Your Full Spectrum IT Assessment

Welcome! You are about to complete Rehmann's 360° Assessment. The purpose of this assessment is to provide a measurement of the overall health and ability of your technology environment to support the mission of your organization. Depending on the organization, the assessment should only take 10 to 15 minutes to complete. Upon completion, your answers will be sent to our specialists who will score and create a report just for your organization. This roadmap will allow us to jointly align technology with your business objectives to improve the overall value of technology to your organization.

   
Are you a current Rehmann client? *

IT Spending and Organizational Philosophy

The following questions are designed to provide an overview of the organization's philosophy around IT spending and the perceptions pertaining to the use of technology for strategic advancement of the organization.

Which statement best matches the philosophy of your organization about IT in general: *
Which statement best describes the management’s understanding or perception of IT? *

Cybersecurity

With the critical reliance on technology today and the ever growing list of threats, every business must employ multi-point security. This includes protecting server(s), any/all gateways, endpoints (PC's etc) - all the tools that are used in the processing of business data. Ideally these prevention mechanisms are managed and automated to ensure they are up to date and protecting against real time threats.

Do you have a documented security plan in place? *
Has an external vulnerability scan (or penetration test) been run in the last 6 months with clean results? *
Is cybersecurity user awareness training done at least once per year? *
Are users forced to change their passwords periodically? *
Are all passwords complex with a minimum length of 10 characters? *
Is there a business-class anti-virus/anti-malware solution with active subscription installed on all workstations? *
Is there an anti-spam filter in place for incoming email (excluding Outlook native tools)? *
Is there Endpoint Detection and Response (EDR) software with active subscription on all servers? *

Network Security

Like the locks on your door, the first layer of defense is keeping threats out of your network in the first place. Reasonable network security includes at a minimum a physical firewall, access control, and password policies that adhere to standard best practices.

Is your firewall manufactured by a top-tier security manufacturer (Cisco, WatchGuard, Fortinet, Barracuda, etc.) with active subscription? *
Are Security components on a current, supported version of firmware? *
Do you have a data governance solution in place for tracking access and changes to files and organizational data? *

Physical Security

Without physical security measures in place, unwanted guests could easily access your technology or important customer information. Reasonable physical security must be in place to prevent unnecessary access to the actual components of the technology infrastructure and the sensitive data contained there.

Is physical access to key network components (i.e. servers, switches, routers) protected by a locked door? *
Does access to production areas require manual intervention? (i.e. someone cannot simply walk into your offices and get to the inner portions of your organization without a checkpoint/person/key.) *

Ongoing Management and Monitoring

As the old adage goes, an ounce of prevention is worth a pound of cure. Ongoing system-wide monitoring is just that — the ounce of prevention that your business needs to head off major issues before they become costly system failures.

Are all key network elements (i.e. servers, routers, firewalls, switches) monitored for up/down, utilization, trending, etc.? *
Are business metrics (i.e. revenue growth; employee count; business intelligence) used for IT capacity planning? *
Is strategic technology planning conducted a minimum of once per year? *
Is proactive system maintenance being done - i.e. regularly scheduled patching, software updates, firmware updates, etc.? *

Asset Management

Asset management is more than just knowing what you have. Tracking software licenses, service contracts, warranties, and software media, etc. can all have a positive impact by providing you control over your business assets. Having the ability to renew service agreements or refresh equipment before they wear out keeps your business running more productively than the alternatives. There is nothing worse than hearing that your equipment is out of warranty and the only parts available are on ebay - when it is 2AM and you have a major customer order on the line - don't let this happen to your business.

Is the currently installed software tracked in an inventory database? *
Are all service contracts and/or warranties tracked in a database? *
Do you know where all your software media is located (physical or downloaded media)? *
Is there an asset management strategy (hardware/software refresh cycle strategy) in place? *
Is the hardware inventory tracked in a database? *

Acceptable Use Policy

The use of company technology assets must be controlled by at least a generic Acceptable Use Policy to mitigate risk and ensure highest and best use.

Has every user signed an Acceptable Use Policy? *

Patch Management

Patches and updates are released regularly to protect from threats, bugs, and glitches that are found in systems after they have been deployed. These can be and should be automatically applied whenever possible, but only after being tested and certified as safe or they can produce disastrous consequences.

Are patches automatically deployed for servers? *
Are patches automatically deployed for workstations? *
Are patches tested before deployment? *

Business Continuity Plan

If you are like most businesses, you have spent thousands of hours planning for success, but how much time have you spent planning around for disruptions? Every business large and small must have a documented plan to recover from a major business interruption or technology failure. In addition, your plan should be distributed and practiced by everyone in your business.

Is there a documented Business Continuity (BC) and/or Disaster Recovery (DR) plan? *
Are there documented Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)? *
Has the plan been updated in the last 6 months? (if there is no plan, answer 'No') *
Is the plan stored offsite? (if there is no plan, answer 'No') *
Has the plan been tested in the last 12 months? (if there is no plan, answer 'No') *
Is the hardware/software needed for recovery readily available to be used within the targeted recovery window? *
Do you know what an hour of downtime costs your organization? *

Messaging (Email, Calendaring, etc)

Whether your messaging is local or hosted: email, calendaring, and other messaging platforms have become the mainstay business applications for collaboration and customer service. Most businesses now rank email as one of their top 5 critical business processes. Without it, many companies would be unable to communicate effectively.

Is your email platform hosted on Microsoft 365 or Gmail? *
Do you feel your email is secure? *
Has the messaging platform been acceptably available 99% of the time or more? *
Is there a cach system in place to allow for messages to be temporarily held offsite if the main system goes down? *
Do you have compliance requirements around the archival, management, and handling of email, and if so, are these processes automated? (if no requirements, answer 'Yes') *

Mobile Devices? Or Remote Workforce?

As portable devices such as smartphones and tablets grow in popularity, the line continues to blur between access methods. As the workforce becomes more remote, IT must adapt with methods to provide, manage, and secure remote access points.

Do you enforce security on personally owned devices that access corporate data? *
Do you have a VPN in place for remote access to your company network? *
Are users required to use multi factor authentication for remote access? *
Do you permit users to access business applications using their personal smartphone? *
Do you currently use a Mobile Device Management (MDM) solution to manage mobile devices in your organization? *

Backup

Businesses rely on data. Backing up your data and maintaining your backups can be complex and risky if not done properly. Backup techniques and technologies must align with your business needs and be as automated as possible. Ensure that data backups involve an offsite component that is secure and automated to protect this valuable asset.

Is your backup data automatically/electronically sent to an offsite location? *
Is all of your data able to be backed up in the allowed window of time? *
Has a successful restore or test restore been done in the last 6 months? *
Do you still rely on tape or removable media for backups? *
Is your backup air gapped (a copy of backup data is inaccessible from the company network)? *
Can you restore far enough back to meet business needs? *
Are remote servers being successfully backed up? (if no remote servers, answer 'Yes') *
If there are sensitive/business data on endpoints (laptops/PC's/tablets), is it being successfully backed up? *

Server

Server hardware is like the engine running your business. Careful consideration must be given to the purposes your servers will perform to ensure the right one(s) for the job. Much like you wouldn't use a lawn mower engine to power a semi-truck, underpowered servers will not perform and could bring your business to a crawl. Not only is it important to consider only top-tier manufacturers such as HP, IBM or Dell, but careful review of the servers purpose will drive specifications for RAM, Processor, hard drives, etc.

Are all your servers manufactured by a tier one vendor? (HP, IBM, Dell, Cisco) *
Are all production servers less than 5 years old? *
Have all production servers run failure-free for at least the last 6 months? *
Is virtualization being utilized on any/all server(s)? *
Are the server components redundant (power, fans, CPU)? *
Are all servers running supported versions of Microsoft Windows Server? *
Are all production servers under warranty or a professional maintenance agreement? *

Suitable Environment

Computer and networking equipment is designed to operate within heavily controlled environments for best results. To ensure the best possible performance and longevity of your equipment, this infrastructure should be in a location that is maintained at a proper temperature and humidity, is relatively dust free, and has adequate and clean power available. This section is designed to review how closely your equipment environment meets an ideal.

Is there a fire suppression system near the servers/equipment? (manual fire extinguisher only, answer 'No') *
If so, is the system gas-based? (for water-based/sprinklers, answer 'No') *
Are there smoke detectors in your server room/data center? *
Is there at least 24 inches of clearance on all sides of the server enclosure/rack? *
Is the temperature in the equipment room at room temperature or less? (75 degrees Fahrenheit) *
Does a "white glove" test on any equipment or work surfaces show as dust-free? *
Is the room free of dripping water and/or condensation? *
Is the equipment housed in a proper enclosure with stable support? *
Is the room where the equipment is stored neat and free of debris (including cables that could be tripped over or damaged)? *

Storage

Centralized data storage is an ideal scenario for efficiently increasing capacity without disruptions to productivity. Specific-purpose servers and very small enterprises can employ local storage with minimal risk, but many organizations benefit from centralized storage due to its enhanced scalability, performance, more efficient use of capacity, and overall cost savings.

Is a SAN (Storage Area Network) used for primary centralized storage of data? *
Is there at least 20% free disk space on each server (if even one server has less, answer 'Somewhat/I Don't Know') *
Has the system run failure-free for at least the last 6 months? *
Does your data storage have enough space to accommodate two years of expected growth? *

Power

Power issues can be cited for almost 30% of all computer mortalities, making power conditioning one of the most important system safeguards to consider for the longevity of your equipment. Not only is this key for protection of the equipment itself, but also highly important when it comes to safeguarding against fire and other power-related risks. Power conditioning equipment made by top-tier manufacturers can ensure clean, online power with intelligent shut-down capabilities is supplied and managed to invaluable equipment.

Is your Uninterruptible Power Supply (UPS) a business-class model from a top-tier manufacturer (such as Emerson/Vertiv/Liebert, APC or Eaton)? *
Is the power delivered to the equipment via a dedicated electrical circuit? *
Is the run time (i.e. battery life) on the UPS sufficient to allow a graceful shutdown? *
Is there software installed to automatically facilitate a graceful shutdown in the event of power loss? *
Is the UPS remotely manageable (i.e. network card installed)? *
Has the UPS been error-free for at least 6 months? (i.e. no fault lights, failures) *
Have there been 3 or fewer power outages in the last 12 months? *
Is all of the networking equipment power-protected? (includes switches, etc. in IDF/remote closets) *
Are all UPS units under maintenance? *
Is there a generator that automatically provides power in the event of power loss? *

Network

So much of your business rides on your network - literally. Research shows that connectivity options have become increasingly crucial in the grand scheme of business operations. Diversification in the workplace, collaboration tools, mobile needs, videoconferencing, and distributed computing require networks that work - hard.

Is your network performance acceptable to your general satisfaction? *
Have the networks run outage-free for at least the last 6 months? *
Is all of your network equipment a business-class model from a top-tier manufacturer such as Cisco, Dell or HP? *
Is the Local area network wiring at professional standard (Cat 6 or better), including cable management and labeling? *
Are all of your switches and routers under warranty and/or maintenance? *
If a wireless network is present, is the design based on a professional survey (if no wireless, answer 'Yes') *
If wireless networking is in place, is the equipment business-class from a top-tier manufacturer such as Ruckus, Fortinet, WatchGuard, Cisco, Meraki? (if no wireless, then answer 'Yes') *
If wireless is in place, is there a separation between the private and public/guest network? (if no wireless, answer 'Yes') *
Is your company network segmented by data type (separate voice, server, management, etc. networks)? *

Internet

With so many choices for high-speed Internet connectivity, it can be overwhelming to choose what is best for your business. Ensuring you have real business-class Internet service could mean saving your business thousands of dollars during an outage - either locally or in the event of a carrier interruption. Making the wrong choice could mean days of lost opportunities. Other services are critical as well - such as DNS/DCHP - be sure your provider can clearly articulate your services and what Service Level Agreements they can deliver.

Does the Internet perform acceptably at least 99% of the time or better? *
Do you have documentation from and easy access to your ISP support? *
Is your Internet access business-class? (if you have a cable/DSL modem, answer "No") *
Does your internet Service Provider offer you SLA's (Service Level Agreements)? *
Is the demarc location known, and is it located where you have access? (demarc is where the Telco company's wiring comes into your building/suite) *

Reliable Access

All the server horsepower and heightened security in the world does your business no good if no one is able to access the data or applications necessary to do their jobs. Many choices are available for end-user access, the best choices are available from Tier 1 manufacturers in the form of desktops, laptops, tablets, smartphones, and/or terminals/thin clients.

Are all of the end-user devices (computer/laptops) business-class models from a top-tier manufacturer (such as HP; Dell; Apple; Lenovo)? *
Are all of the workstations currently running a manufacturer supported version of the Operating System? *
Are all the end-user devices under warranty and/or maintenance OR is there a replacement schedule in place? *

General Satisfaction

Are you pleased with how your applications perform? *
Copyright © 2024, Rehmann, LLC