Obsolescence Risk Dashboard

LeanIX offers out-of-the-box dashboards to support users in specific use cases, e.g., Technology Risk Management.

This dashboard is only available to customers using the LeanIX Technology Risk and Compliance product.

Dashboard Structure

The Dashboard consists of four areas:

  1. Applications - Unaddressed Obsolescence Risk
  2. Applications - Addressed Obsolescence Risk
  3. Unaddressed Obsolescence Risk - Details
  4. Data Completeness

General features of the Dashboard

KPI calculation
All KPIs are calculated on a daily basis and are archived in order to provide a KPI history. KPI values are therefore never older than 24 hours.

Actionable
Users can click most KPIs to navigate to the Inventory and review the Fact Sheets on which the KPI has been calculated.

🚧

Deviating Inventory filters

Not all subsets of Fact Sheets used for KPI calculation can already be represented as a filter in the Inventory. This applies in particular to lifecycle filters. Therefore, there can be deviations between the subset of Fact Sheets based on which the KPI is calculated and the Fact Sheets displayed in the Inventory after clicking a KPI. Please note that these discrepancies do not affect the correctness of the KPI calculation. We are actively working on making these filters available in the Inventory as well.

Filters
All KPIs on the dashboard exclude Applications that are "end of life", meaning that the Application has reached the so-called lifecycle phase. The same holds for any Fact Sheet that has Quality Seal "Draft" or "Rejected". For IT Components though, we will include Fact Sheets with an "end of life" lifecycle, since these could still be in use by active Applications.

Configuration
As of now, the dashboards aren't editable. Users can create a copy of them and then edit the copies to their desire.

Applications - Unaddressed Obsolescence Risk

This panel provides an overview over the count of Applications in your organization with an obsolescence risk, i.e., Applications that are directly or indirectly (transitively) linked to an IT Component that is at the end of life.

The first KPI shows the current Applications at risk, whereas the following KPIs show the same risk projected into the future.

📘

Obsolescence Risk projections into the future.

LeanIX helps you to identify whether your company is running into a "wall of obsolescence":

Consider the following scenario: You run 10 mission-critical Applications on an IT Component, that is going end of life in 3 months (maybe first phase out, then end of life). Dealing with that outdated hardware or software should be no problem, but if the problem scales and you use hundreds of IT Components that are starting to be outdated in 3 months, your company will not be able to cope with all the obsolescence risks.

If the number increases drastically with projected time you will have to take action rather sooner than later.

The number can also be lower in a projected future since it could also be that your company is sunsetting some Applications that today pose an obsolescence risk.

Applications - Addressed Obsolescence Risk

Dealing with obsolescence is an important step in mitigating risks in your organization. Making sure to either address an obsolescence risk (e.g., through upgrading the IT Component, sunsetting the Application, migrating to another Application or IT Component - all of these could be reflected as projects in LeanIX) or accept it is the minimal decision that you should take:

  • Accepted: Maybe your Application only runs in a testing/develop/staging environment and you accept the risks of outdated software there or the hardware is linked to that old CNC machine that is still connected through serial ports and you have to accept that.
  • Addressed: The obsolescence risk is not acceptable and you need to do something, e.g. upgrade the technology.

📘

Accepted Risk

For the accepted risk, you specified once that the risk is accepted, and you usually want to leave it at that. This is why we don't project the accepted risks into the future, as the statistics behind that would be irrelevant to the process of addressing obsolescence risks.

Unaddressed Obsolescence Risk - Details

Where the first two panels provided some overview of your obsolescence status, this panel is digging a little deeper into the specifics.

Mission Critical Applications with unaddressed obsolescence risk in 24 months
This KPI shows all of your mission critical Applications that are going to have (or are having already today) an obsolescence risk. If this number is bigger than zero, you should definitely investigate which Application is affected and what IT Component is responsible for that.

At least one IT Component End of Life / Phase Out
These KPIs show the Applications that have at least one of their IT Components end of life or phase out respectively. For that, we consider only directly linked IT Components.

End of Life / Phase Out IT Component with link to 5+ Applications (today/in 24m)
These KPIs show central IT Components (as in being used by five or more Applications) that are responsible for obsolescence in your organization either today or in the next two years. For that, we consider only directly linked IT Components.

Data Completeness

This panel serves to check the data quality for the use case presented here. In order to assess the situation for obsolescence risk, it is necessary to have IT Components' data complete including lifecycles, and in an ideal world, they are linked to Lifecycle Catalog items to ensure data quality and updates on changes. Other necessities are:

  • Lifecycles on Applications
  • Links of IT Components to the supported Applications
  • Responsible subscribers on the Application FS
  • Assessing the business criticality of Applications