Operational IT Management
Vendor And Software Selection
Selecting the right enterprise software for your organisation can be a critical task – choosing the wrong solution can aﬀect the entire company. Too often software implementations fail, not because the team members were incompetent, but because they did not suﬃciently analyse business needs, establish solution requirements, or evaluate the best solutions for the organisation in the ﬁrst place.
Whether a company is buying an oﬀ-the-shelf product, building software from scratch, or customising application software, effective planning and analysis must accompany the selection of the right solution. Many organisations try to skip the up-front analysis required for a successful solution software selection, often the importance of doing so is not understood.
Our consultants have extensive experience in enterprise, application, data, infrastructure and solution architecture, requirements management, concept of operation documents, solution descriptions and implementation management, including vendor liaison and business readiness.
All our services are fully customised for each project and tailored to each client’s specific requirements.
Risk Management And Security Controls Review
Every organisation’s CIO, CEO, directors, managers and staff have a responsibility to protect the assets of the organisation, and this includes information and data.
The usual IT assurances as to regular backups of all data, off-site storage, network intrusion and virus protection, are no longer enough. Access to, and usage of IT assets must be facilitated and controlled so that configuration management, data leakage and loss, remote access, infrequent, temporary and casual users, interaction with social media, and operating and application software changes fall under the umbrella of management control and reporting.
If the existence and performance of the related controls leave management uneasy about such assurances, then it’s a fair question as to whether enough and appropriate measures are in place to balance the attendant risk.
For example, backups may be taken every day, but has anyone checked that they have actually been successful? Has anyone performed a restore from the backups to confirm they contain all of the required data? You believe that you are protected from data leakage, computer viruses and malware. But has anyone confirmed that the regular updates to virus definitions are occurring?
Given that the failure of key activities, which may be taken for granted, could have a catastrophic and devastating impact on your organisation, IT managers must be certain that thorough and diligent monitoring of events, breaches and outages is being carried out. Where exceptions are found, appropriate remediation must be undertaken to ensure no re-occurrence.
How Can We Help
We can conduct a tailored, independent review of your IT strategic and operational controls and report key findings and recommendations to ensure that appropriate controls are in place. Our consultants are experienced in the application of the ISO 27000 standards for information security, particularly:
- All the activities required to review and manage controls and their adequacy;
- Organisational roles and responsibilities;
- Planning, objective setting, and assessment;
- Awareness and communications;
- Reviews, audits and compliance management; and
- Mechanisms for recognising gaps and utilising feedback for improvement.
We have particular specific knowledge and experience in risk and security management applicable to regulated financial institutions and health funds.
Outsourcing And Managed Services
Technology Insight & Strategy’s consultants have extensive experience and knowledge of outsourcing, particularly for regulated financial institutions and their managed services providers. We supported the establishment and transformation of the largest managed services provider for Australian mutual, and have also undertaken assignments for Cloud and facilities management service arrangements.
Although financial institutions can outsource most IT activities, they cannot outsource the responsibility for the outcomes. They are accountable to ensure appropriate controls are in place to protect the availability, conﬁdentiality and integrity of their data, even in an outsourced environment. We can help minimise these and related exposures through contractual requirements, strong SLA's, sound performance and status monitoring techniques, and comprehensive reporting.
We can extend your organisation’s strategic planning to a complete IT operational plan. Our methodology starts by linking IT activities to business goals, planning key assets and resources, and cascading to team and staﬀ functions and required performance.
It Situation Assessment
We recommend clients conduct a complete, independent, objective and rigorous IT Situation Assessment, prior to tackling the IT strategic planning process. An independent assessment of the organisation’s current IT structure, people and operations brings perspective and reality to the vision for the future of IT and underlying plans and strategies.
Why Conduct an IT Situation Assessment?
Typically, clients conduct an IT Situation Assessment because:
- Alignment between the business and IT must be improved;
- New organisational management wants to establish a benchmark;
- IT costs are high relative to competitors;
- Better customer responsiveness is needed;
- The organisation is expanding; and
- Greater standardisation is needed.
Current market conditions are forcing IT management to continuously look for ways to reduce costs without impacting business goals.
Our methodology includes an evaluation of your current IT cost structure, plans and budgets, and checklist of tactical, IT-specific cost components, to help identify opportunities for cost reduction.
A structured approach identifies spending that is not aligned with business priorities, and supports the formulation of a remediation plan. We can also assist in budget development with detailed working papers and budget templates.