Performing Small Business Technology Assessments
Performing broad IT and general technology assessments within businesses and organizations are crucial. They can aid in documenting the network, identifying security vulnerabilities, and ensuring proper performance. Assessments can also help find ways in which technology can improve productivity and help the bottom line of an organization. For IT solution providers that support multiple organizations, assessments can be used to help in their sales process as well.
IT or technology assessments can be performed various ways, but should always at least result in some type of written report that can be shared in-person with IT staff, management, and decision makers. I’d also suggest that the IT professional performing the assessment have a checklist of sorts listing the items in which they should investigate. Though it’s not really possible to list every single item, it should be as thorough as possible.
Get an idea of the technology concerns
If an assessment is performed by an IT professional in-house then most of the technology concerns may be apparent, but they should still be reevaluated and thought through again during an assessment. If an assessment is performed by an outside IT provider, it’s crucial they fully understand the organization’s IT concerns and needs as well.
Forming an organization’s technology concerns involves evaluation by the IT professional in conjunction with questioning employees and management. When evaluating technology concerns, perhaps list items that are currently most needed or desired. Maybe it’s addressing the employee’s gripes about slow PC performance or Wi-Fi connection issues. List what technology concerns the organization might have in the future as well.
While drafting the concerns and assessment, also list the technology components that are most crucial to the organization. You’ll want to double-check these components and perhaps draft backup plans if they fail, or design these crucial components for redundancy and fail-over.
Network topology and documentation
One of the most very basic items you should look for in an assessment—as it often goes unchecked—is network documentation. This includes a network topology map showing the interconnection of the network components and written listing of all the basic details, including the following components:
- Internet connection
- Network infrastructure components
- Workstations and laptops
- Printers and copiers
- Mobile devices
The documentation should include model and serial numbers of equipment, IP and MAC addresses, and other basic configuration details. Basically, it should provide enough information that any IT professional can come in and setup the basic network from scratch. It can help when you bring on a new IT team member or if an outside IT provider comes in to help. Additionally, it can help the existing IT staff identify security vulnerabilities and other issues.
One way to address a general assessment is to list items that apply across all or most of the technology components and then evaluate each component on them. Here are, for instance, some items and questions the assessment may want to answer:
- Asset tracking: Is there a labeling and tracking system put into place to track the hardware and commercial software?
- Maintenance: Is there a plan for regular up-keep, like OS, firmware, and other software updates, hardware upgrades, and software-based and physical cleaning? And what’s the current status or need of these?
- Access control: Is the physical access and access security of device acceptable? Are secure passwords or methods used?
- Security protection: Is there an acceptable anti-virus or security solution installed and active?
- Security vulnerabilities: Are there any noticeable security concerns or risks? Do additional security vulnerability scans need to be made?
- Redundancy: Is there a backup or fail-over plan if the device is down?
- Data control: Is the data on the device secure? Is sensitive data encrypted and/or accessible only to those authorized?
- Monitoring and logging: Are there monitoring and logging mechanisms in place to keep tabs on status and use?
- System or configuration backups: Is there a practice in place to keep a current backup of configuration files of network devices or a hard drive image of PCs?
- File or data backups: Are there automatic backups of files and data? Are these stored off-site or otherwise safe in case of a disaster?
For a more thorough assessment, consider an in-depth evaluation and report on the individual technology components, such as:
- Network components: Do the routers, switches, access points, and other components have up-to-date firmware installed? Are the default passwords changed? Are the advanced settings optimized? Are the configurations backed up? Any old or legacy components that should be updated?
- Servers: Do the servers have the latest OS updates and security patches? Are there any old or legacy hardware and software that should be updated?
- Wired network: Are the Ethernet runs/outlets and their corresponding switch ports labeled? Any additional runs/outlets needed?
- Wi-Fi network: Is there adequate coverage and performance? Any interfering networks?
- UPS Battery Backup: Are crucial components protected by a UPS? Is the battery capacity sufficient? Do older batteries need replaced?
- Point-of-sale: Is the POS software up-to-date? Is the data backed up?
- Software: Are purchased licenses tracked? Are new software updates or versions available?
- Email: Is SPAM filtering in-place?
- Website: Is the website up-to-date? Has SEO been addressed? Any new desired functionality?
- Online Presence: Is the organization listed with search engines? How’s the search ranking of the website? Does the organization have social network pages?
- Collaboration: Is there a convenient way for employees to communicate with each other? Is there a VPN for remote workers and offices?
You might look at other technology areas as well, such as building automation. You could evaluate existing or possible automation solutions, such as security systems and cameras, door access systems, or digital HVAC management. Another often overlooked technology area is cellular service. Perhaps evaluate cell signals inside the building and consider looking into boosting solutions if needed.
During a broad technology assessment might be a good opportunity to evaluate IT-related policies. For instance, general policies covering computer, Internet, and Wi-Fi usage, and policies for data control and security. You might also evaluate internal IT policies covering maintenance schedules, backup and security measures, and user training and education. Plus check into any PCI Security requirements that apply to the network or organization.
Remember, a good technology assessment is done with certain concerns in mind, gathered from IT and non-IT members from the organization. Though all technology components should be evaluated and considered, knowing the concerns and components that are most crucial to the organization is vital. Always be on the lookout as well for technology that can help increase productivity and help the organization’s bottom-line.
Don’t forget, a good network topology map and up-to-date written documentation is one of the most basic items to look for in an assessment. It can expose all the technology components that exist in the organization, helping to ensure they’re evaluated in the evaluation.
Though there’s no real right or wrong way to perform assessments, they should however always provide a written report at the end. This could include a checklist of the items evaluated and written recommendations.