The Importance of Third Party Vendor Assessments

Lessons learned from Cyber Incident Response

We are finding many companies that have experienced a Cyber Incident are not performing even the most basic Third Party Vendor Risk Assessment.

It is absolutely imperative that if you engage with a vendor you understand the associated risks.

5 simple questions can lead you to be a better understanding of your Vendor risks and a quicker recovery from an Incident:

 

  1. Is there an identifiable Leadership team?
    • Who is accountable?
    • Would you be able to escalate or contact them?
    • Where are they located?
  2. Do they have an Incident Response plan and Reporting Structure?
    • Do they have a response plan?
    • Are there dedicated phone numbers or emails for reporting incidents?
    • Are ticket numbers assigned and tracked?
  3. Who is responsible for security within their Organization?
    • Is there someone who is responsible for security?
    • Is there a defined role or is it an off the side of the desk of another role?
    • Does the company reside in a country that has Breach Reporting responsibilities?
  4. Do you have a Service Level Agreement for responding to incidents?
    • Do you have a defined Incident/Severity matrix with set response times?
    • How do you escalate an Incident?
    • What is your communication cadence?
  5. Can they demonstrate their current level of Cyber Security Compliance?
    • Can they demonstrate the framework they adhere to? (NIST/CIS)
    • Do they disclose if and when they do vulnerability/penetration testing?
    • Do they have any risk reports (SOC 1, SOC 2, PCI or DSS) they can share?
    • Do they have patch management?

It is important to develop a Third Party Cyber Security Screening Assessment before engaging in a new contract. We can walk you through the process and helping you to understand your Cyber Risks.

 

Let’s talk Cyber!

http://www.mi613.ca

You will never change my mind in a negotiation

I’ve been negotiating contracts for so long now that it’s impossible for me to remember every moment in every negotiation

 

But there’s one thing I remember vividly from every single negotiation, because it’s probably the one thing that’s remained constant through all these years

 

I’ve never had my mind changed in a negotiation

 

I’ve agreed to things and made compromises, all for the sake of getting a deal done, but no one’s ever convinced me that they were right and I was wrong…about anything

 

And likewise, I’ve never changed anyone’s mind in a negotiation, because that’s not the purpose of a negotiation

 

Our goal as negotiators is to compromise, give and take, until we arrive at a deal that’s mutually beneficial…that makes good business sense for both sides

 

However, too often I see negotiators become preachers who start lecturing the other side on the “truth of the matter”

 

Well the truth of the matter is that if I come into a negotiation believing a supplier’s software was worth no more than $10K, there’s absolutely nothing they can say that’ll convince me it’s worth a penny more than that

 

Now I may agree to pay more than $10K, but not because I’ve seen the error of my wicked ways and repented for doubting the honesty of a software vendor

 

I’ll pay more because there’s other factors impacting my decision

 

Maybe I know that they’ll never sell me the software for $10K so I’ll try to get other things thrown into the deal…longer warranty period, better indemnities, a cap on annual increases

 

The point is, I’m not focused on convincing them that I’m right and they’re wrong in a negotiation

 

The “truth of the matter” is that I couldn’t care less what they believe, as long as I get everything I need to make this a good deal for my organization

 

And I realize that’s a lot easier said than done. We’re human beings and we’re constantly looking for validation of our beliefs

 

Just turn on the news and see what’s going on in the world…right vs. left, liberal vs. conservative, republican vs. democrat

 

People yelling and screaming, lying and acting violently…just to show that they’re right and the other side’s wrong

 

Thankfully no one’s ever been violent with me in a negotiation, but I’ve been yelled at and I’m constantly being lied to

 

But none of that’s going to change my mind

 

I may walk away from a deal if I find out I’m being lied to, but more often I’ll use that as leverage in the negotiations

 

And the minute someone raises their voice it’s like they flipped on a flashing neon sign that says “I have no more valid arguments so I’m just going to start screaming like a petulant 5 year old”

 

So how do we achieve that zen-like state where we can just tune out the noise and focus on getting a good deal?

 

Well, the first thing you need to do is define what a “good deal” means for your organization…what’s your BATNA?

 

Is it driven by price… does have to be less than a certain dollar amount or you’ll walk away from the deal?

 

Is it driven by timelines… does it have to be done by a certain date or you’ll walk away?

 

Is it driven by features and functionality… it has to do these things or there’s no deal

 

Next, you need to set your threshold of acceptability, like how much you’re willing to compromise on certain terms and conditions

 

Or how much screaming and lying are you willing to put up with

 

All of these things create the foundation for a strong negotiating strategy and, when you have that, the rest is just noise

 

Now all of the things I’ve just talked about, and much more, are covered in the Sourcing Essentials Course my colleague, Mark Morrissey, and I launched a few months ago (https://oneviewnow.com/training)

 

And I truly believe that anyone who gets involved in Procurement, Vendor Management or Negotiations for their organization would benefit from this course

 

But it doesn’t matter what I believe, it only matters what you and your organization need right now

 

So I’m not going to try convincing you to believe me…instead, I’ll show you

 

In January of 2020 I launched a course called the “7 Skills of the Elite Negotiator” and I made it free

 

Almost 250 procurement professionals, legal professionals and senior executives took the course

 

I’ve reopened that course for 90 days, you can sign up here -> https://mop.mykajabi.com/7-skills-signup

 

So if you’re on the fence about the Sourcing Essentials Course, sign up for the free one and decide for yourself whether or not this type of training is for you

 

And when you’re ready to take the Sourcing Essentials Course, feel free to reach out to me directly at [email protected] to learn about our corporate group rate

 

Mohammed Faridy

CEO, OneView

 

 

 

 

 

 

 

Are you a Winner or a Learner?

It seems to me that most of us are happy to just be agreeable when it comes to our perspective about how the world works. As individuals we find some sense of mental peace knowing that we think like the rest of a group.  

But I’ve always looked at things differently.  Sometimes I’m right and sometimes I’m wrong.  And when I am wrong, I’m never afraid to admit it.  I forgive myself and accept it as a learning experience.

As Lionel Ritchie recently told a contestant on American Idol, “When you win, you win.  When you lose, you learn.” 

It’s one thing to allow yourself this flexibility, but as a Manager or Leader do you extend this same flexibility to your team’s innovative ideas?   And, perhaps more importantly, if an idea fails, do you offer the same “forgiveness” for your team as you would for yourself?

Continue reading

Key Considerations for Local Government Software Adoption

When it comes to adopting new software, local governments have historically been somewhat cautious. And you can understand why. Government authorities face a number of unique challenges and must operate under certain constraints that do not always apply to others.

For instance, local government systems that are public-facing must be highly reliable because they have to be online 24/7/365. They must also be private and secure, particularly where personally identifiable information for residents comes into play.

Furthermore, they must have the ability to serve a large number of users. Unlike commercial businesses, a local authority’s target audience is the entire population of a region. Meaning systems have to be capable of supporting multiple languages and accessibility needs and be able to withstand unexpected surges in demand.

Civic Pulse recently conducted a survey asking local officials what they look for in government software. In order of importance, their top criteria included affordability, low “total cost of ownership”, and local government fit. Ease of use was important too, as were strong service and support.

The results indicate a clear pattern. Local governments are not averse and, in fact, are looking to implement better software. But successful solutions must easily adapt to existing processes, constraints, and practices. Otherwise, most local officials will be reticent to implement them.

Local Government Fit

Local governments want software that provides them with extra “capabilities” but that doesn’t necessitate massive changes to existing processes. However, unless they are built from the ground up with municipalities in mind, off-the-shelf solutions rarely mesh well with existing municipal operations and often fail during implementation. And even if they can be customized to do what is necessary, the amount of work, risk and cost usually increases to the point of being untenable – particularly for smaller municipalities.

The problem is this: local governments can’t make do with one-size-fits-all software anymore. As the Civic Pulse research shows, local authorities differ from each other significantly across multiple dimensions.

Total Cost of Ownership (TCO)

More than ever, municipalities are dealing with severe budget constraints. COVID-19 continues to affect our communities in terms of public-health, socially and economically, and local governments are bearing the brunt of this. Reduced revenues coupled with the need to maintain existing services and direct more money to public health have come at a significant cost.

Not surprisingly municipalities are looking for ways to control their expenses, including how they are choosing to implement new software solutions.

What is TCO?

Simple: it’s the sum of all direct and indirect costs associated with buying, implementing and managing the software over its duration of use.

There is a wide range of factors that impact TCO. For instance, easy-to-use software lowers TCO because staff time to learn and use the software is reduced. Software with exceptional vendor service and support also has a lower TCO because resolution of software issues or response to user queries happens quickly.

Software vendors that will appeal to local government brands feature comprehensive knowledge bases for self-help, online training, and dedicated remote support capabilities. Increasingly, vendors are moving to show government departments their return on software investments in real-time. Measuring the TCO against labour-saved by the solution gives local governments the data they need to justify continued spending.

Affordability

Affordability is perhaps the biggest constraint for government departments looking to purchase software. Local governments need to keep their infrastructure costs low to continue providing high-quality, front-line services to the public.

Consistent with what is happening in the private sector, local governments are embracing cloud-based solutions that minimize large capital purchases and the need for additional in-house IT resources. This has the added benefit of allowing the infrastructure to scale with demand, ensuring that any unnecessary spend on infrastructure is avoided. Flexible pricing models that allow local governments to choose the capabilities they need a la carte are also attractive.

AccessE11 – Built for Local Government

A large number of local governments have selected AccessE11’s citizen request software precisely for the reasons described above. With AccessE11, local governments get a solution that is:

• Created with municipal operations in mind

• Extremely simple to adopt and use

• Adaptable to each municipality’s unique needs without costly software development

• Cloud-based and accessible from anywhere on any device

• Affordable for municipalities of any size

How have the pandemic adaptations affected your Physical Security?

Well into the COVID19 pandemic, organizations, governments big and small have had to take measures and make changes to their environments to adapt to the needs of their staff, customers, their service delivery model, requirements of health science, government agency regulations and perhaps “new” industry best practices and of course the ever-changing virus.

These measures have evolved into many different things. We’re going to specifically focus on physical security devices.

Two of the pervasive items that have been introduced in many environments are plexiglass and signage.

Organizations have installed plexiglass barriers at intersection points of personnel as they have the potential to interact with other personnel, customers, vendors, etc.

Informative signage itemizing physical distancing rules, self assessment health protocols have been placed all around in both strategic and random locations within the environment to ensure every opportunity for personnel and visitors to be informed.

Funny thing about all of this plexiglass barriers and signage.

In some cases, not all, we have inadvertently defeated some or many of the installed security devices functionality and purpose. That is, their ability to monitor, detect and alert (alarm).

  • Motion detectors blocked, unable to provide proper coverage
  • Cameras experiencing sun flare reflection off plexiglass
  • Nuisance alarms due to swinging signage on the increase
  • And other unforeseen affects

There are incidents where this is enough of this added material, that areas, although devices are active and functioning as per specifications, are unable to detect properly – leaving areas with no security detection or proper monitoring.

We have the answers.

Let’s go for a (physically distanced) walk and have a conversation.

Your security risk plans are more than just a motion detector or even a strategic camera placement.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

$31 million Canada Healthy Community Initiative – open for proposals

The Government of Canada announced that the Community Foundations of Canada with the Canadian Urban Institute are open to receive and review your proposal for access to $31 million under the Healthy Communities Initiative.

https://youtu.be/1smdTfZF-zE

 

I attended the Canada Healthy Community Initiative launch webinar February 9 and reviewed the applicant guide which is focused on the increased recognition of social and digital infrastructure that contributes to healthy community outcomes. The applicant guide makes it easy to understand if your organization can apply.

 

The projects eligible for funding need to serve the public or a community disproportionately impacted by Covid19 and fall within three healthy community initiative themes, one of them being community projects that use innovative data and technology solutions to connect people and support healthy communities. Community projects that use digital technologies and solutions to encourage citizen engagement, use open data, online platforms or physical digital devices for public benefit.

All budget items must be project related and expenses occur between April 1 2020 and June 30 2022. Details on how anticipated expenses are outlined in the budget are included in the applicant guide.

You need to demonstrate community engagement. Planned continued engagement with the community to receive feedback on the project may also demonstrate the role of the community in delivering the project. Your team can also elaborate on your equity approach and principles for the project and how it relates to community outreach and feedback.

All projects focusing on the theme of digital solutions and any project that handles public data should demonstrate best practices of digital design and responsible data management. The good news for you and your organization is that Athena Software meets the needs for inclusive design and data management.

 

Athena can provide details on data management considerations including:

Collection – who can collect the data

Access – who can access the data

Use – Who can use the data

Openness – What data is attributed to an individual

Compliance – PIPEDA

Minimum funding is $5000. Maximum funding is $250,000

 

All budget items must be project related and incurred April 1 2020 to June 30 2022. The government provided a budget template in excel. We created a proposal for the Canada Healthy Community Initiative and integrated it with the budget template to help give you a head start on filling out the form. Let me know if you are interested in the proposal and excel budget template and we will send you the forms to begin the process.

 

The first round of funding opened February 9 2021 and will close March 9 2021 5 PM PST. Review committees begin making decisions March 10. All applicants will receive results by April 30 2021.

The second round of funding opens May 14 2021 9:00 AM AST and closes June 25 2021 at 5 PM PST. Applicants that did not receive funding in round one can apply for funding in round two. Review committees begin making decisions June 26. All applicants will receive results by August 13 2021.

 

You will need to check which region your project is in before you apply with the link to the map in the application guide. You will also identify the amount you are applying for. Any project over $100,000 will be reviewed at the national level.

 

Your application will be evaluated with many others in each community. Your application must meet the basic eligibility criteria including project rationale, community engagement, outcomes, project implementation and readiness fulfilling all of the following criteria:

 

  • Submitted by an eligible organization, and provides documentation
  • Responds to needs arising from COVID-19
  • Creates or adapts public spaces, or programming or services for public spaces in the public interest
  • Demonstrates consideration of and connections within the community
  • Serves the general public or a community disproportionately impacted by COVID-19
  • Falls within the Healthy Communities Initiative theme(s)
  • Submitted with a complete budget
  • Is requesting between $5,000 and $250,000
  • Incurs expenses between April 1 2020 to June 30 2022

Please join me March 5 at 1 PM EST for a hands-on webinar as we share ideas from communities that use Penelope to assist those most affected by Covid 19 and review proposals for new and current agencies using Penelope. You can find the registration page on our Athena web site. Hope to see you there. If you have questions before then call or email. Until then stay safe. We will see you soon.

2021 is going to be busy!

Some of you may be too young to remember this but back in 1985 the Coca-Cola company introduced “New Coke”

 

But the only thing new about it was the label, everything else was the same

 

So just 77 days after losing millions of dollars and being called a national disaster, they brought back Coca Cola Classic

 

Well, a few weeks in and 2021 is starting to feeling a lot like 2020 Classic…with a new label

 

But no one really expected the pandemic to disappear, businesses to open back up and everything else to go back to normal with the flip of a calendar page

 

So my bold prediction…2021 is going to be crazy busy

 

There’s a lot of work to do to fully re-open and adapt our businesses for the new normal…remote working, document digitization and up-skilling for the new economy

 

To that end, we’ve launched a couple of great courses on Strategic Sourcing and Negotiations

 

And we got a nice little shout out from our friends at Argentus:

 

So please check it out and let us know how we can help with your Procurement Training needs

Mohammed

 

Mohammed Naseer Faridy

Chief Executive Officer, OneView 

The Management Trilogy

During the Covid-19 Pandemic, managers have been hard-pressed to pivot to a virtual style of leading their teams. Even where the work of their teams does not lend itself to ‘work at home’ strategies, nevertheless a greater reliance on the use of virtual tools has emerged. So how are you doing with that?

Managers have to provide leadership for their teams across three domains. We call this The Management Trilogy, consisting of three overlapping areas:

Daily Management is a set of management processes whereby you and your team control and improve your mission-critical processes and cultivate your team values. This is where you, as a manager, LEAD WITH VALUES.

Crisis Management is a set of management processes whereby you and your team plan for, deal with and manage the aftermath of disruptive and unexpected events. These events threaten to harm the organization, its staff, customers and stakeholders, and the communities it serves. This is where you, as a manager, LEAD WITH VALOR.

Strategic Management is a set of management processes whereby you and your team plan for, move towards, and create your future. This is where you, as a manager, LEAD WITH VISION.

Of course, it’s rarely as simple as that. Whilst engaging in Daily Management, you can be hit with a crisis or indeed crises, such as Covid-19 and more. And at the same time, your team’s vision of a desirable future gets shelved until things ‘get back to normal’, whatever that is! And you have to manage all of this virtually!

It’s simple, but not easy. Here are a few tips to help you navigate these challenges:

TIP #!: Know yourself – in the intersection of these three domains, you will experience many different emotions. Managing your emotions will be key, as will leading with values. Knowing your personal and professional values will create a strong foundation for helping others understand their emotions and values.

Tip #2: Know your team members – Understanding what motivates your team members, and how they deal with the pressures and conflicts that arise between you, they and other team members will be crucial to maintaining a balanced and cohesive team.

Tip #3: Know your manager – Understanding your manager and their stressors will go a long way towards creating a strong working relationship between the two of you, which will stand you in good stead when you need your manager’s support.

If you would like to learn more about The Management Trilogy and the tools and techniques you can utilize virtually to achieve success, contact me at [email protected] or by calling 1-877-432-8182 (local in Edmonton 780-432-8182).

Brian Ward,

CEO, Affinity Consulting and Training

Edmonton

 

Feedback is the key to Engagement

We live and work in an age where feedback is necessary to secure employee engagement.  Study after study demonstrate up to 68% of the American workforce is disengaged.  Approximately 50% are unengaged and an incredible 17% are actively disengaged.[1]   Yikes.

Disengagement means lower levels of productivity, less revenue and higher incidents of weaker culture.  As noted by Gallup: Organizations with higher rates of “…engagement realize substantially better customer engagement, higher productivity, better retention, fewer accidents, and 21% higher profitability.”[2]

Disengagement is an illness that spreads rapidly when tolerated or left unaddressed. 

Why?  Several reasons:

1.   People that “pick up the slack” and generate the work product compensating for the lack of production by the disengaged feel underappreciated.  These employees are, essentially, punished for others being disengaged.  Employees who make up for the productivity of their disengaged colleagues eventually get frustrated and, not altogether unsurprisingly, tend to leave their employer.  Losing disengaged people is one thing, losing hard-working, go-getters is unacceptable for any organization;

2.   Disengaged employees are permitted to continue such disengagement – thus, repeating a vicious cycle where such behavior is encouraged if not altogether promoted.  Obviously, no organization wants to see this happen and yet it does. (As discussed above, such behavior requires the engaged workforce to over-work and drives up rates of attrition); and

3.   Management and ownership experience increasing levels of frustration, anxiety and concern over lower productivity, less revenue and higher levels of attrition.  81% of companies report turnover is a “costly problem” and 63% say retaining employees is actually more difficult than hiring people.[3]

How can ownership stem the tide?  How does an organization encourage and develop engagement?

One, simple word.

Feedback.  Gather feedback.  Analyze feedback.  Appreciate feedback.  Employ feedback to make more effective and objective decisions.

Feedback falls into three general categories – positive, negative and somewhere in between (often referred to as “constructive criticism”).  Management and ownership might not like all the feedback (especially the negative) received, but the process of gathering, analyzing and utilizing feedback helps strengthen culture within the workplace and improve rates of engagement.

A word of caution – if an organization is going through the valuable exercise of gathering meaningful feedback from their people, the organization must use it.  It is also important to gather enough feedback to make it statistically relevant (no need to act immediately after first gathering feedback).  When trends are identified in a given employee’s conduct and interaction with, or net impact on, others on a team or organization-wide level, action must be taken by management.

For an organization to preach the importance of feedback, stress participation in gathering feedback and then do nothing with the data collected can be more damaging than not caring about feedback at all.

Gathering and using feedback effectively can change the face of any organization.  Ripple Analytics Inc. is a cloud-based platform that empowers companies to gather and analyze feedback from their people.  Check us out at www.ripplecrew.com.  Give us a try!

 

Why we are qualified to write the blog:   Noah L. Pusey – [email protected] – is the President & CEO of Ripple Analytics Inc.   For over twenty (20) years, Noah has been building teams and developing employees at various companies.  As a result, he has participated in corporate America’s flawed annual review process and has set out to fix it.  He knows what works, what doesn’t and why.  See more about Ripple at www.ripplecrew.com.

Municipalities Promoting Positivity During the Pandemic

As Ontario prepares to enter the second Provincial Emergency amid stay-at-home orders, many folks could use some positivity. Here are some lighthearted and fun projects that municipalities across Canada are undertaking to bring a smile to peoples’ faces. 

City of Waterloo

 

The City of Waterloo, Ontario has launched The Community Happiness Project. The Community Happiness Project aims to connect community members by sharing messages of hope, positivity, welcoming, and connectivity from community members and hopefully you!

 

From January to mid-February, residents can submit audio messages and images through an online portal. These will be assembled into signage that will be posted throughout the city and can be accessed through QR codes on mobile devices. Audio messages collected from the community will reflect Waterloo’s caring spirit and can include stories, poems, and notes to combat the feelings of isolation that have grown throughout the COVID-19 pandemic.

 

Town of Blackfalds

The Town of Blackfalds, Alberta is continuing the Lunch Box Pandemic Response Program into 2021. The Blackfalds Food Bank has now settled into their new home in the old Community Services Department Shop, at 5014 Waghorn Street, there is plenty of room to accommodate donations to support the Blackfalds Food Bank needs and the Lunch Box program.

 

The Lunch Box Program started in March 2020 due to the pandemic and increased local families’ needs to provide food for their children. Initiated to provide school-aged children with healthy lunches and snacks for school, the program quickly changed when schools shut down and were then expanded to include any local family with children, of any age. This pandemic response program fed 3,877 children in 1,061 families from March through December of 2020. 

 

City of Barrie

 

The City of Barrie, Ontario is running a fun, new contest to name the snowplows. Barrie has 12 snowplows that need names and is asking residents to come up with some creative and unique ideas.

 

Between now and January 22, 2021, Barrie residents are invited to submit their idea for a snowplow name for your chance to win a City of Barrie prize pack. The winning names will also be featured on the City’s Plow Tracker app and will be added to the snowplow machines for the 2021-22 winter season.

 

We love seeing municipalities coming together to enrich the lives of their citizens! We also love connecting municipalities with the businesses that provide the municipal goods and services that they need. Learn more at www.muniSERV.ca and join today.