by Scott Jack
Content Contributor, E-N Computers
7+ years experience in healthcare IT and tech support.
You need an IT plan that supports your business goals. If you have a plan, that’s great! But is it still meeting your needs?
It takes regular attention to keep your IT roadmap up-to-date as business conditions and the technology landscape changes. So we thought it might be useful to show how we approach that at ENC.
QUICK ANSWER:
How can we keep our IT roadmap current?
Regularly meet with your IT service provider to keep open communication and a close eye on whether technology is continuing to meet business needs. When you work with us, you’ll have quarterly executive business review meetings to discuss vital topics like tech infrastructure, service delivery, risk, and strategy and operations.
Regular executive business reviews
On a quarterly basis, we schedule a high-level meeting with you to keep open communication about your processes, goals, and technology. The meeting is about 90 minutes long, with a heavy focus on strategy and budget planning.
This meeting is designed to involve your senior decision-maker that oversees IT (someone like an owner, COO, CFO, or office manager). They meet with two to four of our senior team members, depending on the size and needs of your business. Behind the scenes, our technical account managers, administrative account manager, and digital advisor spends 12 hours or more compiling data and insights.
Benefits of regular reviews
The executive business review has been beneficial to our clients including New Country Organics, MCV Foundation, and Novatech.
MCV Foundation is the philanthropic arm of VCU Health. They needed to replace their donor database, a critical line-of-business application. We were able to evaluate options and plan the replacement, while implementing best practices for data security. Now MCVF has a donor platform that better meets their needs and is better able to protect sensitive donor information.
New Country Organics is an online marketplace for organic farmers and enthusiasts. Our services weren’t lining up well with their needs. During an executive business review, we brought in the right people on both sides to closely examine what wasn’t working and how to deliver services in a way that would be most beneficial for them.
Novatech provides professional design, engineering, manufacturing, and testing services for nuclear, industrial, and defense organizations. They must stay compliant with a host of regulatory requirements. Executive business reviews help to keep them compliant by evaluating how their cybersecurity stacks up to changing business needs and evolving regulations.
Discussion topics
The EBR has two main portions: a status update and a deep dive on one aspect of your IT roadmap.
Status update
We start with a status update. This is an opportunity to talk about business conditions including industry trends and the technology landscape — things you’re concerned might impact you or want to learn more about. It’s also an opportunity to look at our service delivery — what we’re doing well and what needs work.
When talking about service delivery, we’ll review metrics specific to your organization. The metrics we look at include phone support, ratio of reactive and proactive tickets, and satisfaction survey results. We also identify any specific issues where we missed SLA so that we can discuss lessons learned. We achieve SLA 96% of the time, so this is really about looking for every opportunity to improve the service you receive.
The bulk of the meeting is focused on your roadmap, which consists of your annual IT plan and budget. Each quarter, we focus on a different aspect of your roadmap: architecture, service delivery, risk, and strategy.
Tech infrastructure
Tech infrastructure, or architecture, refers to how the systems that support your applications are set up. It includes all your technology infrastructure like physical servers, virtual servers and the hosts they run on, workstations, and network design. Our goal is to make sure these systems continue to meet your needs.
Servers: Does each server still meet the recommended requirements for the application(s) it runs? Does it have adequate memory, storage, and processing power for the number of users it supports? Is the vendor support contract still valid? When should the server be replaced?
Workstations: Do the hardware specifications of your workstations (desktops and laptops) still meet the needs of your workers? Can your fleet be streamlined to use just one or two models from the same manufacturer? Doing so will simplify updates and management.
Network design: Are your internal network and internet connection able to support all of your on-site and remote workers?
Service delivery
Although we cover some service delivery metrics each quarter, doing a deep dive with you once a year provides an opportunity to reflect and make changes if needed. During this meeting, we look at survey results, onboarding and offboarding, documentation review, and applications.
Surveys. Before this meeting, your IT liaison will receive a long-form survey regarding our services, and each member of your team will receive a short-form survey. We’ll compile the results and go over them with you, looking for any patterns that show areas for improvement.
Onboarding and offboarding. We review these processes at least once a year to make sure there is agreement about how they should work. Smooth onboarding gives new employees a good first impression and gets them working quickly. Consistent offboarding is critical to the security of your systems and availability of important information.
Documentation review. Part of your onsite time is dedicated to updating documentation. But it’s possible for things to be missed, so we also take time to review documentation with you to make sure everything is accurate.
Applications. We want to verify that the applications you are using meet your needs and that you’re happy with them.
Risk
During the risk session, we focus on three areas: security policies and procedures, backup and disaster recovery, and compliance.
Security policies and procedures. Do you have policies and procedures in place to keep your data and systems secure, or do they need to be written and implemented? Small businesses are an easy and popular target for cybercriminals, so it’s important to take this seriously. We look at how to apply security best practices (like those in NIST 800-171) in your organization.
Backup and disaster recovery. We review fundamentals like what data is backed up, the frequency of backups, and how long they are retained. We also look at whether you have a business continuity plan in place, who your continuity team is, whether they have formal discussions, and whether they understand their roles and responsibilities. We also want to make sure you have a runbook with a step-by-step response plan. Learn more about backup and disaster recovery here.
Compliance. If you handle payment card information, you’re subject to PCI-DSS requirements; if you’re a covered entity handling protected health information, you’re subject to HIPAA; and if you’re a contractor or subcontractor with defense contracts, you’re likely subject to DFARS and CMMC. We review how your technology and processes keep you compliant and be alert to rule changes that may affect you.
Strategy and Operations
The strategy session focuses on how technology fits into and supports your operations and overall strategy. Operations refers to what tech you are using and how, what you need to stay functional, and what kind of tech budget you need. Strategy looks at whether your current tech is adequate to meet your needs and goals.
When you treat technology as a core business function and regularly analyze how it fits into your broader strategy, you give yourself a competitive advantage. Implemented properly, technology can simplify processes, add to the efficiency and happiness of employees, and contribute to a better customer experience.
This meeting is most similar to the Business Improvement Review that we offer to prospective clients. It’s really about having a holistic view of the business — process, goals, strengths, weaknesses, and identifying your greatest opportunities for improvement.
Next Steps: Learn more about strategy and risk
READ: What is business-IT strategy alignment?
READ: Ultimate guide to backup and disaster recovery
It is an ongoing process of integrating information technology with your business in a strategic way. It can help you reach your business goals, improve your customer experience, and cut IT costs while realizing a higher return on your investments. Learn more about the benefits and how to achieve this in the article, What is business-IT strategy alignment?
Part of a successful strategy includes your continuity plan, or how to continue functioning when affected by a disaster or emergency. One important technical aspect of a continuity plan is backup and disaster recovery (BDR). Learn what BDR includes, how to develop a BDR plan, and see some examples of BDR costs in our Ultimate Guide to BDR.
Take the IT Maturity Assessment
Is your business ready to weather changes, including employee turnover? Find out by taking our IT maturity assessment.
You’ll get personalized action items that you can use to make improvements right away. Plus, you’ll have the opportunity to book a FREE IT strategy session to get even more insights into your IT needs.
