Operating Standards and Practices for LANs Leo Wrobel

Size: px
Start display at page:

Download "5-04-45 Operating Standards and Practices for LANs Leo Wrobel"

Transcription

1 Operating Standards and Practices for LANs Leo Wrobel Payoff Operating standards for LANs offer certain advantages for keeping expenses for procurement, maintenance, and support under control At the same time, any standards must enhance, not stifle, the productivity of users of local area networks. This article reviews the basics to include in a LAN standards document. Problems Addressed The following scenario is common in many organizations: There are 200 local area networks (LANs) located across the country, in everything from small sales offices with a handful of people to regional distribution centers. The company does not know if these outlying locations handle mission-critical data or not. The company does not know with certainty who is running these LANs, because it ranges from office managers and clerical employees right up to seasoned IS professionals. A site that once had 10 salespeople now has 9 salespeople and a LAN administrator. The company does not know how these sites are buying equipment, yet it is reasonably sure that they are paying too much, because they are not buying in bulk or enjoying any economies of scale in equipment purchases. Locations are beginning to lean on IS for help desk support because there is no way they can keep up with the rapid proliferation of hardware, platforms, software, and special equipment being installed in the field. The telecommunications department is worried about connecting all of these locations together. Although some attempts at standardization of these locations may be made, invariably, LAN managers in the field consider standards to be an attempt by the IS department to regain control of the LAN administrators' environment. Because LAN managers seldom have had any input into what these standards would be, they were soundly rejected. Today, there are literally thousands of companies fighting this same battle. This article gives some solutions to these problems. First, however, it is important to understand why standards are required and how IS can implement standards without stifling productivity or adversely affecting the organization. Why LANs Require Standards Exhibit 1 compares two distinctly different operating environments: mainframes and LANs. To illustrate a point, Exhibit 1 uses the same adjectives that LAN and mainframe people use to describe each other. Operational and Maintenance Characteristics

2 Operational Characteristics < > MAINFRAME LAN "Stodgy" "Seat-of-Pants Approach" "Stoic" "Close to Business" "Regimented" "Happy, Productive Users" "Inflexible" "Stifles Productively" Maintenance Characteristics < > MAINFRAME LAN "Highly Advanced Support Systems" "Evolving Support Systems" "High-Level Help Desk Support" "Difficult Help Desk Support" "Reliable and Well-Proven" "High User Involvement in Routine Problems" "High Support-to-Device-Ratio" "Low Support-to-Device Ratio" "High Maintenance" In an ideal environment, the LAN administrator can select exactly the type of equipment best tailored to do the job. LAN managers are historically close to the core business. For example, if the company is involved in trading stock, the LAN operations department can go out and buy equipment tailored exactly to trading stock. If the organization is engaged in engineering, the LAN administrator can buy equipment exactly tailored to engineering. From the standpoint of operational characteristics, LANs are far more desirable than mainframes because they are closer to the business, they empower people, and they make people enormously productive by being close to the core business. This is not the whole story, however. It is equally important to support LANs once they are in place. This is where the trade-offs come in. Lessons From Mainframe Experience Because mainframes have been around so long, there is a high degree of support available. When users in the mainframe environment call the help desk with a hardware or a software problem, the help desk knows what they are talking about. Help desk staff are well trained in the hardware and the software packages and can quickly solve the users' problems. As another example, in an IBM 3070 terminal environment, 100 terminals or more could be supported by a single technician. When those terminals became PCs, the ratio perhaps dropped to 50 PCs per technician. When those PCs became high-end workstations, the ratio dropped even further. The value of a mainframe level of technical support cannot be underestimated. Mainframe professionals had 20 years to write effective operating and security standards. These standards cover a number of preventive safeguards that should be taken in the operational environment to assure smooth operation. These range from: How often to change passwords. How often to make backups. What equipment should be locked up. Who is responsible for change control.

3 Defining the standards for interconnecting between environments. In the mainframe world it was also easy to make very large bulk purchases. Because the mainframe has been around for so long, many advanced network management systems exist that provide a high degree of support and fault isolation. Balancing Productivity and Support Requirements for LANs To the LAN administrator, the perfect environment, productivity-wise, is one which any LAN administrator anywhere in a large company can go out and buy anything at any time flexibility to buy equipment that is exactly tailored to the core business and that has the maximum effect in the way of enhancing productivity is highly desired in LAN environments. However, if someone calls the help desk, the help desk staff will not really be sure what they have out there, let alone how to troubleshoot it. In many ways, if the users buy an oddball piece of equipment, no matter how productive it makes them, they are on their own as far as supporting that equipment. LANs have a characteristically high ratio of technologists required to support the environment. Today, sophisticated boxes sit on the desktop that demand a much higher level of maintenance. Because people are such a valuable commodity and so difficult to justify because of downsizing or rightsizing, LAN administration is usually relegated to a firefighting mode, without a lot of emphasis on long-range planning. Because LAN platforms are relatively new, in comparison to mainframes, there has not been as much time to develop operating and security standards. This is especially irritating to auditors when mission-critical applications move from the traditional mainframe environment onto LANs and the protective safeguards around them do not follow. Something as simple as transporting a tape backup copy of a file between LAN departments can be extremely complicated without standards. What if everyone buys a different type of tape backup unit? Without standards on what type of equipment to use, bulk purchases of equipment become difficult or impossible. Even though major improvements have been made in network management systems over the past five years, the management systems associated with LANs often lag behind those associated with mainframe computers. Again, this causes the company to pay penalties in the area of maintenance and ease of use. One answer, of course, is to force users into rigid standards. While this pays a handsome dividend in the area of support, it stifles the users' productivity. They need equipment well suited to their core business purpose. An alternative is to let users install whatever they want. This may increase productivity greatly, though it is doubtful that a company could ever hire and support enough people to maintain this type of configuration. Worse, mission-critical applications could be damaged or lost altogether is users are not expected to take reasonable and prudent safeguards for their protection. It is the responsibility of both users and technologists to find the middle ground between the regimented mainframe environment and the seat-of-the-pants LAN environment. Through careful preplanning, it is possible to configure a set of standards that offers the advantage of greater productivity that is afforded by LANs, but also the advantages learned through 20 years of mainframe operations in the areas of support, bulk purchases, and network management. The remainder of this article concentrates on exactly what constitutes reasonable operating and security procedures for both LANs and telecommunications.

4 Standards Committees One method is through the formation of a communications and LAN operating and security standards committee. An ideal size for a standards committee would be 10 to 12 people, with representatives from sales, marketing, engineering, support, technical services, including LANs, IS and telecommunications, and other departments. It is important to broaden this committee to include not only technologists, but also people engaged in the core business, since enhancement of productivity would be a key concern. The actual standards document that this committee produces must deal with issues for both the operation and protection of a company's automated platforms (the Appendix provides a working table of contents from which to begin to write a document). Subjects include: Basic physical standards, including access to equipment rooms, where Private Branch exchange equipment is kept, what type of fire protection should be employed, standards for new construction, standards for housekeeping, and standards for electrical power. Software security, change control, which people are authorized to make changes, and how these changes are documented. The security of information, such as identifying who is allowed to dial into a system, determining how to dispose of confidential materials, determining which telephone conversations should be considered private, and the company's policy on telecommunications privacy. Weighing options with regard to technical support of equipment. Resolving issues regarding interconnection standards for the telecommunications network. Disaster backup and recovery for both LANs and telecommunications, including defining what users must do to ensure protection of mission-critical company applications. Defining Mission Critical" Before all of this, however, the committee is expected to define and understand what a mission-critical application is. Because standards are designed to cover both operational and security issues, the business processes themselves must be defined, in order to avoid imposing a heavy burden with regard to security on users who are not engaged in missioncritical applications, or by not imposing a high enough level of security on users who are. Standards for equipment that is not mission critical are relatively easy. Basically, a statement such as, The company bought it, the shareholders paid for it, the company will protect it, will suffice. In practice, this means securing the area in which the equipment resides from unauthorized access by outside persons when there is danger of tampering or theft. It also includes avoiding needless exposures to factors which could damage the equipment, such as water and combustibles, and controlling food items around the equipment, such as soft drinks and coffee. The most one would expect from a user

5 engaged in non-mission-critical applications would be something that protects the equipment itself, such as a maintenance contract. Mission-critical equipment, however, has a value to the company that far exceeds the value of the equipment itself, because of the type of functions it supports. Determination of what constitutes a mission-critical system should be made at a senior management level. It cannot be automatically assumed that technical services will be privy to the organization's financial data. LAN and telecommunication equipment that supports an in-bound call center for companies such as the Home Shopping Club, would definitely be mission-critical equipment, because disruption of the equipment, for whatever cause, would cause a financial hit to the company that far exceeds the value of the equipment. Therefore, mission-critical equipment should be defined as equipment that, if lost, would result in significant loss to the organization, measured in terms of lost sales, lost market share, lost customer confidence, or lost employee productivity. Monetary cost is not the only measurement with regard to mission-critical. If an organization supports a poison-control line, for example, and loss of equipment means a mother cannot get through when a child is in danger, it has other implications. Because financial cost is a meaningful criteria to probably 90% of the companies, it is the measurement used for purposes of this discussion. There is not necessarily a correlation between physical size and mission criticality. It is easy to look at a LAN of 100 people and say that it is more mission-critical than another LAN that has only 4 people. However, the LAN with 100 people on it may provide purely an administrative function. The LAN with four people on it may have an important financial function. Writing the Operating and Security Standards Document In the following approach, it is recommended that two distinct sets of standards are created for mission-critical versus non-mission-critical equipment. Network Software Security and Change Control Management One item that should be considered in this section is, Who is authorized to make major changes to LAN or telecommunications equipment? There is a good reason to consider this question. If everyone is making major changes to a system haphazardly, a company is inviting disaster, because there is little communication concerning who changed what and whether these changes are compatible with changes made by another person. Standards should therefore include a list of persons authorized to make major changes to a mission-critical technical system. It should also have procedures for changing passwords on a regular basis, both for the maintenance and operation functions of LANs and telecommunications. Procedures should be defined that mandate a backup before major changes in order to have something to fall back on in case something goes wrong. Procedures should be established to include Direct Inward System Access (direct inward system access). Unauthorized use of Direct Inward System Access lines is a major cause of telecommunication fraud or theft of long-distance services. Automated attendants, for example, should also be secured and telephone credit cards properly managed. As a minimum, establish a procedure that cancels remote access and telephone credit to employees who leave the company, especially under adverse conditions.

6 Physical and Environmental Security There should be a set of basic, physical standards for all installations, regardless of their mission-critical status. These might include use of a UPS (uninterruptible power supply) on any LAN server. A UPS not only guards against loss of productivity when the lights flicker, but also cleans up the power somewhat and protects the equipment itself. There should be standards for physically protecting the equipment, because LAN equipment is frequently stolen and because there is a black market for Private Branch exchange cards as well. There should be general housekeeping standards as far as prohibitions against eating and drinking in equipment areas and properly disposing of confidential materials through shredding or other means. No- smoking policies should be included. Standards for storing combustibles or flammables in the vicinity of equipment should also be written. Physical standards for mission-critical applications are more intensive. These might include sign-in logs for visitors requiring access to equipment rooms. They may require additional physical protection, such as sprinkler systems or fire extinguishers. They may require general improvements to the building, such as building fire-resistant walls. They should also include protection against water, since this is a frequent cause of disruption, either from drains, building plumbing, sprinklers, or other sources. Technical Support The standards committee ideally should provide a forum for users to display new technologies and subject them to a technical evaluation. For example, a LAN manager or end user may find a new, innovative use of technology that promises to greatly enhance productivity in their department. They can present this new technology to the standards committee for both productivity and technical evaluations. The technologist on the committee can then advise the user of the feasibility of this technology; whether it will create an undue maintenance burden, for example, or whether it is difficult to support. If it is found that this equipment does indeed increase productivity and that it does not create an undue maintenance burden, it could be accepted by the committee and added to a list of supported services and vendors that is underwritten by the committee. Other issues include what level of support users are required to provide for themselves, what the support level of the help desk should be, and more global issues, such as interconnection standards for a corporate backbone network and policies on virus protection. Conclusion The LAN operating and securities standards document is designed to be an organization's system of government with regard to the conduct and operation of technical platforms supporting the business. A properly written standards document includes input from departments throughout the organization, both the enhance productivity and to keep expenses for procurement, maintenance, and support under control. Standards also ensure that appropriate preventive safeguards are undertaken, especially for mission- critical equipment, to avoid undue loss of productivity, profitability, or equity to the company in the event something goes wrong. In other words, they are designed to prevent disruptions. Use of a LAN operating and security standards committee is advised to ensure that critical issues are decided by a group of people with wide exposure within the company and to increase ownership of the final document across departmental boundaries and throughout the organization. If properly defined, the standards document will

7 accommodate the advantages of the mainframe environment and needs of LAN administrators by finding the middle ground between these operating environments. By writing and adopting effective standards, an organization can enjoy the productivity afforded by modern LAN environments while at the same time enjoying a high level of support afforded through more traditional environments. The appendix lists examples of typical standards for these types of installations. Readers are recommended to use them as a baseline in developing standards and begin building a standards committee now. Author Biographies Leo Wrobel Leo Wrobel is president of Premier Network Services Inc. in Dallas.

5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel

5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel 5-04-25 Adding Communications Network Support to Existing Disaster Recovery Plans Leo A. Wrobel Payoff This article reviews the processes that must be documented in a recovery plan for a company's mission-critical

More information

HIPAA Security Alert

HIPAA Security Alert Shipman & Goodwin LLP HIPAA Security Alert July 2008 EXECUTIVE GUIDANCE HIPAA SECURITY COMPLIANCE How would your organization s senior management respond to CMS or OIG inquiries about health information

More information

Guidelines for Distributed Computing Administration and Security

Guidelines for Distributed Computing Administration and Security Guidelines for Distributed Computing Administration and Security As the University enters into the era of networked microcomputers and a distributed computing environment, many of the critical tasks originally

More information

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST

IT Checklist. for Small Business INFORMATION TECHNOLOGY & MANAGEMENT INTRODUCTION CHECKLIST INFORMATION TECHNOLOGY & MANAGEMENT IT Checklist INTRODUCTION A small business is unlikely to have a dedicated IT Department or Help Desk. But all the tasks that a large organization requires of its IT

More information

Why cloud backup? Top 10 reasons

Why cloud backup? Top 10 reasons Why cloud backup? Top 10 reasons HP Autonomy solutions Table of contents 3 Achieve disaster recovery with secure offsite cloud backup 4 Free yourself from manual and complex tape backup tasks 4 Get predictable

More information

MAXIMUM PROTECTION, MINIMUM DOWNTIME

MAXIMUM PROTECTION, MINIMUM DOWNTIME MANAGED SERVICES MAXIMUM PROTECTION, MINIMUM DOWNTIME Get peace of mind with proactive IT support Designed to protect your business, save you money and give you peace of mind, Talon Managed Services is

More information

Making the leap to the cloud: IS my data private and secure?

Making the leap to the cloud: IS my data private and secure? Making the leap to the cloud: IS my data private and secure? tax & accounting MAKING THE LEAP TO THE CLOUD: IS MY DATA PRIVATE AND SECURE? Cloud computing: What s in it for me? The more you know about

More information

Enterprise Data Protection

Enterprise Data Protection PGP White Paper June 2007 Enterprise Data Protection Version 1.0 PGP White Paper Enterprise Data Protection 2 Table of Contents EXECUTIVE SUMMARY...3 PROTECTING DATA EVERYWHERE IT GOES...4 THE EVOLUTION

More information

WHY CLOUD BACKUP: TOP 10 REASONS

WHY CLOUD BACKUP: TOP 10 REASONS WHITE PAPER DATA PROTECTION WHY CLOUD BACKUP: TOP 10 REASONS Contents REASON #1: Achieve disaster recovery with secure offsite cloud backup REASON #2: Freedom from manual and complex tape backup tasks

More information

Customer Guide Helpdesk & Product Support. [Customer Name] www.four.co.uk Page 1 of 13

Customer Guide Helpdesk & Product Support. [Customer Name] www.four.co.uk Page 1 of 13 Customer Guide Helpdesk & Product Support [Customer Name] www.four.co.uk Page 1 of 13 Table of Contents HELP DESK AND PRODUCT SUPPORT SUMMARY... 3 1 FOUR HELP DESK STRUCTURE AND CALL ESCALATION... 6 2

More information

CPI Customer Success Story Sawyer Savings Bank

CPI Customer Success Story Sawyer Savings Bank CPI Customer Success Story Sawyer Savings Bank Technology Management for Optimal Performance, Security & Cost Savings Leveraging CPI s expertise in capturing true IT value, mitigating risks and reducing

More information

Information Resources Security Guidelines

Information Resources Security Guidelines Information Resources Security Guidelines 1. General These guidelines, under the authority of South Texas College Policy #4712- Information Resources Security, set forth the framework for a comprehensive

More information

HIPAA Security COMPLIANCE Checklist For Employers

HIPAA Security COMPLIANCE Checklist For Employers Compliance HIPAA Security COMPLIANCE Checklist For Employers All of the following steps must be completed by April 20, 2006 (April 14, 2005 for Large Health Plans) Broadly speaking, there are three major

More information

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service

Healthcare IT Compliance Service. Services > Overview MaaS360 Healthcare IT Compliance Service Services > Overview MaaS360 Ensure Technical Safeguards for EPHI are Working Monitor firewalls, anti-virus packages, data encryption solutions, VPN clients and other security applications to ensure that

More information

COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN

COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN COMPONENTS OF A SUCCESSFUL LAN DISASTER RECOVERY PLAN By Leo A. Wrobel Technologists often exhibit an unexpected response when asked by management to produce a disaster recovery plan for an automated system.

More information

How To Get Ready For Business

How To Get Ready For Business A Ready Business rises above infrastructure limitations Vodacom Power to you Vodacom Business Nigeria Managed Hosted Services Get Ready to free up your business. To succeed in today s world of dramatic

More information

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15.

NCS 330. Information Assurance Policies, Ethics and Disaster Recovery. NYC University Polices and Standards 4/15/15. NCS 330 Information Assurance Policies, Ethics and Disaster Recovery NYC University Polices and Standards 4/15/15 Jess Yanarella Table of Contents: Introduction: Part One: Risk Analysis Threats Vulnerabilities

More information

DETAIL AUDIT PROGRAM Information Systems General Controls Review

DETAIL AUDIT PROGRAM Information Systems General Controls Review Contributed 4/23/99 by Steve_Parker/TBE/Teledyne@teledyne.com DETAIL AUDIT PROGRAM Information Systems General Controls Review 1.0 Introduction The objectives of this audit are to review policies, procedures,

More information

IT - General Controls Questionnaire

IT - General Controls Questionnaire IT - General Controls Questionnaire Internal Control Questionnaire Question Yes No N/A Remarks G1. ACCESS CONTROLS Access controls are comprised of those policies and procedures that are designed to allow

More information

Stable and Secure Network Infrastructure Benchmarks

Stable and Secure Network Infrastructure Benchmarks Last updated: March 4, 2014 Stable and Secure Network Infrastructure Benchmarks 501 Commons has developed a list of key benchmarks for maintaining a stable and secure IT Infrastructure for conducting day-to-day

More information

IT Service Management

IT Service Management IT Service Management Service Continuity Methods (Disaster Recovery Planning) White Paper Prepared by: Rick Leopoldi May 25, 2002 Copyright 2001. All rights reserved. Duplication of this document or extraction

More information

Patch Management. Rich Bowen

Patch Management. Rich Bowen Patch Management Rich Bowen April 9, 2004 Contents 1 Executive Summary 2 2 Risks 2 2.1 The patch fixes a problem...................................... 2 2.1.1 Do you have that problem?.................................

More information

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1

White Paper. 1 800 FASTFILE / www.ironmountain.ca Page 1 White Paper LIVEVAULT Top 10 Reasons for Using Online Server Backup and Recovery Introduction Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary

White Paper AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS. Executive Summary AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING AND SOLUTIONS FOR IT AND TELECOM DECISION MAKERS Executive Summary Today s businesses rely heavily on voice communication systems and data networks to such

More information

What are the benefits of Cloud Computing for Small Business?

What are the benefits of Cloud Computing for Small Business? Cloud Computing A Small Business Guide. Whilst more and more small businesses are adopting Cloud Computing services, it is fair to say that most small businesses are still unsure of what Cloud Computing

More information

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them

The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them The 9 Ugliest Mistakes Made with Data Backup and How to Avoid Them If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

The Commonwealth of Massachusetts

The Commonwealth of Massachusetts A. JOSEPH DeNUCCI AUDITOR The Commonwealth of Massachusetts AUDITOR OF THE COMMONWEALTH ONE ASHBURTON PLACE, ROOM 1819 BOSTON, MASSACHUSETTS 02108 TEL. (617) 727-6200 No. 2008-1308-4T OFFICE OF THE STATE

More information

The Essential Guide for Protecting Your Legal Practice From IT Downtime

The Essential Guide for Protecting Your Legal Practice From IT Downtime The Essential Guide for Protecting Your Legal Practice From IT Downtime www.axcient.com Introduction: Technology in the Legal Practice In the professional services industry, the key deliverable of a project

More information

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery

Top 10 Reasons for Using Disk-based Online Server Backup and Recovery ADVISORY Top 10 Reasons for Using Disk-based Online Server Backup and Recovery INTRODUCTION Backup of vital company information is critical to a company s survival, no matter what size the company. Recent

More information

Neverfail Solutions for VMware: Continuous Availability for Mission-Critical Applications throughout the Virtual Lifecycle

Neverfail Solutions for VMware: Continuous Availability for Mission-Critical Applications throughout the Virtual Lifecycle Neverfail Solutions for VMware: Continuous Availability for Mission-Critical Applications throughout the Virtual Lifecycle Table of Contents Virtualization 3 Benefits of Virtualization 3 Continuous Availability

More information

16 Common Backup Problems & Mistakes

16 Common Backup Problems & Mistakes 16 Common Backup Problems & Mistakes 1. Tape errors, Tape Drive failures. Probably the number one backup problem is simply caused by the unreliability of tape. Tape drives have a higher failure rate than

More information

Getting a Secure Intranet

Getting a Secure Intranet 61-04-69 Getting a Secure Intranet Stewart S. Miller The Internet and World Wide Web are storehouses of information for many new and legitimate purposes. Unfortunately, they also appeal to people who like

More information

Moving Network Management from OnSite to SaaS. Key Challenges and How NMSaaS Helps Solve Them

Moving Network Management from OnSite to SaaS. Key Challenges and How NMSaaS Helps Solve Them Moving Network Management from OnSite to SaaS Key Challenges and How NMSaaS Helps Solve Them Executive Summary In areas such as sales force automation and customer relationship management, cloud-based

More information

Defining the Data Center Market. Data Center Market Size. and. Applied Computer Research, Inc. Prepared by: Applied Computer Research, Inc.

Defining the Data Center Market. Data Center Market Size. and. Applied Computer Research, Inc. Prepared by: Applied Computer Research, Inc. Defining the Data Center Market and Data Center Market Size Prepared by: Applied Computer Research, Inc. 1-800-234-2227 www.itmarketintelligence.com Copyright 2010, all rights reserved. Defining the Data

More information

'Namgis Information Technology Policies

'Namgis Information Technology Policies 'Namgis Information Technology Policies Summary August 8th 2011 Government Security Policies CONFIDENTIAL Page 2 of 17 Contents... 5 Architecture Policy... 5 Backup Policy... 6 Data Policy... 7 Data Classification

More information

DPS HOSTED SOLUTIONS

DPS HOSTED SOLUTIONS DPS HOSTED SOLUTIONS DPS SOFTWARE 288 SOUTHBURY ROAD ENFIELD MIDDLESEX EN1 1TR DATE: OCTOBER 2009 DPS Software 2009 1 INDEX DPS HOSTED SOLUTIONS 1 INTRODUCTION 3 DPS HOSTING OVERVIEW 4 WHAT HAPPENS IF

More information

Private Cloud. One solution managed by Applied

Private Cloud. One solution managed by Applied Private Cloud : : C L O U D S E R V I C E S : : One solution managed by Applied THE CLOUD IS NO LONGER AN IT CONSIDERATION ALONE IT IS FUNDAMENTALLY CHANGING THE WAY EXECUTIVES ACROSS DEPARTMENTS VIEW

More information

Preparing for a Computer System. In a Wholesale Fruit and Vegetable Company

Preparing for a Computer System. In a Wholesale Fruit and Vegetable Company Preparing for a Computer System In a Wholesale Fruit and Vegetable Company by Bruce E. Lederer Market Research and Development Division Agricultural Marketing Service U.S. Department of Agriculture A computer

More information

HIPAA Security. assistance with implementation of the. security standards. This series aims to

HIPAA Security. assistance with implementation of the. security standards. This series aims to HIPAA Security SERIES Security Topics 1. Security 101 for Covered Entities 2. Security Standards - Administrative Safeguards 3. Security Standards - Physical Safeguards 4. Security Standards - Technical

More information

Resource Ordering and Status System. User Business Resumption Plan

Resource Ordering and Status System. User Business Resumption Plan Resource Ordering and Status System User Business Resumption Plan I. INTRODUCTION This document is the disaster preparedness and recovery plan for users of the Resource Ordering and Statusing System (ROSS).

More information

Enterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask

Enterprise Single Sign-On SOS. The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On SOS The Critical Questions Every Company Needs to Ask Enterprise Single Sign-On: The Critical Questions Every Company Needs to Ask 1 Table of Contents Introduction 2 Application

More information

How to save money with Document Control software

How to save money with Document Control software How to save money with Document Control software A guide for getting the most out of your investment in a document control software package and some tips on what to look out for By Christopher Stainow

More information

Hosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document

Hosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document Hosted Desktop Model vs. SBC, VDI and Traditional Desktop Position Document Author: Richard South Document #: 1033 Date: 11/07/2008 Last Revision: 20/08/2008 Hosted Desktop Infrastructure is an innovative

More information

Estate Agents Authority

Estate Agents Authority INFORMATION SECURITY AND PRIVACY PROTECTION POLICY AND GUIDELINES FOR ESTATE AGENTS Estate Agents Authority The contents of this document remain the property of, and may not be reproduced in whole or in

More information

82-01-90 The Effects of Outsourcing on Information Security Marie Alner Payoff

82-01-90 The Effects of Outsourcing on Information Security Marie Alner Payoff 82-01-90 The Effects of Outsourcing on Information Security Marie Alner Payoff Outsourcing is the process of contracting a third-party information systems vendor to perform all or part of a company's information

More information

Business Virtualization

Business Virtualization Business Virtualization Why should I consider server virtualization? Save money. Often servers are dedicated to just one or two applications. As a result servers in many organizations are only using 15

More information

Supplier Security Assessment Questionnaire

Supplier Security Assessment Questionnaire HALKYN CONSULTING LTD Supplier Security Assessment Questionnaire Security Self-Assessment and Reporting This questionnaire is provided to assist organisations in conducting supplier security assessments.

More information

83-10-31 User Authentication: A Secure Networking Environment Ellen Bonsall Payoff

83-10-31 User Authentication: A Secure Networking Environment Ellen Bonsall Payoff 83-10-31 User Authentication: A Secure Networking Environment Ellen Bonsall Payoff After identifying network security requirements, defining the security process, setting policies and procedures, and defining

More information

Top 5 Cloud Computing Questions Answered!

Top 5 Cloud Computing Questions Answered! Top 5 Cloud Computing Questions Answered! Regardless of your vertical sector or business size, cloud computing is big news for you and your company. However, it s easy to be overwhelmed with the sheer

More information

DISASTER RECOVERY PLANNING GUIDE

DISASTER RECOVERY PLANNING GUIDE DISASTER RECOVERY PLANNING GUIDE AN INTRODUCTION TO BUSINESS CONTINUITY PLANNING FOR JD EDWARDS SOFTWARE CUSTOMERS www.wts.com WTS Disaster Recovery Planning Guide Page 1 Introduction This guide will provide

More information

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM.

TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS OVERVIEW CORPORATE CONTINUITY PROGRAM. TUFTS HEALTH PLAN CORPORATE CONTINUITY STRATEGY FREQUENTLY ASKED QUESTIONS July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a high-level overview of the

More information

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire

OFFICE OF THE STATE AUDITOR General Controls Review Questionnaire OFFICE OF THE STATE AUDITOR Agency: * University Please answer all of the following questions. Where we ask for copies of policies and procedures and other documentation, we would prefer this in electronic

More information

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution

Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid backup solution PARTNER BRIEF: IS ONLINE BACKUP RIGHT FOR YOUR BUSINESS?........................................ Is online backup right for your business? Eight reasons to consider protecting your data with a hybrid Who

More information

Managing business risk

Managing business risk Managing business risk What senior managers need to know about business continuity bell.ca/businesscontinuity Information and Communications Technology (ICT) has become more vital than ever to the success

More information

Backup and Redundancy

Backup and Redundancy Backup and Redundancy White Paper NEC s UC for Business Backup and Redundancy allow businesses to operate with confidence, providing security for themselves and their customers. When a server goes down

More information

How VDI Reduces the Risks of BYOD

How VDI Reduces the Risks of BYOD How VDI Reduces the Risks of BYOD Technology leaders face a new challenge with consumerization of IT, as everyone from desktop workers to executives brings personal mobile devices into the workplace, expecting

More information

The 10 Disaster Planning Essentials For A Small Business Network

The 10 Disaster Planning Essentials For A Small Business Network The 10 Disaster Planning Essentials For A Small Business Network If your data is important to your business and you cannot afford to have your operations halted for days even weeks due to data loss or

More information

THE GOOD, THE BAD, & THE UGLY

THE GOOD, THE BAD, & THE UGLY I.T. SERVICE AGREEMENTS THE GOOD, THE BAD, & THE UGLY SUMMARY: IT service agreements aren t always what they re cracked up to be. An agreement between two parties should be just that an agreement, not

More information

How To Manage A Disaster Recovery Plan

How To Manage A Disaster Recovery Plan 5-04-26 Testing Disaster Recovery Plans Leo A. Wrobel Payoff The true test of a disaster recovery plan is whether it can uncover failure points. Companies should consistently tighten testing criteria and

More information

The 7 Disaster Planning Essentials

The 7 Disaster Planning Essentials The 7 Disaster Planning Essentials For Any Small Business Little-Known Facts, Mistakes And Blunders About Data Backup And IT Disaster Recovery Every Business Owner Must Know To Avoid Losing Everything

More information

Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport

Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport Audit of Security Controls for DHS Information Technology Systems at San Francisco International Airport May 7, 2015 DHS OIG HIGHLIGHTS Audit of Security Controls for DHS Information Technology Systems

More information

The Power Of Managed Services. Features

The Power Of Managed Services. Features b u s i n e s s C a r e m a n a g e d S e r v i c e s Lower costs, increased profitability, new market expansions and happier customers. These are just a few of the most important priorities for business

More information

ZCorum s Ask a Broadband Expert Series:

ZCorum s Ask a Broadband Expert Series: s Ask a Broadband Expert Series: Is Privacy a Cloud Illusion? By Rick Stiles, VP of Product Development StoAmigo.800.909.944 450 North Point Parkway, Suite 25 Alpharetta, GA 30022 ZCorum.com TruVizion.com

More information

The Perfect Host How Hosted Services can save you time and money

The Perfect Host How Hosted Services can save you time and money The Perfect Host How can save you time and money An Introduction to Information Technology has become increasingly important within the legal market and firms and chambers are under increasing pressure

More information

Tufts Health Plan Corporate Continuity Strategy

Tufts Health Plan Corporate Continuity Strategy Tufts Health Plan Corporate Continuity Strategy July 2015 OVERVIEW The intent of this document is to provide external customers and auditors with a highlevel overview of the Tufts Health Plan Corporate

More information

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL for INFORMATION RESOURCES Updated: June 2007 Information Resources Security Manual 1. Purpose of Security Manual 2. Audience 3. Acceptable

More information

Why Managed Hosted Hosted Solutions in the Cloud Are Critical to Their Survival

Why Managed Hosted Hosted Solutions in the Cloud Are Critical to Their Survival Success on the fly Tap into real business efficiency with none of the infrastructure hassle D35252 Managed Hosted_v2b.indd 1 It s great to know that I can focus on broadening my business horizons not managing

More information

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide

Cyber Security: Guidelines for Backing Up Information. A Non-Technical Guide Cyber Security: Guidelines for Backing Up Information A Non-Technical Guide Essential for Executives, Business Managers Administrative & Operations Managers This appendix is a supplement to the Cyber Security:

More information

Your complete guide to Cloud Computing

Your complete guide to Cloud Computing Your complete guide to Cloud Computing 1 Doc V1.0 Dec 2013 Table of Contents Hosted Desk- 3 The Cloud and Cloud Computing... 4 The benefits of Cloud Solutions 6 The Cloud is Growing - Rapidly 7 Resolving

More information

The Second National HIPAA Summit

The Second National HIPAA Summit HIPAA Security Regulations: Documentation and Procedures The Second National HIPAA Summit Healthcare Computing Strategies, Inc. John Parmigiani Practice Director, Compliance Programs Tom Walsh, CISSP Practice

More information

Employing Best Practices for Mainframe Tape Encryption

Employing Best Practices for Mainframe Tape Encryption WHITE PAPER: DATA ENCRYPTION BEST PRACTICES FOR MAINFRAME TAPE Employing Best Practices for Mainframe Tape Encryption JUNE 2008 Stefan Kochishan CA MAINFRAME PRODUCT MARKETING John Hill CA MAINFRAME PRODUCT

More information

Cloud computing is a way of delivering IT services to users without the need to buy, install or manage any infrastructure.

Cloud computing is a way of delivering IT services to users without the need to buy, install or manage any infrastructure. hosted services dynamic Increased flexibility and cost saving The benefits employees can access information wherever they are, rather than having to remain at their desks. Reduced costs our hosted services

More information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information

FINAL May 2005. Guideline on Security Systems for Safeguarding Customer Information FINAL May 2005 Guideline on Security Systems for Safeguarding Customer Information Table of Contents 1 Introduction 1 1.1 Purpose of Guideline 1 2 Definitions 2 3 Internal Controls and Procedures 2 3.1

More information

Successful EHR Change Management

Successful EHR Change Management Successful EHR Change Management Roles and responsibilities White paper Table of contents Executive summary... 2 Introduction... 3 Never underestimate the power of the people... 3 People... 4 From resisting

More information

Call us today 1300 724 599. Managed IT Services. Proactive, flexible and affordable

Call us today 1300 724 599. Managed IT Services. Proactive, flexible and affordable Call us today 1300 724 599 Managed IT Services Proactive, flexible and affordable We believe technology is at its best when it s invisible. When you can focus on the task you are achieving, not the technology

More information

Chief Information Officer

Chief Information Officer Chief Information Officer The CIO leads the Information Technology Department maintaining the function of SETMA s electronic health record. The CIO is responsible for: 1. Maintaining the functions of SETMA

More information

Internet Content Provider Safeguards Customer Networks and Services

Internet Content Provider Safeguards Customer Networks and Services Internet Content Provider Safeguards Customer Networks and Services Synacor used Cisco network infrastructure and security solutions to enhance network protection and streamline compliance. NAME Synacor

More information

Ten Warning Signs Your ERP System Is Killing Your Business

Ten Warning Signs Your ERP System Is Killing Your Business Ten Warning Signs Your ERP System Is Killing Your Business At a Glance: Today s manufacturing enterprise is challenged by rising material costs, increasing competition, and ever-changing customer requirements.

More information

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery

WHITE PAPER. HIPAA-Compliant Data Backup and Disaster Recovery WHITE PAPER HIPAA-Compliant Data Backup and Disaster Recovery DOCUMENT INFORMATION HIPAA-Compliant Data Backup and Disaster Recovery PRINTED March 2011 COPYRIGHT Copyright 2011 VaultLogix, LLC. All Rights

More information

Cloud Computing in Vermont State Government

Cloud Computing in Vermont State Government Cloud Computing in Vermont State Government Analysis of Opportunities Duncan Goss, Legislative Director of Information Technology David Tucker, State CIO Introduction Legislation passed during the 2009

More information

A Guide to Information Technology Security in Trinity College Dublin

A Guide to Information Technology Security in Trinity College Dublin A Guide to Information Technology Security in Trinity College Dublin Produced by The IT Security Officer & Training and Publications 2003 Web Address: www.tcd.ie/itsecurity Email: ITSecurity@tcd.ie 1 2

More information

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee

Created By: 2009 Windows Server Security Best Practices Committee. Revised By: 2014 Windows Server Security Best Practices Committee Windows Server Security Best Practices Initial Document Created By: 2009 Windows Server Security Best Practices Committee Document Creation Date: August 21, 2009 Revision Revised By: 2014 Windows Server

More information

Information Technology General Controls Review (ITGC) Audit Program Prepared by:

Information Technology General Controls Review (ITGC) Audit Program Prepared by: Information Technology General Controls Review (ITGC) Audit Program Date Prepared: 2012 Internal Audit Work Plan Objective: IT General Controls (ITGC) address the overall operation and activities of the

More information

Reducing Total Cost of Ownership through Outsourced Hosted Virtual Desktops

Reducing Total Cost of Ownership through Outsourced Hosted Virtual Desktops Reducing Total Cost of Ownership through Outsourced Hosted Virtual Desktops July 2009 Table of Contents Introduction... 3 What are Outsourced Hosted Virtual Desktops?... 3 How Outsourced Hosted Virtual

More information

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness

Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness CISP BULLETIN Top Three POS System Vulnerabilities Identified to Promote Data Security Awareness November 21, 2006 To support compliance with the Cardholder Information Security Program (CISP), Visa USA

More information

How Cisco IT Reduced Costs Through PC Asset Management

How Cisco IT Reduced Costs Through PC Asset Management How Cisco IT Reduced Costs Through PC Asset Management Centralized network-based PC management program keeps employee desktops current and reduces costs. Cisco IT Case Study / IT Services Expense Management

More information

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii

OVERVIEW. In all, this report makes recommendations in 14 areas, such as. Page iii The Office of the Auditor General has conducted a procedural review of the State Data Center (Data Center), a part of the Arizona Strategic Enterprise Technology (ASET) Division within the Arizona Department

More information

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center

If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center If You re a Lawyer Headed to the Cloud, Read This First By Reid F. Trautz, Director, AILA Practice & Professionalism Center Not since the terms cyberspace and Y2K has there been an inexact technology term

More information

Welcome! What We Do At IntelliSystems, our goal is to get Information Technology and telecommunications management out of your way so that you can focus on your business. Historical PC Business Network

More information

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security...

WHITEPAPER. Addressing Them with Adaptive Network Security. Executive Summary... An Evolving Network Environment... 2. Adaptive Network Security... WHITEPAPER Top 4 Network Security Challenges in Healthcare Addressing Them with Adaptive Network Security Executive Summary... 1 Top 4 Network Security Challenges Addressing Security Challenges with Adaptive

More information

GETTING THE MOST FROM THE CLOUD. A White Paper presented by

GETTING THE MOST FROM THE CLOUD. A White Paper presented by GETTING THE MOST FROM THE CLOUD A White Paper presented by Why Move to the Cloud? CLOUD COMPUTING the latest evolution of IT services delivery is a scenario under which common business applications are

More information

Your guide to choosing an IT support provider

Your guide to choosing an IT support provider Your guide to choosing an IT support provider T: 08452 41 41 55 Contents Introduction 3 IT and business continuity 4 About managed services 5 Modular vs packaged support 6 Checklist of supplier questions

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

Birkenhead Sixth Form College IT Disaster Recovery Plan

Birkenhead Sixth Form College IT Disaster Recovery Plan Author: Role: Mal Blackburne College Learning Manager Page 1 of 14 Introduction...3 Objectives/Constraints...3 Assumptions...4 Incidents Requiring Action...4 Physical Safeguards...5 Types of Computer Service

More information

Glossary of Telco Terms

Glossary of Telco Terms Glossary of Telco Terms Access Generally refers to the connection between your business and the public phone network, or between your business and another dedicated location. A large portion of your business

More information

15 questions to ask before signing an electronic medical record or electronic health record agreement

15 questions to ask before signing an electronic medical record or electronic health record agreement 15 questions to ask before signing an electronic medical record or electronic health record agreement Many definitions exist for electronic medical record (EMR) and electronic health record (EHR). Although

More information

Finally, An Easy Way To Never Have To Deal with Computer Problems Again!

Finally, An Easy Way To Never Have To Deal with Computer Problems Again! Finally, An Easy Way To Never Have To Deal with Computer Problems Again! Finally, An Easy Way To Keep Your Computers Running Faster, Cleaner, And Problem Free Without The Expense Of A Full-Time IT Staff

More information

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA)

SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) UNIVERSITY OF PITTSBURGH POLICY SUBJECT: SECURITY OF ELECTRONIC MEDICAL RECORDS COMPLIANCE WITH THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) DATE: March 18, 2005 I. SCOPE This

More information

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software.

Mapping Your Path to the Cloud. A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Mapping Your Path to the Cloud A Guide to Getting your Dental Practice Set to Transition to Cloud-Based Practice Management Software. Table of Contents Why the Cloud? Mapping Your Path to the Cloud...4

More information