Your Full Spectrum IT Assessment

Welcome! You are about to complete Rehmann's 360° Assessment. The purpose of this assessment is to provide a measurement of the overall health and ability of your technology environment to support the mission of your organization. Depending on the organization, the assessment should only take 10 to 15 minutes to complete. Upon completion, your answers will be sent to our specialists who will score and create a report just for your organization. This roadmap will allow us to jointly align technology with your business objectives to improve the overall value of technology to your organization.

   
Are you a current Rehmann client? *
 

IT Spending and Organizational Philosophy

The following questions are designed to provide an overview of the organization's philosophy around IT spending and the perceptions pertaining to the use of technology for strategic advancement of the organization.

Which statement best matches the philosophy of your organization about IT in general: *
Which statement best describes the management’s understanding or perception of IT? *

Cybersecurity

With the critical reliance on technology today and the ever growing list of threats, every business must employ multi-point security. This includes protecting server(s), any/all gateways, endpoints (PC's etc) - all the tools that are used in the processing of business data. Ideally these prevention mechanisms are managed and automated to ensure they are up to date and protecting against real time threats.

Do you have a documented security plan in place? *
Has an external vulnerability scan been run in the last 6 months with clean results? *
Is cybersecurity user awareness training done at least once per year? *
Are users forced to change their passwords at least once per quarter? *
Are all passwords at least semi-complex with a minimum length of 12 characters? (i.e. Use upper/lower case and alpha-numeric) *
Is there a commercial anti-virus/anti-malware software on all servers? *
Is there a business-class anti-virus/anti-malware solution installed on all computers from a top-tier manufacturer (such as TrendMicro, Webroot, Sophos)? *
Are anti-spam measures being taken? *
Do all protection systems (anti-virus; anti-spam; etc) automatically update? *

Network Security

Like the locks on your door, the first layer of defense is keeping threats out of your network in the first place. Reasonable network security includes at a minimum a physical firewall, access control, and password policies that adhere to standard best practices.

Is your firewall manufactured by either Cisco or WatchGuard? *
Are all security systems under warranty and/or maintenance? *
Have security/software updates been applied in the last 6 months? *
Are you able to track which users in your organization accessed a given file or files? *

Physical Security

Without physical security measures in place, unwanted guests could easily access your technology or important customer information. Reasonable physical security must be in place to prevent unnecessary access to the actual components of the technology infrastructure and the sensitive data contained there.

Is access to key network components (i.e. servers, switches, routers) protected by a locked door? *
Does access to production areas require manual intervention? (i.e. someone cannot simply walk into your offices and get to the inner portions of your organization without a checkpoint/person) *

Ongoing Management and Monitoring

As the old adage goes, an ounce of prevention is worth a pound of cure. Ongoing system-wide monitoring is just that — the ounce of prevention that your business needs to head off major issues before they become costly system failures.

Are all key network elements (i.e. servers, routers, switches) monitored for up/down, utilization, trending, etc? *
Are any metrics (i.e. revenue growth; employee count; business intelligence) used for capacity planning? *
Is strategic technology planning conducted a minimum of twice per year? *
Is proactive system maintenance being done - i.e. regular maintenance windows are scheduled and kept? *

Asset Management

Asset management is more than just knowing what you have. Tracking software licenses, service contracts, warranties, and software media, etc. can all have a positive impact by providing you control over your business assets. Having the ability to renew service agreements or refresh equipment before they wear out keeps your business running more productively than the alternatives. There is nothing worse than hearing that your equipment is out of warranty and the only parts available are on ebay - when it is 2AM and you have a major customer order on the line - don't let this happen to your business.

Are all software licenses tracked in a database? *
Are all service contracts and/or warranties tracked in a database? *
Do you know where all your software media is located? *
Is there an asset management strategy in place? *
Is the hardware inventory tracked in a database? *

Acceptable Use Policy

The use of company technology assets must be controlled by at least a generic Acceptable Use Policy to mitigate risk and ensure highest and best use.

Has every user signed an Acceptable Use Policy? *

Patch Management

Patches and updates are released regularly to protect from threats, bugs, and glitches that are found in systems after they have been deployed. These can be and should be automatically applied whenever possible, but only after being tested and certified as safe or they can produce disastrous consequences.

Are patches automatically deployed? *
Are patches tested before deployment? *

Business Continuity Plan

If you are like most businesses, you have spent thousands of hours planning for success, but how much time have you spent planning around for disruptions? Every business large and small must have a documented plan to recover from a major business interruption or technology failure. In addition, your plan should be distributed and practiced by everyone in your business.

Is there a documented Business Continuity (BC) and/or Disaster Recovery (DR) plan? *
Are there documented Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO)? *
Has the plan been updated in the last 6 months? (no plan = 'No') *
Is the plan stored offsite? (no plan = 'No') *
Has the plan been tested in the last 12 months? (no plan = 'No') *
Is the hardware/software needed for recovery readily available to be used within the targeted recovery window? *
Do you know what an hour of downtime costs your organization? *

Messaging (Email, Calendaring, etc)

Whether your messaging is local or hosted: email, calendaring, and other messaging platforms have become the mainstay business applications for collaboration and customer service. Most businesses now rank email as one of their top 5 critical business processes. Without it, many companies would be unable to communicate effectively.

Is the messaging platform local? (answering 'No' implies a hosted solution) *
Is the messaging platform a current version of a commercial package? (i.e. Office 365; Exchange/Hosted Exchange; Not POP3 such as Gmail/Yahoo/MSN/Hotmail) *
If onsite, is there a high degree of confidence that your email is secure? *
Has the messaging platform been acceptably available 99% of the time or more? *
Is the messaging system redundant? (i.e. redundant servers, replication) (If O365, then "Yes") *
Is there a cached or "mailbagging" system in place to allow for messages to be temporarily held offsite if the main system goes down? *
Do you have compliance requirements around the archival, management, and handling of email, and if so, are these processes automated? (if no requirements = yes) *
Does the email system perform as needed, as often as needed? *

Mobile Devices? Or Remote Workforce?

As portable devices such as smartphones and tablets grow in popularity, the line continues to blur between access methods. As the workforce becomes more remote, IT must adapt with methods to provide, manage, and secure remote access points.

Is there proper security in place if a user utilizes their own device to access corporate data? *
Are remote users able to access key applications and data from anywhere there is a reliable Internet connection? (no existing remote access = 'Yes') *
Do remote users have to at least use their normal login credentials to gain access remotely? (no remote access = 'Yes') *
Do your smartphones integrate with business applications reliably? (i.e. email/calendaring-specific apps) (If you do not use smartphones, answer "Yes") *
Is remote access business-productive in terms of performance and reliability? *
Do you currently use a Mobile Device Management (MDM) solution to manage mobile devices in your organization? *

Backup

Businesses rely on data. Backing up your data and maintaining your backups can be complex and risky if not done properly. Backup techniques and technologies must align with your business needs and be as automated as possible. Ensure that data backups involve an offsite component that is secure and automated to protect this valuable asset.

Does the backed up data get electronically and automatically sent offsite? *
Is all of your data able to be backed up in the allowed window of time? *
Has a successful restore (even a test) been done in the last 6 months? *
Is the backup disk-based (a 'no' implies tape-based)? *
Is one of the following backup platforms being used? (SafeVault, Veeam, Barracuda) *
Can you restore far enough back to meet business needs? *
Are remote locations being successfully backed up? (no remotes = Yes) *
If there is sensitive/business data on the endpoints (laptops/PC's/tablets), is it being successfully backed up? *

Server

Server hardware is like the engine running your business. Careful consideration must be given to the purposes your servers will perform to ensure the right one(s) for the job. Much like you wouldn't use a lawn mower engine to power a semi-truck, underpowered servers will not perform and could bring your business to a crawl. Not only is it important to consider only top-tier manufacturers such as HP, IBM or Dell, but careful review of the servers purpose will drive specifications for RAM, Processor, hard drives, etc.

Are all your servers manufactured by one of the following vendors? (HP, IBM, Dell, Cisco) *
Are all production servers less then 3 years old? *
Have all production servers run failure-free for at least the last 6 months? *
Is virtualization being employed on any/all server(s)? *
Are the server components redundant (power, fans, CPU)? *
Are all production servers under warranty or a professional maintenance agreement? *
Are all servers running supported versions of Microsoft Windows Server or Linux? *

Suitable Environment

Computer and networking equipment is designed to operate within heavily controlled environments for best results. To ensure the best possible performance and longevity of your equipment, this infrastructure should be in a location that is maintained at a proper temperature and humidity, is relatively dust free, and has adequate and clean power available. This section is designed to review how closely your equipment environment meets an ideal.

Is there a fire suppression system near the servers/equipment? (extinguisher = 'No') *
If so, is the system gas-based? (water-based/sprinklers = 'No') *
Are there smoke detectors as well? *
Can one person comfortably get to all sides of the equipment - is there adequate workspace? *
Is the temperature in the equipment room at room temperature or less? (68 degrees farenheit) *
Does a "white glove" test on any equipment or work surfaces show as dust-free? *
Is the room free of dripping water and/or condensation? *
Is the equipment housed in a proper enclosure with stable support? *
Is the room where the equipment is stored neat and free of debris (including cables that could be tripped over or damaged)? *

Storage

Centralized data storage is an ideal scenario for efficiently increasing capacity without disruptions to productivity. Specific-purpose servers and very small enterprises can employ local storage with minimal risk, but many organizations benefit from centralized storage due to its enhanced scalability, performance, more efficient use of capacity, and overall cost savings.

Is a SAN (Storage Are Network) or NAS (Network Attached Storage) used for primary centralized storage of data? *
Is there at least 20% free disk space on each server (if even one server has less = 'Somewhat/I Don't Know') *
Are you pleased with how your applications perform? *
Is the storage environment free of single points of failure? (Are all connected components in the storage environment redundant - i.e. Dual NIC/FC Cards, Dual controllers, Dual switches, etc. - if no SAN or NAS is present this would be answered "no".) *
Has the system run failure-free for at least the last 6 months? *
Has your data storage capacity been greater than your data growth over the last 2 years? (i.e. - if you have run out of space in the last 2 years = 'No') *

Power

Power issues can be cited for almost 30% of all computer mortalities, making power conditioning one of the most important system safeguards to consider for the longevity of your equipment. Not only is this key for protection of the equipment itself, but also highly important when it comes to safeguarding against fire and other power-related risks. Power conditioning equipment made by top-tier manufacturers can ensure clean, online power with intelligent shut-down capabilities is supplied and managed to invaluable equipment.

Is your UPS a business-class model from a top-tier manufacturer (such as Emerson/Vertiv/Liebert, APC or Eaton)? *
Is the power delivered to the equipment via a dedicated electrical circuit? *
Is the run-time (i.e. battery life) on the UPS sufficient to allow a graceful shutdown? *
Is the software installed to automatically facilitate a graceful shutdown in the event of power loss? *
Is the UPS remotely manageable (i.e. network cards installed)? *
Has the UPS been error-free for at least 6 months? (i.e. no fault lights, failures) *
Does the UPS run a self-test weekly? *
Have there been 3 or fewer power outages in the last 12 months? *
Is all of the networking equipment power-protected? (includes switches, etc. in IDF/remote closets) *
Is the main UPS under maintenance? *
Is there a generator that automatically provides power in the event of power loss? *

Network

So much of your business rides on your network - literally. Research shows that connectivity options have become increasingly crucial in the grand scheme of business operations. Diversification in the workplace, collaboration tools, mobile needs, videoconferencing, and distributed computing require networks that work - hard.

Do all of the networks run at a level of acceptable performance 99% of the time or more? *
Have the networks run outage-free for at least the last 6 months? *
Is all of your network equipment a business-class model from a top-tier manufacturer (such as Cisco, Dell or HP)? *
Is the cable plant (Local Area Network wiring) at professional standard (Cat 6 or better), including cable management and labeling? *
Are all of your switches and routers under warranty and/or maintenance? *
If a wireless network is present, is the design based on a professional survey (if no wireless = 'Yes') *
If wireless networking is in place, is the equipment business-class from a top-tier manufacturer (such as Ruckus, Watchguard, Cisco, Meraki) - if no wireless, then answer 'Yes' *
If wireless is in place, is there a separation between the private and public/guest network? (if no wireless = 'Yes') *

Internet

With so many choices for high-speed Internet connectivity, it can be overwhelming to choose what is best for your business. Ensuring you have real business-class Internet service could mean saving your business thousands of dollars during an outage - either locally or in the event of a carrier interruption. Making the wrong choice could mean days of lost opportunities. Other services are critical as well - such as DNS/DCHP - be sure your provider can clearly articulate your services and what Service Level Agreements they can deliver.

Does the Internet perform acceptably at least 99% of the time or better? *
Do you have documentation from and easy access to your ISP support? *
Is your Internet access business-class? (if you have a cable/DSL modem, answer "No") *
Does your internet Service Provider offer you SLA's (Service Level Agreements)? *
Is the demarc location known, and is it located where you have access? (demarc is where the Telco company's wiring comes into your building/suite) *

Reliable Access

All the server horsepower and heightened security in the world does your business no good if no one is able to access the data or applications necessary to do their jobs. Many choices are available for end-user access, the best choices are available from Tier 1 manufacturers in the form of desktops, laptops, tablets, smartphones, and/or terminals/thin clients.

Are all of the end-user devices (computer/laptops) business-class models from a top-tier manufacturer (such as HP; Dell; Apple; Lenovo)? *
Are all of the workstations currently running a manufacturer supported version of the Operating System? *
Are all the end-user devices under warranty and/or maintenance OR is there a replacement schedule in place? *