It is imperative for the IT support function of any Organization to completely understand and appreciate all aspects of the organizations business practices, culture and identity. TAG Solutions believes that the creation of an organic document titled, “The Organizational Profile”, is the initiation of an exhaustive and continuous effort to comprehend “Who” our client is, “Why” they exist, “What” they do, and “How” they do it.
Every organization has a vision, a destination, a goal. Typically the details of which are captured in a formal document of some type such as a strategic plan, a business plan or operating plan. If such documents exist, TAG Solutions will review and discuss the contents of them with key members of the organization with the intent of learning and appreciating “Where” the organization is going and how technology integrates into the strategic vision.
The Current IT Portfolio has any components and is intended to provide and accurate snapshot of the organizations Information Technology assets and the associated cost of their operational use. The foundational building block of the Current IT Portfolio is a complete inventory of IT assets which are then categorized and classified according to (1) criticality, (2) supporting business processes, (3) supporting business departments, and (4) type of asset. Assets can then be assigned an annual allocation of the IT budget. After the portfolio is complete, decisions can be made to reduce or expand the IT footprint, reduce costs / waste, and understand the costs with “running” the business today. TAG Solutions will create the Current IT Portfolio with information provided by RMM tools used to manage the IT assets covered under the scope of this agreement. It is strongly recommended that the organization provides further information associated with all IT assets not covered under the scope of this agreement so that the Current IT Portfolio is thorough and complete.
During the early days of IT, organizations could gain a significant competitive advantage by investing in a “one of a kind” or “innovative” technology. Like many broadly adopted technologies that have weathered the test of time, such as electricity or railroads, IT has become a commodity. The accessibility and affordability of technology has made it ubiquitous rather than scarce and unfortunately, scarcity (something no one else has) makes a business more strategic than its competitors. TAG recommends that “IT Strategy” should be largely driven by managing IT risk. Organizations do not draft strategic plans centered on its electrical usage, but if the power goes out, there can be devastating consequences. The same should hold true for IT. TAG Solutions recommends conducting an annual Risk Management exercise that focuses on the organizations IT assets and the use of those assets. The Risk Management exercise will identify and categorize risks, likelihood, impact and mitigation, response or transfer strategies.
TAG Solutions conduct an analysis of all critical business functions with the organizations executive management team. The sudden and sustained loss of each business function will be discussed and the tangible and intangible impacts of supporting technology infrastructure and platforms will be quantified and documented. The result of this analysis will be the generation of (1) Recovery Point Objectives, or RPO and (2) Recovery Time Objectives, or RTO for each applicable workload or application. Conducting a Business Impact Analysis (BIA) is recommended prior to drafting a Disaster Recovery Plan as it helps to determine critical components of the DR plan such as the recovery approach, procedure and timeline.
TAG Solutions will draft a comprehensive Disaster Recovery Plan (DRP) based on the needs and desires of the organizations executive management team. The DRP provides procedures for relocating and/or restoring information systems operations in the even that a disaster is declared. The plan consists of three primary phases including (1) The Activation and Notification Phase, (2) The Recovery Phase, and (3) The Reconstitution Phase. The DRP will be subject to both table-top testing and functional testing exercises once a year.
New technology is introduced to today’s market at an alarming rate. The rapid invasion of new products, applications, and concepts can be overwhelming for most executives to digest and navigate. Executives need to; (1) understand new, emerging technologies, (2) perform analysis exercises to determine the impact these technologies will or could have on the business, (3) decide which technologies deserve investment dollars and which do not, (4) develop implementation plans for those that do. TAG Solutions recommends a formal process in which a Business Technologist meets with executives annually to address these challenges using the following agenda:
TAG Solutions will identify the vulnerabilities and weaknesses in the Client’s information security practice including specific gaps in the Client’s information security program that would result in violations of regulatory, commercial and organizational compliance and then develop an actionable plan for security and compliance remediation based on the results of the assessment.
The annual security assessment is a process designed to evaluate the security risks facing a business and the controls or countermeasures adopted by the business to mitigate those risks. It is largely a human process, managed by a team of “assessors” with technical and business knowledge of the company’s information technology assets and business processes. As part of the assessment, TAG Solutions will interview key personnel, catalog existing security policies, procedures and controls, and examine Information Technology assets covered by the scope of the assessment.
The assessment is based on the ISO 27002 standard and will be conducted as follows; (i) the physical scope of the assessment will be defined by outlining the physical perimeter (data center, a subnet, a website, etc.) allowing the assessment to proceed in a manageable fashion, (ii) the process scope will be defined by outlining the logical perimeter (policies, procedures, practices, etc.), (iii) a historical analysis will be conducted by reviewing performance of past assessment and audits, known vulnerabilities, policy exceptions and other assumptions that may influence the results of the current assessment, (iv) an assessment plan will be developed based on the scope definitions, available resources, priorities and constraints, (v) the assessment will be performed by completing actual examinations, interviews, testing and analysis of the Client’s security and compliance practices, (vi) vulnerabilities and risks will be documented by collecting and analyzing information gathered from the assessment, (vi) a remediation plan will be developed by creating action items to address vulnerabilities or risks identified by the assessment.
TAG Solutions will deliver a findings document describing all recommended remediation items, including a description of all vulnerabilities and risks.
The IT Portfolio is a formalized list of potential investment opportunities that have been identified during previous workshops. It allows for the organization to consider and prioritize IT expenditures and to identify which investment opportunities will receive precious dollars, and which will not. This process will be facilitated by TAG Solutions and becomes organic in nature, occurring as frequently as needed.
Prior to moving potential investments to the IT Project Portfolio from the IT Discovery Portfolio it is important to consider the total cost of implementation and operational support. For each investment opportunity selected out of the IT Discovery Portfolio, TAG Solutions will perform a capacity planning exercise to ensure that the existing infrastructure and network topology will support the additional workload(s) or application(s).
The IT Project Portfolio is a document that lists the investment opportunities formally approved by the organization. Each IT project will be listed in the portfolio, complete with descriptive project charters. Implementation services and the costs of project materials are outside the scope of this agreement. Upon completion, IT projects will be removed from the IT Project Portfolio and the newly implemented technology will be incorporated into the Current IT Portfolio.