Guiding Design Principles
Guiding principles are used to capture the fundamental, underlying truths about how an organisation will utilise and deploy business and digital systems assets. The principles, with College policies, provide a framework to guide decision-making and help explain and justify why certain College and IT decisions are being made or need to be made.
Purpose of the Guiding Design Principles
These principles can be used in a number of different ways:
- as an effective framework that an organisation can use to make conscious decisions about its business, management style and structure and how it uses digital systems;
- as a guide to establishing relevant evaluation criteria and thus exert a strong influence on the selection of suppliers, partners, components, products or product architectures;
- as drivers for defining the functional requirements of an enterprise-wide architecture;
- as a tool for assessing both the existing environment (including IT systems, organisation and management practices) and the future environment (e.g. a strategic project portfolio) for compliance with the future desired state. These assessments will provide valuable insights into the transformation activities needed to implement the principles, in support of College’s goals and priorities.
The principles will always include a defined motivation/rationale and implication statements:
- The motivation or rationale statements highlight the value to the business of implementing the principle. They provide a basis for justifying all related activities, for example, the implementation of an Enterprise Architecture, or the implementation of a Security Framework.
- The implication statements provide an outline of the key tasks, resources and potential costs to the business of implementing the principle. They also provide valuable inputs to future transition initiatives and planning activities.
The ten guiding design principles
Principle 1 – The College will collaborate to produce and maintain an integrated strategy
College aspires to excellence; this requires coordination of expertise from across the education, research and support functions to create an integrated strategy that will motivate the College community.
Combining demand and supply planning with strategic goals will increase the likelihood of realisation; planning for digital systems is a collaboration between ICT and the College.
- Digital strategy must be integral to the College strategy in support of College aims.
- ICT’s role is to engage with the College to provide digital leadership.
- The ICT service portfolio must be driven by College strategy.
- ICT should be able to report on progress against an agreed strategy.
- ICT must facilitate strategic communication with the College.
- There must be a visible process by which the digital strategy can be developed.
- There must be an agreed review and approval process for the digital strategy.
- The ICT strategic planning process must be traceable over time.
- ICT must work to help the business understand the need for an integrated digital strategy.
- The progress and benefits of the digital strategy should be reported back to the business.
- Investments of time and resource must be aligned with business strategies to maintain or enhance College societal impact and reputation.
Principle 2 – Services should be delivered in a societally friendly manner
Imperial aims to be socially and environmentally responsible.
Digital services should be designed to support the College in making a positive societal contribution and lowering College’s impact on the environment.
- Continue to make the College an attractive institution for study, research, business, and sponsorship.
- Support the College in making a positive societal impact.
- Support the College environmental policy.
- Support the College drive towards environmental responsibility.
- Ensure that ICT can report that procured services are supplied in an environmentally responsible manner.
- Support legislation aimed at reduction of environmental impact.
- Understand the true societal cost of a service.
- Societal impact and environmental responsibility must be part of tender and vendor evaluation, amongst other non-financial evaluation criteria.
- Investment should be made in ways to measure our societal and environmental effect that can be reported to the College.
- Planning for change should consider the associated societal and environmental impact.
Principle 3 – An Enterprise Architecture will guide the planning, design, deployment and management of digital services
Investments of time and resource are aligned with business strategies to maintain or enhance the College’s global reputation and standing.
The College is a complex 'system of systems' involving interactions across and between people, processes, information and technology. An appropriate framework and controls are required to ensure investments produce the desired business value and outcomes.
- Enterprise Architecture enables development of an effective digital strategy aligned to business benefits.
- A governance framework translates business strategies into design principles.
- Decisions must be made within the context of wider understanding of College objectives.
- The consequences of digital development can be far reaching in terms of time and cost, ICT must ensure these factors are taken into account.
- Digital service design and development should be governed to ensure it delivers the desired business value.
- There must be clarity of authority for making changes to services and infrastructure.
- Design principles should be commonly understood and clearly related to College objectives.
- Investment decisions must be governed by the Enterprise Architecture.
- The Enterprise Architecture must be maintained so it always reflects business strategies and objectives.
- The authority and value of the Enterprise Architecture must be clearly understood.
- There must be clear understanding of roles, responsibilities and authority.
- The Enterprise Architecture must be available to all.
- The Enterprise Architecture and its component principles etc. must be clearly communicated both inside and outside of ICT.
Principle 4 – Compliance with the Enterprise Architecture delivers the services users need
To promote user productivity across the College, digital services should be consistent, easy to use and encourage wide adoption.
ICT must act collectively with shared goals and deliver consistent, coordinated services that provide value to its users.
- Without uniformity at this foundational level it will be impossible to achieve College-wide strategic goals.
- Without an architecture that is enterprise-wide in its scope, local teams driven by local requirements will develop in different, and potentially opposite conflicting directions, leading to inconsistent and inefficient services.
- Enterprise Architecture enables the realisation of the institution's digital objectives.
- The means and rationale for governing and ensuring compliance to the Enterprise Architecture must be established and understood.
- Specialist needs must be considered and included within all digital planning and decision-making, however local strategies cannot supersede College strategies.
Principle 5 – ICT delivers integrated digital services to the business, not technology projects
The business receives the full benefit from IT investments.
The presentation and use of digital services should not require knowledge of the underlying technology.
- The ultimate goal of digital projects and initiatives is to change the way College operates for the better.The goal is not to deliver technology that the users must then figure out how to use and integrate into their existing processes and culture.
- Increase productivity and utility of digital services for College users.
- Improve the user and College perception of digital systems.
- Improve staff retention by providing easy to use digital services that contribute to people’s work life.
- Reduce the amount of user training by maintaining a consistent user experience.
- Reduce service proliferation and encourage wider adoption of supported digital offerings.
- Encompass College-wide initiatives in the utilisation of people, process and technology.
- End user needs must be gathered and included in design considerations.
- Verification methods should be used to prove that services meet user expectation before going into service.
- Requirements for digital services must be clear, either through detailed requirements specification or through College stakeholder involvement in the project.
- ICT should better communicate the benefits it believes digital systems can bring to the College.
- The user experience must be consistent across Imperial digital systems.
- Digital services will be designed and implemented with the aim of making life easier for College users.
- Digital projects and initiatives to deliver services to the College must be scoped and funded to consider all aspects of the Service Lifecycle (Design, Change Management, Training, Use, and Decommissioning) to be effective.
- Digital projects and initiatives to deliver services to the College must not define success as delivery of technology but the use of the technology productively. Standalone technology projects are unlikely to be prioritised highly.
- IT investment projects must consider the business change process to obtain the full benefit of the investment.
- Service requirements must revolve around how College stakeholders want their operations to run.
- Non-comprehensive services may be retired or replaced.
Principle 6 – Technology will be used flexibly in response to changing business needs to gain and maintain a competitive advantage
The College exploits new opportunities while efficiently supporting existing business processes.
ICT will be responsive to both new requests for services and changes to existing requirements and will aim to support the College by being flexible in its choice of technology.
- Provide the College with agility in deployment of its service offering.
- Ensure that ICT is innovative where necessary to advance business capabilities.
- The response to education, research and support function needs will vary due to the diverse nature of their requirements.
- The College must be able to communicate its priorities to ICT.
- ICT must understand the business needs and report progress in meeting the requirements put before it.
- Services must be designed with flexibility to allow for changing business uses.
- ICT must be capable of moving quickly, providing a rapid response to urgent requirements.
- ICT should consider innovative solutions for new College requirements.
- Technical debt must be proactively managed to ensure longer term agility.
Principle 7 – Changes are driven by an assessment of the business benefit of implementation and the business risk of not making the change
New or changes to investments can be justified by clear business drivers.
Business justification supports all investment.
- All changes should be able to demonstrate measurable business benefits.
- Change activities should have clear lines of sponsorship and approval.
- Resources have a value and should be prioritised accordingly.
- Changes should not be driven simply by the availability of new technology.
- ICT cannot undertake work without approved business justification.
- ICT must be competent in the development and assessment of business cases.
- Prioritisation mechanisms must consider the benefit of a change and the risk of not making it.
- College management support will be required to ensure that work that is evaluated as having little benefit can receive a low priority or can be rejected.
- Governance, roles and decision making processes must be documented and understood.
- The benefits of a change must be measured and used to inform future decision making.
- Bold consideration should be given to risk where change may lead to innovation and competitive advantage.
Principle 8 – Digital services will be designed to support and comply with College policies
All digital services must operate in compliance with College policies.
Digital services are appropriately governed.
- The College is exposed to risk if regulatory and legal obligations are not met.
- The College requirement to influence behaviour will not be met.
- Documented processes and services are easier to maintain.
- To understand regulatory and legal obligations, ICT must have access to appropriate College policy owners.
- ICT must be aware of all relevant laws, policies and regulations which are specific to ICT activities.
- Compliance must be considered as part of the project scope and may impact time and cost.
- Digital service design signoff must include a College policy compliance check.
Principle 9 - Changes to digital services will be assessed for their risk to the College before implementation
Ensure business continuity is maintained.
Uphold College's confidence in the provision of digital systems and the ICT delivery organisation.
- Services are integral to the automation of business processes.
- Changes to digital services have the potential to disrupt College operations.
- ICT must mitigate the risk that changes will be made 'in a vacuum', i.e. without fully understanding the potential impact of the change on the broader College environment.
- The College must have effective change management processes to ensure changes are appropriately assessed before implementation.
- Changes should be appropriately tested and piloted. The extent of testing and piloting may vary depending on the scope of the change.
- The end user must be considered as a component of any change to ensure adequate training and guidance is provided.
- The rationale, intent, and other relevant details of a proposed change should be understood in order to balance the risk of the change against its benefit.
- ICT staff and management, as well as College stakeholders, must accept the potential for challenged or rejected change proposals and delays caused by the review process.
- ICT needs to understand the components of services and the relationship between them to be able to assess the impact of changes
Principle 10 – Flexible security measures and controls will balance business benefit against the assessed business risk
College's information and processes must be appropriately secure for it to work effectively; inspire confidence and maintain its competitiveness and reputation.
Security measures must be sufficiently flexible to meet the goals of the College and shall be properly assessed, justified, implemented and upheld.
- Security is a necessary component of College and digital systems processes; we must be clear about, evaluate and justify how and what we implement.
- Security measures must enhance and enable College activities rather than hinder them.
- Security measures should be implemented to reduce risk and to enable new activities.
- Security measures need to be flexible; security is not an end in itself but a property of College activities.
- Prevention of innovation or collaboration within the College is a security failure that can have an impact as serious as any other security failure.
- ICT must not undermine the security of the College.
- ICT must not unreasonably hamper the College through the application of security.
- ICT must understand the business attributes required and desired by the College.
- ICT needs a mechanism for understanding and evaluating business and technical risks.
- Security measures need to be justified and scrutinised.
- Security measures should be traceable back to College goals and requirements rather than implemented due to 'habit'.
- 'Best practice' security measures might not be best for the College.
- ICT must be able to describe the level of security offered by the digital services it delivers.
- ICT will need to understand where a benefit for one part of the College introduces an unacceptable level of risk for other parts of the College.
- ICT must be willing to modify existing security measures where appropriate and remove those which are no longer valid.
- Services may need to be delivered across multiple policy domains.