Obsolescence Risk Management

Learn why obsolescence risk management matters, how to discover risks associated with obsolete technology, assess their business impact, and efficiently manage and remediate them with SAP LeanIX.

Overview

SAP LeanIX helps you gain a holistic overview of your application landscape's obsolescence risk exposure. It creates transparency and offers a deeper understanding of your organization's technology layer by assessing interdependencies and the business impact of unaddressed risks. This empowers you to make informed decisions in managing obsolescence risk effectively.

Below, we explain the typical business drivers for obsolescence risk management initiatives and how you can use SAP LeanIX to realize this use case. You will learn step by step:

  • Why obsolescence risk management matters to a business and IT team, and which data points you need to kick-start this use case
  • How to build the technology inventory in SAP LeanIX with various integrations and enrich data for effective assessment
  • How to discover risks, assess their business impact, and prioritize them for resolution
  • How to set up and track obsolescence risk management process and report relevant key performance indicators (KPIs) to critical stakeholders

What is Obsolescence Risk Management

Obsolescence Risk Management is the process of identifying, evaluating, and mitigating the risks associated with technological obsolescence. It involves assessing the potential impact of outdated technology on an organization's operations, financial health, and reputation. This process typically includes:

  • Identification of obsolescence risks: identifying technologies, systems, or components that are approaching or have reached the end of life or lack active support
  • Assessment of impact: evaluating the potential consequences of technological obsolescence on business operations, including the risk of system failures, security breaches, and regulatory non-compliance
  • Planning for remediation: planning and establishing a risk dispensation program for risks that cannot be remediated in a timely fashion due to criticality, budget, or constraints in deprecation/replacement
  • Implementation of mitigation strategies: prioritizing the identified risks based on impact and implementing measures to mitigate them, including upgrading or replacing obsolete technology, establishing risk management frameworks, and ensuring compliance with relevant standards
  • Monitoring and review: continuously monitoring the technology landscape for emerging obsolescence risks and periodically reviewing and updating obsolescence risk management strategies to ensure their effectiveness

Why is Obsolescence Risk Management Relevant

Obsolete technology no longer maintained or supported carries the risk of breaches, increased downtimes, and system crashes. These issues can result in financial losses, damage to reputation, and regulatory consequences.

Effectively managing obsolescence risk ensures that you maintain visibility and awareness of the age, condition, and security vulnerabilities of the technologies within your portfolio. With clear insight, you can strategically mitigate risks in your portfolio by identifying which applications are at risk, which business capabilities are vulnerable, and what actions are needed. You can allocate budget and resources efficiently to address aging or vulnerable technologies before they become urgent issues for your organization.

The following typical business drivers can initiate an obsolescence risk management use case. These are not mutually exclusive, and the focus depends on the individual circumstances and strategy of an organization:

  • Gain transparency on obsolete technology
  • Assess exposure to revenue and customers by understanding the business impact of obsolescence risk
  • Minimize technology risk and debt by removing end-of-life and legacy technologies
  • Ensure business continuity and competitiveness by removing redundant and outdated IT components
  • Make informed application rationalization decisions by aggregating technology obsolescence risk to the application level
  • Free up the budget for innovation by allocating resources wisely and efficiently
  • Build a tech stack that remains relevant, effective, and functional over time

Which SAP LeanIX products are needed for Obsolescence Risk Management

The following SAP LeanIX products help you assess your application portfolio, build a technology inventory, and identify, address, and monitor obsolescence risk management efforts:

  • SAP LeanIX Application Portfolio Management is the base product necessary for building a comprehensive inventory of your IT landscape. With Application Portfolio Management you establish relationships among all necessary architectural elements to understand dependencies and structure within IT and business. It enables you to analyze and assess the business criticality, functional, and technical fit of applications, aiding in the prioritization of risks. Using various pre-defined reports, you can effectively monitor the application landscape for emerging obsolescence risks. SAP LeanIX Technology Risk and Compliance further enriches obsolescence risk management efforts by providing specific, powerful functionalities.
  • SAP LeanIX Technology Risk and Compliance helps you build your technology inventory, offers capabilities to proactively identify and assess current and future security risks caused by outdated components, and enables you to mitigate these risks effectively. Through integration with ServiceNow, the product automates the discovery of IT components and applications to build technology inventory swiftly. Furthermore, the product provides access to IT components data in the reference catalog, automating the retrieval of lifecycle and end-of-support information for IT component fact sheets. Additional obsolescence risk management views in reports and dedicated obsolescence risk management dashboard help you to plan, prioritize actions, and monitor identified risks that need to be addressed.

How to Manage Obsolescence Risk with SAP LeanIX

The below step-by-step guide outlines how you can run your first technology risk assessment in SAP LeanIX.

Prerequisites

  • To start with your obsolescence risk management use case, ensure you have built an application repository in SAP LeanIX as part of the Application Portfolio Assessment.
  • Begin by focusing on the application and IT component fact sheet types. Additionally, you can consider business capabilities and organizations if you plan to prioritize the identified technical risks by focusing on your most valued business capabilities or business units.

    📘

    Note

    It is important to understand how obsolescence risk is calculated when defining your fact sheet structure and relationships. Properly setting up these relationships ensure that they are included in the obsolescence risk calculation. Obsolescence risk is calculated based on the lifecycle status of the underlying IT components that support your applications. For more details on how the risk is aggregated, see Obsolescence Risk View Aggregation.

  • Identify the scope and stakeholders for risk management initiatives. Align with them to determine the insights and decisions needed from each stakeholder, including leadership in IT and business, and establish a clear process for obtaining it.

Step-by-Step Guide