<img height="1" width="1" src="https://www.facebook.com/tr?id=1758628641118349&amp;ev=PageView &amp;noscript=1">

How to Perform a Technology Risk Assessment

Posted by Laura Mauersberger

How to Perform a Technology Risk Assessment
Sometime at the beginning of the year, the Head of Infrastructure of a manufacturing company walks into the CIO’s office:  “I just had Oracle on the phone. We have a problem”, he said. “Why is that?”, asks the CIO.

“We need to get off that Version 11 Database. They are going to waive premium support and the security risk is no longer acceptable”.

“Uh, ok… What does this really mean?", asks the CIO looking puzzled.

The head of infrastructure starts to explain: “The migration will have quite a few ripple effects, and the new version requires a newer server operating system. That means some of the older servers need to be replaced. I suspect that a large number of applications will be affected, and migration from the older ERP legacy systems will be tricky. I cannot promise that we will make it without any production downtime.”

With a worried expression, the CIO mutters, “I wish you would have told me that before the budget planning two months ago…” Source

If you are researching how to do a technology risk assessment, this story is probably already familiar to you.

Here are 5 steps to a complete technology risk assessment.


Step 1: Get a complete list of the applications you use

Hopefully, you have been documenting your applications over the past year. If not, I would suggest first reading our 9 Rules and Guidelines for Application Rationalization.

Without an overview of your current application landscape, it does not make sense to start a technology assessment. You wouldn’t start baking a cake without a list of ingredients, right? As a first step, you need to collect a list of all the applications you are currently using in your enterprise.


Step 2: Assess the software versions that are in use

The next step is to find out what software versions are being used.

As a best practice, we recommend using a technology stack to group your software. You can also tag your software (manually or using out-of-the-box LeanIX tags) to reference them in the future.

In the screenshot example below, you can see that we have tagged them via the Candidate, Leading, Exception, Sunset model.

Assess software versions in use for technology risk assessment

Step 3: Assess servers and data centers in use

This next step is similar to the previous ones. We recommend again to assign a technology stack to each server and data center.

In this step you should also verify the data. For example, you can check where your servers are located by using an IT component location report.

Assess servers and data centers

Step 4: How to link software and servers to applications

After having collected and verified all of the data in the previous steps, it is important to now create the link between software, servers, and applications.

This lets you later understand the dependencies between these objects, and thus avoid situations like the one previously described.

Best Practices to Define Data Objects [Poster]: Learn best practices on how to  model data objects and achieve your data map quickly! »


link software and servers to applications - technology risk assessment

Step 5: Find out how technology affects your business

You made it to the final step. Now it’s time to find out what technology risk actually means for your business and the benefits of assessing technology risk.

Benefits of technology risk assessments

There are various benefits to this. Amongst them are:


Reducing costs

Find out what the best technologies are by assessing the functional fit of each IT component and the business criticality. This lets you opt for a standard across regions or offices, thus reducing redundant applications and/or technologies. For example, why would we use Oracle and MqSQL? We would be paying for both, when one of them could be suitable for the entire organization.  

reduce costs with technology risk assessment

Reducing risks

What happens when we haven’t updated our software to the latest version? Or even worse, why we are using five different versions? This could be due to an underlying technology.

Other applications dependant on an underlying application could eventually lead to a snowball effect of errors throughout the entire organization. It is crucial to identify and understand which underlying technologies exist, their lifecycles, and any software dependencies.

Technology Obsolescence — Benefit from Technopedia lifecycle catalog to avoid  risks [Whitepaper]: Learn how to manage technology risks, from lifecycle to  business impact. »
increase agility with technology risk assessment

Increasing agility

One of the topics that most companies battle with is standardization. When we do not have clear standards defined, things get chaotic fast. Once these standards have been defined, we must also make sure that they are being followed.

Ideally, one should not have to go door to door assessing, for example, how well stakeholders are adhering to IT security standards. To acknowledge this, we recommend using surveys.
assess technology risk with survey

You can either use a tool, such as Surveymonkey or use the LeanIX Survey feature, which automatically imports all answers into the tool, ready for assessment.

For more information, read our whitepaper on the topic.


Technology Obsolescence: Benefit from integration with Technopedia lifecycle catalog to avoid risks