- November 7, 2019
- Catagory Managed IT Services
IT strategies for SMBs are essential for organizations looking to scale and up grow their bottom line, but many face the same challenges as large enterprises without the resources.
There are ways to do what the bigger players are doing so you can grow your organization and your profits, but IT strategies for SMBs must have a vision, an understanding of the cloud solutions available to them, and consider how a managed services provider can get them were they need to be within their budget.
IT strategies for SMBs start with an audit
Not all businesses are the same, so IT strategies for SMBs will vary by industry and inherent regulatory frameworks, business models and overall digital maturity. Regardless, there will be low hanging fruit that can advance the organization quickly and affordably, while other initiatives will be multi-year projects that must to be broken down into achievable milestones.
Common goals within many IT strategies for SMBs are tapping into needed talent, which could involve recruitment and retention of employees or selective outsourcing to access skills on demand, improving agility by automating tasks or handing them over to a business process services organization. Given the ramifications of data breaches, bolstering security should also be a priority and embedded within all growth activities. It also might be achieved with automation—even artificial intelligence—or turning to a managed services provider for help. Most organizations are looking at how they can improve overall productivity.
IT strategies for SMBs should identify priorities based on a comprehensive audit of your environment, whether it’s your own on-premise infrastructure or cloud deployments, including use of the public providers. You can’t have a vision of the future without knowing for sure where you are today. This assessment is also something that can be done in collaboration with a managed services provider and can clarify your current security and compliance posture.
There are solutions in the cloud
Your IT audit can help you easily identify what you can do by yourself and what elements of your strategy are better executed with the help of an experienced technology partner.
There are number of solutions available with IT strategies for SMBs in mind. You might begin by implementing organization-wide, online collaboration with Microsoft Office 365 and Teams, or alternatively, go the Google route with Gmail for business and Docs. You’ll want to think about the value of consolidating solution providers as simplicity for SMBs can keep costs under control and ease user adoption. Even if you go best-of-breed, most cloud-based SMB solutions are pay-as-go so you can budget expenditures as you grow.
No matter what solutions you adopt, remember they’re only as good as the workflows and processes you foster and the underlying infrastructure that supports them. In case of the latter, it’s one of the first things you should consider handing off.
Leverage the investments of a managed services provider
As much as any SMB requires technology to operate and is just as driven by data as its larger counterparts, they’re not in the IT business. And just as cloud-based SMB solutions are pay as you go, managed IT services providers offer similar pricing flexibility and can scale up and down in alignment with the ebbs and flows of your business.
Once you’ve done an audit to understand where you are and where you’re going, you can figure which problems are best solved by a managed services provider, even if it’s only one business process, but one of the biggest benefits is you no longer need worry about maintaining aging infrastructure with the limited IT staff and resources you have. A managed services provider has made the investments and is committed to maintaining their infrastructure to support your applications and store your data with a high level of security.
This investment isn’t limited to hardware and software. Often, an SMB can’t justify bringing on talent full-time, such as a DBA, but a managed services provider can provide people on demand as needed so you don’t have to worry about recruitment and retention but still enjoy necessary expertise when you need it.
IT strategies for SMBs are all about a better bottom line
Embracing cloud solutions and entrusting data and business processes to a managed services provider are key elements of IT strategies for SMBs, even if it’s only for a small segment of daily operations. The right combination can improve productivity and the speed of your service delivery at a lower cost, and most of all, lead to a better bottom line.
Sanjeev Spolia is CEO of Supra ITS.
- October 24, 2019
Freight transportation is fast paced with tight margins, and while technology can give companies competitive advantage, the road to a better bottom line must include business process services.
Like many industries, freight transportation is dependent on a lot of things happening behind the scenes so parcels large and small get from A to B. But essential as they are, they aren’t necessarily core business operations. In addition, keeping some processes in-house can be more expensive because it means maintaining IT and communications infrastructure that ties up people and resources and keeps them from pushing forward on more strategic initiatives.
More importantly, it can stop a freight transportation business in its tracks if this infrastructure were to fail.
Business process services keeps your wheels turning
A large organization might be able to recover from a major IT outage once or twice in a decade, but most businesses in the freight transportation would come to a permanent halt if their primary systems failed. Customers depend on them to keep freight moving because their operations can’t afford to stand still either and they will quickly seek alternative operators. In addition, managing every non-core process internally means you’re paying for people and technology even when they’re idle because you must have them in place when busy seasons hit.
However, many of the everyday business processes a freight transportation company undertakes can be handed over to a trusted partner. Order entry, billing, rating, call taking, cube entry, customer service, dispatch and pod entry, as well as interline, driver and dock payable, are all activities that are candidates for a third-party business process services provider.
A roadmap of benefits for freight transportation
Turning to a business process services provider for repeatable tasks can have immediate benefits while also positioning a freight transportation company to go the distance over the longer term.
By not doing all these processes and workflows internally you’re better controlling and reducing your operating costs because you’re no longer paying to maintain resources to keep up with the business times of year even when business is slow. A business process services provider can operate 24 hours a day, seven days week, 365 days of year. They’re also taking care of the onboarding and training costs, as well as managing any employee turnover.
As a freight transportation services company, you’re also in the position where you only pay for what is processed in alignment with your operational costs and your revenue generation, which means you can scale up and down with the ebb and flow of your business. Better still, you can more easily expand the footprint of your business because it’s easy to extend your business process services team.
Focus on the road ahead with FleetGain Business Process Services
When you’re in a tight race for competitive advantage, every inch you can add to your lead is valuable and every penny adds up. The goal of FleetGain Business Process Services is to keep pace with your business success with a team of data entry operators, analysts, supervisors, managers and IT support teams.
And just as your industry is competitive, so is ours. That’s why we’ve made sure to pull together the collective strengths of global talent, tested processes and the latest technology to deliver continuous business impact and an improved bottom line for freight transportation companies. Whether it’s to address a temporary overflow situation or a long-term partnership, aligning with FleetGain’s Business Process Services lets you offload back office, repetitive data entry and transfer functions so you can focus on the business of picking up, moving and delivering freight to grow your bottom line.
Terry Holland is Director, Logistics and Supply Chain Services for Supra ITS.
- October 3, 2019
- Catagory Business Process Services
Choosing a business process services provider is like any vendor selection scenario—there’s an element of risk management.
If you’re to get the benefits of handing over tasks to a third party, then you must put careful thought into what you need from a partner. By infusing your criteria into a detailed selection process, you can reap the rewards of handing over repetitive tasks while reducing the risk.
Having a stringent selection process in place will lead you to an experienced business processes services provider with a track record of anticipating any potential pitfalls who sees your success as their success.
What to consider when choosing a business process services provider
Even If you’re only looking to hand over a single, simple process, choosing a business process services provider requires a lot of forward thinking.
You should start by being certain that it makes sense to offload these processes—there should be a solid business case for doing so that defines the scope of the arrangement, which is essential for risk management. Choosing a business process services provider means not only considering your immediate needs but having an operating model that can scale up and down with the ebb and flow of your business.
Be prepared to do a lot of work upfront to define the business relationship and evaluate potential candidates. Choosing a business process services provider should be a comprehensive and formal exercise. Consulting all stakeholders touched by the processes you want to hand off should be part of your risk management process, as their understanding will paint a clear picture as to how these processes are threaded through your organization.
Your approach to choosing a business process services provider should lay out your key objectives, anticipate any risks, and outline exactly what you wish to hand over to a business process services provider, all of which needs to be articulated in a request for proposal (RFP) that’s shared with a short list of qualified vendors.
Risk management reduces bumps
You can’t avoid risk when partnering with another business. Engaging in a well-thought out risk management exercise when choosing a business process services provider will minimize headaches down the road.
The risks involved when outsourcing processes and workflows vary depending your industry and how your organization is structured. For bigger companies with multiple business units, handing over a single process such as data entry to a third party won’t likely expose it to a great deal of risk. For smaller organizations, however, the process under consideration may be more integral to overall operations and product and service delivery.
No matter what, the most common risks are data breaches, either through employee error or hacking, non-local employees, quality control, maintaining strategic alignment, political instability when processes are moved offshore, and changes in technology.
Because many business process services providers have operations offshore, many risks will also involve geography, political climate, and cultural climate. Your risk management strategy should focus on four key areas:
- Security: Choosing a business process service provider also means new connections between your information systems and theirs via Internet communications. This introduces security and privacy risks.
- Communication: You will get the most value cost-wise when you work with a provider with offshore operations, so be prepared for language barriers that might affect your transition of processes, feedback and customer service.
- Underestimating costs: Remember there are other costs involved beyond those related to the workflows you’re handing. Be ready to pay for upgrades costs, renegotiated contracts, as well as the time and money you need to select a provider. Layoffs, internal changes with your organization, and upgrades to software and hardware that support the processes on your side are all things that can affect the overall cost, among others.
- Becoming too dependent: Your business process services provider can quickly become integral to your workflows, which means your delivery of products and services can be affected by their internal challenges, such as staff shortages.
Just because you’re handing over business processes to a partner doesn’t mean there’s no work for you to do related to these operations. You must commit time and resources to manage the relationship.
As a managed IT services provider, proactive risk management is table stakes for Supra ITS, and we bring the same rigorous approach to our business process services practice. As a vendor of record with the Government of Ontario and thoroughly vetted for the government’s security requirements, Supra ITS has developed a comprehensive set of information security policies and procedures which meet or exceed the government’s IT standards. These standards have been audited to comply with ISO: 27001 standards.
Our business process services practice comprises a North American team with deep business knowledge, analysts, supervisors, data entry operators, managers and IT support teams, all of whom are Supra ITS employees. By have a single point of contact to steer governance, we’re able to keep lines of communication clear avoid any surprises such as unexpected costs or sudden staff shortages.
Pick a provider who can grow with you
A good business process services provider will stay away from your core business processes and help you decide which workflows make the most sense to for them to take on in alignment with your business cases. They will see you as a partner, not just a customer.
Supra ITS has expanded its business process services offerings through its FleetGain brand because we saw a desire from existing customers to offload back office processes to a partner with a team that understands its role in improving productivity and the bottom line. We see business process services as just the beginning of broader, long-term relationship with organizations looking to improve their agility as part of their digital transformation.
Terry Holland is Director, Logistics and Supply Chain Services for Supra ITS.
- September 20, 2019
Business process services is more than just about saving money. It can play a key role in establishing the IT agility that’s necessary for successful digital transformation.
By handing over repetitive tasks and workflows to a third party, including data-centric processes, business process services enable organizations and their IT teams to focus on more strategic initiatives, knowing they can scale as needed. They can easily and cost-effectively adjust based on the ebb and flow of their business without overprovisioning people and resources that could end up being idle.
Many processes are candidates
Businesses in any industry, no matter their size, can take advantage of business process services, including finance and insurance, transportation, health care, and even public sector organizations. This kind of service not only reduces costs, but also provides peace of mind that essential processes are getting done as the business focuses on its core products and service offerings as well as strategic initiatives on its digital transformation agenda.
A wide variety of workflows and business activities can be taken care of by business process services, including payroll, accounting, telemarketing, data recording, customer support and social media marketing. Some processes might be simple, while others more technical. Processes might take place in the front office, such as customer facing support, while back office processes that are often outsourced include billing or purchasing.
Business process services is a growth enabler
There are many benefits to business process services, not the least of which is reducing costs, but if you’re doing it strategically, you’re also fostering the IT agility necessary for digital transformation. Most of all you’re growing your business.
A common path to growth for many businesses is expanding their footprint at a regional, national or even global level. A business process services provider can reduce the investment and risk associated with serving multiple regions and time zones in multiple languages. A third-party is also able to scale up on demand more quickly in their business process services areas of expertise to support a company’s introduction of new products and services—they could easily add more customer support representatives, for example.
Just as your company has its core business offerings and expertise, so does a business process services provider, which means they can get quicker, more efficient and better results, as they have built up a track record of hiring specialists for specific workflows and processes. They can tap into the necessary talent and train new hires more quickly and effectively. They may also have expertise in regulatory framework and compliance obligations specific to certain industries.
As much as business process services offers more than just cost savings, it remains a chief benefit, as it lowers your internal labour costs, including the time and resources necessary for onboarding and training new employees, as well as office space. This is especially important for business processes that fluctuate in volume because of the seasonal ups and downs common in many industries.
Enable IT agility
Business process services relationships are often approached in a siloed manner in that processes and workflows are handed off on a case by case basis as means to save money.
While this approach does offer bottom line benefits, organizations should look at business process services to improve their IT agility and think bigger. As a managed IT services provider, Supra ITS isn’t content to just save customers money by taking over a workflow or two. We see our engagements as an opportunity to infuse key business activities with the technology levers that create IT agility.
As a Supra ITS company, FleetGain has expanded its offerings to deliver business process services with an initial focus on transportation companies. We provide offsite, extremely reliable and flexible data processing services, including order entry, billing, rating, POD entry and cube entry, coupled with experience using common transportation management systems, including popular transportation management systems such as TruckMate, Degama and Rose Rocket.
Transportation is just the beginning for business process services at FleetGain. We’re ready to work with a wide array of industries that want to hand of repetitive tasks so the can better focus on strategic initiatives. By looking at business process services as part of your larger digital transformation agenda, you can add significant value and direct business impact beyond the bottom line. Terry Holland is Director, Logistics and Supply Chain Services for Supra ITS.
- August 22, 2019
- Catagory Managed Cloud Services
Hybrid cloud environments are constantly evolving and today one cloud is no longer enough—diverse workloads mean you must be ready to embrace a multi-cloud model.
Whether it’s one, two or more of the public cloud such as Microsoft, Amazon, Oracle or Google, or turning to a managed IT services provider to help you leverage economies of scale, it’s likely you’re already facing the realities of multi-cloud, including the benefits and the challenges.
What is multi-cloud?
A hybrid cloud brings together an on-premise data center (a private cloud built on cloud technologies) with a public cloud, while multi-cloud brings together multiple cloud services from different providers, both public and private. In the same way organizations might have chosen a best-of-breed approach to their on-premise applications deployment, the multi-cloud paradigm allows for the selection of the best cloud provider for a given workload.
The multi-cloud model is driven in part by open source and the desire for organizations to leverage cloud technologies to best serve customers, suppliers, partners and even employees. Further accelerating the momentum of the multi-cloud is the ability to run services from providers such as Microsoft and Amazon Web Services (AWS) in a private data center thanks to Azure Stack and AWS Outposts. Add the ability to run VMware on AWS, and organizations can mix and match cloud services as much as they want to meet the specific requirements of any given workload.
The right cloud for the right workload
Like the best-of-breed approach to on-premise software applications, multi-cloud offers many benefits, including the ability to pick the right tool for the right job on a case by case basis, rather than just one provider that may excel on one capability while lacking robustness in others.
Similarly, it allows you to avoid being locked into a single cloud provider and take advantage of innovation from a variety of vendors, while also enjoying the flexibility and scalability you need as your business grows and your needs evolve. A multi-cloud strategy also gives you some measure of control, including cost governance, as public cloud strategy can sometimes cost more than a private cloud approach, depending on the workload.
More clouds, more challenges
Running a multi-cloud environment is not without its challenges, however. Not all clouds are equal and not all providers do things the same way. AWS and Microsoft Azure might offer the same service, but have different processes, so what the customer is responsible for on their side may differ depending on the provider.
Using a mix of cloud providers can add even more complexity to compliance and security too. Not only do you have to worry about your own data center being compliant with industry standards and regulatory frameworks such as privacy legislation, but you need to be certain your providers are up to snuff too by understanding all compliance requirements and creating the necessary policies.
While cloud providers may tout their security features, you still need to have the right in-house resources to manage application and workload security in a multi-cloud environment, which makes identifying and containing security threats even more complex. This includes securing connectivity across the multi-cloud environment—after all, data is the lifeblood of your business, and a multi-cloud environment means mean you need to securely and cost-effectively move data between one cloud provider and another, as well as to and from your own data center.
Get help with multi-cloud management
If you’ve already embraced the hybrid cloud, you’re in a good position to take advantage of multi-cloud. But as with all IT infrastructure demands, there’s a lot to be said for tapping the expertise of an experienced managed service provider to help you with some of the heaving lifting. They already have solid track record of managing, securing and optimizing multi-cloud environments, which enables you to focus on strategic initiatives without add more to your plate.
- July 25, 2019
- Catagory digital transformation
IT agility is a key element of successful digital transformation, and it means having the right people doing the right job. It may also mean not hiring a person, but a service provider instead.
Knowing when you should hire a full-time employee or when you should outsource an IT function requires a clear understanding of your IT strategy, what roles you have filled and what positions you’re missing. Most importantly, IT agility means recognizing that while some job titles haven’t changed, the work these people do day to day has changed over the years, and digital transformation will continue to influence the evolution of the IT department.
Digital transformation has redefined roles
Managing IT is a different job than it was decade ago, and digital transformation continues to spark changes to job descriptions, as well as the responsibilities of the entire IT team.
It’s no longer enough to keep the engine running. IT agility demands that you be more strategic and align with the organization’s overall business strategy while facing heavier workloads. In the late ’90s, a system administrator spent most of the their time supporting computer hardware and telecommunications for desktop users, but today a big part of the job is maintaining multiple endpoints, including user, access, and device policies, while also monitoring many physical and virtual environments, many of which are hosted in the cloud.
IT managers, meanwhile, are now tasked to do more than just develop and manage applications. They must also keep tabs on technologies around the corner that might deliver business value and justify their inclusion in the IT budget, as well as demonstrate how they can create competitive advantage. IT managers must also be more security focused than ever, and likely working with an IT security team, or even a Chief Security Officer (CISO).
And let’s not forget the CIO, a role that’s been on the rise the past 20 years and is probably the best example of how IT teams and jobs have evolved since the turn of the century. CIOs—and CISOs, as well—are spending more time in the C-suite, and their job has gone far beyond just keeping the lights on.
Support IT agility with automation
No matter what you’re called—CIO, CTO or IT director—your role is more dynamic and challenging than ever. You’re probably having to do more with less, including tackling a digital transformation agenda as well as keeping the organization secure.
Digital transformation involves some strategic thinking, but it also means you’re looking at how you can migrate away from legacy infrastructure to new technology systems that will be flexible and scalable over the longer term. It also means involves fostering cultural change.
To deliver value to the organization and keep it secure, IT leaders and their teams must be more agile. Developing IT agility means making the most of your staff and making sure they’re focused on strategic activities—not bogged down by repetitive tasks that can be automated. Automation enables you to get more done without adding to your headcount and can also give you some clarity as to what people need to be doing and what skills are needed to get the work done.
Having the right IT skills is a perennial problem, and a lack of skills, especially around security, puts an organization at risk. Filling the skills gap is a priority for any leader as it’s necessary for meeting their digital transformation goals as well as maintaining compliance in increasingly regulated business environments thanks to legislation such as the General Data Protection Regulation (GDPR).
Ideally, IT agility feeds itself—as you become more agile and identify where you need to improve, your team becomes more empowered to tackle new problems and come up with creative solutions.
The competitive advantage of “people on demand”
Beyond automating things people shouldn’t be and addressing the skills gaps in your IT team, you need to think about what might be done outside of the organization more cost-effectively.
Given your strategic goals including your digital transformation efforts, do you really want your IT staff trouble shooting end user problems? Do you want your IT people worried about keeping toners in copiers or the printers from being hacked? Can you afford to pay a premium to keep a database administrator on staff when they may be idle half the week?
Just as you’re able to scale up computing on demand via the cloud, you can complement your in-house team with part-time talent on-demand to achieve the IT agility necessary to push your digital transformation agenda forward.
Sanjeev Spolia is CEO of Supra ITS.
- July 11, 2019
If you’ve been hearing rumblings about a deadline for your Windows 7 migration, you should know the “end of life” deadline is in January. You should have already started your move to the latest and greatest version of the Microsoft operating system.
The looming Windows 7 end of life deadline is also a reminder that you should review how you allocate your IT resources in the bigger picture, including making the most of your Microsoft investments.
What does “end of life” mean?
For the purposes of a Windows 7 migration, end of life means support for the operating system is being discontinued by Microsoft.
After January 14, 2020, Microsoft will no longer provide feature updates or security patches. The software giant already ended mainstream support for Windows 7 on January 13, 2015—new features stopped being added, and warranty claims were no longer valid.
The risks of putting off your Windows 7 migration
If it’s not that you can’t continue to run your business on Windows 7, but there are consequences from continuing to rely on an operating system that Microsoft no longer supports.
Most importantly, after the Windows 7 end of life deadline, the operating system will be inherently unsecure because it will no longer be patched for new viruses and security threats. Furthermore, it’s likely that threat actors will seek out businesses running Windows 7 knowing they are particularly vulnerable to emerging viruses, malware and ransomware. The second major risk is that third party developers are likely to stop supporting Windows 7, which means other business applications you rely on may no longer function properly.
Finally, support for Internet Explorer on Windows 7 will also be discontinued on the same day, which means applications that depend on it may no longer function properly and be more vulnerable to security threats.
What if you want to stick with Windows 7 past the deadline?
Despite the Windows 7 end of life deadline at the beginning of next year, you will be able to install and activate an instance of the operating system after January 14, 2020. However, it won’t be supported with feature updates and security patches.
Microsoft is allowing users of Windows 7 Professional and Windows 7 Enterprise to extend their Windows 7 security updates through January 2023, but you will have to pay for it.
What you need to upgrade
The good news is that your Windows 7 migration doesn’t necessarily mean new hardware.
Although Microsoft does recommend moving to a new PC when migrating to Windows 10 to take advantage of the latest hardware capabilities, you can do your Windows 7 migration on your current devices as long as they meet the minimum requirements.
No matter which route you take, you should make sure that your documents are safely backed up. If you’re upgrading to Windows 10 from Windows 7 on the same machine the transfer of your files is part of the process, but it’s best to back up just in case something goes wrong.
Think beyond your Windows 7 migration
Updating software and the hardware that supports it is a reality of doing business. While doing a Windows 7 migration to meet the end of life deadline may feasible for most organizations to do on their own, it’s a good opportunity to review how you allocate your IT resources. How do you want your IT team to be spending their time? Do you want them bogged down doing patches and updates?
As much as your Windows 7 migration is an essential milestone in the next six months, you should look at it as jumping off point to reassess how you deploy your internal resources and at how a managed IT services company can help.
Arun Prakash is executive vice president of Supra ITS.
- June 27, 2019
Whether you’re upgrading existing Oracle applications or it’s a “greenfield” rollout, there are three key things to keep in mind if you’re going to get the most from your applications deployment.
The sheer number of Oracle applications—as well as hardware requirements—can be overwhelming. While there’s value in sticking with one vendor to run your entire business, it’s critical that you’ve made a compelling business case for your applications deployment. You must also have the resources in place to not only implement them but also support them throughout their lifecycle.
What business problems are your Oracle applications solving?
If you’re deploying Oracle applications for the first time, you should have a strong understanding as to why you’ve chosen each one.
Before you’ve even begun your applications deployment, you should identify the problems you are looking to solve and your business objectives to be sure you’ve chosen the best Oracle applications for daily operations. For example, Oracle application such as Business Intelligence, Supply Chain Management and E-Business Suite should be considered by any organization looking to gain greater visibility and improve profitability, as they can help you make better decisions through analytics, optimize your workflows and improve employee productivity.
All the above need optimum data management, so you might want to look at Oracle Middleware so that you can provide your Oracle applications with a single source of data to truly leverage your business applications to make smart decisions.
Picking the right hardware for your applications deployment
Enterprise software applications such as those from Oracle are no different than one running on a PC or a smartphone—they need the right hardware to deliver value and productivity gains, whether it’s a software update or a greenfield applications deployment.
In some cases, you might want to take advantage of Oracle hardware for your Oracle applications, such as Oracle Virtual Machine, which will help reduce your overall compute costs. A more data intensive organization should consider an Oracle engineered system such as the Oracle Database Appliance, or Oracle Exadata, which provides even more power with less maintenance.
There are also non-Oracle options too, such as IBM Power and HPE SuperDome Flex. The latter is an x86 option that can help reduce your licensing costs without breaking the bank so you can maximize the return-on-investment from your Oracle applications.
Power your Oracle applications with the right people
While Oracle applications can improve the productivity of your business users, some aspects of your applications deployment are going to require strong skill sets, particularly in the database management era.
Database administrators (DBAs) are in high demand, and small and medium-sized organizations must compete with large enterprises to attract and retain top talent. Although you should never cut corners in this area, there are affordable options to make sure you have the right people to manage the data that helps derive business value from Oracle applications. You can take advantage of shared DBA services from a managed IT service provider to augment Oracle DBA Services with additional resources to fill any gaps. You can access a virtual DBA on-demand, either on a temporary or long-term basis based on the ebbs and flow of your business.
Whether you’re doing incremental updates to your existing Oracle applications to get each one to the latest version, or a complete greenfield applications deployment, it’s critical that you understand what your business objectives are, as well as the hardware and people necessary to support your initial rollout and ongoing operations.
Arun Prakash is executive vice president of Supra ITS.
- June 13, 2019
Although preparing for the General Data Protection Regulation (GDPR) compliance was a different challenge than being ready for Y2K, both deadlines had one thing in common—the sky didn’t fall once they came and went. But when it comes to compliance, the deadline never really passed.
If you met the GDPR compliance deadline last May, your work is still ongoing—being prepared for it, like any other privacy regulation, is a continuum of internal readiness. At first glance, GDPR readiness appears to be just another security exercise, but it should have prompted you to think differently about the data you store and process.
Know your data is—in transit and at rest
As much as GDPR is about privacy, it requires you to be transparent in that you must have complete visibility as to where your customer data is stored and where it flows—how does it move across borders within the European Union and beyond? Remember, the data you must keep private is dictated by European citizenship, even if you’re based in Canada, and it’s a living entity. Documenting it for the initial deadline wasn’t enough.
If you’re handling sensitive financial data or Personally Identifiable Information (PII), any documentation and data processing activities must be transparent and demonstrate accountability today and tomorrow. You should always be re-evaluating your current data governance practices and policies as part of your GDPR compliance and improving them as needed.
Plan for the worst
Long before GDPR was even a spark of an idea, data breaches were par for the course. The European privacy legislation is just further impetus for having a clear picture of where your data is most vulnerable.
GDPR requires that you have a disclosure process in place if a breach occurs—affected customers must be informed within 72 hours—although there are a few exceptions. You should be conducting regular fire drills to test the effectiveness of your data breach response procedures, just as you would any disaster recovery plan. This testing can also be applied to breach notification guidelines for the updated Canadian privacy legislation, the Personal Information Protection and Electronic Documents Act (PIPEDA).
Do you still have consent?
A key aspect of GDPR, as with PIPEDA, is getting a person’s consent to process their data. Even more importantly, you must be able to honour a request to have that consent withdrawn—that’s why understanding how your data flows is so important. You can’t be certain someone’s data is no longer be used if you don’t know for certain where it’s been collected and stored—it also could have been duplicated. You must also ask for reaffirmation of consent if how you use PII changes.
The consent aspect of privacy regulation further cements the need for pristine record keeping. This includes disclosing to the data subject as to whether any third parties need access to their data to deliver products and services. Your data auditing for GDPR or PIPEDA must reflect any changes to the processing of the data, even backing it up.
Be ready to the roll with the changes
Being prepared for any privacy legislation means maintaining a constant as there will be changes and updates.
GDPR will likely evolve over time, just as PIPEDA has been reviewed updated since being introduced more than 15 years ago. You can’t sit on your laurels for having met last year’s deadline. Privacy regulation compliance should be integrated into your operations. Customer data is rarely static, so your procedure for tracking and protecting it shouldn’t be either.
- May 30, 2019
- Catagory business continuity
You might think a business continuity plan is a luxury—something only larger organizations can afford or something you’ll do during a slow period. But planning for disaster is not just good preventative medicine. It contributes to a healthy business in three meaningful ways.
Being prepared is a state of mind. When your team knows you’re prepared for the worst, they can move forward with any business initiative with confidence.
Organizations that have a business continuity plan in place nurture employees that are adaptable and proactive when things to do go wrong. Planning for disaster becomes a subtle part of everything they do, making them adept at automatically assessing the levels of risk associated with new ventures and more agile. Small disruptions don’t phase them because the business already has a plan in place for the worst-case scenario.
The confidence your employees have because you’ve got a rock-solid business continuity plan is picked up by your customers. Letting them know you’re proactively planning for disaster sends a message they can count on you, and so can your investors, business partners and other stakeholders.
Having a business continuity plan can also set you apart from your competitors and is something you can market to potential customers. They may not even consider that your planning is in their best interests, but it will help you stand out when it comes time for them to make a buying decision.
In an era of privacy legislation that includes the Personal Information Protection and Electronic Documents Act (PIPEDA) and the General Protection Data Regulation, planning for disaster helps you stay compliant with government regulation and industry standards—yet another way to maintain competitive advantage.
Even if your industry isn’t heavily regulated, adhering to standards and best practices by keeping them in mind during your business continuity planning demonstrates a commitment to quality and accountability. Should new legislation be introduced that affects your operations, or you expand your business into a more regulated sector, having a mindset in place that guarantees business uptime will help you easily adapt to new realities quickly, giving both you and your customers peace of mind.
Business continuity keeps you ahead of the game
Planning for disaster is a must-have, not a nice-to-have. Don’t wait until the worst-case scenario hits before you start your business continuity planning. Making the upfront investment today will pay off in the form of confident employees and customers, and a healthy bottom line.
If you haven’t begun to think about disaster recovery planning or feel your plan needs an update, check out our Disaster Recovery Primer.