The Importance of Third Party Vendor Assessments

Lessons learned from Cyber Incident Response

We are finding many companies that have experienced a Cyber Incident are not performing even the most basic Third Party Vendor Risk Assessment.

It is absolutely imperative that if you engage with a vendor you understand the associated risks.

5 simple questions can lead you to be a better understanding of your Vendor risks and a quicker recovery from an Incident:

 

  1. Is there an identifiable Leadership team?
    • Who is accountable?
    • Would you be able to escalate or contact them?
    • Where are they located?
  2. Do they have an Incident Response plan and Reporting Structure?
    • Do they have a response plan?
    • Are there dedicated phone numbers or emails for reporting incidents?
    • Are ticket numbers assigned and tracked?
  3. Who is responsible for security within their Organization?
    • Is there someone who is responsible for security?
    • Is there a defined role or is it an off the side of the desk of another role?
    • Does the company reside in a country that has Breach Reporting responsibilities?
  4. Do you have a Service Level Agreement for responding to incidents?
    • Do you have a defined Incident/Severity matrix with set response times?
    • How do you escalate an Incident?
    • What is your communication cadence?
  5. Can they demonstrate their current level of Cyber Security Compliance?
    • Can they demonstrate the framework they adhere to? (NIST/CIS)
    • Do they disclose if and when they do vulnerability/penetration testing?
    • Do they have any risk reports (SOC 1, SOC 2, PCI or DSS) they can share?
    • Do they have patch management?

It is important to develop a Third Party Cyber Security Screening Assessment before engaging in a new contract. We can walk you through the process and helping you to understand your Cyber Risks.

 

Let’s talk Cyber!

http://www.mi613.ca

Share

How have the pandemic adaptations affected your Physical Security?

Well into the COVID19 pandemic, organizations, governments big and small have had to take measures and make changes to their environments to adapt to the needs of their staff, customers, their service delivery model, requirements of health science, government agency regulations and perhaps “new” industry best practices and of course the ever-changing virus.

These measures have evolved into many different things. We’re going to specifically focus on physical security devices.

Two of the pervasive items that have been introduced in many environments are plexiglass and signage.

Organizations have installed plexiglass barriers at intersection points of personnel as they have the potential to interact with other personnel, customers, vendors, etc.

Informative signage itemizing physical distancing rules, self assessment health protocols have been placed all around in both strategic and random locations within the environment to ensure every opportunity for personnel and visitors to be informed.

Funny thing about all of this plexiglass barriers and signage.

In some cases, not all, we have inadvertently defeated some or many of the installed security devices functionality and purpose. That is, their ability to monitor, detect and alert (alarm).

  • Motion detectors blocked, unable to provide proper coverage
  • Cameras experiencing sun flare reflection off plexiglass
  • Nuisance alarms due to swinging signage on the increase
  • And other unforeseen affects

There are incidents where this is enough of this added material, that areas, although devices are active and functioning as per specifications, are unable to detect properly – leaving areas with no security detection or proper monitoring.

We have the answers.

Let’s go for a (physically distanced) walk and have a conversation.

Your security risk plans are more than just a motion detector or even a strategic camera placement.

We can Help.

Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

$31 million Canada Healthy Community Initiative – open for proposals

The Government of Canada announced that the Community Foundations of Canada with the Canadian Urban Institute are open to receive and review your proposal for access to $31 million under the Healthy Communities Initiative.

https://youtu.be/1smdTfZF-zE

 

I attended the Canada Healthy Community Initiative launch webinar February 9 and reviewed the applicant guide which is focused on the increased recognition of social and digital infrastructure that contributes to healthy community outcomes. The applicant guide makes it easy to understand if your organization can apply.

 

The projects eligible for funding need to serve the public or a community disproportionately impacted by Covid19 and fall within three healthy community initiative themes, one of them being community projects that use innovative data and technology solutions to connect people and support healthy communities. Community projects that use digital technologies and solutions to encourage citizen engagement, use open data, online platforms or physical digital devices for public benefit.

All budget items must be project related and expenses occur between April 1 2020 and June 30 2022. Details on how anticipated expenses are outlined in the budget are included in the applicant guide.

You need to demonstrate community engagement. Planned continued engagement with the community to receive feedback on the project may also demonstrate the role of the community in delivering the project. Your team can also elaborate on your equity approach and principles for the project and how it relates to community outreach and feedback.

All projects focusing on the theme of digital solutions and any project that handles public data should demonstrate best practices of digital design and responsible data management. The good news for you and your organization is that Athena Software meets the needs for inclusive design and data management.

 

Athena can provide details on data management considerations including:

Collection – who can collect the data

Access – who can access the data

Use – Who can use the data

Openness – What data is attributed to an individual

Compliance – PIPEDA

Minimum funding is $5000. Maximum funding is $250,000

 

All budget items must be project related and incurred April 1 2020 to June 30 2022. The government provided a budget template in excel. We created a proposal for the Canada Healthy Community Initiative and integrated it with the budget template to help give you a head start on filling out the form. Let me know if you are interested in the proposal and excel budget template and we will send you the forms to begin the process.

 

The first round of funding opened February 9 2021 and will close March 9 2021 5 PM PST. Review committees begin making decisions March 10. All applicants will receive results by April 30 2021.

The second round of funding opens May 14 2021 9:00 AM AST and closes June 25 2021 at 5 PM PST. Applicants that did not receive funding in round one can apply for funding in round two. Review committees begin making decisions June 26. All applicants will receive results by August 13 2021.

 

You will need to check which region your project is in before you apply with the link to the map in the application guide. You will also identify the amount you are applying for. Any project over $100,000 will be reviewed at the national level.

 

Your application will be evaluated with many others in each community. Your application must meet the basic eligibility criteria including project rationale, community engagement, outcomes, project implementation and readiness fulfilling all of the following criteria:

 

  • Submitted by an eligible organization, and provides documentation
  • Responds to needs arising from COVID-19
  • Creates or adapts public spaces, or programming or services for public spaces in the public interest
  • Demonstrates consideration of and connections within the community
  • Serves the general public or a community disproportionately impacted by COVID-19
  • Falls within the Healthy Communities Initiative theme(s)
  • Submitted with a complete budget
  • Is requesting between $5,000 and $250,000
  • Incurs expenses between April 1 2020 to June 30 2022

Please join me March 5 at 1 PM EST for a hands-on webinar as we share ideas from communities that use Penelope to assist those most affected by Covid 19 and review proposals for new and current agencies using Penelope. You can find the registration page on our Athena web site. Hope to see you there. If you have questions before then call or email. Until then stay safe. We will see you soon.

Share

Code Enforcement with AccessE11

The mandate of municipal government is to provide access to civic amenities and to ensure that residents follow the local laws and ordinances adopted by City Council.

In general, there are operating processes in place to monitor and enforce these municipal codes. However, it is often the residents themselves that witness and report code violations, at which point the municipality’s responsibility is to initiate an investigation and resolve the situation. When this occurs, there are additional complexities involved, with many municipalities struggling to track and meet their service targets to address citizen-initiated complaints. Any departments responsible for code enforcement must triage citizen complaints across a diverse range of property maintenance, parking, noise, nuisance and other issues. Then, activities must be coordinated with officers in the field, all actions tracked, and any documents consolidated until compliance is reached.

Using the AccessE11 service request management platform, multiple municipalities have streamlined and automated their code enforcement approach, making it effortless for staff to capture citizen complaints, assign the right team, resolve the underlying issues, institute centralized tracking and record keeping, and easily report on issues individually or on an aggregated basis.

Capturing Code Issues

Increasingly, residents expect to be able to interact with their municipality in the same way they do private-sector organizations via multiple channels, and this applies equally to code enforcement.

In light of this, AccessE11 has created a platform that allows citizens to report their concerns online, by email, and using integrated mobile apps. Categorization of each violation by category (permit issue, graffiti, trash & debris, noise etc.) is completely flexible, and geolocation of the issue and inclusion of pictures/other details is simple.

Once reported, the software automatically creates a case to track the issue, acknowledges receipt to the citizen, sets follow-up and due dates, and routes the case to a specific staff member. Moreover, it immediately makes the information available in configurable dashboards, embedded maps and reports to provide a centralized, cohesive view of all past and ongoing code enforcement activities.

Processing Citizen Issues

Inspections are an integral part of the resolution process and, to that end, code enforcement officers are provided with an up to date and prioritized view of the complaints they need to follow-up with the AccessE11 mobile app for staff. Depending on whether or not a violation is observed, an officer on location can close the case immediately, or further document it with corrective actions and a date for a follow-up inspection if required.

Some municipalities also use code sweeps within delimited geographical areas as a proactive means of enhancing the safety, cleanliness and conditions of a neighbourhood. In this scenario, officers can create cases for tracking purposes directly using the mobile app. All relevant information is seamlessly and centrally logged with no need for the officer to visit the municipal office simply to enter data.

From the time an issue is reported through to closure, departmental managers, assigned staff and, to an appropriate extent, the reporting citizen are kept informed with automated, real-time notifications. Code enforcement teams are able to work seamlessly and avoid crossed wires. The reporting citizen can also get updates on their concern at any time by visiting AccessE11’s citizen-facing portal.

Operational Effectiveness

Citizens demand services from municipalities, but they also expect them to use tax dollars wisely. Authorities have a duty to avoid waste wherever possible and act in the public interest.

To that end, they need systems that allow them to make informed decisions and measure the success of their activities. AccessE11’s platform allows code enforcement departments to visualize and report on valuable data, letting them make evidence-based decisions. Managers can prioritize tasks, collect data on current and historic trends, measure against service targets, and gauge the effectiveness of the municipality’s response to issues. This data-driven approach enables managers to get a better handle on the overall efficacy of their teams, as well as the productivity of individual members.

Share

Municipalities Build Back Better With Whole Person Care

 

 

 

 

 

 

 

 

There is a lot of talk about a Build Back Better approach in our communities during the Covid 19 pandemic.  One strategy that helps address those in need is a Whole Person Care approach using a digital platform to collect and measure outcomes for wrap around programs which can be fully funded under the new Canada Healthy Communities Initiative.

With the arrival of Covid 19, the amount spent on healthcare is increasing in every community. While the amount invested in healthcare is increasing, municipalities are spending up to 25% of their healthcare costs to support non-value add aspects in their healthcare system. Value-based care models help optimize what is spent to get the best outcomes. How do communities do more with less as Covid 19 increases health and economic risk? In the short term we will need to work together with what we have and find ways to get better outcomes for less.

We know that Covid 19 is accelerating value-based healthcare approach in communities. Whole-person care is not far behind.

Whole person care describes a wrap around approach that addresses complete physical health, behavioral health and social wellbeing. Communities that work together as a team to provide care for individuals with poorly managed conditions including diabetes, heart disease, obesity and COPD are better equipped to improve health outcomes for less. Helping to manage care for this population most at risk relies on seamless information exchange, tele-health, care co-ordination and consumer engagement. All of these conditions are closely related to the social determinants of health.

Post acute care including home health, hospice and senior living facilities and human service including community mental health centers, addiction treatment centers and social service agencies in every community need to have the technology and skills to work as equal partners. Every community now has a chance to build back better with whole person care. 

Whole person care gets even better when amplified with data science and analytics that are driven with a prescriptive approach to patient care. To prepare our communities to deliver better outcomes during the pandemic, municipalities need to look at systems that offer interoperability – a framework that supports bidirectional exchange of data across systems and providers of care, a network to network bridge, policy agreements, discrete data and support for client consent and sharing that consent with others.

Consumer engagement with a patient portal makes it easier for hospitals and physicians to work with clients. Automated referrals, tele-health and patient information integration create a public care eco-system that serves the public in Covid 19 times. Building Back Better with the help of funding from the Canada Healthy Community Initiative makes it possible to accelerate the care you need in every community. Let us know if you need help with your digital transformation as you build back better in your community.

 

Learn more: Contact Athena Software

 

Share

Covid 19 – Federal Funding for Municipal Solutions

The Covid 19 pandemic is creating a massive strain on resources in communities across Canada. Human service solutions in education, justice, social and health were never designed to take on this much for so long. Canadian municipalities are making adjustments to accommodate the surge in demand and the ever changing needs of their community. 

 

Some of our communities are now in the red zone creating the need for further restrictions. Federal, provincial and municipal governments are responding with additional funding and co-operation to help reduce the damage and improve the outcomes in less time. 

 

On August 13 2020, The Honourable Catherine McKenna, Minister of Infrastructure and Communities announced the creation of the Canada Healthy Communities Initiative with up to $31 million ($19M 2020-21 & $12M 2021-22) in federal funding to support community-led solutions that respond to immediate and ongoing needs arising from COVID-19 over the next two years.The demands placed on families and individuals by COVID-19 have exposed a real need for low-cost, locally-driven ideas to help communities adapt and thrive. The Canada Healthy Communities Initiative will help breathe life into these small projects that can have a big impact as local governments, Indigenous communities and their non-profit partners rethink public spaces and how they deliver services to people.”

 

While Infrastructure Canada (INFC) is providing the funding, there is another organization yet to be announced that will organize, evaluate and distribute funding based on your proposal. This announcement will be made shortly. Your municipality will be able to submit a Covid 19 related infrastructure proposal that is between $5,000-$250,000. Three focus areas are: digital solutions, improved mobility solutions and safe and vibrant public spaces. 

 

A community project that develops infrastructure -related solutions to address changing community needs through the use of data and connected technologies starts with the ability to understand who is affected, what is being delivered and what needs to be done with priority. Measuring outcomes and sharing this information in a secure way becomes the source of truth for social service, health, justice and education partners that are focused on helping those most affected by Covid 19. Any municipality working to solve these complex and rapidly evolving stress points without a case management solution will have overlapping solutions that cost more than required and fail to see the gaps, reducing the outcomes. When you have time and budget, municipalities will continue to manage human services in a way that offers a path with least resistance. 

 

Covid 19 has exhausted both time and budget. Human services in your community need to work together efficiently. Working to save lives today and preparing for the future depends on it. Athena Software is a Canadian company that has experience working with every level of government in 15 countries around the world helping them find a way to do more with less and get better outcomes. Let me know if you would like to see how this can work for your community. 

Learn more: Athena Software

Share

Digital Solutions for Canadian Municipalities

The past few months have been challenging for everyone as we change the way we live, play and work. Many industries have been forced to pivot and find digital solutions to continue serving their customers in the “new normal”. Canadian municipalities are no different. With many municipal offices closed to the public or working at a reduced capacity, there has never been a better time to start introducing digital solutions to work safer and work smarter. Here are some great digital solutions from Canadian muniSERV members to get you started.

Citizen Engagement/Customer Service

 AccessE11 is a Municipal 311, Citizen Issue and Relationship Management platform designed to provide small to mid-sized municipalities with a simple, cost-effective means to manage citizen issues. The platform drives simplicity, reduced administration, stronger decision making and better compliance across specific areas of focus within local government operations. Citizens can report issues and monitor the status of their issue digitally, improving customer service and operational transparency.

Smart City/IoT

 Trilliant has revolutionized how municipalities, cities, energy providers and utilities manage their mission-critical operations. Trilliant connects the world of things (IoT) and incorporates Smart City functionality to new or existing networks. Municipalities can improve the efficiency of their offerings through the implementation of things like advanced metering infrastructure for water, electricity and gas, smart street lighting, smart network sensors and so much more.

Treasury

 Clik2Pay  is a customer billing payments solution that allows citizens to receive and pay their tax bills or other municipal invoices directly from their smartphone. Municipalities benefit from quicker payments and simplified bill collection, all for less than it costs to pay by debit or credit card.

Payroll Efficiency

 Mother Clock  Inc. is a fully integrated time tracking payroll platform that is modernizing payroll technology. This tablet-based time tracking service is the solution for businesses that want to abandon paper-based processes.  Mobile employees can use their smartphones to clock-in/out with GPS time tracking, increasing accountability.

Cyber Security & Training

 RiskAware provides municipalities with an Information and Cyber Security advantage through governance, training, education and risk management. They can help you assess your digital risks before getting started.

Digital Transformation Consulting

 ArchITectAbility provides IT Advisory, Assurance, Architecture and Governance expert services as well as Business Process Re-engineering offerings. If you’re not sure where to start your digital transformation, here you go!

These are just a few of the great Canadian companies that are helping municipalities go digital. 

Search our  Find a  Consultant database by service, business name, province or city, for even more of our members’ innovative digital solutions, to help municipalities simplify processes and find efficiencies! 

Share

Risk Complacency

Why should you have a cyclical strategy to your risk and security?

Risk Complacency. You run the risk of being complacent. The one man-made hazard that is probably the easiest to avoid and the largest threat to any sized business, organization, government, event, institution, and book club. Okay, maybe not the book club.

 

So, what happened?

It was quiet. It was nice, there was a sense of security. Unfortunately, that feeling is usually supplemented with a lack of awareness. A lack of awareness of threats, dangers to your organization, those deficiencies that slowly creep up but yet can quickly hammer down all the previous work.

Plan out the work to get your organization on a cyclical strategy to address, manage and mitigate your risk and security threats.

Once planned out. Execute the plan. Do what you say you are going to do…and don’t stop.

Need help? We can Help.

It starts with a conversation.

As we say…Plan the Work. Work the Plan.

Should your Municipality need assistance, contact Michael White Group today, and we will be happy to answer your questions or provide quotations.

Share

Cost Savings and Contract Management in Q4

The Importance of Contract Management when Analyzing Spend

 

When my clients ask me to help identify areas of opportunity for cost reduction with their existing suppliers, I ask two questions:

 

1.     Where are your contracts?

 

2.    How much do you spend?

 

The first question usually gets a lot of blank stares, shrugging shoulders and a general sense of helplessness.

 

The second question generates massive spreadsheets from the finance department, listing every supplier that ever submitted an invoice and got paid.

 

But the spreadsheets don’t give the specifics about what was purchased or the underlying contractual obligations.

 

And the reality is that, without a solid understanding of the existing terms and conditions, it’s difficult for any organization to negotiate cost reductions with their suppliers.

 

Unfortunately, many of the consulting firms that are hired to find cost savings opportunities fail to mention the importance of contract management as an underlying prerequisite to spend management.

 

Instead they spend months sifting through a client’s financial data and produce impressive graphs and charts that show exactly where the opportunities are. All the client has to do is consolidate, renegotiate or cancel contracts in order to reduce spend.

 

But by the time the client realizes that they need to first find and understand their contracts, the consultants are either long gone or walking through the door with one of their ERP systems vendors who just happen to have the perfect (expensive, complicated, hard to implement) solution for contract management.

 

The reality is that contract management doesn’t have to be expensive, complicated or hard to implement, as long as an organization understands what it really needs.

ERP Systems

Enterprise Resource Planning (“ERP”) systems weren’t developed for contract management.

 

 ERP is business management software intended to collect, store and manage data from various business activities.

 

The system typically consists of a suite of modules that can be bundled together, or added on at a later date, to give the client an end-to-end solution.

 

Suppliers that sell a contract management module as part of their ERP system highlight 3 key benefits of their product:

 

1.     The client can create contracts from within the module, utilizing corporate standard terms and conditions, thereby eliminating the need to work off a supplier’s paper

 

2.    The client can produce reports and summaries of the contracts stored in the system

 

3.    The module seamlessly integrates with other modules (procurement, accounts payable, asset management, etc.) to provide a complete end-to-end solution

 

However, if we take a closer look at each of these 3 supposed benefits we see something different.

 

1.     Contract Creation – I’ve been managing and negotiating contracts for almost 20 years. The way lawyers drafted contracts when I first started is the same way it’s done today, and I suspect that’s the way it’ll be done for the next 20 years. I’ve seen many contract management modules implemented at various organizations but I’ve yet to see one that’s actually used.

 

2.    Reporting – Reports and summaries are only as good as the data used to create them. Garbage in, garbage out. ERP modules require manual data input into a lot of different fields across a lot of different tabs. This makes sense when dealing with numerical data such as financials or asset management, but it’s almost impossible with contracts. ERP systems produce very impressive financial reports but are utterly useless when trying to summarize contract data.

 

3.    Integration – The suggestion that the contract management module will seamlessly integrate with other modules is misleading, at best. At worst, it’s just a way for the supplier to sell more modules. The truth is that any module will only provide seamless integration with other modules within the same ERP system AND as long as there’s no customization. However most organizations don’t go all in with one ERP solution for all of their business management needs and they will almost always need customizations for the modules they do buy.

 

 

So what does an organization really need for contract management?

 

The Simplicity of Contract Management: What you really need

 

Most organizations, big and small, only have a handful of real requirements for contract management:

 

1.     Summary – Once a contract has been countersigned and returned, most organizations require a summary to be sent (along with a copy of the final document) to key individuals and departments such as the CEO, CFO, Legal and Finance

 

2.    Storage – The final version of a contract needs to be stored in a secure location that can only be accessed by authorized personnel

 

3.    Ease of Access – Most contracts that are signed and stored will never be read again, unless there’s a breach. However some contracts (usually IT) have renewal dates, service levels and milestones that need to be reviewed regularly

 

4.    Alerts – Organizations need to know when contracts are coming up for renewal so that they can plan for the cost to renew, as well as any renegotiation that may be needed.

 

A simple tool that addresses these 4 basic needs for contract management will be more than sufficient for most organizations and the cost will be exponentially less than an ERP module.

 

OneView

 

With Q4 around the corner, I’ve been talking to a lot of executives about the impact contract management’s having on year-end cost savings initiatives in the post-COVID environment. 

As one executive recently told me “…one outcome of remote work is that it exposed flaws in our processes that we just ‘made work’ when we were in the office”. 

It was an interesting comment that really drove home a point I’ve been making for some time…less is more when it comes to contract management. 

The reality is that expensive, complicated ERP systems just don’t make sense anymore which is why I truly believe the solution I designed and built, OneView, gives procurement teams everything they need when it comes to contract management…for pennies on the dollar.

If you would like to know more, feel free to message me directly at [email protected]

 

Share

Pandemic/Epidemic Business toolKIT

We are deeply focused on keeping your employees, customers, and suppliers safe while working, visiting, or conducting business at your facilities and supporting your business operations.

The Michael White Group International and Hilt International Security have partnered together in order to create a dynamic resource that is continuously growing, developing, and being  revised to keep you informed of the latest requirements, new best practices, and procedures.

As we all continue to navigate our  ‘new normal’, we have tapped into our global resources to develop a toolKIT that lays out processes to raise awareness of new health and well-being protocols and potentially helpful practices for cross-functional teamwork, operating discipline, and training for employees.

While it is not a one-size-fits-all approach, the Pandemic/Epidemic Business toolKIT includes practical recommendations, based on guidelines from Health Canada and World Health Organization, that could be tailored for different  businesses (when required) to address various scenarios they may face when returning to work. Regular updates will be made to the toolKIT based on real-time feedback. The toolkit covers a wide range of topics, including:

•      Step-by-step guides for setting up a pandemic response team

•      Cleaning and disinfection procedures

•      Staggering shifts and lunch breaks and other physical distancing strategies

•      On-site health screening

•      Protocols for isolating employees who become ill at work

•      & more.

This has been a difficult time for everyone, and re-establishing a workplace where employees feel comfortable performing their jobs safely is a multi-faceted challenge. It is our hope that by developing and providing this resource we can help your organization accomplish and adapt to the new operating protocols in today’s still ever challenging conditions.

Should your Municipality be open to exploring the need, whilst accessing our  toolKIT to assist you during  the re-opening, and re-populating of your facilities, contact Michael White Group International today, and in partnership with Hilt International Security we will be happy to assist.

 

 

Share