Let’s make sure that you have the right technology for your unique business and workflow needs. It doesn’t make too much sense to invest in professional IT management, SOPs, policies, procedures, and documentation, all based on systems that are NOT right for your business.  Unless you have already been through the process, and are confident that you are on track, it may be worth conducting a basic evaluation of how well your technology is serving your business needs. Are your users getting the most out of the features and tools that you already have?  Are your systems overly complicated and based on old technology that may be expensive to own and support? As we get to know each new client we perform a basic review of how your business uses technology and how well it seems to be addressing your needs (this info feeds into our documentation system).  If it seems like your business may be better served with different or additional technology, we can make recommendations and help you with the needs analysis and vendor evaluation. Typical consulting projects include: Telecom and ISP cost analysis Current use of existing systems Web and online marketing systems Disaster Recovery needs analysis Mobile device usage Wireless network design and use Cloud services and readiness audit Compliance Audits Detailed security audits and reports For longer term or more extensive consulting projects, we may suggest engaging our consulting group to consider a Virtual CIO plan.   Professional IT Management Service and Support Management Project Management Standard Operating Procedures IT Policies Systems Documentation Technology Consulting Cyber Security Training Reporting and Metrics Co-Managed IT Services Engineering & Support Help Desk Services Onsite Services Server Support Network Management Data Backup Disaster Recovery System Engineering Network Operations Network Security Project Work Staff Augmentation Cloud Services Computer Consulting Planning & Consulting Virtual CIO Services Strategic Alignment Budgeting IT Road-Map Business Continuity Workflow Analysis

Maintaining accurate, complete, and detailed documentation, is a core component of Professional IT Management. We maintain a secure database that allows us to track ALL key data required to support your infrastructure, critical business systems, and everyday user support issues. Let’s admit it, we all hate it when we call into a company that we have contracted with for support, and the tech doesn’t seem to know anything about us, or our systems. Well, if the company doesn’t commit to professional IT management, then they don’t maintain the documentation, they don’t provide the training, they don’t follow the SOPs, in my book that’s called just “winging it”. With a Managed IT Service agreement from White Mountain, we create and maintain the documentation about your business that is needed to keep things up and running and to provide exceptional customer service. Examples of content that we maintain updated documentation on: Complete asset list, all hardware, software, and subscriptions Expiration dates for warranties, domains, certificates, hosting plans, etc. Domain names and hosting information Security configurations and procedures Network, WiFi, and server configurations ISP and telecom info Employee census and user IT profiles Workflow and key application profiles Knowledgebase of all requests and work done, searchable by device or user Profile of all key vendors, contracts and agreements Data retention and backup plan Disaster Recovery and Business Continuity Plan Change Management logs and reports Incident Response reports for all critical incidents and outages Remote access configuration and policies Written Information Security Plan Encryption requirements and configuration Failover plans for key systems Regulatory compliance requirements and audits IT Budget and Road-map Client-specific SOPs Client-specific IT Policies     Professional IT Management Service and Support Management Project Management Standard Operating Procedures IT Policies Systems Documentation Technology Consulting Cyber Security Training Reporting and Metrics Co-Managed IT Services Engineering & Support Help Desk Services Onsite Services Server Support Network Management Data Backup Disaster Recovery System Engineering Network Operations Network Security Project Work Staff Augmentation Cloud Services Computer Consulting Planning & Consulting Virtual CIO Services Strategic Alignment Budgeting IT Road-Map Business Continuity Workflow Analysis

Every Organization Needs IT Policies Keeping a business’s data secure requires not only good technology but good policies. User carelessness is the biggest cause of breaches, and technical measures can’t stop people from making dangerous mistakes. A set of policies that employees and contractors understand, together with training in how to apply them, should be a basic part of the strategy of any organization that has important data which it needs to protect. A well-written policy is clear and specific, but not so loaded with unnecessary detail that it takes a lawyer to decipher it. If it’s too hard to read, people will just skim over it without understanding. The essentials in a policy need to include what it requires, whom it applies to, and a broad overview of how to carry it out, as well as possible penalties for non-compliance. How strict the policies have to depend on the kind of organization. Offices that hold personal health information, handle credit cards or do classified work need especially tight policies. Any organization that handles money or personal information needs reasonably strict policies, though. There’s no such thing as an organization that is too small for attackers to pay attention to it; in fact, some criminals specialize in small organizations on the assumption that they have lax security. We can broadly divide policies into those which apply to all users and those which concern only IT personnel. Let’s look at a few in the first category, as examples. Email policy. The policy should state to what extent it allows personal communication using company email, if at all. It should explain retention requirements, indicate what kind of language and commentary it prohibits, and spell out what use of third-party email services it allows or doesn’t. It should notify users that their mail may be monitored and they have no expectation of privacy. Password protection policy. This has to place specific requirements on the formation of strong passwords, prohibit password sharing and reuse, and list specific practices (writing down passwords or hints, giving them over the telephone, etc.) that users have to refrain from. If the company does any password guessing to test compliance, the policy needs to let the users know. Remote access policy. Instructions on how users may access the organization’s systems from outside go here. Requirements may include coming in only through the VPN, protecting their VPN passwords, not simultaneously connecting to other networks, and having antivirus software. Other policies are specific to management and IT personnel. Let’s look at a few examples.   Disaster recovery plan policy. This doesn’t specify the contents of the plan but states what kinds of contingency plans the staff has to create. It places requirements for reviewing the plan periodically and conducting tests. Server security policy. The requirements of this policy should include registering all servers, designating the primary person responsible for each one, specifying requirements for generating and retaining logs, maintaining access control (including physical access), keeping the software up to date, and reporting security incidents. Equipment disposal policy. This policy has to cover such issues as wiping disk drives before disposal, tracking and identifying equipment that has been cleared for disposal, and recycling. It needs to identify the kinds of equipment which it covers. The SANS Institute’s website offers a broad range […]

We have been at this for a long time, and we understand the value of following proven systems and processes. According to Wikipedia… “A standard operating procedure, or SOP, is a set of step-by-step instructions compiled by an organization to help workers carry out routine operations. SOPs aim to achieve efficiency, quality output and uniformity of performance while reducing miscommunication and failure to comply with industry regulations.” At White Mountain. we follow SOPs for everything that we know will be a task or series of tasks that will need to be repeated in a defined and consistent manner.  We generally follow industry-standard best practices for general IT management functions, and develop our own, as they relate to our unique processes and clients systems.  When we onboard a new client we follow SOPs for every step of the process, and as we get to know your workflow and internal procedures, we help develop custom SOPs specific to managing and supporting your technology. Examples of customized client-specific SOPs that we create and maintain: Employee on-boarding and separation procedures Security Event and Major Incident Response procedures Emergency Lock-down procedure Notification procedure for key teams, executive, management, all staff After hours outage, notification and response SOPs for all key failover events (internet, phones, email etc) Without being disciplined about following SOPs, how can anyone consistently achieve consistent, exceptional services for your users? If each person doing the work takes the liberty of doing it “their own way”, I can guarantee that it will result in poor service and frustrated users.  Not adhering to SOPs  leads to: Inconsistent and unreliable results Unnecessary security risks Lack of standards, which frustrates users, and makes ongoing support more difficult Callbacks and repeated interruptions for your users Excessive IT support costs This is a perfect example of the advantage of working with a Managed IT Service Provider that is experienced enough and large enough to be committed to professional IT management.  It’s not easy to do, we often spend more time documenting and following up on an issue than we did actually fixing it.  But we make up for it in the long run, with increased efficiency across our entire client base. In order to be able to maintain this level of excellence, your tech team needs CONSTANT professional guidance, oversight, and management, which is why doing IT support in-house without qualified, dedicated management staff can be such a disaster.  Anyone delivering IT services without a full time dedicated management team will have a hard time maintaining this level of service. Consistently following and maintaining SOPs is nearly impossible to achieve if you are depending on:  A single employee, or even two or three internal employees, without dedicated IT management An IT service provider without a dedicated management team (dedicated managers don’t do the tech work!) An individual part-time employee, or a neighbor, friend, or IT guy down the street If you think that you could use some help instituting SOPs in your company, give us a call anytime. Professional IT Management Service and Support Management Project Management Standard Operating Procedures IT Policies Systems Documentation Technology Consulting Cyber Security Training Reporting and Metrics Co-Managed IT Services Engineering & Support Help Desk Services Onsite Services Server Support Network Management Data Backup Disaster Recovery System Engineering Network Operations Network Security Project Work Staff Augmentation Cloud […]