By in , ,

Episode 43 – What should an IT assessment cover?

If you’re running the best boat dealership this side of Kentucky, you can be forgiven for not having a deep knowledge of IT.  Boat motors and computers are different technology, or at least they used to be.  So, how do you make those technology decisions? IT assessments measure against your business goals.  They combine a deep understanding of your business with a deep understanding of industry best practices.  You bring your business goals and the IT consultant brings the technology know-how. Assessments help you examine where you are today, where want to be in the future, and a cost-feasible path for getting there. A good IT assessment should examine several things.  It should start with your business goals and strategy, your key stakeholders, and the environment you operate in.  Are you risk-averse or do you challenge the status quo? It will look at the risks you have to take and the risks you could avoid. Are you taking risks for convenience that aren’t really making you any money? It will look at cybersecurity, yes, and any standards you are trying to meet.  It will look at efficiency and productivity, but more importantly, effectiveness.  Do your IT systems help you achieve the service delivery your customers desire? It will look at the maturity of your processes.  When an employee leaves, does their account get shut down on time every time? It will look at the lifecycle of your data.  Can you send the wrong document to the wrong people by mistake? I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about. Episode #43 – 2/7/2019
By in , ,

Episode 42 - What does an IT assessment do?

Audits and assessments are very different things.  What does an IT assessment do?

Yesterday, we talked about how audits measure you against a specific standard.  They verify the claims you make to the rest of the world.

They don’t tell you how to run your business.  And they especially don’t define your IT roadmap.  That’s where an IT assessment comes in.

IT assessments are internal and more comprehensive.  They can help you get ready for an audit and can do so much more.

Let’s say you’re trying to decide how to improve efficiency, or you’re wondering if the cloud might be safer or cheaper than what you’re doing today.  That’s out of scope for an audit.  That’s where an IT assessment comes in.

IT assessments involve consultants and that’s sort of dirty word.  In Henry VI, when they talk about killing all the lawyers as part of their takeover, they probably could have said consultants too.  See, they still teach Shakespeare at SEC schools.

If you’re a business manager, you’re probably expert at understanding your customers and your operations.  You can be forgiven for not be an expert on the technology that gets you there.  A good IT assessment can align your IT investment with your business objectives.  You spend a little bit of money to make sure you spend a lot of money the right way.

Tomorrow, we talk about what an IT assessment should cover.

I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

Episode #42 – 2/6/2019

By in , ,

Episode 41 – What does an IT audit do?

Audits and assessments are very different things.  What does an IT audit do?

Let’s say you’re selling your business.  You’re paying your own salary like any other employee and you’re throwing off enough cash to give your business value.  How does the buyer know your numbers are legit?

You hire a CPA firm to audit your books against established accounting standards.  (As a side note, IT can be material to your business value and a CPA audit can include several pages checking it out.)

Or let’s say you want to claim ISO compliance for your manufacturing line.  Your registrar sends an auditor to check your compliance to the ISO standard.

The same thing happens in IT.

One of the local law firms achieved ISO 27001 last year to show they had established a well-controlled Information Security Management System.  That’s impressive.  After all their training and hard work to get ready, they called in the ISO auditor so they could receive the registration.

An audit measures against a defined standard.  The auditor is certified to verify the evidence that you meet that standard.

An audit takes a sample of your business.  The audit doesn’t recreate every transaction or review every process.  It samples a representative subset to see if those samples meet spec.  It verifies the claims you make to the outside world.

Now, the auditor is not going to come in and give you business advice.  You hire somebody else to do that.  We’ll discuss that tomorrow when we cover IT assessments.

I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

Episode #41 – 2/5/2019

By in , ,

Episode 40 – What are IT audits and IT assessments?

IT Assessments.  IT Audits.  Are they the same thing?  What’s the difference?

You’re going to hear these terms tossed around a lot and people mix them up.  But your auditors are going to get mad if you start calling other work an audit.  And assessments serve a business purpose that auditors don’t claim.

They’re both important and they serve separate functions.  So, let’s sort it out.

An audit shows the world that your claims are correct.  These are my financial results.  Here’s why you should believe us.  We’re ISO compliant.  Look at our badge from the registrar.

An assessment analyzes your operations, compares it to your business objectives, and helps you work through the gaps. It’s a tool for aligning your investments with your business strategy.  A good assessment draws a map of the uncharted waters ahead.

In a classroom, the assessor would be the person helping you study for an exam.  The auditor would be the person grading the exam.

On a football field, the assessor would be the coach getting you ready to play.  The auditor would be the referee deciding whether you actually caught the ball.  Or really, the person in the booth watching the replay and making the decision five minutes later.

This week we’ll take a deeper look at both audits and assessments.

I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

Episode #40 – 2/4/2019

By in , ,

Episode 39 - Are our devices listening to us?

Monday was Data Privacy Data in the US and Canada.  Friday’s email asks, “Are our devices listening to us?  And are we living in a simulation?”

Of course, they’re listening to us.  They have to.  If you ask Siri, or Alexa, or Cortana, or Google Assistant to do something, they have to be listening all along.

Computer, coffee, black.

Tastes more like Earl Grey.

If you want your computer to obey anything you say, it has to listen to everything you say.

The real question is what they do with all the sounds they collect.  While you’re talking, while you’re working, while you’re sleeping, and whatever else you’re doing with a phone nearby.

Are they using voice recognition to help you alone, or are they building a profile they use for other purposes?

With good privacy policies, you get to decide.

The second question – Are we living in a simulation?

Some math nuts concluded that the amount of information to describe the whole universe is a whole lot more than the information to describe only your life.  So, probabilistically, we’re more likely to be in a simulation.

Let’s see.

Computer, end program.

Powerpoint!  That makes so much sense.

I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

Episode #39 – 2/1/2019

By in ,

Episode 38 - How do I honor my customers’ privacy?

A band I liked in the 1970’s went back on tour.  I looked for tickets but they hadn’t announced the cities yet.  Two months later, a banner ad appeared offering tickets.  Creepy?  Maybe.  Useful.  Yes!  But who gets to make that decision?

I won’t name the band or you’ll think I’m a real geek.  The Strange Magic of seeing that banner ad…I Can’t Get It Out of My Head.

If we’re going to have an immersive and connected experience, we’re going to have a lot of personal and not so personal data out there.  If we shut it all down, the internet becomes a whole lot less useful.

On the other hand, a Facebook user in California once grabbed a picture of my youngest son as an example of a family of toothless, uneducated hicks.  Um.  We have all our teeth.

A privacy policy that drags on for 6 pages isn’t going to solve the problem.  What customers need are more granular controls about what they are allowed to do with your information.

As your firm takes a pro-privacy stance, you’ll work through your legal and your business requirements – what you’re required to do and required not to do, and all of the policy decisions between those rails.

You’ll want to give choices as data is collected.  And you’ll want to let them update their choices over time.  You’ll give choices about how you use the information, who you can share it with, and even whether you can continue to keep it.  In some cases, you can’t give choice.  If former employees ask you to delete their employment records, you might want to check with an HR lawyer first.

Of course, all of this depends on keeping data in an organized fashion.  Turn back to our series on Data Governance from a couple of weeks ago.

Tomorrow, we ask whether are devices are listening to us?

I’m Carter Edmonds with 20CREEK.  We help you build IT you’ll brag about.

Episode #38 – 1/31/2019