How to make CRM work

Computerworld - Developing a successful CRM program is a journey, not a destination. Like most IT journeys, it involves the interplay of people, processes and technology under the direction of a clear road map. I have argued for some time that the correct approach to enhancing customer relationships in most companies will involve multigenerational plans of continuous improvement. This idea is now one of seven industry best practices for implementing CRM projects:

1. Drive the implementation from the business case.


2. Provide unambiguous executive sponsorship by representatives from the senior management team and appropriate stakeholders.


3. Allocate sufficient quality resources for planning, implementation and staff development.


4. Deliver the solution in digestible components as part of a long-term plan.


5. Provide tight program management with frequent milestones and intermediate measurements.


6. Use a proven delivery methodology that leverages templates, best practices and preconfigured components.


7. Mitigate risk by implementing a change management and training program.

By now, most major corporations have implemented at least a pilot version of CRM software. The success rate of these implementations has increased significantly over the past two years. According to Forrester Research Inc., "Nearly three-quarters of respondents say that they are satisfied with the business results from their CRM efforts." As companies have adopted the best practices listed above, rewards are up, and risks are down.

How IT Can Add Value
While success rates have increased, there are a number of areas where IT can add significant value to CRM initiatives.
Security

System and data security are difficult issues in today's economy. Because of advances in attack technology, it's relatively easily for a single cyberterrorist to employ a large number of distributed systems to threaten a company and its operations. The speed and sophistication of attack tools has increased as dramatically as the dependence on corporate computer networks. Terrorists may have their own plans for disrupting the Internet, but a disgruntled employee, customer or competitor can do significant damage to any company's operations.

The survivability of data and systems depends on the three R's of security: resistance, recognition and recovery. Resistance is the ability of a system to prevent or deter attacks. Recognition involves the detection of attacks as they occur and evaluation of the damage and compromise incurred. Recovery is the ability to maintain services and protect assets during attack, limit damage and regain full operations following an attack.

The CERT Coordination Center is the hub of information about computer systems security. CERT security practices provide practical, well-documented guidance that helps organizations improve the security of their networked computer systems. This ranges from survivable systems engineering models to acting