| Things That Keep Your IT Director Awake at Night |
 |
 |
 |
| Saturday, 31 October 2009 14:53 |
|
If anything, we understand the various ways things can -- and do – go wrong. And, we’re not just worrying about our own electronic files. We’re often responsible for securing the electronic output for hundreds or thousands of agency employees. Imagine having no access to any agency information -- financial, client, medical or email – for days, weeks or months. It’s no wonder that IT Directors find it hard to sleep at night.
Backup: Make It a Policy! Backups and Disaster Recovery (DR) should be part of every organization’s written operational policy. It not only makes good sense, but also is a required standard for accreditation for the Council on Accreditation (COA) and Sarbanes-Oxley (SOX). Many organizations have procedures written by IT staff, but not approved by their Board of Directors as agency policy. That is a mistake. If it is not corporate policy, there are likely to be fewer consequences for noncompliance and no budget to support it. Backup: Where? Many nonprofits trust their futures to on-site back-ups using good old-fashioned tape drives. That’s another mistake. Tapes stretch and decay over time. The tape drives that create them also break down and need to be replaced. So the tape that was pulled from the tape rotation at the end of fiscal year 2005/2006 may no longer be restorable today, because either the tape has decayed or the tape drive technology has changed again. Unless you are paying a service to store your tapes off site in a secure and climate controlled environment (humidity, temperature, etc.), the chances are that tapes are being kept in someone’s basement, kitchen or another equally insecure location. Is this HIPAA compliant for protecting the Private Health Information (PHI) of our clients? No! And what if you can’t run your system because the physical location is not accessible? We all remember the massive disruptions after 9/11. There are plenty of other problems which could lead to a similar scenario -- extended power loss, downed communication lines, or even a quarantine. Is it possible the H1N1 virus could make your data center inaccessible? What to do? There are new ways to store your data that are not subject to these limitations and problems. Cloud storage is an online backup service that can be used to restore your data anywhere. As long as you can get on a server with a connection to the internet, you are back in business. The cost depends on the amount of data you need to backup and the length of time you want it retained, but a medium- to large-sized organization could probably have this in place for less than $1,000 a month. This is not to be confused with a full disaster recovery plan, but it is a huge step in the right direction. And, your IT staff will spend less time monitoring backups and changing tapes, giving them more time to support staff and improve your overall system. Litigation and Email Electronic Discovery or eDiscovery is what happens when -- not if -- your agency becomes involved in litigation. In the past, opposing attorneys would demand truckloads of documents and correspondence, most of which were on paper. Now, lawyers ask for all documents or emails that may have been in electronic form at any time and on any computer in your agency. Isn’t that just about everything? Yes, it is. OK, what is your electronic data retention policy? Ooops! Don’t have one? Now its time to sweat because you can be compelled to produce data that you have no way of restoring even if you could manage to find it. Oh, you can’t find it? Now it’s clear you must be hiding something. Agencies have spent months and thousands upon thousands of dollars trying to restore information from an email server that was replaced twice, and never with the same operating system. Suffice it to say that the IT staff ends up burned out and the agency loses the case. And how about those legal fees? This all could be avoided with a simple electronic data retention policy that is strictly enforced. “Agency ‘X’ retains email for 120 days and then automatically purges this information except in cases where there is pending litigation. Other agency data (documents, financial data, etc.) is retained for ‘X’ years and it is then purged.” This language or something like it can save you a lot of trouble and there are firms – many of the same ones that offer cloud storage and disaster recovery -- that will provide the service for you. Once again, this also will free up time your IT staff needs to do maintenance and upgrades. Naturally, you will want to double check the wording of your policy with an attorney – preferably one who understands the issues involved with e-Discovery. Network Security Who and what is connected to your network… and what is staff downloading onto it? Security is always a concern for IT directors and most do a good job with user account access, firewalls and antivirus updates. And some of us only provide secure wireless access to certain devices. But what about insecure wireless access that is all around you? At just one of our office locations, we were able to find 525 wireless access points, 85 of which were not secure. How do you know if your staff is connecting their own wireless enabled devices – laptops, Blackberries, etc. -- to unsecured internet connections while also plugged in to your secure network? Unless you have monitoring capability in this area, you and your IT Staff will not know about it until it’s too late. This is like having a really good fence to keep bears off your property, but letting your kids invite them into your kitchen. Yes, there is something that can be done to mitigate this risk too. We are currently testing one wireless sensor product that monitors all wireless traffic in the surrounding airspace and would allow us to control access. Unfortunately, technology like this is expensive. It could cost $20,000 a year to equip our six main offices. But looking ahead, nonprofits will need to plan for expenses like this if they want to maintain compliance with HIPAA, SOX and COA standards. So ask your IT Director what keeps him or her up at night. If none of these are issues of concern, congratulations! Maybe you have already addressed them. Or, maybe they’re just not on the radar screen yet because your problems are even more basic. Almost all IT Directors complain that they do not have enough staff or enough money in their budget for the equipment they need and the projects they need to run. But they are the ones responsible for making your data safe, secure and readily available each and every day. In an era of ever increasing demands for accountability, compliance and demonstrated client outcomes, this data has never been more important. Remember the old saying, “If it’s not in the case record, it didn’t happen.” These days that case record is electronic. Once your IT Director can sleep soundly, so can you. David Wallach is Director of Information Technology at Abbott House. Add this page to your favorite Social Bookmarking websites           |
Almost all of us experience that occasional moment of anxiety and doubt as we close a new word document, spreadsheet or database. Will it actually be there the next time we turn on our computer? IT Directors are not immune to these worries. Unfortunately, knowing what really goes on behind the silicon curtain doesn’t always help. 
Here are just a few specific issues about which IT Directors worry and some steps they – and the agencies they work for – can take to help them get some rest.
COMMENTS