Posts Tagged ‘IT Assessments’

Business Wake-Up Call: Are You Prepared?

Tuesday, September 6th, 2011

Businesses in the Northeast are still feeling the devastating effects of Tropical Storm Irene.   Just a few weeks prior, a mild earthquake struck the Mid-Atlantic region and caused structural damage; people are still rebuilding.  And then there were the tornados striking the South and Midwest. This is your wake-up call folks! 

Were You Prepared?
How did you fare after the tragic floods resulting from Irene? Were you prepared for questions from your executives when the news came in regarding Hurricane Irene and subsequent 100 year floods?

  • Did you think to reach out to suppliers and employees in the region to begin the situation assessment? Or to stock up on needed resources before the flooding? Were you able to deliver products after the event or were there disruptions in your supply chain?
  • Did you think about engaging procurement and human resources as partners to determine the impact of the disaster and potential exposure?
  • Did you prepare to field questions from customers, business partners, and concerned family members?

Based on my experience watching organizations react to crises and other disruptive events, it’s common to see executives and those assigned Disaster Recovery and Business Continuity activities do the following:

  1. Get caught up as witnesses, watching the drama play out in the news just like everyone else, without always connecting the dots as to how the event may impact the organization’s interests. (This is where having a Disaster Recovery Plan would be of vital importance or having a person on staff whose sole responsibility is Disaster Recovery or Business Continuity Planning.)
  2. Focus (almost exclusively) on the day-to-day planning process, rather than taking an active role in participating in the response, including the situation assessment process.
  3. Fail to reference business impact analysis and risk assessment-related information in a potential crisis in order to judge possible exposure — what may be affected.( Ok – so you may not have this in place, but perhaps enough of a wakeup call has been issued and now your company realizes the time is right to conduct a business impact analysis and risk assessment.)

September is National Preparedness Month.  Now is the time to either create your Disaster Recovery Plan or update your plan if you have not done so recently. Another hurricane and even more tornadoes are currently on the weather radar…don’t wait!

Patrick R. Dunn, CBCP, CISSP
Consonus Practice Manager – Disaster Recovery & Business Continuity

Four IT Assessments and Why Your Business Needs Them

Tuesday, September 21st, 2010

IT assessments, in general, can maximize your technology efforts, ensuring you get the most for your investments. However, there are many types of assessments and all are not created equal. When IT budgets are being cut left and right, here are four IT assessments that will serve your business well now and into the future.  

Business Impact Analysis/Risk Assessment
A vital part of an organization’s disaster recovery plan, a Business Impact Analysis (BIA), sometimes called a Business Risk Assessment, is an information-gathering exercise designed to methodically identify the processes performed by an organization, the resources required to support each process performed, and the possibilities and impact of process failures on business operations. This provides a solid foundation for developing a business continuity strategy, allowing the organization to continue to perform critical processes in the event of a disruption.

Data Center Management and Operations Assessment
This assessment provides strategic planning for people, process and technologies in and around the data center. Making tactical changes in how the data center is administered and managed can result in significant cost savings.  A holistic approach is necessary when analyzing data center assets; business goals, objectives, and requirements need to be considered in order to provide actionable recommendations.

The business need is related to the operational process around data center management and operations. Streamlined processes improve how the data center is managed on a daily basis from compute infrastructure requirements to decommissioning of assets and all the operational processes performed in between. Cost savings in deployment, consolidation, virtualization, and management of assets provide significant cost savings in asset inventory, support contracts, and maintenance costs. There are also overall reduced data center operating costs savings derived from reduced cooling, power, and space requirements once recommendations are implemented.

Data Protection Assessment
Through qualitative and quantitative information, this assessment identifies key gaps in asset protection and data security while offering recommendations for immediate improvement as well as long term strategic business continuity considerations.  The ultimate goal is to deliver a data protection plan that prioritizes customer requirements, maps IT technologies and processes to business drivers, and delivers actionable solutions to successfully minimize risk.

Virtual Infrastructure Assessment
Using capacity planning tools to collect and analyze performance and utilization metrics in the IT environment, a virtual infrastructure assessment measures and tunes server, storage, network, and application performance against business and service requirements.  Opportunities for IT consolidation are identified that focus on manageability, availability, cost, and risk.  Cost savings and real efficiencies are not automatic with deployment of virtualization.  Effective processes and controls must be in place to gain these advantages regardless of where a business is in the virtualization adoption lifecycle.

IT Assessments: Have you had your IT physical lately?

Monday, September 13th, 2010

When was the last time you had a physical? Most of us are good at scheduling a physical each year.  After all, we want to make sure we’re healthy and no unexpected medical surprises come up, right?

Now…when was the last time your business had an IT physical?  Yeah, I thought so. You probably can’t remember or some of you might never have had one. Tisk. Tisk.

Just like an annual health physical, your IT infrastructure should be analyzed for problems and performance issues to ensure the technology is current and running at optimal levels. The best way to do this is through organizational assessments.

Business assessments are used to educate and help managers better understand what is working well and where to focus improvement efforts. Assessments are also effective at helping identify and communicate priorities to various stakeholders while monitoring progress over time.

But the real value of assessments is in their ability to optimize performance – to improve outcomes and drive tangible organizational results. The benefits can be significant. For example, Consonus Assessments have yielded the following outcomes:

  • Saved a New England Hospital $150K (compared to imaging vendor’s proposal) in storage by defining the core storage and data needs and generating an RFP 
  • Saved a biotech research firm $100K in Tier I storage capital expenditures by identifying and migrating stale or duplicate data 
  • Improved data management efficiencies at an academic institution as they transitioned from a mainframe to Unix ERP 
  • Saved a major bank $100K in fines by providing a roadmap for DR as required by compliance regulations 
  • Benefited numerous corporations in designing resilient, scalable storage architectures
  • Saved US government entities millions of dollars in improved efficiencies through consolidation

Take advantage of the assessment tools available to save your business big money — schedule an IT physical today!

Disaster Recovery Best Practices

Friday, June 18th, 2010

 For those who need a refresher course in disaster recovery, here are standard disaster recovery best practices according to the Disaster Recovery Institute.

1.  Program Initiation and Management
Establish the need for a Business Continuity Management (BCM) Program, including resilience strategies, recovery objectives, business continuity, operational risk management considerations and crisis management plans.  The prerequisites within this effort include obtaining management support and organizing and managing the formulation of the functions or processes required to construct the BCM framework.
2.  Risk Evaluation and Control
Determine the risks (events or surroundings) that can adversely affect the organization and its resources (example(s) include: people, facilities, technologies) due to business interruption; the potential loss from such events can cause  the controls needed to avoid or mitigate the effects of those risks.  As an outcome of the above, a cost benefit analysis will be required to justify the investment in controls.

 3.  Business Impact Analysis (BIA)
Identify the impacts resulting from business interruptions that can affect the organization and techniques that can be used to quantify and qualify such impacts. Identify time-critical functions, their recovery priorities, and inter-dependencies so that recovery time objectives can be established and approved.

 4.  Business Continuity Strategies
Leverage the outcome of the Business Impact Analysis and Risk Evaluation to develop and recommend business continuity strategies.  The basis for these strategies is both the recovery time and point objectives in support of the organization’s critical functions.

 5.  Emergency Response and Operations
Identify an organizations’ readiness to respond to an emergency in a coordinated, timely and effective manner.  Develop and implement procedures for initial response and stabilization of situations until the arrival of authorities having jurisdiction (if/when).

 6.  Business Continuity Plans
Design, develop, and implement Business Continuity Plans that provide continuity and/or recovery as identified by the organization’s requirements.

 7. Awareness and Training Programs
Prepare a program to create and maintain corporate awareness and enhance the skills required to develop and implement Business Continuity Management.
8. Business Continuity Plan Exercise, Audit and Maintenance
Establish an exercise/testing program which documents plan exercise requirements including the planning, scheduling, facilitation, communications, auditing and post review documentation.    Establish a maintenance program to keep plans current and relevant.  Establish an audit process which will validate compliance with standards, review solutions, verify appropriate levels of maintenance and exercise activities and validate the plans to ensure they are current, accurate and complete.
9. Crisis Communications
Develop and document the action plans to facilitate communication of critical continuity information.  Coordinate and exercise with stakeholders and the media to ensure clarity during crisis communications.
10. Coordination with External Agencies
Establish applicable procedures and policies for coordinating continuity and disaster recovery activities with external agencies (local, regional, national, emergency responders, defense, etc.) while ensuring compliance with applicable statutes and regulations.

Patrick R. Dunn, CISSP, CBCP
Principal Consultant – Disaster Recovery & Business Continuity

The Value of Project Management

Wednesday, April 14th, 2010

One of the most challenging, yet critical skills needed by business leaders today is the ability to predict/forecast with confidence and accuracy.  Whether it is revenue, expenses, resource deployment, profitability or risk, today’s volatile market environment makes this goal more important—and much more elusive—than ever.  How do business leaders leverage the various tools and techniques available to them for the best possible predicted outcome?   I would argue that project management is one of those game changers.  

Project management is an essential element of any short or long-term project, initiative or engagement.  It is not a “nice to have”.   It is a “must have” in today’s business climate. This complex discipline combines essential elements of engineering, technology, quality, manufacturing, financial management and customer service to provide real-time information for business leaders about milestone status, budgetary performance, resource deployment and customer satisfaction.

Certified Project Management Professionals (PMPs) are educated and skilled to very high standards of technical training, as well as in the practical application of that training. These specialists are experts in resource planning, forecasting, costing and documentation plus ensure that key project milestones are delivered on time and on budget. 

The benefits of project management can easily be seen when examining a real-world client scenario. Consonus provided project management services to a large Department of Defense contractor. The client was looking for a cost-effective way to bridge the gap between corporate IT policies and practices regarding compliant procedures that guide the day-to-day operations of the IT service department.  This time consuming process required comparing hundreds of corporate policy statements to existing department procedures to identify disparities.  Over 25 existing procedure documents were updated and several new documents were created to ensure compliance. Each document required several iterations of analysis, remediation, review and approval by multiple people and client groups. Thanks to skilled project management, the client now has a comprehensive, all-encompassing compliance strategy that enables the IT department to effectively address regulations in a timely, efficient manner, according to corporate policy. “I can’t imagine having spent the money better. The quality and caliber of the people sent here was excellent,” said the client’s CIO.

On average, project management expenses as a percent of total project costs generally run in the 15%-25% range.  A small price to pay when compared to the costs of overloading in-house resources, extended deadlines, missed project milestones, project overruns and customer dissatisfaction.                

John Roger