The Importance of Third Party Vendor Assessments

Lessons learned from Cyber Incident Response

We are finding many companies that have experienced a Cyber Incident are not performing even the most basic Third Party Vendor Risk Assessment.

It is absolutely imperative that if you engage with a vendor you understand the associated risks.

5 simple questions can lead you to be a better understanding of your Vendor risks and a quicker recovery from an Incident:

 

  1. Is there an identifiable Leadership team?
    • Who is accountable?
    • Would you be able to escalate or contact them?
    • Where are they located?
  2. Do they have an Incident Response plan and Reporting Structure?
    • Do they have a response plan?
    • Are there dedicated phone numbers or emails for reporting incidents?
    • Are ticket numbers assigned and tracked?
  3. Who is responsible for security within their Organization?
    • Is there someone who is responsible for security?
    • Is there a defined role or is it an off the side of the desk of another role?
    • Does the company reside in a country that has Breach Reporting responsibilities?
  4. Do you have a Service Level Agreement for responding to incidents?
    • Do you have a defined Incident/Severity matrix with set response times?
    • How do you escalate an Incident?
    • What is your communication cadence?
  5. Can they demonstrate their current level of Cyber Security Compliance?
    • Can they demonstrate the framework they adhere to? (NIST/CIS)
    • Do they disclose if and when they do vulnerability/penetration testing?
    • Do they have any risk reports (SOC 1, SOC 2, PCI or DSS) they can share?
    • Do they have patch management?

It is important to develop a Third Party Cyber Security Screening Assessment before engaging in a new contract. We can walk you through the process and helping you to understand your Cyber Risks.

 

Let’s talk Cyber!

http://www.mi613.ca

Share

Key Considerations for Local Government Software Adoption

When it comes to adopting new software, local governments have historically been somewhat cautious. And you can understand why. Government authorities face a number of unique challenges and must operate under certain constraints that do not always apply to others.

For instance, local government systems that are public-facing must be highly reliable because they have to be online 24/7/365. They must also be private and secure, particularly where personally identifiable information for residents comes into play.

Furthermore, they must have the ability to serve a large number of users. Unlike commercial businesses, a local authority’s target audience is the entire population of a region. Meaning systems have to be capable of supporting multiple languages and accessibility needs and be able to withstand unexpected surges in demand.

Civic Pulse recently conducted a survey asking local officials what they look for in government software. In order of importance, their top criteria included affordability, low “total cost of ownership”, and local government fit. Ease of use was important too, as were strong service and support.

The results indicate a clear pattern. Local governments are not averse and, in fact, are looking to implement better software. But successful solutions must easily adapt to existing processes, constraints, and practices. Otherwise, most local officials will be reticent to implement them.

Local Government Fit

Local governments want software that provides them with extra “capabilities” but that doesn’t necessitate massive changes to existing processes. However, unless they are built from the ground up with municipalities in mind, off-the-shelf solutions rarely mesh well with existing municipal operations and often fail during implementation. And even if they can be customized to do what is necessary, the amount of work, risk and cost usually increases to the point of being untenable – particularly for smaller municipalities.

The problem is this: local governments can’t make do with one-size-fits-all software anymore. As the Civic Pulse research shows, local authorities differ from each other significantly across multiple dimensions.

Total Cost of Ownership (TCO)

More than ever, municipalities are dealing with severe budget constraints. COVID-19 continues to affect our communities in terms of public-health, socially and economically, and local governments are bearing the brunt of this. Reduced revenues coupled with the need to maintain existing services and direct more money to public health have come at a significant cost.

Not surprisingly municipalities are looking for ways to control their expenses, including how they are choosing to implement new software solutions.

What is TCO?

Simple: it’s the sum of all direct and indirect costs associated with buying, implementing and managing the software over its duration of use.

There is a wide range of factors that impact TCO. For instance, easy-to-use software lowers TCO because staff time to learn and use the software is reduced. Software with exceptional vendor service and support also has a lower TCO because resolution of software issues or response to user queries happens quickly.

Software vendors that will appeal to local government brands feature comprehensive knowledge bases for self-help, online training, and dedicated remote support capabilities. Increasingly, vendors are moving to show government departments their return on software investments in real-time. Measuring the TCO against labour-saved by the solution gives local governments the data they need to justify continued spending.

Affordability

Affordability is perhaps the biggest constraint for government departments looking to purchase software. Local governments need to keep their infrastructure costs low to continue providing high-quality, front-line services to the public.

Consistent with what is happening in the private sector, local governments are embracing cloud-based solutions that minimize large capital purchases and the need for additional in-house IT resources. This has the added benefit of allowing the infrastructure to scale with demand, ensuring that any unnecessary spend on infrastructure is avoided. Flexible pricing models that allow local governments to choose the capabilities they need a la carte are also attractive.

AccessE11 – Built for Local Government

A large number of local governments have selected AccessE11’s citizen request software precisely for the reasons described above. With AccessE11, local governments get a solution that is:

• Created with municipal operations in mind

• Extremely simple to adopt and use

• Adaptable to each municipality’s unique needs without costly software development

• Cloud-based and accessible from anywhere on any device

• Affordable for municipalities of any size

Share

How have the pandemic adaptations affected your Physical Security?

Well into the COVID19 pandemic, organizations, governments big and small have had to take measures and make changes to their environments to adapt to the needs of their staff, customers, their service delivery model, requirements of health science, government agency regulations and perhaps “new” industry best practices and of course the ever-changing virus.

These measures have evolved into many different things. We’re going to specifically focus on physical security devices.

Two of the pervasive items that have been introduced in many environments are plexiglass and signage.

Organizations have installed plexiglass barriers at intersection points of personnel as they have the potential to interact with other personnel, customers, vendors, etc.

Informative signage itemizing physical distancing rules, self assessment health protocols have been placed all around in both strategic and random locations within the environment to ensure every opportunity for personnel and visitors to be informed.

Funny thing about all of this plexiglass barriers and signage.

In some cases, not all, we have inadvertently defeated some or many of the installed security devices functionality and purpose. That is, their ability to monitor, detect and alert (alarm).

  • Motion detectors blocked, unable to provide proper coverage
  • Cameras experiencing sun flare reflection off plexiglass
  • Nuisance alarms due to swinging signage on the increase
  • And other unforeseen affects

There are incidents where this is enough of this added material, that areas, although devices are active and functioning as per specifications, are unable to detect properly – leaving areas with no security detection or proper monitoring.

We have the answers.

Let’s go for a (physically distanced) walk and have a conversation.

Your security risk plans are more than just a motion detector or even a strategic camera placement.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

$31 million Canada Healthy Community Initiative – open for proposals

The Government of Canada announced that the Community Foundations of Canada with the Canadian Urban Institute are open to receive and review your proposal for access to $31 million under the Healthy Communities Initiative.

https://youtu.be/1smdTfZF-zE

 

I attended the Canada Healthy Community Initiative launch webinar February 9 and reviewed the applicant guide which is focused on the increased recognition of social and digital infrastructure that contributes to healthy community outcomes. The applicant guide makes it easy to understand if your organization can apply.

 

The projects eligible for funding need to serve the public or a community disproportionately impacted by Covid19 and fall within three healthy community initiative themes, one of them being community projects that use innovative data and technology solutions to connect people and support healthy communities. Community projects that use digital technologies and solutions to encourage citizen engagement, use open data, online platforms or physical digital devices for public benefit.

All budget items must be project related and expenses occur between April 1 2020 and June 30 2022. Details on how anticipated expenses are outlined in the budget are included in the applicant guide.

You need to demonstrate community engagement. Planned continued engagement with the community to receive feedback on the project may also demonstrate the role of the community in delivering the project. Your team can also elaborate on your equity approach and principles for the project and how it relates to community outreach and feedback.

All projects focusing on the theme of digital solutions and any project that handles public data should demonstrate best practices of digital design and responsible data management. The good news for you and your organization is that Athena Software meets the needs for inclusive design and data management.

 

Athena can provide details on data management considerations including:

Collection – who can collect the data

Access – who can access the data

Use – Who can use the data

Openness – What data is attributed to an individual

Compliance – PIPEDA

Minimum funding is $5000. Maximum funding is $250,000

 

All budget items must be project related and incurred April 1 2020 to June 30 2022. The government provided a budget template in excel. We created a proposal for the Canada Healthy Community Initiative and integrated it with the budget template to help give you a head start on filling out the form. Let me know if you are interested in the proposal and excel budget template and we will send you the forms to begin the process.

 

The first round of funding opened February 9 2021 and will close March 9 2021 5 PM PST. Review committees begin making decisions March 10. All applicants will receive results by April 30 2021.

The second round of funding opens May 14 2021 9:00 AM AST and closes June 25 2021 at 5 PM PST. Applicants that did not receive funding in round one can apply for funding in round two. Review committees begin making decisions June 26. All applicants will receive results by August 13 2021.

 

You will need to check which region your project is in before you apply with the link to the map in the application guide. You will also identify the amount you are applying for. Any project over $100,000 will be reviewed at the national level.

 

Your application will be evaluated with many others in each community. Your application must meet the basic eligibility criteria including project rationale, community engagement, outcomes, project implementation and readiness fulfilling all of the following criteria:

 

  • Submitted by an eligible organization, and provides documentation
  • Responds to needs arising from COVID-19
  • Creates or adapts public spaces, or programming or services for public spaces in the public interest
  • Demonstrates consideration of and connections within the community
  • Serves the general public or a community disproportionately impacted by COVID-19
  • Falls within the Healthy Communities Initiative theme(s)
  • Submitted with a complete budget
  • Is requesting between $5,000 and $250,000
  • Incurs expenses between April 1 2020 to June 30 2022

Please join me March 5 at 1 PM EST for a hands-on webinar as we share ideas from communities that use Penelope to assist those most affected by Covid 19 and review proposals for new and current agencies using Penelope. You can find the registration page on our Athena web site. Hope to see you there. If you have questions before then call or email. Until then stay safe. We will see you soon.

Share

Code Enforcement with AccessE11

The mandate of municipal government is to provide access to civic amenities and to ensure that residents follow the local laws and ordinances adopted by City Council.

In general, there are operating processes in place to monitor and enforce these municipal codes. However, it is often the residents themselves that witness and report code violations, at which point the municipality’s responsibility is to initiate an investigation and resolve the situation. When this occurs, there are additional complexities involved, with many municipalities struggling to track and meet their service targets to address citizen-initiated complaints. Any departments responsible for code enforcement must triage citizen complaints across a diverse range of property maintenance, parking, noise, nuisance and other issues. Then, activities must be coordinated with officers in the field, all actions tracked, and any documents consolidated until compliance is reached.

Using the AccessE11 service request management platform, multiple municipalities have streamlined and automated their code enforcement approach, making it effortless for staff to capture citizen complaints, assign the right team, resolve the underlying issues, institute centralized tracking and record keeping, and easily report on issues individually or on an aggregated basis.

Capturing Code Issues

Increasingly, residents expect to be able to interact with their municipality in the same way they do private-sector organizations via multiple channels, and this applies equally to code enforcement.

In light of this, AccessE11 has created a platform that allows citizens to report their concerns online, by email, and using integrated mobile apps. Categorization of each violation by category (permit issue, graffiti, trash & debris, noise etc.) is completely flexible, and geolocation of the issue and inclusion of pictures/other details is simple.

Once reported, the software automatically creates a case to track the issue, acknowledges receipt to the citizen, sets follow-up and due dates, and routes the case to a specific staff member. Moreover, it immediately makes the information available in configurable dashboards, embedded maps and reports to provide a centralized, cohesive view of all past and ongoing code enforcement activities.

Processing Citizen Issues

Inspections are an integral part of the resolution process and, to that end, code enforcement officers are provided with an up to date and prioritized view of the complaints they need to follow-up with the AccessE11 mobile app for staff. Depending on whether or not a violation is observed, an officer on location can close the case immediately, or further document it with corrective actions and a date for a follow-up inspection if required.

Some municipalities also use code sweeps within delimited geographical areas as a proactive means of enhancing the safety, cleanliness and conditions of a neighbourhood. In this scenario, officers can create cases for tracking purposes directly using the mobile app. All relevant information is seamlessly and centrally logged with no need for the officer to visit the municipal office simply to enter data.

From the time an issue is reported through to closure, departmental managers, assigned staff and, to an appropriate extent, the reporting citizen are kept informed with automated, real-time notifications. Code enforcement teams are able to work seamlessly and avoid crossed wires. The reporting citizen can also get updates on their concern at any time by visiting AccessE11’s citizen-facing portal.

Operational Effectiveness

Citizens demand services from municipalities, but they also expect them to use tax dollars wisely. Authorities have a duty to avoid waste wherever possible and act in the public interest.

To that end, they need systems that allow them to make informed decisions and measure the success of their activities. AccessE11’s platform allows code enforcement departments to visualize and report on valuable data, letting them make evidence-based decisions. Managers can prioritize tasks, collect data on current and historic trends, measure against service targets, and gauge the effectiveness of the municipality’s response to issues. This data-driven approach enables managers to get a better handle on the overall efficacy of their teams, as well as the productivity of individual members.

Share

Ensuring Accessibility in your Municipality

By law, as of January 1, 2021, all public sector organizations and private or non-profits organizations with 50+ employees must make their web content fully accessible and compliant under Ontario’s Web Content Accessibility Guidelines (WCAG).

How to Comply

 

To comply with WCAG, your public-facing website and all newer posted content must meet WCAG 2.0 standards (as outlined in the Accessibility Standard for Information and Communications). For more detailed information on what needs steps need to be done to make your website accessible visit – https://www.ontario.ca/page/how-make-websites-accessible.

 

It should also be noted that you don’t have to make changes to your internal website to make it accessible. As well, any content posted to your website before 2012 does not need to be modified to meet WCAG. However, if you are asked, you will need to work with individuals to make this content available to them in an alternate format such as large print or braille.

Tips for Testing your Websites for Accessibility

Once your website is updated to meet WCAG, it is a good idea to test your website out to make sure that your new or refreshed website is accessible before it is launched. Here are some good ways to ensure your website will be accessible for all of your users.

Automatic Assessment and Assistive Technology – Do a final review of your website using an automatic assessment tool that will help flag any issues that have not been resolved. An example of this would be to review your site using assistive technology like a screen reader to make sure the website’s design and technical aspects are accessible.

 

Review Key Milestones and Changes – It is a good idea to keep a record of the accessibility issues that have been made to your website. Doing this will allow you to see the completed work and how it has been made accessible. As well, having this done up can be helpful if your organization is asked to show how your website is WCAG 2.0 compliant.

 

Online Accessibility Checker – Use an online tool to check if your website is accessible. While using an online tool does not guarantee that you will find all accessibility issues it can still find somethings you might have missed. This is why it is important to have people review the site as well.

 

User Testing and Feedback – When possible, ask people with disabilities to test your site before it is launched. Receiving feedback from potential users will help you to find out if there are any further improvements needed.

 

If You Can’t Comply with WCAG

It may not always be possible to meet the WCAG 2.0 requirements. As an example of this, your website may have been created using software and other tools that predate WCAG 2.0.  While you may be able to update or repair the products you used to support accessibility, if this is not possible, you will need to make sure that when you refresh your website you use new software that supports accessibility.

 

As well, it may not be possible for you to post some content in a way that complies with WCAG 2.0. An example of this is when you post something like an online map or a complex diagram that is not readily accessible to people with visual disabilities. In cases like this, you may still post the content, however, you must provide it in an accessible format upon request.

 

In the end, the positive outcome of compliance with WCAG, is that your website will be accessible to everyone! 

Share

Digital Solutions for Canadian Municipalities

The past few months have been challenging for everyone as we change the way we live, play and work. Many industries have been forced to pivot and find digital solutions to continue serving their customers in the “new normal”. Canadian municipalities are no different. With many municipal offices closed to the public or working at a reduced capacity, there has never been a better time to start introducing digital solutions to work safer and work smarter. Here are some great digital solutions from Canadian muniSERV members to get you started.

Citizen Engagement/Customer Service

 AccessE11 is a Municipal 311, Citizen Issue and Relationship Management platform designed to provide small to mid-sized municipalities with a simple, cost-effective means to manage citizen issues. The platform drives simplicity, reduced administration, stronger decision making and better compliance across specific areas of focus within local government operations. Citizens can report issues and monitor the status of their issue digitally, improving customer service and operational transparency.

Smart City/IoT

 Trilliant has revolutionized how municipalities, cities, energy providers and utilities manage their mission-critical operations. Trilliant connects the world of things (IoT) and incorporates Smart City functionality to new or existing networks. Municipalities can improve the efficiency of their offerings through the implementation of things like advanced metering infrastructure for water, electricity and gas, smart street lighting, smart network sensors and so much more.

Treasury

 Clik2Pay  is a customer billing payments solution that allows citizens to receive and pay their tax bills or other municipal invoices directly from their smartphone. Municipalities benefit from quicker payments and simplified bill collection, all for less than it costs to pay by debit or credit card.

Payroll Efficiency

 Mother Clock  Inc. is a fully integrated time tracking payroll platform that is modernizing payroll technology. This tablet-based time tracking service is the solution for businesses that want to abandon paper-based processes.  Mobile employees can use their smartphones to clock-in/out with GPS time tracking, increasing accountability.

Cyber Security & Training

 RiskAware provides municipalities with an Information and Cyber Security advantage through governance, training, education and risk management. They can help you assess your digital risks before getting started.

Digital Transformation Consulting

 ArchITectAbility provides IT Advisory, Assurance, Architecture and Governance expert services as well as Business Process Re-engineering offerings. If you’re not sure where to start your digital transformation, here you go!

These are just a few of the great Canadian companies that are helping municipalities go digital. 

Search our  Find a  Consultant database by service, business name, province or city, for even more of our members’ innovative digital solutions, to help municipalities simplify processes and find efficiencies! 

Share

Unused Technology Costs

How much does your organization spend each year on technology? Not just new technology but maintenance and subscription renewals as well?

 

If you’re a medium or enterprise-level corporation, it’s probably not an insignificant amount

 

For that matter, relatively speaking, a lot of small businesses can also point to technology as a good chunk of their operating expense

 

But now the more uncomfortable question…are you using all of that technology you’re paying for?

 

I was going through my invoices last week and realized that I’m still getting charged by our old hosting provider even though we moved our website to another platform several months ago

 

It’s a small monthly charge but, if I hadn’t caught it, who knows how long I would’ve kept paying those fees

 

Now imagine if that were to happen in a larger organization. Unfortunately, from what I’ve seen in large organizations, there’s not much left for the imagination

 

A few years ago, we were doing some consulting work for a client who’d heavily invested in a premier financial platform that was running on their on-premise servers

 

They’d paid seven figures for the initial license fee plus a year’s worth of consulting for customization, implementation and testing

 

And every year since they’d been paying close to six figures for annual maintenance

 

During our review we noticed two invoices our client had received from the same software supplier

 

One was for the annual maintenance, but the second one was for annual subscription fees

 

What had happened was, during the year they were going through their implementation, the supplier released a cloud version of the same product

 

And got the finance department to sign up for a one-year subscription so that they could start using the software right away

 

With the idea being that everyone would get moved to the on-premise version when it went live

 

But that road from on-premise to cloud is usually a one-way street. Rarely do you see an organization go the other way

 

So they went live, but everyone kept using the cloud version

 

And because there was a disconnect between the business and IT, the subscription would auto-renew each year and finance would pay the renewal

 

At the same time, IT would get an annual maintenance invoice for the server-based version and that would get paid as well

 

Now I know that a lot of you are hearing this and thinking about a time when this might have happened in your organization

 

Or you’re wondering if it’s happening right now

 

Folks, it’s September, which means a lot of your IT contracts are going to be coming up for renewals

 

And if there’s ever been a year when it was absolutely critical that you only pay for what you’re using…it’s this year

 

If you’re going to survive 2020 and still be standing in 2021, you have to get a handle on your IT spend

 

But you’ll never be able to do that until you have a handle on your IT contracts

 

And that’s where I believe we stand head and shoulders above everyone in this space

 

Because I designed a platform that gives your procurement team everything they need to properly manage contracts…and they’ll do it for pennies on the dollar

 

So take 5 minutes to see how OneView works

 

And if you need some help with your year-end renewals, reach out to us. We can help with that too

 

Mohammed Faridy

[email protected]

 

 

 

Share

Pandemic/Epidemic Business toolKIT

We are deeply focused on keeping your employees, customers, and suppliers safe while working, visiting, or conducting business at your facilities and supporting your business operations.

The Michael White Group International and Hilt International Security have partnered together in order to create a dynamic resource that is continuously growing, developing, and being  revised to keep you informed of the latest requirements, new best practices, and procedures.

As we all continue to navigate our  ‘new normal’, we have tapped into our global resources to develop a toolKIT that lays out processes to raise awareness of new health and well-being protocols and potentially helpful practices for cross-functional teamwork, operating discipline, and training for employees.

While it is not a one-size-fits-all approach, the Pandemic/Epidemic Business toolKIT includes practical recommendations, based on guidelines from Health Canada and World Health Organization, that could be tailored for different  businesses (when required) to address various scenarios they may face when returning to work. Regular updates will be made to the toolKIT based on real-time feedback. The toolkit covers a wide range of topics, including:

•      Step-by-step guides for setting up a pandemic response team

•      Cleaning and disinfection procedures

•      Staggering shifts and lunch breaks and other physical distancing strategies

•      On-site health screening

•      Protocols for isolating employees who become ill at work

•      & more.

This has been a difficult time for everyone, and re-establishing a workplace where employees feel comfortable performing their jobs safely is a multi-faceted challenge. It is our hope that by developing and providing this resource we can help your organization accomplish and adapt to the new operating protocols in today’s still ever challenging conditions.

Should your Municipality be open to exploring the need, whilst accessing our  toolKIT to assist you during  the re-opening, and re-populating of your facilities, contact Michael White Group International today, and in partnership with Hilt International Security we will be happy to assist.

 

 

Share

Canadian Government Entities Under Scrutiny for Lax Cybersecurity

Canada’s government sector is increasingly coming under scrutiny for both lagging privacy and security both in legislation and in practice

 

In a sign of the times, figures released in February to the House of Commons reveal that the personal information of at least 144,000 Canadians was mishandled by Federal department and agencies, including the Security Intelligence Service and Department of National Defense.  The breaches were widespread, impacting over 10 separate departments and agencies, with evidence indicating that these figures are being underreported due to inadequate reporting requirements.  The Canada Revenue Agency led the pack with 3,020 identified breaches over the last two years impacting at least 59,065 Canadians. 

 

Helical’s offerings meet the “Baseline Cyber Security Controls for Small and Medium Organizations” published by the Canadian Centre for Cyber Security and can be scaled up according to need.  You can learn more about how we meet these requirements here or for more information about Helical, visit our website.  

Share