Animus Solutions Bits and Bytes Blog

Policies and why they are crucial

Phara McLachlan — Fri, 29 May 2009 12:00:31 +0000

Policies are often ineffective, often not understood, poorly managed, and represent more of a token gesture than a comprehensive and sustainable approach to risk management. Why are they so important? Policies not only serve as legal documents that protect the enterprise from liability, but they have also been used in court against the company if [...]

SAM for security

Phara McLachlan — Thu, 28 May 2009 12:00:08 +0000

Non-compliance with regulators and software vendors welcomes a host of problems - fees, lawsuits, bad publicity, in addition to security issues. Technology is the basis of the business world, and with every new program, internet browser and social network, come new security risks. The inability to control IT environments is a major problem for [...]

Software is going to solve all of my problems…NOT!

Phara McLachlan — Wed, 27 May 2009 12:00:32 +0000

We often run across clients who are sold by big brand technology companies on a software solution that is going to “do it all” for them and solve every problem they have. The reality check is that there is not a single piece of software out there that can do that, without due diligence [...]

Accountability for your assets

Phara McLachlan — Fri, 22 May 2009 12:00:41 +0000

Organizations are accountable for many things: their products or services, their employees, financials, etc. Corporate Governance can mean so many things - we believe part of that definition includes IT Governance. IT Governance is a framework for organizations to adopt industry standards and ethical practices for a productive business environment. Its well know that [...]

Software Asset Management (SAM) – why not?

Phara McLachlan — Thu, 21 May 2009 12:00:22 +0000

We often discuss software asset management on this blog, as it is what we do day in and day out for our clients. What we cannot understand is why, especially in an economic climate like the present, more companies do not realize its importance for both compliance and cost savings. On average 25% of [...]

BSA says piracy is up yet again

Phara McLachlan — Wed, 20 May 2009 12:00:15 +0000

It’s that time again, the BSA has put out their annual report on software piracy and once again, the worldwide piracy rate has risen again! Losses from software piracy was an alarming $50.2 billion, $9 billion of those losses are within the U.S. According to the BSA, “For every $1 of software sold in [...]

Animus’ Phara McLachlan in TechNewsWorld

Phara McLachlan — Tue, 19 May 2009 12:00:01 +0000

Our own Phara McLachlan published an article on TechNewsWorld this week about the importance of IT asset management for “moving assets” within an organization. The piece can be found here - check it out!

What is a data steward?

Phara McLachlan — Mon, 11 May 2009 12:00:48 +0000

When companies are implanting data governance they often identify a data steward (or several, depending on the size of the organization) to synchronize data collection processes, reduce data redundancy, and increase data accessibility, availability, and flexibility in a systematic manner or more simply put, exercise quality control of data. We highly recommend assigning this responsibility [...]

GRC – convergence killers

Phara McLachlan — Fri, 08 May 2009 12:00:31 +0000

We have talked briefly about implementing a governance risk and compliance (GRC) framework. Now, we need to address four important practices, or perspectives, that facilitate convergence when taking on any GRC activity. 1. Get Senior level buy-in - the first step once you have a clearly defined plan is to get support from the senior [...]

The value of data

Phara McLachlan — Tue, 05 May 2009 12:00:57 +0000

Data protection is a key IT function, and most IT managers know that you cannot properly protect data if you don’t know what it is worth. In order to determine its value, you must know where it is, how it is used, and where and when to integrate and federate it. In order to [...]

GRC competency

Phara McLachlan — Mon, 04 May 2009 12:00:46 +0000

We have briefly mentioned creating a GRC competency not only when implementing your GRC framework, but also for sustaining the effort. The GRC competency is a working team of internal audit, risk management and compliance experts outside the C-suite. Having a cross-functional team as the “leader” of the project will establish ownership, create an [...]

Identifying installed software

Phara McLachlan — Wed, 22 Apr 2009 12:00:30 +0000

Software discovery and software asset management are two activities that are too often pushed aside or put on hold when you are facing more important issues. They are only recognized when a problem arises, such as an audit by a vendor. Most organizations are still using excel spreadsheets to track software. This is certainly [...]

Governance risk and compliance

Phara McLachlan — Mon, 20 Apr 2009 12:00:21 +0000

Most Governance Risk and Compliance (GRC) cases are driven by external regulations or compliance requirements, such as Sarbanes Oxley (SOX). Creating a business case for GRC with this in mind is simple - do so or risk jail time. Internal controls over financial reporting are an essential function in your IT framework and should [...]

Data governance

Phara McLachlan — Thu, 16 Apr 2009 12:00:13 +0000

The idea of governing data is certainly not a new one. Most businesses have some form of data governance, but most are not doing it well. With advancements in technology comes added complexity to managing data, forcing companies to separate data governance out by division, business function and/or geographic location, causing the process to break [...]

The ITSM implementation structure defined

Phara McLachlan — Tue, 14 Apr 2009 12:00:47 +0000

A typical IT Service Management (ITSM) implementation can be anywhere from 30 days to a year, depending on the task at hand. When we begin the process with any client, our first step is determining what we are working with - the existing IT infrastructure, the process and services in place, etc. Once we [...]