Along with the mushrooming size of the physical Internet, the ever-increasing volume of data being squeezed through it, and the wider range of information security is a growing concern. When you say “computer security”, what comes to mind most often are external threats: hackers, malware, viruses, botnets. But when you look at computer and IT trends, new technologies — mobile devices, social networking, and the like — pose a much greater threat to the security and integrity of your company’s information.

That’s right — your employees are at least as great a threat to your information security as are the people on the outside trying to break in.

What can you do about protecting your computers, your network, and your information from security threats?  There are a number of steps you can take to protect your business, most of them inexpensive and easy to implement.  Here are ten of the best methods for ensuring information security…

1. Manage Your Technology Life Cycle

Old computer technology is less secure than new technology.  Newer technology implements the latest tools (like intrusion protection), so one of the best things you can do to protect your business is to use the latest technology.

In fact, you should develop a technology lifecycle plan for all of your computer hardware and software assets.  Consider replacing computers after four years; budget 25% each year for new technology to replace the old.

2. Establish a Password Policy

This one is really simple: make sure your computers, servers, wi-fi connections, etc., all have password protection. Adding open devices and connections to your network is just inviting trouble.

Close those connections now, using unique passwords for each user.  Use strong, complex passwords, as many security professionals (and companies like Microsoft) have been recommending for some time. Require that passwords be replaced every month or every quarter. Lock out an account after “n” failed login attempts. Disable past employee accounts immediately.

3. Back Up Your Data Frequently

Everyone I talk to says they have a back-up plan and, of course, they perform backups.  But are their servers backed up frequently enough? And what about individual PCs – do they have data or apps that aren’t on the servers? Are they backed up, ever? Should they be?

Are backups taken off-site? Have you tried to restore your backups to a computer that is NOT in the original location? Are you using cloud-based apps but wonder if your cloud-based data are backed up appropriately? (Bizmanualz new Onpolicy Procedure Management Software eliminates the need for backups at the user level.)

And have you tested your backup process lately? Trust me — when you’re trying to recover your system from an attack or a fatal system error is not when you want to find out your backup process doesn’t work.

4. Use Malware and Virus Protection

It happens — people inadvertently download something they shouldn’t (social engineering techniques are that effective). The next thing you know, that computer — even your whole network — is compromised.

You need to develop a computer security policy.  Consider centralizing your anti-virus and anti-spyware management instead of having each user responsible for their own devices. Enable frequent virus scanning and frequent, automatic updates. Monitor your anti-virus subscriptions — you can’t afford to let them lapse.

5. Secure Your Mobile Devices

Your company may be facing increasing liability exposure from employees housing data in PDAs, laptops, or cellphones.  If your employees have access to sensitive information (think “WikiLeaks”), you need to develop a Mobile Device Management Plan that addresses digital rights management, data loss prevention, data security, and other IT internal controls. Consider anti-virus device security and data protection that includes the ability to wipe a device, in case it’s misused.

And, if you don’t want employees using their personal devices to handle company information…what’s your policy on that and how do you enforce it?

6. Train Your Employees

Imagine you’ve created a new password policy, invested in anti-virus software, and developed a Mobile Device Management Plan but you haven’t told anyone. How useful will those measures be?

You must communicate your policies and train your employees how to implement computer security methods. You can’t just tell everyone in an email that “here’s our policy”, and leave it at that. You have to show everybody how important it is and how it’s done.

You have to ensure that all employees understand the new password policy, how anti-virus software keeps your computer safe, what “acceptable use” is, and the importance of protecting their mobile devices.

7. Restrict Access to Your Data

Microsoft Windows, Linux, and other operating systems have their own kind of user access controls.  Using them means you have to identify what each user login requires for data, network, or peripheral access (e.g., read only, read/write, execute). If you allow too much freedom of access, you increase the risk of misuse, data loss, etc., but if you make restrictions too tight, you’ll get far too many user complaints. There’s a very fine line between too much and too little — that line often isn’t easy to find, and it moves around a lot.

8. Implement a Contingency Plan

A computer, IT, or data center disaster recovery plan is an important element of securing your computer data. There are more than hackers and trusting (or untrustworthy) employees — there are acts of nature that threaten your business’s continuity, too.

You never know when fire, flood, tornado, riots/uprisings, robbery, or other catastrophic events will occur but if one (or more) of them does strike…how long will it take you to get your business back online? Without a disaster plan in place, it will take too long.

Your plan should cover hardware and software replacement, data recovery, and key configuration, restoration, or installation details.  It should include appropriate software license numbers, insurance numbers, and key contractor or supplier numbers. It should cover testing, validation, and performance criteria. Furthermore, you need to thoroughly test your recovery plan before you need it.

9. Block Would-Be Intruders from Your Network

First, you can’t do this perfectly but you can at least make it more difficult by installing a business-class firewall and updating it regularly. Close all the firewall ports you’re not using. Don’t use older WEP security (see #1, above) but invest in newer, stronger technology like WPA2. Always make sure you’re up on the latest threat prevention methods.

Restrict access to DNS zone transfers, which hackers can use to read your DNS records and obtain your server details. Add an Intrusion Protection System (IPS) that monitors network and system events for malicious activity.

10. Close Holes in Your Security

As we often say in the quality field, “You don’t know what you don’t know.” This is true for security, as well. To find the holes in your computer security system, perform some type of regular security audit and network inspection. Check your firewall and server logs for signs of threat.

See that you’ve implemented measures to address the first nine points above. Secure your computer network. Enable automatic updates. Deploy Windows Server Update Service (WSUS) and Windows Update for all PCs and workstations. Be sure your anti-virus and other malware prevention systems are being automatically and regularly updated.

I also recommend hiring an independent computer security expert to audit your information security system and conduct system tests (penetration testing, leak testing, etc.) from time to time. You can also look for software applications, like The Secunia Personal Software Inspector (free download), that scan your installed software to identify potentially unsafe (e.g., out-of-date) programs and offer downloads to the latest software patches.

So, Is Your Computer Network Secure?

If you take the time to implement these 10 security methods, you’ll be doing a great deal to ensure the security of your data. No system is perfect, of course, but if you take these ten easy steps, you’ll minimize or eliminate the majority of security threats to your IT system.

Top Ten Ways to Secure Your Computers

1. Manage Your Technology Life Cycle
2. Establish a Password Policy
3. Back Up Your Data Frequently
4. Use Malware and Anti-Virus Protection
5. Secure Your Mobile Devices
6. Train Your Employees
7. Restrict Access to Your Data
8. Implement a Contingency Plan
9. Block Hackers from Your Network
10. Close Holes in Your Security

What are you doing to ensure the security, integrity, and availability of your company’s data? Is there anything you’d add to (or remove from) this list? What’s your biggest concern, information security-wise?

Thanks for your comments.

We regularly send out e-mails, to continually keep our name in front of potential (and existing) customers. Some of us even have LinkedIn^TM and Facebook^TM pages (Figures 2, 3) where we invite not just commentary, but participation and engagement.

We have a plan for strategically managing our web presence. In that plan, we:

1. Establish SMART objectives;
2. Develop and implement the various aspects of our web presence (web pages, newsletters, social media, etc.);
3. Monitor, measure, and analyze to see if we’re meeting planned objectives;
4. Make changes to the plan, as needed, and implement them; and
5. Continue to monitor, analyze, change, ad infinitum.

Why does that 5-step plan look familiar? It’s the “Plan-Do-Check-Act” (PDCA) cycle! It’s how companies ensure product quality, continual improvement, and customers who are more than satisfied — they’re actually advocates!

Figure 1

Ask yourself, “Are we doing that?” Do we have a plan, or did we just throw something out there so we could say, “We have a web presence”?

Figure 2

Without a clear, comprehensive plan, your web presence can do you more harm than good. If you’re lucky, prospects and customers contact you about broken links, inconsistencies, and the occasional link to a product you discontinued months or years ago. In reality, most of your target market just “walks away” and never comes back.

Figure 3

The best advice I can give you is to establish a process of developing, implementing, and maintaining your company’s web presence before you build a single page online or send out a single e-mail. To do that, you need to understand:

• What your company stands for (its vision and mission);
• What you want to accomplish in the short and long term (i.e., what objectives you have for your web presence, specifically, and how – and if – those objectives tie into your company’s overall objectives);
• How extensive your web presence could (or should) be; and
• Why it’s important to establish a system of internal controls early and not let your efforts, accidentally or otherwise, go off target.

If you haven’t had a program for managing your web presence up to now — not a problem! There’s no reason to believe that because you’ve been working without one, you can’t implement one at any time. It may seem difficult at first, but the reward is unquestionably well worth the effort.

Take a few steps back and reevaluate your situation from a user’s perspective. If you have a particularly trustworthy customer, one you can count on to give you an unvarnished (but not a brutal) opinion, ask for their input. Find out whether they’re getting what they want from your web page and your social media. Find out if their objectives align with yours, and vice versa.

Refresh – reinvigorate – your web presence a little bit at a time. You don’t need to get everything done in a day or even a month or two. Work on the “low-hanging fruit” first, then move on to areas where your weaknesses aren’t so problematic.

And remember — stick with the plan! Keep reminding yourself — you only get one chance to make a first impression!

* * * * * * *

If you see an inconsistency or error on another company’s web site, do you say anything or do you let it go? Does it make a difference if they’re a vendor/customer of yours or not?

Now that computer systems are ubiquitous, everyone wants access to the information they contain. People want new business reports describing new relationships, and the IT department has responded by developing more software applications for more users. Historically, the corporate IT department has reacted to demand but in today’s hypercompetitive environment, that’s not enough. IT has to anticipate!

If your organization is focused on meeting user’s needs with just software applications development, you’re missing the boat. In-house development of software applications for HR, Accounting, Production, Sales & Marketing, and many other key operations is moving to Software as a Service (SaaS) and out of the IT Department.

If all you’re doing is developing software applications, you’re not only losing ground to SaaS — you’re also limiting the real strategic value of your IT department. What is needed now is a way to rise above just reacting to users. The new IT department model is based on being ahead of users’ needs.

Information Technology Is About Interacting

Information Technology is about information deployment, the quality of your business processes, and their associated information interactions that are delivered over the information technology. We’re talking about how you create, capture, deliver, use, and measure your business information. Information Deployment is the strategic differentiator that your business processes require. Information Technology is now a commodity, but your business processes are your business.

The quality of your business processes and their associated information interactions that are delivered over the information technology is really the focus in today’s IT departments. Data processing has given way to business process processing. We no longer just move data; we now enable business processes.

“The number one benefit of information technology is that it empowers people to do
what they want to do. It lets people be creative. It lets people be productive.”
Steve Ballmer, Microsoft CEO

Information Technology Usage

Application software development has always been about getting the right data in front of the right user using the right interface. Only now are we are finding that in our ever-increasing complex world, how you create, capture, deliver, use, and measure your business information is more critical than ever.

The Internet is a perfect example of how things are changing in the IT department. Users are now entering their own orders online, tracking their shipping, and reviewing their account. Paper is being eliminated and as we use principles of Lean Thinking, we find new inefficiencies in our old methods. The Internet is forcing organizations to rethink how Information Technology is used.

The Internet is forcing us to examine our core business processes, to understand the customers of those processes, and determine how to best use the information that is available. Only in this way do you get ahead of users’ demands. Put another way — the more proactive you are, the less reactive you’ll be to demands for application changes.

Information Technology as a Strategic Differentiator

In response, the IT department is now being asked to improve business processes. This is a strategic shift to taking on new responsibilities for Business Process Management. The new question is how do you build effective management systems and manage business processes?

Organizations that learn how to deploy information technology well have a valuable strategic differentiator. Information Technology is now a commodity, but your business processes are your business. Those with the organizational leadership in place to take advantage of this new shift will beat out those who don’t.

How about you? Is your IT system where you’d like it to be?

Social Systems

Questions in the information age have been surfacing, causing rifts in the social system of the organization. Changes in thought are occurring as part of the cultural transformation. Work groups are forming as workers move away from linear processing (assembly lines) and toward other models and dynamics, yet we are glued to the computer more. Social interaction as our parents and grandparents knew it is on the decline. Organizations will be forced to adopt changes in order to survive in the fast-paced information age.

The mechanistic view of the universe is a relic of the scientific age. It represents society as it was, 100 and more years ago. Now, the thoughts, perceptions, and values that form that vision of reality are changing. The information age has begun and with it, a paradigm shift is under way. This represents a time of great opportunity for entrepreneurs to develop the new views.

History shows us that, as business becomes more expensive to operate the old way, new technologies are incorporated. Our friend John Diebold pointed out that information technology is an instrument of human change that has three stages:

• First, computers do the same job in a different way;
• Second, the job changes; and
• Third, a change in society occurs.

The third change can be seen happening today when hackers break into computers causing alarm over computer security. These types of changes are evident in the news and will continue to highlight the role — and the value — of information in society.

A second shift can be seen in the formation of networks and partnerships at the expense of hierarchical and bureaucratic forms of management. Businesses and their supply chains are having to work in unison to maintain a competitive advantage. The assembly line is on the decline and the rise of the work group is the new reality.

The original workforce was a gang — a semi-autonomous group under a gang leader who took responsibility for a piece of work. The advent of machines reshaped the gang around the assembly line of the new machines. Information technology has given workers the tools to form back into groups similar to the original workforce. But, as technology advances and is made available to the individual, these work groups will begin to dwindle to a single person or none at all.

The effect of the work group shrinking to fewer people will be that individuals will become more autonomous at the expense of social interaction and corporate loyalty. Smaller work groups will have a greater amount of technology about them and thus be able to work remotely. This could mean at home, in a car, plane, or boat. As people work away from the office, they risk losing touch with the people back at the office.

They are unable to socialize as well with the others and, as a result, their loyalty to the organization may decline. In addition, promotions are often based on social interaction; without it, people are at risk of being passed over for promotion. But, with the increase in worker independence comes an increase in job mobility. People will contract out, or outsource, more services. The result is a continued rise in the entrepreneurial workforce, where the individual develops a self-identity outside of the traditional workplace.

Skills Displacement

There is a dramatic social implication that has thus far only been alluded to. As technology changes the organization, automating more tasks, fewer people are required to get the job done. Not only has information technology increased productivity: it has eliminated jobs, as well. If work groups dwindle to one person or none at all, where will the rest of the group go?

There are two answers to this question — job retraining and redefinition. The lower skilled worker’s job is being eliminated by technology, so they will require training in a new job. High-tech professionals will find their field passing them by, so they’ll require retraining in their field. On the other hand, there may not be enough jobs for everyone as more and more robots and technology perform more of the work. This will require people to work less hours, share jobs, retire early, or (in some way) get by with less.

More time will need to be spent on education, not only to keep the workforce educated on the new technology, but also to keep more people busy. Lower skilled and unskilled workers will find their jobs being eliminated and so they will go back to school in order to learn newer skills. New theories and discoveries will continue at a rapid pace which will put pressure on people to keep up with the advances.

Graduate degrees will become the rule rather than the exception. Businesses will put people through school to keep the individual from becoming obsolete and to give them something to do. There will be fewer jobs and the jobs that exist will require more skills than before. Management will need to develop fewer, highly skilled, individuals with workplace training programs and then keep them. This again is a greater people orientation then before.

A redefinition of the workplace and the jobs people perform will be required. Today’s factories will go the way of yesterday’s agriculture. As farms were automated and more could be done with fewer people, many left for the city or idled their land. In the last 100-plus years, agrarian jobs fell from 41% of the labor force to under 1%, yet they seem to have been absorbed into the labor force.

Handy proposed one way in which automobile factory work might shift. If fewer cars were made and they were being made by robots then manufacturing jobs would decline. People would need to keep their cars longer and the maintenance activity, which is labor intensive, would increase. This could be picked up by small garages or self-employed mechanics. This would mean that society would need to move to a high quality maintenance concept rather then a lower quality disposable one.

What Handy illustrates is that the solution to the problem of job elimination is based upon the redefinition of business by society. Another concept popularized by many is one where everybody works less, which is already happening in Europe. Shorter work weeks, early retirement, longer vacations, and more time off for schooling. The implication here is that more people are staying employed, but at the expense of a smaller paycheck with more leisure time.

In an age where leisure time is becoming increasingly important, this notion has caught on at a number of businesses. The problem of child care could decrease if more time were spent at home. More time could be spent on personal, self-actualizing events. This also points to an increased interest in the “third age of life”, that part of life that is beyond growing up and working.

There are many possibilities that exist with the flexibility that is offered by the jobs of the future. The key question is how society will react to the changes that are occurring in the workplace and what people are willing to allow to take place. One thing is for sure and that is that the changes are inevitable.

There is a cartoon by Charles Adams (from a 1955 issue of “The New Yorker” magazine) that shows two caterpillars and above them, a butterfly emerging from its cocoon and opening its wings. One caterpillar says to the other, “You’ll never get me up in one of those things.” This social commentary still resonates in the 21st century: Change is inevitable.

Dynamics of Information Technology

The rapidly occurring changes force management to discard old, mechanistic views. The key to management in the future will be in understanding the dynamics of information technology, adopting a greater people orientation, and adapting appropriately to the changes. Survival in the future will be based on the effective use of both information and people as resources in order to keep the organization progressing, competitive, and alive.

* * * * * * *

So, is information technology changing your business? If so, how? What are the benefits and costs to your business?

St. Louis, MO – October 25, 2005 – Bizmanualz, Inc, a business publications and consulting company based in Clayton, Missouri, today announced the release of a new Computer & Network Management Manual for business owners, Chief Information Officers, Chief Operating Officers and executives required to comply with various federal regulations and international standards such as the Sarbanes-Oxley Act of 2002, COBIT and ISO 17799:2005. Under these regulations, a company must demonstrate adequate internal controls of business records and information security.

“Computers and Information Technology (IT) have become vital parts of business operations,” said Christopher Anderson, Managing Director of Bizmanualz, Inc. “New Sarbanes Oxley regulations require management to demonstrate control over the use of information systems and networks.”

“The Computer and Network Manual addresses critical information technology management issues such as computer usage, information security, and network and IT security management, making it an invaluable resource for any IT manager or IT department,” Anderson added. “This manual compliments our highly successful Accounting Policies, Procedure, and Forms Manual and, when combined, both publications provide a compliance solution for Sarbanes Oxley, COBIT or ISO 17799.”

Officially titled Bizmanualz Computer and Network Policies, Procedures and Forms, the new IT Manual provides a framework upon which any size company can get a handle on the capabilities of their current IT system, systematically prepare IT needs and budgets, facilitate IT asset management, and resolve access and security issues.

Many small and medium size companies do not have access to an experienced Chief Information Officer to lead the way in formulating best practices and optimal standards to establish a formal IT policy. This publication is the first to identify and provide the guidance and the tools required to accurately and efficiently determine the hardware, software, training, and security requirements of the organization.

“The Computer and Network Policy and Procedure Manual discusses strategic IT management including IT security, control of computer and network assets, and includes a section on creating your own information systems manual along with a computer and IT security policy guide,” explained Stephen Flick, Product Manager of Bizmanualz and the editor of the manual. “You get all this content in easily editable MS-Word files allowing anyone to customize the manual to create their own IT policies and corresponding procedures.”

Bizmanualz also offers individual department manuals for accounting control, human resources management, ISO 9001 quality management, disaster preparedness and security planning. All Bizmanualz Policies and Procedures products combine a printed manual with easily editable MS-WORD documents on CD-ROM. Each product provides prewritten policies, procedures and forms that enable executives to create and maintain internal controls in their organizations. All Bizmanualz products are available at www.bizmanualz.com.

Bizmanualz Computer and Network Policies, Procedures and Forms: How to Control and Protect your Computer and Network Assets (600 pages/trade binder/ ISBN 1-931591-06-7/ $595.00) is a Knowledge Management title from Bizmanualz, Inc. It is available by calling the publisher at 800 466-9953 (international customers call 314-863-5079), emailing sales@bizmanualz.com or visiting www.bizmanualz.com.

Data to Information

Today’s IT departments and resources are required to handle enormous amounts of data. This is where some degree of standardization can help minimize inconsistencies, confusions and resulting risks. But all data is not equal in terms of importance or sensitivity. Data itself is not very useful. Think of it as the “Know-nothing”? stage.

We must understand what the data is and how it relates to our needs. Once a relationship has been defined then the data becomes information. This is the “Know-what” stage.

Information to Knowledge

Next, the information must be converted into knowledge by finding patterns within the relationships. These patterns have the potential to represent knowledge once the patterns and their implications are understood. Knowledge allows us to predict, information by itself, does not. This is the “Know-how”? stage.

Knowledge to Wisdom

Wisdom arises when the knowledge is transformed into insight or principles. In other words, once you understand the source of the patterns, you have found an eternal truth. This is the “Know-why”? stage.

Company Policies and Procedures

Policies and procedures are written for a host of reasons including decreasing training time, meeting compliance requirements, communicating effectiveness measures, simplifying access to information and transferring knowledge.

Use of consistent, well defined policies and procedures save time by guiding users in converting raw data into meaningful information, transferring knowledge, and imparting the wisdom from past generations in order to take appropriate actions in not-so-obvious situations.

IT Policies and Procedures

Having formal Computer and Network Policies and Procedures in place enables organizations to assign responsibilities and provides definitions, guidelines and rules for employees. Your IT policies and procedures should cover all aspects of your information technology management—from computer usage and network security to IT asset management and training & support.

Policies and procedures allow managers to communicate the way things should be done and IT policies and procedures are no exception. Prewritten documents can speed up procedures development, which, in turn, speeds an IT department’s path towards greater effectiveness, and better results.

To learn more about improving and strengthening your IT processes, order the NEW Computer and Network Policies and Procedures Manual or attend the next How to Align a System of People and Processes for Results class.

If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.

Call for information on having your own private in-house classes today.

Computers and IT have become important parts of business operations, storing and circulating critical information between numerous business processes. Many business functions require the use of computer systems and networks, and businesses and computer networks are increasingly interconnected.

But how do you govern these systems and what standards do you choose? In other words, how much should you think about coordinating and securing the information that is so important to you and your business?

Information Security

Any information is susceptible to leakage or damage unless protected by a strong security system. Information stored in computers is no exception. With the high usage of computers, servers and many systems connected by layers of networks, security is one of the key challenges for IT professionals today. We hear so much about identity theft, virus infections or spyware hijacks. At various levels, all these activities put heavy burdens on your resources.

In order to preempt this threat and protect your information, you must have information security measures in place to maximize results. This means developing and implementing a set of controls through appropriate policies, procedures and processes. Besides meeting your organization’s goals and objectives, these controls should also be aligned with other business processes in your organization.

IT Governance

This is where the issue of IT governance comes in. The executive summary of COBIT or the Control Objectives for Information and related Technology identifies IT governance as “a structure of relationships and processes to direct and control the enterprise in order to achieve the enterprise’s goals by adding value while balancing risk versus the return or IT and its processes.” In other words, IT governance is about balancing risk and return from your IT processes.

So how do you approach IT governance? Businesses can either create their own structures and frameworks, or adopt universally accepted “best practices” standards that have been tried, tested and improved by a large number of organizations and individuals. Implementing an IT quality standard has its own benefits.

IT Standards

Two main IT standards available today are COBIT and ISO 17799.

Currently in its third edition, COBIT is a framework for managing IT risk and was created by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). It consists of 34 high level objectives covering 318 control objectives categorized in four areas—planning and organization, acquisition and implementation, delivery and support and monitoring.

The six elements of COBIT are documented in separate volumes and include management guidelines, control objectives, COBIT framework, executive summary, audit guidelines and an implementation toolset.

ISO17799 was originally published in 2000 by the International Organization for Standardization, which reissued a revised version in June 2005. It is based on the British Standard BS7799 and focuses on security with an aim to help organizations create effective security plans.

The ten main sections of ISO 17799 are: security policy, security organization, asset classification and control, personnel security, physical and environmental security, communications and operations management, access control, systems development and maintenance, business continuity management, and compliance.

Benefits of IT Standards

Adopting an IT Standard, by itself, may not mean that your organization is 100% secure. However, compliance with these established standards goes a long way in demonstrating that you take security issues very seriously. On the top level, four obvious benefits of IT standards stand out:

Completeness: Like any other internationally accepted standard, IT standards spare you from reinventing the wheel. Why spend the time and resource creating something that already exists and is proven to work?

Compliance: Using a widely regarded standard demonstrates that the organization practices industry norms and follows applicable laws and regulations.

Credibility: Having a standard in place reassures stakeholders of the company, including customers, suppliers, and employees by demonstrating that your organization is committed towards protecting valuable information.

Confidence: By minimizing risk of information leakage, IT standards lead to better knowledge management and more efficient use of your IT assets.

This week we have looked at how to govern these systems and what standards to choose in order to coordinate and secure the information that is so important to you and your business process management.

To learn more about improving and strengthening your processes, attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.

Call for information on having your own private in-house classes today.

Our topic of discussion in the previous article was Information Deployment. This week we will discuss Business Process Management. Corporate strategy changes over time but always requires the alignment of people and processes in order to realize the mission of the organization.

In the past, the Information Technology (IT) department has delivered the systems. What is now required is for IT to move beyond the systems focus and coordinate with the people in your organization in what we call Business Process Management (BPM). IT is the medium that transforms ideas into intellectual property.

Process Flow and IT

BPM is the management of well-defined processes from beginning to end. These process are broken into descriptions of activities and tasks that define a business workflow under varying business conditions, such as the steps needed to execute your accounts payables operation. Documenting the workflow for a group of individuals is done using document maps or process maps. However, the IT department needs a lot more than a process map, they need to construct an information map or what some might call a Data Flow Diagram (DFD).

Information Maps

The information map contains the flow of data from one process, activity, or task to another. As opposed to product-flow, information flows (i.e. documents, records or other data) must be described in detail in order for IT to implement the process. Data Flow Diagrams are used to illustrate the sources and uses of data, the data stores (databases), and, of course, the data flows. Information maps are used to describe your Information Deployment strategy.

BPM Software (BPMS)

As you might have guessed, your information maps can get real complicated, real fast. So how do you reduce the complexity? Use software of course. New BPM Software tools have been developed that allow organizations to graphically define their processes, the actual information flows, and add detailed business rules those processes use to process the information. Once all of this information is defined, the software can even execute a simulation using your definitions and show you the results. But that’s not all, the software will also convert your design into a computer language that you can run.

Next, add your process metrics (effectiveness criteria or key performance indicators) along with hooks into your existing applications and the software will monitor the results. Some BPM software applications even interface with metrics databases that allow you to benchmark your performance to the industry.

Accelerating Returns

BPMS is being used at all the major corporations today. To move your IT department into the 21 st century you are going to need to be using some type of BPMS tool. The only question is which one? Next week we will discuss the concept of Accelerating Returns, more recently referred to as ” Moore’s Law”, and the implications of technology on the future of business processes.

To learn more about using process improvement programs for your organization attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.

Call for information on having your own private in-house classes today.

For more information on BPM:

• Active Journal of Business Process Management
• Business Process Management Group
• bpm.com
• BPMInstitute.org
• ebpml.org
• Business Process Management – the Third Wave
• BPM Today
• Business Process Trends
• Human Interaction Management
• BPM – The Third Wave or BPR Recycled?

This list was retrieved from Wikipedia’s writeup on Business Process Management, which also has a list of vendors that offer software tools for BPM.

Part 1: Information Technology in Business
Part 2: Information Deployment
Part 3: Business Process Management
Part 4: Accelerating Returns and Paradigm Shifts

Last week we discussed Information Technology. This week we will discuss Information Deployment or the quality of the business processes and their associated information interactions that are delivered over the technology. We are talking about how you create, capture, deliver, use and measure your business information. Information Deployment is the strategic differentiator that your business processes require. Information Technology is now a commodity. But your business processes are your business.

Information Interactions

The quality of your business processes and their associated information interactions that are delivered over the technology is really the focus in today’s IT departments. Data processing has given way to business process processing. We no longer just move data, we now enable business processes.

Historically, we used manual systems to run a business like paper based orders (purchasing , sales, and production). Then technology was introduced to automate the paper shuffling. Productivity increased, jobs descriptions changed, and the new technology was accepted.

But now that all the numbers are in a computer system, more people want access to those numbers, People want new reports describing new relationships and the IT department has responded by developing more applications for more users. Instead of being proactive the IT department is reacting to demands.

Organizations focusing on meeting users needs with just applications development are missing the boat. Sure you have to develop applications for HR, Accounting, Production, Sales and Marketing. But if all you’re doing is developing applications then you are limiting the real strategic value of the IT department. What is needed now is a way to rise above just reacting to users. The IT department needs a new model based on being proactive to users needs.

Information Usage

Applications development has always been about getting the right data in front of the right user using the right interface. Only now are we are finding that, in our ever-increasing complex world, how you create, capture, deliver, use, and measure your business information is even more critical than ever.

The Internet is a perfect example of how things are changing in the IT department. Users are now entering their own orders online, tracking their shipping and reviewing their account. Paper is being eliminated and as we use principles of Lean Thinking, we find new inefficiencies in our old methods. The Internet is forcing organizations to rethink how Information Technology is used.

The Internet is forcing us to examine our core processes to understand the customers of those processes and determine how to best use the information that is available. Only this way can you get ahead of users demands. The more proactive you become, the less reactive you will be to demands for application changes.

IT as a Strategic Differentiator

In response, the IT department is now being asked to improve business processes. This is a strategic shift to taking on new responsibilities for Business Process Management. The new question is how do you build effective management systems and Manage Business Processes?

Organizations that learn how to deploy information well will have found a valuable strategic differentiator. Information Technology is now a commodity. But your business processes are your business. Those with the organizational leadership in place to take advantage of this new shift will beat out those who do not.

Business Process Management

Next week we will discuss Business Process Management or BPM and conclude the following week with a look into the future of technology by discussing the concept of Accelerating Returns, more recently referred to as ” Moore’s Law”, and the implications of technology on the future of business processes.

To learn more about using process improvement programs for your organization attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.

Call for information on having your own private in-house classes today.

Part 1: Information Technology in Business
Part 2: Information Deployment
Part 3: Business Process Management
Part 4: Accelerating Returns and Paradigm Shifts

A new month is upon us and so it’s time for a new topic – IT or Information Technology. Yes, it’s a technology driven world out there. Given the current accounting changes due to such things as Sarbanes Oxley, you will eventually have to align your business processes with your technology. Perhaps you are waiting because technology is expensive. Well, the amazing thing is that it’s getting cheaper all the time. A lot cheaper.

Technological Advancements

If you’ve got kids then you are probably aware of video game technology like the Sony Playstation. But have you ever stopped to look at what’s under the hood of one of those boxes? In May 2005 the latest Playstation-3 (PS3) was announced. I mean we are talking about a powerful gaming console. It will use the latest multi-core 3.2 GHz cell processor with full wireless, HDTV, and Bluetooth support that can process two high-definition (1080p) video streams, at the same time!

The technical specifications far surpass most desktop PCs. Your Pentium-4 runs about two gigaflops, while the PS3 will run at two teraflops or about 1,000 times faster than your current PC. So while you work all day on an average computer, your kids will be playing – that’s right, playing – with a super computer that will retail for around $360.

Now this article is not about computing performance and flops is not the whole story. Besides, unlike a desktop PC, the PS3 is tuned for high-definition video processing. But still, what could your business do with supercomputing power on your desktop for $360? You may have to think outside the box for the answer to that one. And that’s one of the things your organizational leadership should be looking at in developing your strategy.

Technological performance is doubling every year and yet the cost of that performance actually falls so the result is more bang for your buck. The question is, how are you using this technology to release the growth in your business, improve your processes, and deliver better results?

Information Deployment

You see, it is not just about your Information Technology. It’s about the quality of the business processes and their associated information interactions that are delivered over the technology that is really important, not the technology infrastructure itself.

What we should really be talking about is Information Deployment — how you create, capture, deliver, use and measure your business information. Information Deployment is the strategic differentiator that your business processes require. Information Technology is now a commodity. But your business processes are your business.

Business Process Management

Next week we will discuss Information Deployment in more detail followed the next week by a discussion of Business Process Management or BPM and conclude with a look into the future of technology by discussing the concept of Accelerating Returns, more recently referred to as ” Moore ’s Law”, and the implications of technology on the future of business processes.

To learn more about using process improvement programs for your organization then attend the next How to Align a System of People and Processes for Results class. If you are eager to learn more about creating more order out of the chaos you are feeling at work then the How to Create Well-Defined Processes class is right for you. ISO 9000 Quality Auditor classes are forming now for Internal Auditor or Lead Auditor.

Call for information on having your own private in-house classes today.

Part 1: Information Technology in Business
Part 2: Information Deployment
Part 3: Business Process Management
Part 4: Accelerating Returns and Paradigm Shifts