Skip Navigation

Thought leadership from SAI to accelerate your performance
 

Systems Alliance Blog

Opinion, advice and commentary on IT and business issues from SAI
Date: Jul 2015

Everyone who is responsible for an organization’s web presence knows that creating, maintaining and updating content is one of the most critical and complex challenges they face.  Timely, relevant and exceptional content will keep users on your website longer, encourage repeat visits, improve search results and contribute to a successful long term web strategy. This approach is universal to just about any industry, but for an association, valuable content is critical for member retention, recruitment and continuing engagement.

At the core of membership organizations is the notion that the whole is greater than the sum of its parts.  With strength in numbers, a collective voice can help influence policy, advocate for change and generate momentum for a cause.  And those are only the external advantages.   A collective voice can also create relevant and engaging web content that will demonstrate the value of membership – and strengthen the association’s own impact in the process 

Associations that are successful at curating content wisely tap into the expertise and achievements of their member base to highlight advances, spotlight ideas or efficiencies and deliver recent news in the industry. Leveraging members’ common goals not only provides engaging web content but also validates your impact and expertise. 

member spotlights

Be sure to tap into your member network for content. Their work can be a goldmine of images, videos, news, projects and best practices. When our client, the Association of Public and Land-grant Universities (APLU) was collecting images for their new website, they reached out to their member network which resulted in not just images, but a collection of hundreds of quality stories of students and faculty in action. APLU recognized the exciting opportunities that come with leveraging member content by providing prominent real estate on their new homepage to feature member profiles. These “Member Spotlights” are made memorable and inspiring through storytelling. The spotlights are also used as calls to action on key website pages to add dimension in the form of real-world examples to each respective cause.​

Your members are probably equally eager to share their stories and achievements. And there are advantages on both sides. Your members’ work is validated among peers and influencers, they become more invested in the cause and at the same time, you’re increasing membership value by sharing relevant content among your constituents.   It’s a win-win proposition for all involved.

To learn more about how you can add value by creating a member-centric approach to your web presence, join us for our next webinar

Last week the Department of Health and Human Services announced a $218,400 settlement with St. Elizabeth’s Medical Center in Brighton, MA relating to a HIPAA compliance violation. 

This enormous fine wasn’t the result of employees deliberately leaking information.  It didn’t come as a result of a major data breach caused by criminal hackers.  It came about because hospital administrators didn’t have adequate controls in place around their IT.

From the Boston Globe:

“The settlement… comes after federal regulators investigated a 2012 complaint that employees at St. Elizabeth’s used an Internet-based document sharing program to store health information of at least 498 patients.”

Employees who likely meant well started putting sensitive data into the cloud.  That’s a major shadow IT headache for any organization.  For those businesses that are subject to HIPAA or other compliance requirements, it’s also a very expensive headache.

Back to the Globe:

“Organizations must pay particular attention to HIPAA’s requirements when using Internet-based document sharing applications,” Jocelyn Samuels, director of the HHS’s Office for Civil Rights, said in a statement. “In order to reduce potential risks and vulnerabilities, all workforce members must follow all policies and procedures, and entities must ensure that incidents are reported and mitigated in a timely manner.”

Think this can’t happen to your organization? Wrong.  According to the AMA, even if you’re in the dark about the rules you can be fined up to $50,000.  That’s a lot of money for an honest mistake.

hipaa requirements

Acadia healthcare policies

 

 

If you’re handling any kind of sensitive patient data on your network, now is the time to take notice. Here’s where you should be focusing your efforts:

Training, Training, and More Training: Compliance issues are a people problem, not a technology problem. Having organization-wide understanding of compliance obligations is non-negotiable.  Eradicating shadow IT and making sure that all of your employees understand why they can’t use the latest fad cloud application without permission is vital.  Stop letting users make mistakes out of ignorance.

Policies and procedures and tools to share them matter.  Doctors may take an oath to do no harm but if they or other staffers don’t know the rules, how could they know if they’re hurting patients through noncompliance?

 

 

policy tip

User Proofing Wherever Possible: Having active control around where sensitive data is stored and how it is transmitted is crucial.  That means you need a technical solution in place to enforce control obligations.  Systems that don’t enforce the standards by default will burn you.  This could be anything from automated filters to watch for particular content in emails, to encryption software that secures data at rest. 

Robust IT Governance Processes: Is your IT department disconnected from the strategic direction of the business?  How well aligned are IT’s priorities when compared with the end users?  Fixing gaps like these discourages users from trying to implement shadow IT.  If stakeholders are engaged through an IT Steering Committee or other governance structure they have the power to keep IT aligned with their needs.  There’s no reason to go it alone if you’ve got organizational partners who are focused on enabling the business.

Not sure where to get started?  SAI can help.

Working on the business development side in the web & digital space, it seems as if every other week I talk to a marketing executive who knows their website needs help, but doesn’t really know what to do about it. If that’s you, know that you’re not alone. It can be challenging to convince senior leadership and other internal stakeholders that your web presence needs attention, particularly if “attention” equates to “spending a lot of money” in their estimation.

Getting internal support for a big project is going to be harder for some organizations than others, and there are a lot of variables to consider. And depending on the size of your company and the complexity of your website, you could be looking at a fairly sizable investment for refreshing your online presence....Read More

shopliftingAs retailers continue to search for ways to reduce costs in order to stay competitive, while at the same time raising wages in response to political and societal pressures, shrinkage is an area ripe for revenue recovery opportunities.  Recent National Retail Security Surveys and 2014’s Global Retail Theft Barometer Study estimate the cost of shrinkage to US retailers in the range of $42-44 billion annually (depending on which survey’s numbers you go with). Theft by associates and customers account for 75-80% of those losses…well over $30 billion annually. The remaining 20-25% is caused by administrative errors, damage to inventory, vendor fraud and other miscellaneous issues....Read More

NYSE

On Wednesday, the New York Stock Exchange was down for nearly four hours.  As soon as trading was halted, speculation began to fly that the outage was the result of the exchange being hacked. 

Reality turned out to be a little less interesting. NYSE realized that a botched software update was causing major glitches across its trading systems.  Although this was a very high profile outage, it is commendable that NYSE’s IT staff was able to recognize the problem and roll the change back.  This is a great example for how IT Change Management should be applied.

Not Every Outage Involves Hackers

With all the attention on cyber security, it’s easy to forget that human error and a lack of good IT governance are far more likely to cause an outage than malicious actors are.

Shooting yourself in the foot is a lot more embarrassing than getting hacked – especially since it can be avoided.

According to the Visible Ops Handbook from the IT Process Institute, "80% of unplanned outages are due to ill-planned changes made by administrators ("operations staff") or developers."  ITPI dives further into these self-inflicted & unplanned outages noting that the majority of the time to restore services is spent figuring out exactly what changed because of a lack of effective Change Management. 

Change Management Isn’t a Bad Thing

Many IT professionals have a very negative view of Change Management and ITSM frameworks like ITIL.  They see them as administrative and bureaucratic burdens that prevent “real work” from being done. 

Those true believers that feel like you have to implement every piece of the gospel according to ITIL aren’t helping the cause either.  It is unrealistic to go from an undisciplined environment to having every ITIL process fully realized overnight.

Always remember that the Change Management process is there to reduce risk and ensure changes are well thought out. It can be as simple as making everyone agree to write down and discuss their changes and preventing unauthorized changes.

IT “Cowboys” Are Symptoms of a Bigger Problem

Small IT shops without mature IT processes often have one key staffer that keeps all the lights on. They eschew documentation and fix things based on their gut feelings. They’ve always got a magic bullet ready to restore services when the worst case scenario happens.

“Cowboys” in IT have had a good run but it is past time to send them packing.  Not only do they often cause the very outages they’re fixing through human error, they tend to keep knowledge to themselves which prevents new staff from learning your systems and grinds troubleshooting to a halt when they’re unavailable.

It is an unacceptable risk to let critical production systems be run by cowboys who make changes outside of the Change Management process.  The presence of cowboys is a symptom of poor IT governance where the organization is operating without a plan.

Write it Down!

Documentation is one area where many IT shops struggle.  They don’t write down policies and procedures.  They don’t keep their configuration information readily available and up to date.  They find themselves flailing about when an outage happens because they don’t have any reference materials handy....Read More

Calendar
Jul 2015
 1234
567891011
12131415161718
19202122232425
262728293031