IT Service Review 

Change Management

Having been responsible for the Change Management Programme at Reed Smith leading up to 3E’s successful implementation in May 2015, I now offer the benefit of that experience as a half day Change Management workshop designed to brief internal teams on key areas of change to look out for and manage.

Duration - 1 day 

Format -Interactive presentation

Workshop Agenda

The one day workshop will be held on your premises for as many of your team as is relevant to you and while the agenda is entirely flexible I recommend the following sessions;

Change Advisory Team 

A discussion around the setting up of a CAT. This should include stakeholders, Senior Management and (often forgotten) end user representation. Ideally an independent consultant should participate as they will not be affected by internal politics and with a foot in neither camp be able to challenge both internal management and the solution vendor in equal measure.

Business Analysis

 

A discussion around the important subject of understanding current practices.

Hold meetings with representatives of all areas of the business before any project plan is announced. Explain the change coming and listen to the immediate reaction.

Be clear as to the areas of the business likely to be impacted and how this may differ. In the example of a global accounting system rollout the impact on the end user is very different to that of the back office Accounts team.

 

Communications

Probably the most important and yet most difficult component of the change management strategy. Clear and frequent communication is essential but the challenge is how. E-mail is typically used as the primary communication tool but has a remarkably low impact. This is a key area for creative thinking as to what will have most effect in the business and I have seen everything from posters on water coolers to 'theme' days in the staff restaurant to software branded cookies delivered to desks. Get staff involved. Create supportive Change Ambassadors that act as evangelists and become a critical part of the communication strategy.

 

Benefit Promotion 

You are introducing change for a reason. It may be to improve efficiency, reduce cost, replace something that doesn't work, enable access to information or introduce new ways to win business. Whatever the reason focus on the positive and include promotional messages in all communications.

with any legacy system it should be relatively easy to identify frustrations and pain points. Use these as 'we've listened to you' points in communications and describe how the new system will make life better.

Touch Point Focus

However large the project or system there may only be a small number of areas or functions that impact the end user. It is important to focus on these and where possible consider a phased approach to these changes. Is it practical for example to leave the existing reporting or time recording function in place until the core system has bedded down?

 

System V Process

Many firms see the introduction of a new software system as an opportunity to introduce new processes and practices. The thinking is based on taking immediate advantage of new functions/tools and getting as much change out of the way as possible. This can be a very risky strategy. It is often the process change that gives users the most pain and the new system will likely unfairly take the blame. Worse still, key metrics such as system performance will be very difficult to ascertain when users are struggling with the process change. If practical, consider separating system and process change into two defined phases of the project.

 

Integration

Help users adapt to change by updating all relevant firm training, documentation and references to the new system. This might include the on-boarding process, marketing materials, the firms mission statement on the website or even the performance review process.

Support 

Post rollout support is critical. Most firms have well embedded support processes that typically involve a form of help-desk usually run by IT. Do not assume that the existing arrangement will adequately cope with the change. Floor walking, catch up training and access to SME's (subject matter experts) should all be considered.

Total cost of Change Management Presentaion is £800 + VAT

ProSec2

84% of data breaches are caused by staff error (PwC 2014), know that your business critical data is safe. 

Information Security Best Practice and Certification 

 

Information, particularly personal client information, is increasingly becoming recognised as a business critical asset, forming the backbone of your organisation, and driving growth.

 

Despite the importance of this information, the applied security is often overlooked, resulting in the vast majority of security breaches actually coming from within the organisation - a result of poor policy, procedures, staff training and their awareness of security risks.

 

Many organisations are exploring the benefits of certifying to ISO 27001

as a means of letting your clients and business partners know that you

take their information security seriously.​

However, following considerable research it has been found that whilst ISO 27001 is an excellent standard it is expensive, time consuming and fairly complex to implement, particularly for small and medium sized businesses. Comments on the rising cost of ISO 27001 certification can be found in this excellent article by PivotPoint security.

 

The ProSec2 framework was put together by a number of Senior law firm IT Directors following increasing demand from clients for best practice assurances. The new IS accreditation, ProSec2 is designed to be a 'lite' approach and potential alternative to ISO 27001.

 

Where ISO 27001 focuses on having a management system and controls in place, the ethos behind ProSec2 is education. We believe that a well informed business who understand, operate and communicate IS best practices internally will benefit from improved processes, enhanced customer relations and ultimately an increase in business.

 

The UK goverment are now offering Security Consultancy grants of up to £5000 for small businesses click here for details

 

The ProSec2 Framework

 

The ProSec2 framework is built on 5 best practice principles. Each principle has an associated objective and requirement. As part of the package we provide 10 fully editable IS Policy Templates for your use should you need them.

 

By completing the assessment and achieving accreditation you will be informing your clients that your business is following best practice in these key areas.

Why ProSec2?

 

ProSec2 is a straightforward and affordable 4 stage process to accreditation and the ProSec2 standard will give your clients the comfort that a best practice framework is in place. In addition once accredited, your business is more than half way to ISO if you wish to carry on. 

 

As ProSec2 has a strong emphasis on education, we also believe that self policing is an important part of the accreditation and therefore our auditors only want to know that the best practices are understood and policies are active.

 

The straightforward and transparent audit process is carried out by a licenced, independent auditor who can award accreditation on the spot.

 

All ProSec2 accredited businesses may use the accreditation logo freely to promote the fact they have information security best practices in place.

The ProSec2 Package

Stage 1 - Preperation 

On site preperation briefing by ProSec2 consultant​

Self assessment questionaire to assess risk and gaps in policy 

Stage 2 - Implementation 

Following completion of questionaire; on site gap analysis by ProSec2 consultant of all documentation and processes. Provision of free policy pack (10 best practice IS policy templates)

 

Stage 3 - Review

On site review  by ProSec2 consultant of all completed documentation and active policies 

Certification checklist provided 

Stage 4 - Audit & Certify

Onsite audit by independent auditor

Key Benefits 

  • Fixed price 

  • Easy to understand

  • 10 best practice IS policy templates included 

  • Audit included 

  • Enhances client confidence & perception 

  • Can offer comptetitive advantage and differentiator in contract tenders 

  • Enhances security awareness within your organisiation 

Pricing models 

Under 300 employees = £3,000

301 - 600 employess    = £5,000

600+ employess           = £7,500

The UK government are now offering Security Consultancy grants up to £5,000 for small businesses click here for details 

What next? 

Contact us to order your ProSec2 package. We will arrange a date for your initial preperation meeting with a ProSec2 consultant.

GDPR Workshop

The new European data protection regulations (GDPR) come into force in May 2018 and repsent the most significant chane to data privacy regulations for 20 years. With non-compliance penalties of up to 4% of global revenue, it is essential that businesses underestand what's comin, the impact on systems/processes and what actions are needed to ensure compliance.

Duration - Half day 

Format -Interactive presentation

Who should attend? Anyone who is or will be a member of the GDPR preparation team; Stake holders from key data processing areas (HR, MArketing, Finance, Records Manaement); Supervisors from approriate user teams

The 2twenty4 GDPR Strategy Workshop consists of: 

 

  • Introduction to GDPR

  • Key requirements

  • Likely impact on current systems

  • Likely impact on current processes

  • Impact on Direct Marketing

  • New Data Access Request obligations

  • New Data Protection Officer obligations

  • New Breach Notification obligations

  • New Cloud Service Provider requirements

  • Impact Assessments

  • Risk Assessments

  • Developing a Compliance Action Plan

 

The workshop includes Data Register, Impact Assessment and Breach notification templates and will help you understand what you need to do to prepare, where the responsibilities lie within your business and the resources needed going forwards.

Key benefits:

 

  • Understand key points of new legislation

  • Identify current risks and exposure

  • Engage key stakeholders

  • Maximise projet success

  • Enhance communication to business

  • Produce compliance action plan 

Total cost GDPR Workshop is £600 + VAT

DPO Essentials

The DPO Toolkit consists of 20 best practice templates and spreadsheets to assist with the planning and preparation for compliance and audit.

 

IDEAL FOR: Data Protection Officers looking for core documentation templates

 

Included in the toolkit: 

 

Data Register (Excel)

 

Legal Processing Register (Excel)

 

Risk Register (Excel)

 

Task Assignment Schedule (Excel)

 

Third Party Processor Register (Excel)

 

DGPR Checklist (Excel)

 

6 Month High Level Project plan

 

Breach Notification Template 

 

Incident Response Plan

 

Consent Process Template 

 

Consent Withdrawal Process  Template

 

Data Mapping Questionnaire 

 

Data Mapping Template

 

SAR Process Template 

 

Privacy Notice Policy 

 

Privacy Notice Register 

 

Processing Records Template 

 

Data Transfer Process Template 

 

Third Party Processors Policy 

 

Third Party Processor Checklist Letter Template 

 

Training Policy 

Total cost of GPO Toolkit is £2,500 + VAT

Cyber Essentials

The Cyber Essentials scheme has been developed by Government and industry to fulfil two functions. It provides a clear statement of the basic controls all organisations should implement to mitigate the risk from common internet based threats, within the context of the Government’s 10 Steps to Cyber Security. And through the Assurance Framework it offers a mechanism for organisations to demonstrate to customers, investors, insurers and others that they have taken these essential precautions.  

Cyber Essentials offers a sound foundation of basic hygiene measures that all types of organisations can implement and potentially build upon. Government believes that implementing these measures can significantly reduce an organisation's vulnerability. However, it does not offer a silver bullet to remove all cyber security risk; for example, it is not designed to address more advanced, targeted attacks and hence organisations facing these threats will need to implement additional measures as part of their security strategy. What Cyber Essentials does do is define a focused set of controls which will provide costeffective, basic cyber security for organisations of all sizes.

The five CE controls 

1. Boundary firewalls and internet gateways  - these are devices designed to prevent unauthorised access to or from private networks, but good setup of these devices either in hardware or software form is important for them to be fully effective

 

2. Secure configuration – ensuring that systems are configured in the most secure way for the needs of the organisation 

 

3. Access control – Ensuring only those who should have access to systems to have access and at the appropriate level. 

 

4. Malware protection – ensuring that virus and malware protection is installed and is it up to date 

 

5. Patch management – ensuring the latest supported version of applications is used and all the necessary patches supplied by the vendor been applied.

What next? 

Contact us to order your Cyber Essentials package. We will arrange a date for your initial preperation meeting with a Cyber Essentials consultant. 

Something else you're looking for? 

Quick links

About

Services

Contact

Blog

Privacy Policy

  • LinkedIn - Black Circle
  • Twitter - Black Circle

Copyright 2twenty4 Consulting