27 Sep Technology, Digital, and Governance Self-Assessment Checklist
Technology continues to evolve. The rate of change and complexity associated with aligning technology with enterprise organizational strategy has become a challenge that all organizations face.
People that run today’s organizations are consistently faced with difficult operational circumstances in which they can’t respond to their customers, or general marketplace demands, due to antiquated or ineffective systems and process. Moreover, they typically rush to implement a system that doesn’t align with their long-term strategy requirements just to get “something in place”.
At Mastek, formerly TAISTech, we believe the strategic use of technology and process requires a deep, 360-degree understanding of:
- Business goals
- Team capabilities
- Market pressures
- Available technology
- Scalability of the system
Our ability to meet organizations where they are in their journey, paint a picture (offer digital direction & design for their future) of the future, while co-implementing ”just in time” solutions makes Mastek’s technology professionals a valuable extension of your management and leadership team.
Mastek (our passionate team of experts) has spent more than 35 years of aggregating value-driving solutions, best practices, and operational technology processes to give you a complete view of your business gaps and technology needs.
As a first step, we are proud to provide this Enterprise Technology Self-Assessment to start the conversation. If you would like a Downloadable / Printable Version of this Self-Assessment Checklist please click here.
——————– Start of Checklist ——————–
Instructions: Check the box if you possess the deliverable, process, or can answer “Yes”. Leave the box blank if you don’t have the process in place or answer “No”.
Enterprise Strategy Positioning
☐ Do you consistently (quarterly or yearly) pull together leadership, management, operations, and your customers to define your strategy for the next fiscal year?
☐ ☐ Do you consistently (quarterly or yearly) pull together leadership, management, operations, and your customers to define your strategy for the next fiscal year?
☐ Does your organization have a documented technology strategy that aligns with your revenue, sales, and operational process goals?
☐ Does your organization create a budget for all managed services, application support, IT upgrades, bug fixes, and enhancements for each area of the business? This could include multiple business units.
☐ If yes to the previous question, does your budget account for expected company growth over the next fiscal year? This should include revenue, employee headcount, and other measurable growth.
☐ Are you creating a 12 & 24-month roadmap for investment to match the requirements of your industry? To surpass your competition and gain an edge in the marketplace?
☐ Is your organization using any predictive analysis analytic tools to aggregate and simplify data into actionable insights?
☐ Do you have a business redundancy plan for disruption and threats? e.g. A new competitor or you lose a supplier.
☐ Does your organization provide training on how to handle a breach or intrusion of technology applications/systems?
☐ Do you consistently monitor systems for security patches and incremental feature rollouts to better serve your business?
☐ Do you have a single employee identified to be responsible for aligning technology, risk, and business requirements? We recommend an evangelist that can understand a P&L and a Systems Map.
☐ Is critical talent moving away from your organization? Is it difficult to recruit for your organization?
☐ Does your organization have a formal IT security policy? This should include both internal employees and outside contractors, partners, subsidiaries, etc.
☐ Does your organization have an enterprise-wide documented password policy or encrypted password storage application?
☐ Does your organization carry out security verification checks on permanent employees at the time of hire, or when given access to a new application?
☐ Does your organization have a written policy for on-boarding and off-boarding employees, contractors, and third-party users when they access applications, systems, or are given possession of hardware on behalf of the organization?
☐ Does your organization have an IT security education program? Do you regularly offer refresher courses?
☐ Do you know your global administrators? Are they uniquely identified, or do they share a username “Admin” with no ability to trace back who it is/was?
☐ Can you answer “Who are my users, who gave them that access, what are they doing with that access, what are they accessing, and is there segregation of duties issue?
☐ Do you have a scheduled backup process enabled for all production environments? E.g. files, database, code, etc.?
☐ Does your organization have a documented backup procedure for employee local computer files? This is their employer-provided desktop or laptop computer.
☐ Are backups stored in a secure location, away from the original data source? For cloud applications or databases, are you using a separate instance or storage facility?
☐ If all production data is lost, are you comfortable with your current backup package being your live production data?
Inventory and Objectives
☐ Is all your infrastructure and application documentation organized and searchable?
☐ Does your organization get a master device and hardware list for each employee?
☐ Do you maintain an up-to-date network, application, and data flow map within your IS/IT area of excellence?
☐ Has your organization defined quantitative and qualitative IT security or development operations objectives?
Data Classification Assessment
☐ Does your security and compliance team communicate the goals of each data class in an easy to remember manner? (see example below)
- Public – Data that is generally available to your customers, shoppers, media, and the general public. E.g. Job postings, FAQs, Financial Reporting (for Public Companies)
- Internal – Data that is available to those stakeholders within your business. This can be accessed by your employees. E.g. New product R&D, Marketing material, corporate contact list, insurance premium information, PTO calendar
- Limited – Data of a sensitive or confidential nature that is protected from general distribution, typically related to one to one conversations. E.g. Access to a specific user’s data, price books, unique identifiers (VAT, account ID, etc.)
- Restricted – Any data (internal and external) that is highly sensitive and poses a financial or reputation risk to the business. This information should be highly restricted, encrypted, and managed with care. E.g. Social Security Number, Health Information, Credit Card or Banking Information, Passwords, other (depending on vertical)
☐ Do you require Vendor Assessments or Compliance certifications from Vendors? This is especially important for Cloud/SaaS vendors.
☐ Are your existing business applications fully meeting your organizational needs or the needs of your end consumers? If not, jot down the problem areas.
☐ Do your employees leverage the full breadth of enterprise application(s)? If not, jot down problem areas.
☐ Do you have legacy technology that is limiting a growth opportunity?
☐ Do your employees constantly complain about manual process or inefficiencies in their day to day operations?
☐ Have you conducted an employee survey (in the last year) to gain insights you need to improve technology in your environment to maximize efficiency?
☐ Do you conduct automated Quality Assurance test on your applications? This includes front-end user testing, back-end penetration tests, and more.
☐ Do you have a written process for applying application code patches, upgrades, etc.?
☐ Is your organization, or your managed services partner consistently, reviewing SEO, SEM, marketing, and user experience best practices to drive a consistent roadmap? Typically, data and customer drives application innovation.
☐ Are you leveraging more than 3 direct application to application integrations? E.g. using REST API to talk to your ERP, or REST API to talk to your in-store Point-of-Sale/Kiosk?
☐ Are you using batch file integration (e.g. csv, xml) where a real-time integration would be more appropriate?
☐ Do you consistently experience recurring errors with data transfer between systems?
☐ If you have more than 1 entry point for end-customers (instore, eCommerce, phone, sales representatives) are you aggregating/syncing that data to a self-service portal for increased customer experience and retention?
☐ Do you maintain applications that required manual intervention? E.g. creating manual data entry (“swivel chair”) for your employees.
☐ Does your organization have a detailed list of your service contract dates (e.g. when a license needs to be renewed)?
☐ Does your organization maintain (or outsource) an IT support team to assist with best practices and day to day maintenance requests?
☐ Does your organization have proper documentation of your systems to resolve issues quickly? If you are using cloud services, do you have an up-to-date list of Documentation Wikis?
☐ Is your IT support timely? Does the average response and resolution time meet the needs of your business units?
☐ Does your organization find yourself solving issues more than once? E.g. continually patching an application or resolving code bugs.
☐ For managed services, do have a written list of Service Level Agreements (SLAs) from your Solution Provider?
Applying this Checklist and Next Steps
While not an exhausted list, each area on this checklist is an important component of a scalable, effective organization. If you were not able to check off all but four boxes it may indicate your organization is at risk. Even if you only have one item unchecked, you may need to make adjustments to ensure that your system is secure, lowers risk, and performs at its peak.
It’s essential that you review these technical and process principles with your internal IT department or managed services Solution Provider. If you do not have a trusted IT or Digital partner who can address these issues, please reach out to Mastek, formerly known as TAISTech via our Contact Form. Our mission is to see our customers and partners succeed and we are delighted to complete mutual exploration to pinpoint areas of improvement.
About the Author
Mike Cristancho is self-admittedly blessed to lead the Pre-Sales and Solutions Consulting division of Mastek, formerly TAISTech. As a 13+ year veteran of eCommerce and digital, he leverages his vast experience to find creative solutions for complex requirements. He is truly passionate about digital enablement and guiding customers through growth. Connect with Mike on LinkedIn.