As mentioned, much of the criticism of process-centric approaches like ITIL is that they don't empower the service worker or knowledge worker. Take this discussion (sent to me by Aprill, thanks!!)
frontline employees are give 0 power to do anything and told to resist anything other than the normal procedure. Requiring you the customer to get angry and ask for a supervisor who has the ability to do what you want.
Customers frequently have requests that are outside of the box. Some really can't be solved ... but some... easily can. My issue is with companies ...failing to serve their customers because of minor obstacles.
Standard+Case says that sufficiently skilled and experienced staff should be pre-approved to treat non-standard tickets as a Case (to work out how to solve it based on the situation at hand), whilst providing them with good tools, access to knowledge, and clear policies and guidelines. That's empowerment.
Standard+Case creates a self-adapting system so that process stays current with some of the changes in our environment by creating and capturing new workflows for new types of ticket, e.g provisioning users to a previously unknown system, resetting a new type of handheld device.
We standardise our process models for various ticket types. As the world changes, suddenly we get exceptions. Case management deals with the exceptions. The review process captures repeat exceptions and creates standardised process models which we feed back into the knowledgebase.
Service Response Case Management
So now we can build a picture of what we need to do and have in order to perform Case Management in the context of service management responses, i.e. the case-oriented half of the Standard+Case approach. Let's call that Service Response Case Management (SRCM).
Here is my own in-development working definition of what SRCM looks like, what I think they are - I'm making this up as I go:
- Policy (principles, rules , bounds). This is #1, and is huge. If you empower people you MUST give them rules and bounds.
Great analogy from Mastering the Unpredictable: hard rules are the guard-rails on the road, soft rules are the painted white lines.
- The system should enforce as many of the hard rules as possible, but only warn on soft rules.
- Knowledge: tools to provide access to as much request-fulfilling and problem-solving information as possible
- Tools to support collaboration become much more important in Case: people need to work together to find answers quickly when there are no Standard answers
- Standard and Case ticket tracking must be integral, one tool. Case is a branch, not an independent system. See Process.
- Support emergent process: allow flexibility, the ability to create and change dynamic procedure on the fly
- Empower our expert staff to act as they see fit (expert=people have to earn and keep the right). This changes management, RACI, HR, security ...
- Manage varying levels of skill, e.g through certification and gamification
- Value and study diversity of approach.
- Provide and constantly develop:
- templates: standard tasks, documents we expect to see, data we want.
- more granular standard tasks: "mini-processes" that can be assembled by workers as required e.g. root cause analysis, forming a war room, running a supplier teleconference...
- checklists of tasks and other deliverables: the flow may vary but there are often sets of outputs we require before the case is done.
- support for (constant) planning as well as doing
- content management, and change management of that content, are important
- providing and recording communication between all parties are important (Note: this means social tools are only useful if we capture a record)
- support and automate the repeatable bits e.g. calculations
- archives and records management
These resources should embed policy rules, guidelines and bounds (business, legal, marketing, CRM...).
They need access controls and audit trails to mitigate the freedom we give the case workers.
- Deadlines, reminders and calendaring become much more important in Case than in Standard processing
- Monitor and manage to time and outputs not to actions and sequence
- Review individual cases for improvements to resources (as compared to improvements to processes in a BPM model)
- Review and improve knowledge. KCS has useful concepts here for rating knowledge and counting usage.
Every SRCM ticket has:
- just like any ticket: an owner, a record, a defined work product, a response SLT
- can have workflow tasks like a Standard ticket, though tasks must be dynamically added and assigned as the case evolves (and that has to be easy enough for the knowledge workers to do themselves)
Knowledge Centered Support is almost certainly going to prove very useful for SRCM - more on this soon
Checklists will play an essential part in making sure we know what must, should, or could happen before the case is over, and must, should or could be input or output.
Hence the MoSCoW technique will also be used.
Root Cause Analysis techniques such as Ishikawa and Kepner Tregoe
Kanban for managing case workload???
Case is about the approach people use, not the tools. Don't seek a technical fix to a non-technical requirement. Current tools will often be good enough.
Advanced Case Management, rather than being a new technology, is actually just a new way of thinking about how the technology we use integrates with the services we provide.
I dislike one aspect of the Mastering the Unpredictable book: it paints an idealised tool nirvana as an essential condition for successful Case. I don't buy it. I'm not going to decline to adopt a better way because my tool doesn't support it. I'll either (a) use the current too for managing requests and branch to a different tool for the Case Management bit or (b) find a way to manage Cases in the existing tool even if it wasn't designed for it and extend it where necessary or (c) set the vendors salivating by looking for a new tool with both Case and BPM capabilities.
My initial belief is that current ticketing tools will be fine. If Case requires advanced knowledge management capabilities, many of us have resorted to a separate knowledge management tool anyway because the ticketing tools suck so badly at KM. (Same issue when you try to do KCS, for example)
Nevertheless we'll list some tools here useful for Service CM:
- Can anyone suggest ticketing tools that have dynamic user-configured workflow, and powerful unstructured KM?
- Apparently IBM have a Case Manager tool, I believe it is BELA
- Floxxium has been suggested. I don't know anything about it
- CaseNet, web-based
The ideal SRCM tool provides:
- A Case status within requests, incidents, problems, changes
- Define goals
- User (not admin or programmer) to dynamically create and change workflow
- Attach rich content or link ticket to content management system objects
- Set calendar deadlines and reminders against ticket and tasks
- Apply a template(s) when we change to Case status not when the ticket is created
- Template to set goals, create workflow, attach rich content
- Assign ticket and tasks to owners. Link and manage other participants
- Capture and store all communications
- Provide knowledge management or link ticket to objects in knowledge management system
- KCS-compliant capabilities e.g. to rank and improve knowledge
- Create an audit trail of the ticket history
- Embed business rules (hard) and guidelines (soft) in functionality
- Create a digitally signed archive package on close
I don't think you will find many of those. Don't over-invest in trying to create one until the ACM practice is mature.
I believe ITIL's Incident vs Request is not a useful categorisation of user service. I argued long ago on the IT Skeptic blog that Incident vs Request is wrong. To me an Incident is a sub-type of Request (along with a dozen or so other sub-types). This is not a natural fracture line.
We don't need to debate here whether I'm right or not in that assertion: it is an example of where I think something doesn't split cleanly and is in fact distracting us from the best way to split service desk response (as an example of responses). Even if you want to maintain the Incident-Request division, Standard+Case is useful and important to you.
S+C suggests a Response taxonomy that differs from ITIL Request in several ways:
- Responses are a generic entity type which is further broken down into types of response, which are child objects inheriting properties of the parent.
- Responses cover Request, Incident, Problem, Change, Event.... any "ticket" which requires a human response
- Incident is one type of Response, not a totally separate "bucket"
- ITIL says all requests should have a model (although it also says "some" in places). S+C says only Standard requests do.
- When I remember to, I call them Response rather than Request to make the distinction
Standard+Case suggests a new taxonomy in the sense of categorising tickets, but it is not displacing the categorisation by ticket type, it is at right angles to it: I'm talking about a categorisation of how we deal with tickets not classify them
Any one of the classes of Response that we use in order to decide WHAT action is required, can then be categorised by HOW we are going to deal with it: Standard process or Case management. For example many Provisioning (Access) requests will be Standard, but occasionally they will be unusual and need to be dealt with as a Case. Conversely perhaps fewer requests for Help will be Standard, and many will need individual attention as a Case.
None of these categorisations should be overly visible to the user. We don't need to tell them that "I am going to handle that as an Incident, in fact a Standard Incident". As far as users are concerned they are all Requests or Responses or Tickets or whatever you want to call them. (Occasionally we do need to explain why we are handling this request different to his last one because it is a different type)
It would be good to gather some generic samples or templates of the following:
- Case policy
- case record document
- case report
- a procedure
- inputs checklist
- outputs checklist
Links to Case Management
More about Case Management:
Switzerland Case Management Network reportedly has excellent resources, though everything seems to be in German or French. Webpages are readily translated by Google, but PDFs are more problematic.
Capabilities and Levels of Maturity in IT-based Case Management important academic paper including the C3M maturity model
Workflow Management Coalition excellent online description and resources
Mastering the Unpredictable: How Adaptive Case Management Will Revolutionize the Way That Knowledge Workers Get Things Done, Swenson;Meghan-Kiffer Press; 2010 (Amazon book) Has some really useful content but the book is about technology solutions to what I maintain is not a technology problem. in true IT fashion this book tries to solve ACM with tools - tools should always only have a supporting role. (Nor is it terribly well edited: more a collection of essays)
Wikipedia on Advanced case management (not terribly good)
Case Management; Kitson, Ravisanskar, Soudamini; CapGemini 2012
There is a Case Management Body of Knowledge, accessible online by annual subscription. It is focused on health and social welfare cases: cases dealing with people. As such, the usefulness for IT is limited.
There is an accreditation, CCM (pdf), also focused on health and human care professionals, and focused on the practices and laws of the USA. You pretty much need to be a licensed American nurse to sit it: it is useless for our purposes.
Similarly The Case Manager's Handbook, Fourth Edition is focused on the health industry. I haven't read it. It rates highly on Amazon.
The Case Management Societies of America/Australia/UK are also focused on health. So is the American case Management Association. And so on.