Over the past few years, IBM has spoken to hundreds of chief technology officers (CTOs) reflecting a cross-section of industries for a series of Architecture Decision Points reports. Clearly, business leaders recognize that technology will be a central part of delivering the future enterprise. However, they are also well aware that society is looking to businesses to prove they can live by the values they espouse — and computing has a key role to play. And these same CTOs mentioned that the societal impact of technology is keeping them up at night.
For businesses, technology has a variety of interconnected impacts including unintended consequences, data risks, and appropriateness of technological uses, as well as broader environmental concerns. Leaders are worried about introducing vulnerabilities to their companies, about deploying systems with harmful biases, about how AI will be perceived internally and by the public, and about the environmental impact of using certain technologies. These issues are all connected, though they’re often discussed separately. If companies want to ensure they are responsible users of technology, they need a holistic approach.
Developed at IBM in conjunction with our CTO outreach, we have created a systemic Responsible Computing Framework that integrates environmental challenges including energy consumption and emissions with many other social and governance aspects. It is a practical blueprint that firms can use to make their IT more green, ethical, trustworthy, and sustainable. Our Responsible Computing Framework highlights six pillars that business leaders need to address for their business to become a responsible computing provider: data centers, infrastructure, code, data, systems, and impact. For each we provide several KPIs that can be used to provide comparisons.
Responsible Data Centers
The first pillar of responsible computing is the physical infrastructure you need to develop and deliver IT services — whether or not you run data centers yourself. The global power capacity of data centers has grown by 43% in the last three years, and inefficiency is a significant problem: the average server runs at 12% to 18% of its capacity but draws 30% to 60% of maximum power. The International Energy Agency (IEA) predicts that the energy use of global data centers will jump from 1% of worldwide electricity demand to more than more than 20% in just over a decade.
To measure the impact of your data centers, you need to consider the energy sources, energy use related to cooling, and water usage, and track KPIs for each. If you don’t run your own data centers, most mature cloud services providers, such as AWS, IBM, or Microsoft measure this as part of their service.
First, consider the carbon footprint, or the amount of CO2 that was emitted in generating the energy used by data centers. Consider how much carbon dioxide a data center produces every day (carbon usage effectiveness); how clean the energy consumed by the data center is (technology carbon efficiency); and how much renewable energy is generated onsite (green energy coefficient).
Next, there’s the efficiency footprint, or how optimized the data center is for its computing infrastructure. To measure this, you can look at the how much energy is used specifically by a data center’s infrastructure, how much energy in the data center is reused elsewhere in the facility, and the HVAC system’s effectiveness, or the overall efficiency of the cooling system.
Finally, there is the amount of water used by data centers as part of their operation, or water footprint. This requires breaking down how water is used, considering infrastructure, power generation, and how much gets recycled for other purposes.
By having a clear picture of your power sources, cooling, and water usage of your data centers, business leaders can start to critically think about addressing the issue. How can you move to sustainable energy sources? How can you use carbon offsets? Would moving your infrastructure to a cooler climate save energy? Could you use the heat generated by your infrastructure for another purpose? How can you save water?
The second pillar is reducing the environmental impact of computation. This requires that you assess the whole computing ecosystem you work in, not just your own infrastructure, including the hardware, software, and networks required to develop, test, deliver, monitor, control, and support IT services. While most manufacturers share this information when asked, there are also multiple industry initiatives, such as from the International Telecommunication Union, to standardize data and develop best practices.
First, consider the computing hardware in use now. This can be measured by power usage KPIs, such as the average electricity consumption per hardware unit, how often computing hardware is used, and the proportion of hardware in use over a month compared to what is installed.
Next, you need to understand the greenhouse gas emissions per unit of hardware, or unit carbon footprint. This KPI measures the total greenhouse gas emissions generated by a single hardware unit over the different stages of its life cycle — from the original extraction of resources through manufacturing of precursors and the making of the unit, its operation, and then the emissions of disposal once it is superseded.
Finally, measure the amount of waste that computing generates. This can include how much hardware is sent to landfill versus refurbishment, reuse, resale, or salvage (e-waste rate). It can also feature an assessment of your plastic footprint, calculated either by the total weight of plastic used or by the types of plastic polymers used, and their potential end destinations or likelihood of being recycled.
Once you have considered your infrastructure, you can start to consider actions to address your computing impact. What technologies could you use that reduce power per unit? How can you get more bang for your buck — for example, through consolidation, rationalization, or removing systems you don’t use? How about using your spare capacity for other purposes? How can you recycle or reuse more effectively?
The third pillar is the efficiency of your code, and the potential environmental, societal, and economic impact of the code in use. This involves bringing responsibility to the level of individual developers and ensuring the development of responsible design principles or architectures that will help them make the right choices.
Key to understanding how responsible code works are “function points,” which are a way of expressing the amount of business functionality that code provides. There are a wide range of software tools (both open source and commercial) that can assist organizations in their analysis.
Start by measuring how efficient the function points are, such as page size or HTTP requests per process. You should also measure the carbon impact of each function point — the electricity consumption for an entire system, individual function points, or even for individual processes within a function point. Measuring the security of function points, such as the number of identified vulnerabilities, is also vital.
Second, take a close look at your code architecture. How scalable is it? How easy is it for the code to be moved to another platform? The time taken or cost to integrate function points in one system with ones in other systems is also a valuable KPI.
Finally, measure the quality of your code — for instance, the number of defects per function point — and its maintenance and rework attributes. You should also measure the reliability of your code, such as the average uptime per quarter for an entire system, function point, or even individual process.
Once you understand the efficiency of function points, as well as the overall architecture and quality then you can start to consider how to improve. Should you use open or proprietary code? How secure is your code? How open is your code? Does making code reusable do more harm than good? Could you reduce the resolution of calculations through approximate computing?
The fourth pillar of responsible computing is the privacy, transparency, sharing, and acquisition of data. This pillar directly addresses your duty to understand the ethical, legal, and social responsibility of processing data across its lifecycle and allows the leader to take or delegate ownership and accountability on the protection and privacy of the data and its usage.
Thankfully there is significant work going on in this area, and we suggest one KPI: the Responsible Data Maturity Model which provides insight into how data is being managed in your business across 15 domains (awareness & capacity, policy & governance, accountability, partnership, inventory, privacy, legal, risk, minimization, transfer, security, sharing, combining, retention, and incident response).
With this analysis you can understand how each domain can be improved, and also how to track improvement. Do you have sufficient data governance in place? Are you aware of all the data that your business is responsible for? Who is responsible for what data? What are your current data and legal risks? How quickly do you respond to data incidents?
Responsible systems are those that are fair, accountable, and transparent. This fifth pillar asks business leaders to understand their “systems” — the integrated sets of hardware, data, code, models, and services used in work— and the ethical implications of using them. At the core of this pillar is the fairness — or bias — that the systems within your organization have, and how accountable your firm is for what those systems do in your name.
First, consider how one of your systems may discriminate against or harm people based on characteristics such as race, gender, age, or disability. Measure this through comparing the outcomes between groups. More sophisticated comparisons can recognize that groups differ in more than one dimension. Another approach can measure how many complaints are received about the system fairness and how they are addressed.
Next, determine which systems have specific individuals assigned as responsible for outcomes, and measure compliance with regulations, what means of legal redress are available, and how liable the business is for any harms that may have happened. These perspectives will help you make these systems more transparent. By having a clear picture of how fair, accountable, and transparent your systems are, you can start to critically think about addressing the issue. How can we reduce bias in our systems? How can we minimize our exposure to liability? Who is responsible for what system?
An important KPI is the analysis of the number of outcomes from the systems that are auditable, and another is how explainable system outcomes are. Furthermore, measure the number of knowledge artifacts that explain the goals, methods, and limitations of your systems.
The final pillar considers how technology can be used for good — for example, to address social mobility or exclusion. But just because your organization can do something, doesn’t mean it should. We suggest the best way to have responsible impact is to consider your computing in the context of the UN’s 17 Sustainability Development Goals (SDGs). Some impacts are more general, such as enabling gender equality in hiring (SDG 5), providing decent work (SDG 8), or reducing inequality in income (SDG 10). KPIs here can consider how IT investment has led to such impacts by looking at before and after statistics. Similarly, actions to meet climate change goals (SDG 13) can be measured through KPIs such as the carbon impact per employee, per customer, and per SKU (stock taking unit).
However, other impact measures will be specific to industries. For instance, the type of impact your IT use can have in agriculture is different to retail. Agricultural firms can measure how their IT investments have reduced the amount of water required to irrigate the crops (SDG 6). Similarly, retail firms can measure how their IT investments have enabled more sustainable consumption and production (SDG 12).
Once you have insight into how your computing impacts your performance on the SDGs, then you can start to critically evaluate how to improve in the future. How can your IT help to save lives, or improve life, in a similar way? How can you create new jobs, or help people develop new skills? How could you help speed up the response to disasters or emergencies?
The Way Forward
World events since the pandemic and geopolitics have shown business leaders very clearly that their workers need protection, and that their supply chains are shakier than they thought. That has focused attention on corporate responsibility and how we use scarce resources. In IT specifically, the new normal is all about being fast, efficient, effective, and responsible.
The task facing business leaders is to position their firms for both scale and success while taking an ethical and responsible approach to how, where, and why they use IT. The CTOs we spoke to agreed that achieving real and lasting change requires a holistic approach that encompasses every aspect of the computing ecosystem, from emissions and materials right through to ethical sourcing, data stewardship, and social responsibility work.
However, business leaders can’t do it all on their own. They need to ensure that the entire IT function is aligned behind their responsible computing vision. Every member of the IT function will need to appreciate the ethics that underpin the responsible computing vision, as well as being accountable for their actions. This will require a professionalized IT function that has both the competence to be able to deliver on the vision, as well as the inclusivity to ensure diversity of opinion.
Beyond the IT function, the entire C-suite, employees, suppliers, partners, and customers will need to be more mindful about how they consume and conserve valuable resources—which means offering them the right incentives to do so. Everyone will have a part to play: infrastructure experts and application developers, but also professionals in sales, marketing, operations, finance, procurement, and facilities.
So, it’s a big task, but the reward will be greater trust in the organization — and, ultimately, a better world.