Blog

October 3rd, 2014

Genhealth_Oct02_AFor the first time ever, achieving meaningful use depends on patient behavior: Meaningful use Stage 2 requires at least 5 percent of a health-care provider's patients to be engaged in their own care— either through an electronic medical record (EMR) or an online portal.

The push for patient engagement is understandable, if data provided by the Robert Wood Johnson Foundation is accurate. According to the foundation, patients who are not engaged in their own health care can cost 21 percent more than patients who are highly engaged.

But, many health-care providers are worried about the patient engagement requirement, and for good reason: To some extent patient engagement is out of the physician’s control. But it doesn’t have to be, with good communication, both in the office and via electronic followup.

The first step is letting your patients know you have an online portal, which they may not be aware of. According to a survey from Technology Advice, a consulting firm, 40 percent of people who saw a primary-care physician within the last year didn’t even know if the physician offered a portal.

Keep in mind, however, that you may want to do more than create and communicate about a patient portal. By creating a vehicle that connects all stakeholders across the health-care continuum—patients and physicians alike—you truly elevate the patient experience.

If you are looking for help meeting these requirements, contact us today to learn how our systems and experts can support your practice.

Published with permission from TechAdvisory.org. Source.

October 2nd, 2014

Security_Sep29_AWith the ever growing number of security threats faced by businesses around the world, the vast majority of business owners have adopted some form of security measures in an effort to keep their organizations secure. But, how do you know the measures you've implemented are actually keeping your systems safe? Here are five ways you can tell if your security measures aren't sufficient.

1. Open wireless networks

Wireless networks are one of the most common ways businesses allow their employees to get online. With one main Internet line and a couple of wireless routers, you can theoretically have the whole office online. This method of connecting does save money, but there is an inherent security risk with this and that is an unsecure network.

Contrary to popular belief, simply plugging in a wireless router and creating a basic network won't mean you are secure. If you don't set a password on your routers, then anyone within range can connect. Hackers and criminal organizations are known to look for, and then target these networks. With fairly simple tools and a bit of know-how, they can start capturing data that goes in and out of the network, and even attacking the network and computers attached. In other words, unprotected networks are basically open invitations to hackers.

Therefore, you should take steps to ensure that all wireless networks in the office are secured with passwords that are not easy to guess. For example, many Internet Service Providers who install hardware when setting up networks will often just use the company's main phone number as the password to the router. This is too easy to work out, so changing to a password that is a lot more difficult to guess is makes sense.

2. Email is not secure

Admittedly, most companies who have implemented a new email system in the past couple of years will likely be fairly secure. This is especially true if they use cloud-based options, or well-known email systems like Exchange which offer enhanced security and scanning, while using modern email transition methods.

The businesses at risk are those using older systems like POP, or systems that don't encrypt passwords (what are known as 'clear passwords'). If your system doesn't encrypt information like this, anyone with the right tools and a bit of knowledge can capture login information and potentially compromise your systems and data.

If you are using older email systems, it is advisable to upgrade to newer ones, especially if they don't encrypt important information.

3. Mobile devices that aren't secure enough

Mobile devices, like tablets and smartphones, are being used more than ever before in business, and do offer a great way to stay connected and productive while out of the office. The issue with this however is that if you use your tablet or phone to connect to office systems, and don't have security measures in place, you could find networks compromised.

For example, if you have linked your work email to your tablet, but don't have a screen lock enabled and you lose your device anyone who picks it up will have access to your email and potentially sensitive information.

The same goes if you accidentally install a fake app with malware on it. You could find your systems infected. Therefore, you should take steps to ensure that your device is locked with at least a passcode, and you have anti-virus and malware scanners installed and running on a regular basis.

4. Anti-virus scanners that aren't maintained

These days, it is essential that you have anti-virus, malware, and spyware scanners installed on all machines and devices in your company and that you take the time to configure these properly. It could be that scans are scheduled during business hours, or they just aren't updated. If you install these solutions onto your systems, and they start to scan during work time, most employees will just turn the scanner off thus leaving systems wide-open.

The same goes for not properly ensuring that these systems are updated. Updates are important for scanners, because they implement new virus databases that contain newly discovered malware and viruses, and fixes for them.

Therefore, scanners need to be properly installed and maintained if they are going to even stand a chance of keeping systems secure.

5. Lack of firewalls

A firewall is a networking security tool that can be configured to block certain types of network access and data from leaving the network or being accessed from outside of the network. A properly configured firewall is necessary for network security, and while many modems include this, it's often not robust enough for business use.

What you need instead is a firewall that covers the whole network at the point where data enters and exits (usually before the routers). These are business-centric tools that should be installed by an IT partner like us, in order for them to be most effective.

How do I ensure proper business security?

The absolute best way a business can ensure that their systems and networks are secure is to work with an IT partner like us. Our managed services can help ensure that you have proper security measures in place and the systems are set up and managed properly. Tech peace of mind means the focus can be on creating a successful company instead. Contact us today to learn more.
Published with permission from TechAdvisory.org. Source.

Topic Security
October 1st, 2014

BCP_Sep29_BMany business owners and managers readily acknowledge the fact that they need to be prepared for a disaster, and most do have backup-plans in place should something actually go wrong. The thing is, it can be difficult to actually know if your plan will be enough to see your business through a disaster. What can help is knowing the common ways business continuity plans (BCP) fail.

There are many ways a business continuity or backup and recovery plan may fail, but if you know about the most common reasons then you can better plan to overcome these obstacles, which in turn will give you a better chance of surviving a disaster.

1. Not customizing a plan

Some companies take a plan that was developed for another organization and copy it word-for-word. While the general plan will often follow the same structure throughout most organizations, each business is different so what may work for one, won’t necessarily work for another. When a disaster happens, you could find that elements of the plan are simply not working, resulting in recovery delays or worse. Therefore, you should take steps to ensure that the plan you adopt works for your organization.

It is also essential to customize a plan to respond to different departments or roles within an organization. While an overarching business continuity plan is great, you are going to need to tailor it for each department. For example, systems recovery order may be different for marketing when compared with finance. If you keep the plan the same for all roles, you could face ineffective recovery or confusion as to what is needed, ultimately leading to a loss of business.

2. Action plans that contain too much information

One common failing of business continuity plans is that they contain too much information in key parts of the plan. This is largely because many companies make the mistake of keeping the whole plan in one long document or binder. While this makes finding the plan easier, it makes actually enacting it far more difficult. During a disaster, you don’t want your staff and key members flipping through pages and pages of useless information in order to figure out what they should be doing. This could actually end up exacerbating the problem.

Instead, try keeping action plans – what needs to be done during an emergency – separate from the overall plan. This could mean keeping individual plans in a separate document in the same folder, or a separate binder that is kept beside the total plan. Doing this will speed up action time, making it far easier for people to do their jobs when they need to.

3. Failing to properly define the scope

The scope of the plan, or who it pertains to, is important to define. Does the plan you are developing cover the whole organization, or just specific departments? If you fail to properly define who the plan is for, and what it covers there could be confusion when it comes to actually enacting it.

While you or some managers may have the scope defined in your heads, there is always a chance that you may not be there when disaster strikes, and therefore applying the plan effectively will likely not happen. What you need to do is properly define the scope within the plan, and ensure that all parties are aware of it.

4. Having an unclear or unfinished plan

Continuity plans need to be clear, easy to follow, and most of all cover as much as possible. If your plan is not laid out in a logical and clear manner, or written in simple and easy to understand language, there is an increased chance that it will fail. You should therefore ensure that all those who have access to the plan can follow it after the first read through, and find the information they need quickly and easily.

Beyond this, you should also make sure that all instructions and strategies are complete. For example, if you have an evacuation plan, make sure it states who evacuates to where and what should be done once people reach those points. The goal here is to establish as strong a plan as possible, which will further enhance the chances that your business will recover successfully from a disaster.

5. Failing to test, update, and test again

Even the most comprehensive and articulate plan needs to be tested on a regular basis. Failure to do so could result in once adequate plans not offering the coverage needed today. To avoid this, you should aim to test your plan on a regular basis – at least twice a year.

From these tests you should take note of potential bottlenecks and failures and take steps in order to patch these up. Beyond this, if you implement new systems, or change existing ones, revisit your plan and update it to cover these amendments and retest the plan again.

If you are worried about your continuity planning, or would like help implementing a plan and supporting systems, contact us today.

Published with permission from TechAdvisory.org. Source.
September 19th, 2014

Security_Sep15_AData breaches are growing both in number and intensity. While many businesses have turned to cloud apps for better security measures, some experts and businesses worry about the cloud, mentioning that it could see an increased data breach risk. This leads to a collision course between data breaches and cloud usage. But it doesn’t have to end in a fiery crash, as there are steps you can take to prevent a cloud and data security breach.

The cloud opens up some great tech advancements for businesses and is here to stay. However, as with all tech developments, you need to also be aware of any vulnerabilities and security issues as they change and develop at the same time too. If you use the cloud and want to proactively prevent cloud-and-data security breaches then here are five tips to follow:

  1. Know your cloud apps: Get a comprehensive view of the business readiness of apps and which ones render you more or less prone to a breach. Ask yourself these questions: Does an app encrypt data stored on the service? Does it separate your data from that of others so that your data is not exposed when another tenant has a breach? The idea here is to know exactly what each cloud service employed offers and how your company uses them.
  2. Migrate users to high-quality apps: Cloud-switching costs are low, which means that you can always change and choose apps that best suit your needs. If you find ones that don’t fit your criteria, take the time to talk to your vendor or switch; now more than ever you have choices, and the discovery process in step one will help you find out what these are.
  3. Find out where your data is going: Take a look at your data in the cloud. Review uploads, downloads, and data at rest in apps to get a handle on whether you have potential personally-identifiable information (PII), or whether you simply have unencrypted confidential data in or moving to cloud apps. You wouldn’t want cloud-and-data breaches with this critical data.
  4. Look at user activities: It’s important to understand not only what apps you use but also your data in the context of user activity. Ask yourself: From which apps are people sharing content? According to tech news source, VentureBeat, one-fifth of the apps they tracked enable sharing, and these aren’t just cloud storage apps, but range from customer-relationship management to finance and business intelligence. Knowing who’s sharing what and with whom will help you to understand what policies to best employ.
  5. Mitigate risk through granular policy: Start with your business-critical apps and enforce policies that matter to your organization in the context of a breach. For example, block the upload of information covered by certain privacy acts, block the download of PII from HR apps, or temporarily block access to vulnerable apps.
The key to preventing a cloud-and-data security breach lies in careful attention to your cloud applications and user activity. Analyzing your apps and looking into user activities might be time consuming, but the minimization of cloud-and-data security breaches makes this task worthwhile. Looking to learn more about today’s security? Contact us and let us manage and minimize your risks.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 17th, 2014

BusinessValue_Sep15_AOne way to really expand your online presence is through content marketing. Many business owners and managers are aware of this, but may be unsure as to how they can ensure that any content marketing is successful. There are many ways in which you can achieve a good result and here are four tips to help you achieve a great content marketing strategy.

What are the benefits of content marketing?

Before looking into ways you can implement content marketing that works, it is a good idea to look at the benefits of this type of marketing for businesses. One of the biggest pluses is that it boosts online engagement between you and your customers. If a customer sees that you are producing quality content that appeals to them, they will be more likely to interact and consider you when they need your products or services.

The other major advantage of a good content marketing strategy is that it helps show search engines like Google that your website and online presence are active. Because of the way search engines work, more active sites are usually ranked higher in results. If your website and overall Internet presence is seen to be active on a regular basis, you could possibly reach the first page of search results, which can lead to a boost in site visits, inquiries, and even sales.

If you have been considering implementing a content marketing campaign, or are looking to improve your existing efforts, the following four tips could help.

1. Always have a goal

The main thrust of many successful content marketing initiatives is that they tell a story. As with any narrative there needs to be an ending and in the case of content marketing this endpoint is a goal - something you want the reader to do. What do you want to achieve? Do you want customers to call? Do you want them to learn how to use your product?

By working backwards, you can then determine the right voice to use and best way to reach those customers who are most likely to react positively to the content. This also makes it easier for you to separate your campaigns and even launch multiple strategies at the same time.

Beyond this, having a goal can really help you narrow down the type of content you need to create. If for example, you know what customers you want to attract and how you want them to ultimately act, you can create content that is more appealing to them.

2. ABT

One of the most popular sayings amongst content marketers is to, "Always Be Testing (ABT)". When developing content you should be striving to test your content. Consider if certain images work better than others, as well as headlines, layouts, and content types, etc.

This could be as simple as developing three different social media posts and testing them with different market segments, or locations. You can then take what you have learnt from the tests and apply this to future posts.

The same can be said for more advanced content like blog posts or white papers. If you create different versions and layouts, and track the general downloads and interaction with the content, you can usually figure out how various people are reacting in different ways to a variety of content.

It is important to note here that content marketing is not a quick payoff style of marketing. You need to invest time, money, and effort into this and be willing to always be tweaking content. It takes time to pay off, but the time invested in testing what works and what doesn't work will help you develop better, more useful content.

3. Share and share alike

Creating content and just putting it on existing sites or sharing it with existing clients is not the most efficient way of making your content marketing show returns. Combine this with the fact that you will likely be using platforms like social media which are constantly changing and adding new content, and there is a good chance your content won't even be seen.

What you should aim to do is to share the content as much as possible. Share it on all of your social media platforms, link to it on your site, add it to emails, use the various social media content promotion features, and most of all: Share it again.

If you truly believe content is useful to your target market, you should aim to post it at least three to four times on social media. One of the most effective strategies is to share it on different days at different times, usually with a space of at least a week or two between posts. This can help maximize the numbers who see it.

4. Be prepared to fail

Failure is a part of business, and coincidently, it is also a part of content marketing. Face it, you might create content that just simply won't click as you intended. If this happens, your first reaction might be to pull the content and try something different. This may not be a good idea.

Sure, if the content is stirring up trouble, or has offended people, then it is likely best to remove it. But even if you aren't seeing the results you had hoped for, stick with the content for a bit. Try reposting it, and promoting more vigorously. It could very well be that users just didn't see the content.

As we stated above, successful content marketing takes time and effort. Once you realize this, and combine it with the fact that not everything will work, you should see a viable strategy surface over time.

If you are looking to learn more about content marketing and how our systems can help support it then get in touch and we can share our thoughts on how to be proactive and get results.

Published with permission from TechAdvisory.org. Source.

September 11th, 2014

BI_Sep08_AIn business, as in life, we constantly try to make predictions about the future. How will sales be next year if we implement a new procedure? What will the weather be like for the annual staff event next week? It's no surprise then that businesses of all sizes have started to embrace the idea of predictive analytics. However, many business managers are unsure as to exactly how to work with this form of analytics effectively. To help, here is an overview of the three main components of predictive analysis all business owners and managers should be aware of.

Together, these three elements of predictive analytics enables data scientists and even managers to conduct and analyze forecasts and predictions.

Component 1: data

As with most business processes, data is one of the most important and vital components. Without data you won't be able to make predictions and the decisions necessary to reach desired outcomes. In other words, data is the foundation of predictive analytics.

If you want predictive analytics to be successful, you need not only the right kind of data but information that is useful in helping answer the main question you are trying to predict or forecast. You need to to collect as much relevant data as possible in relation to what you are trying to predict. This means tracking past data, customers, demographics, and more.

Merely tracking data isn't going to guarantee more accurate predictions however. You will also need a way to store and quickly access this data. Most businesses use a data warehouse which allows for easier tracking, combining, and analyzing of data.

As a business manager you likely don't have the time to look after data and implement a full-on warehousing and storage solution. What you will most likely need to do is work with a provider, like us, who can help establish an effective warehouse solution, and an analytics expert who can help ensure that you are tracking the right, and most useful, data.

Component 2: statistics

Love it, or hate it, statistics, and more specifically regression analysis, is an integral part of predictive analytics. Most predictive analytics starts with usually a manager or data scientist wondering if different sets of data are correlated. For example, is the age, income, and sex of a customer (independent variables) related to when they purchase product X (dependent variable)?

Using data that has been collected from various customer touch points - say a customer loyalty card, past purchases made by the customer, data found on social media, and visits to a website - you can run a regression analysis to see if there is in fact a correlation between independent and dependent variables, and just how related individual independent variables are.

From here, usually after some trial and error, you hopefully can come up with a regression equation and assign what's called regression coefficients - how much each variable affects the outcome - to each of the independent variables.

This equation can then be applied to predict outcomes. To carry on the example above, you can figure out exactly how influential each independent variable is to the sale of product X. If you find that income and age of different customers heavily influences sales, you can usually also predict when customers of a certain age and income level will buy (by comparing the analysis with past sales data). From here, you can schedule promotions, stock extra products, or even begin marketing to other non-customers who fall into the same categories.

Component 3: assumptions

Because predictive analytics focuses on the future, which is impossible to predict with 100% accuracy, you need to rely on assumptions for this type of analytics to actually work. While there are likely many assumptions you will need to acknowledge, the biggest is: the future will be the same as the past.

As a business owner or manager you are going to need to be aware of the assumptions made for each model or question you are trying to predict the answer to. This also means that you will need to be revisiting these on a regular basis to ensure they are still true or valid. If something changes, say buying habits, then the predictions in place will be invalid and potentially useless.

Remember the 2008-09 sub-prime mortgage crisis? Well, one of the main reasons this was so huge was because brokers and analysts assumed that people would always be able to pay their mortgages, and built their prediction models off of this assumption. We all know what happened there. While this is a large scale example, it is a powerful lesson to learn: Not checking that the assumptions you have based your predictions on could lead to massive trouble for your company.

By understanding the basic ideas behind these three components, you will be better able to communicate and leverage the results provided by this form of analytics.

If you are looking to implement a solution that can support your analytics, or to learn more about predictive analytics, contact us today to see how we can help.

Published with permission from TechAdvisory.org. Source.

September 10th, 2014

Office_Sep08_AHave you ever been working with a list in Excel and had to combine more than two cells into a new cell? The seemingly easiest way to do this is to copy the contents from both cells and paste them into the new cell, then edit them for spacing. But, did you know that there is actually a formula called concatenate that you can use to combine contents and display this in new cells?

Using the concatenate formula to combine cells

If, for example, you have a spreadsheet with first names in column A, last names in column B, and want to combine them into column C to display the full name you can do so by:
  1. Clicking on cell C2 (or the row where the information you want to combine is)
  2. Typing =concatenate(
  3. Clicking on cell A2 and then adding a comma (,)
  4. Clicking on cell B2 and closing the formula with a closing bracket
  5. Hitting Enter
You should see the two cells are now combined in cell C2, with the formula for cell C2 reading:

=CONCATENATE(A2,B2).

The problem is, there will be no space inbetween the letters or numbers, so you will need to edit the formula to read:

=CONCATENATE(A2," ",B2)

The double quotations with a space in between them tells Excel to add a space to the cell in between the contents of A2 and B2.

If you have more than two columns you would like to combine, then simply add a comma after each cell. If for example you have three columns (A1, B1, and C1) you would enter the formula:

=CONCATENATE(A1 " ",B1 " ",C1) in column D1.

Combining two cells without concatenate

While concatenate works well, there is actually a shortcut that you can use which involves the ampersand '&':
  1. Click on cell C2 (or the row where the information you want to combine is)
  2. Type =
  3. Click on cell A2 and then type & in the formula.
  4. Click on B2 and hit Enter
You should see the contents of A2 and B2 combined together in C2. If you click on cell C2 and look at the formula, it should read: =A2&B2.

The only problem is, there won't be a space between the content. To add a space, you can edit the formula so that it reads:

=A2&" "&B2

Note the space between the two quotation marks. This tells Excel to add a space between the contents of A2 and B2.

Once you have the base formula on one cell, you can press the small box at the bottom of the cell and drag it down the row so that the other information can be quickly compiled. This makes it much easier than having to copy and paste the content individually. And, If you would like to learn more Excel tips, contact us today. We can save you valuable time and resources.

Published with permission from TechAdvisory.org. Source.

September 5th, 2014

HealthcareIT_Sep03_A

As of June 30, 2014, more than 1,000 data breaches affecting more than 500 patients each have been reported to the Department of Health & Human Services - for a total of roughly 32,000,000 people who have had their privacy compromised. And, according to the annual Redspin Breach Report, published in February of 2014, 7.1 million patient records were breached in 2013, a 137.7% increase over 2012.

And, the threat is getting broader. Once caused primarily by snooping or negligent employees, data breaches are now increasingly caused by cybercriminals who realize the potential financial value of medical records. Case in point: The Chinese hacker attack on the 206-hospital Community Health Systems which resulted in the breach of 4.5 million patient records, the second-largest HIPAA breach ever reported.

No physician practice should consider itself immune. While large hospital systems may be most attractive to hackers, Eric Perakslis, executive director of Harvard Medical School's Center for Biomedical Informatics, recently wrote in a New England Journal of Medicine article that 72 percent of cyberattacks have been aimed at hospitals, group practices and other provider organizations.

Perakslis recommends an "active learning approach” that involves real-time surveillance of emerging threats - and that includes an intimate knowledge of one's own network and vigilance at one's own practice. One of the most effective ways you can do this is to work with a company like ours who can help not only ensure security of your systems but also help teach you and your staff about common security issues.

Published with permission from TechAdvisory.org. Source.

September 4th, 2014

Security_Sep02_AWith smartphones playing a larger role in today’s daily business, the need to recharge them while you are on the go increases. And when you’re nowhere near your charger, that public charging kiosk can look pretty promising. But what you might not know is that common traits in smartphone hardware and software design makes recharging phones through public chargers prone to juice jacking. If you're not sure what that is then let’s find out and also discover how you can avoid juice jacking too.

What’s juice jacking?

Regardless of the kind of smartphone you have, whether it’s an Android, iPhone or BlackBerry, there is one common feature across all phones: the power supply and the data stream pass over the same cable. This setup allows for juice jacking during the charging process whereby user access is gained on your phone by leveraging the USB data/power cable to illegitimately access your phone’s data and/or inject malicious code onto the device.

The attack can be as simple as an invasion of privacy, wherein your phone pairs with a computer concealed within the charging kiosk and information such as private photos and contact information are transferred to a malicious device. However, on the other hand, it can also be as invasive as an injection of malicious code directly into your phone. According to security researchers at this year’s Black Hat security conference, your iPhone can be compromised within one minute of being plugged into a harmful charger.

Exposure to a malicious kiosk can also create a lingering security problem even without the immediate injection of malicious code. Once a device is paired to a computer, it can access a host of personal information on the device, including your address book, notes, photos, music, sms database, typing cache, and even initiate a full backup of your phone, all of which can be accessed wirelessly at anytime.

How do I avoid it?

The most effective precautions center around simply not charging your phone using a third-party system. Here are some tips to help you avoid using public kiosk charger:
  • Keep your devices topped off: Make it a habit to charge your phone at your home and office when you’re not actively using it or are just sitting at your desk working.
  • Carry a personal charger: Chargers have become very small and portable, from USB cables to power banks. Get one and throw it in your bag so you can charge your phone anytime you’re at the office or while on-the-go if you use a power bank.
  • Carry a backup battery: If you’re not keen on bringing a spare charger or power bank, you can opt to carry a full spare battery if your device has a removable battery.
  • Lock your phone: When your phone is truly locked as in inaccessible without the input of a pin or equivalent passcode, your phone should not be able to be paired with the device it’s connected to.
  • Power the phone down: This technique only works on phones on a model-by-model basis as some phones will, despite being powered down, still power on the entire USB circuit and allow access to the flash storage in the device.
  • Use power only USB cables: These cables are missing the two wires necessary for data transmission and have only the two wires for power transmission remaining. They will charge your device, but data transfer is made impossible.
Even the tiniest detail like charging your phone from a kiosk charger could affect the security of your device. While there are many substitutes to using a third-party system, ultimately the best defense against a compromised mobile device is awareness. Looking to learn more about today’s security and threats? Contact us today and see how we can help.
Published with permission from TechAdvisory.org. Source.

Topic Security
September 3rd, 2014

BCP_Sep02_AMany people wonder why it’s necessary to perform business impact analysis (BIA) when they’ve already invested a large amount of time on a risk assessment. The answer is simple: because the purpose of a BIA is different, and wrong results could incur unnecessary expenses or create inadequate business continuity strategies. To that end, let’s take a look at five tips for successful business impact analysis.

Five tips for successful business impact analysis:

  1. Treat it as a (mini) project: Define the person responsible for BIA implementation and their authority. You should also define the scope, objective, and time frame in which it should be implemented.
  2. Prepare a good questionnaire: A well structured questionnaire will save you a lot of time and will lead to more accurate results. For example: BS (British standard) 25999-1 and BS 2599902 standards will provide you with a fairly good idea about what your questionnaire should contain. Identifying impacts resulting from disruptions, determining how these vary over time, and identifying resources needed for recovery are often covered in this. It’s also good practice to use both qualitative and quantitative questions to identify impacts.
  3. Define clear criteria: If you’re planning for interviewees to answer questions by assigning values, for instance from one to five, be sure to explain exactly what each of the five marks mean. It’s not uncommon that the same event is evaluated as catastrophic by lower-level employees while top management personnel assess the same event as having a more moderate impact.
  4. Collect data through human interaction: The best way to collect data is when someone skilled in business continuity performs an interview with those responsible for critical activity. This way lots of unresolved questions are cleared up and well-balanced answers are achieved. If interviews are not feasible, do at least one workshop where all participants can ask everything that is concerning them. Avoid the shortcut of simply sending out questionnaires.
  5. Determine the recovery time objectives only after you have identified all the interdependencies: For example, through the questionnaire you might conclude that for critical activity A the maximum tolerable period of disruption is two days; however, the maximum tolerable period of disruption for critical activity B is one day and it cannot recover without the help of critical activity A. This means that the recovery time objective for A will be one day instead of two days.
More often than not, the results of BIA are unexpected and the recovery time objective is longer than it was initially thought. Still, it’s the most effective way to get you thinking and preparing for the issues that could strike your business. When you are carrying out BIA make sure you put in the effort and hours to do it right. Looking to learn more about business continuity? Contact us today.
Published with permission from TechAdvisory.org. Source.