Authentication and Access Control

Threats to your data can come from external or internal sources.

There are individuals who don’t have the authorisation but are driven by malicious intentions to gain access to certain information. This may refer to individuals who already belong to your organisation (but don’t have the necessary access rights) as well as those who don’t.
There are individuals who have both the authorisation and, unfortunately, the malicious intentions over certain information.
Finally, there are individuals who have the authorisation, no malicious intentions, but have accidentally exposed the information in question to those without the proper authority.

While curbing threats 2 and 3 would require other methods, threat #1 can be countered if the right authentication and access control systems are in place.

Here’s what we can do for you:

Work with your key personnel to determine who gets access to what.
Help you decide whether a single factor or a two-factor authentication (2FA) is appropriate for your organisation and recommend which factors are most suitable. Login methods may include but are not limited to the following:
- biometric devices
- Kerberos tickets
- mobile phones
- passwords
- PKI certificates
- proximity cards
- smart cards
- tokens
Install the necessary infrastructure needed for the factors chosen. For instance, if you opt to use biometrics, then biometric scanners will be installed. We’ll make sure that the authentication terminals are situated in places where achieving optimal traffic and work flow has been taken into consideration.

Other defences we’re capable of putting up include:

Check our similar posts

How to Reduce Costs when Complying with SOX 404

Section 404 contains the most onerous and most costly requirements you’ll ever encounter in the Sarbanes-Oxley Act (SOX). In this article, we?ll take a closer look at the salient points of this contentious piece of legislation as it relates to IT. We?ll also explain why companies are encountering difficulties in complying with it.

Then as soon as we’ve tackled the main issues of this section and identify the pitfalls of compliance, we can then proceed with a discussion of what successful CIOs have done to eliminate those difficulties and consequently bring down their organisation’s IT compliance costs. From this post, you can glean insights that can help you plan a cost-effective way of achieving IT compliance with SOX.

SOX 404 in a nutshell

Section 404 of the Sarbanes-Oxley Act, entitled Management Assessment of Internal Controls, requires public companies covered by the Act to submit an annual report featuring an assessment of their company?s internal controls.

This ?internal control report? should state management’s responsibility in establishing/maintaining an adequate structure and a set of procedures for internal control over your company?s financial reporting processes. It should also contain an assessment of the effectiveness of those controls as of the end of your most recent fiscal year.

Because SOX also requires the public accounting firm that conducts your audit reports to attest to and report on your assessments, you can’t just make baseless claims regarding the effectiveness of your internal controls. As a matter of fact, you are mandated by both SEC and PCAOB to follow widely accepted control frameworks like COSO and COBIT. This framework will serve as a uniform guide for the internal controls you set up, the assessments you arrive at, and the attestation your external auditor reports on.

Why compliance of Section 404 is costly

Regardless which of the widely acceptable control frameworks you end up using, you will always be asked to document and test your controls. These activities can consume a considerable amount of man-hours and bring about additional expenses. Even the mere act of studying the control framework and figuring out how to align your current practices with it can be very tricky and can consume precious time; time that can be used for more productive endeavours.

Of course, there are exceptions. An organisation with highly centralised operations can experience relative ease and low costs while implementing SOX 404. But if your organisation follows a largely decentralised operation model, e.g. if you still make extensive use of spreadsheets in all your offices, then you’ll surely encounter many obstacles.

According to one survey conducted by FEI (Financial Executives International), an organisation that carried out a series of SOX-compliance-related surveys since the first year of SOX adoption, respondents with centralised operations enjoyed lower costs of compliance compared to those with decentralised operations. For example, in 2007, those with decentralised operations spent 30.1 % more for compliance than those with centralised operations.

The main reason for this disparity lies in the disorganised and complicated nature of spreadsheet systems.

Read why spreadsheets post a burden when complying with SOX and other regulations.

Unfortunately, a large number of companies still rely heavily on spreadsheets. Even those with expensive BI (Business Intelligence) systems still use spreadsheets as an ad-hoc tool for data processing and reporting.

Because compliance with Section 404 involves a significant amount of fixed costs, smaller companies tend to feel the impact more. This has been highlighted in the ?Final Report of the Advisory Committee on Smaller Public Companies? published on April 23, 2006. In that report, which can be downloaded from the official website of the US Securities and Exchange Commission, it was shown that:

Companies with over $5 Billion revenues spent only about 0.06% of revenues on Section 404 implementation
Companies with revenues between $1B – $4.9B spent about 0.16%
Companies with revenues between $500M – $999M spent about 0.27%
Companies with revenues between $100M – $499M spent about 0.53%
Companies with revenues less than $100M spent a whopping 2.55% on Section 404

Therefore, not only can you discern a relationship between the size of a company and the amount that the company ends up spending for SOX 404 relative to its revenues, but you can also clearly see that the unfavourable impact of Section 404 spending is considerably more pronounced in the smallest companies. Hence, the smaller the company is, the more crucial it is for that company to find ways that can bring down the costs of Section 404 implementation.

How to alleviate costs of section 404

If you recall the FEI survey mentioned earlier, it was shown that organisations with decentralised operations usually ended up spending more for SOX 404 implementation than those that had a more centralized model. Then in the ?Final Report of the Advisory Committee on Smaller Public Companies?, it was also shown that public companies with the smallest revenues suffered a similar fate.

Can we draw a line connecting those two? Does it simply mean that large spending on SOX affects two sets of companies, i.e., those that have decentralised operations and those that are small? Or can there be an even deeper implication? Might it not be possible that these two sets are actually one and the same?

From our experience, small companies are less inclined to spend on server based solutions compared to the big ones. As a result, it is within this group of small companies where you can find a proliferation of spreadsheet systems. In other words, small companies are more likely to follow a decentralised model. Spreadsheets were not designed to implement strict control features, so if you want to apply a control framework on a spreadsheet-based system, it won’t be easy.

For example, how are you going to conduct testing on every single spreadsheet cell that plays a role in financial reporting when the spreadsheets involved in the financial reporting process are distributed across different workstations in different offices in an organisation with a countrywide operation?

It’s really not a trivial problem.

Based on the FEI survey however, the big companies have already found a solution – employing a server-based system.

Typical server based systems, which of course espouse a centralised model, already come with built-in controls. If you need to modify or add more controls, then you can do so with relative ease because practically everything you need to do can be carried out in just one place.

For instance, if you need to implement high availability or perform backups, you can easily apply redundancy in a cost-effective way – e.g. through virtualisation – if you already have a server-based system. Aside from cost-savings in SOX 404 implementation, server-based systems also offer a host of other benefits. Click that link to learn more.

Not sure how to get started on a cost-effective IT compliance initiative for SOX? You might want to read our post How To Get Started With Your IT Compliance Efforts for SOX.?

Job & Staff Scheduling with FieldElite Mobile Service Management Software

Field Service Management (FSM) software systems are designed to enable you to manage your mobile workforce from a central point- and do away with the paperwork involved with the process. They connect your technicians on the ground (via app on their phones), to the staff at the head office- who have an interactive dashboard accessed through their browsers. The office team will have access to all the jobs that are to be handled by the company, simplifying the management process and taking away the risks that come with manual data entry. Here, we will walk you through a quick process of scheduling a job for your personnel with FieldElite.

Say you are a HVAC contractor, licensed, bonded and insured. You’ve made quite a name for yourself in the industry, and have a wide range of clients- in both residential and commercial establishments. Consequently, you also have a large workforce to attend to the different situations- from installing to repair and maintenance. One of your clients- let’s call them ABC Computer Supplies, has an issue with their HVAC unit- perhaps a pipe is leaking. It needs to be fixed, and ABC have booked an appointment.? Your goal here is to get one of your personnel to handle the task as soon as possible, and this field service scheduling software comes in handy.

There are two approaches that you can take:

1. Job Scheduling

From your Dashboard, on the left-hand side you will see the menu option. Clicking on Jobs, will take you to all jobs carried out by your company.

The filters will allow you to view different categories of jobs:

Complaint– This means that there was an issue with on ground during the task delivery, and the client lodged a complaint.
On hold– Here, different aspects can cause a job to be paused- like when spare parts or equipment required for repair jobs have been ordered, and one needs to wait for them to be shipped in from a different location.
Pending– This is basically your in-tray, a list of jobs that are to be carried out.
In Progress– The technicians are on the ground, attending to the client’s needs, and you’re getting routine updates from them.
Incomplete– Though the job had been assigned to the required technician, it was not completed in the set amount of time, thus requiring an additional visit to the site. Given that the FSM solution increases the first-time fix rate, cases of ?incomplete tasks? are reduced.
Complete– The task is successfully done and the customer has appended their e-signature, and now it can be invoiced.
Cancelled Invoice– The head office determines that a particular invoice shouldn’t be paid, and thus cancels it.

Our focus here is the pending tasks, so use this filter. ABC’s HVAC job will be among these. Clicking on its Job ID will open up the details of the task, with such an Update Job window:

This section contains all the information of the job- both past and present, which you can update in real-time. Any changes will be recorded by the system and can be viewed on the “Audit” tab.

As you can see here, the HVAC repair job is both “pending” and “urgent”. No one really likes sitting in an office that feels like an oven. Being the headquarters, it’s likely handles lots of foot traffic, and the damaged HVAC unit will make the working conditions really difficult. It’s best not to keep the client waiting, right?

So, head on over to the Supervisor and Workers section (on the same “Details” tab), and select the personnel suited for the task.

Set the time that the task will take for your technician, and once satisfied with the details of the job, click on Update. Voila! You’re done.

Immediately this happens, the worker received a notification on their app, telling them that they have been assigned the job.

From the app, the technician will be able to view the specifics of the HVAC job, including notes and attachments that you can add directly from your own dashboard, such as schematics of the building and reports from other technicians who installed the air conditioning system for the facility. You also get to add products that will be required for the task- like the pipe and panel mounted socket shown here. As the system also includes an inventory of the products used, their quantity and costs, you will be able to keep an accurate record of the supplies as they as are used.

As such, the field workers will not have to keep coming back to the central office to get documents and reports of new tasks, or walk around with bulky files. When they are carrying out the job, they will also be able to keep the staff at the office updated about its progress, through the chat feature on the mobile app, taking photos and adding notes as required.

2. Staff Scheduling

With this approach, the perspective is basically: ?So I have a couple of jobs- which of my employees has time to handle them?? The FSM allows you to optimise your productivity- by ensuring that you get the most out of the staff work hours, and avoid cases of jobs going into overtime.

Follow these steps:

Select ?Scheduler? from the left-hand side of the window. You will have a view of the workers of your company and how their day is planned out, and a summary of the unassigned jobs.

Here, you can tell whose busy, and who can have a new task assigned to them at the click of a button- which is far more effective than keeping on jotting down points in your diary or going through files of documents.

If the job has yet to be added to the system- like for the cases of new clients, simply click on the ?Add Job? button and key in its details.

2. Scroll down, you will see a list of unassigned jobs.

3. Next, click on the edit button under ?Actions?. This will take you to the same ?Update Job? window described in the first approach, in order to assign the preferred worker to the role.

This real-time dispatching avoids cases of your desk getting cluttered with paper sheets, and prevents duplicate entries as each job has its own ID and task details- from the scheduling to the invoicing. In this case, your HVAC technician will have access to the information needed right at the palm of their hand, to ensure that the task at ABC?s head office goes seamlessly. The optimised schedule will enable the task to be carried out faster- restoring normalcy to your client’s facility.? In case the client’s location is on the route that one of your technicians takes while heading home, you can take advantage of this by giving them the task towards the end of their working day- thus clearing more of your backlog, sorting out your client, and easing your technician?s worries about getting home late.

As you can see, the field service scheduling software enables you to easily and efficiently handle your workflow, avoid the mess that is associated with manual documentation and cases of your employees getting conflicting schedules and overlaps- which would strain them and dampen their morale. Streamlining your workflow and standardising operations ultimately results in increased customer satisfaction.

Increase Customer Loyalty with Field Service Management Software

One sure way to turn off customers is to give them a disappointing experience. It cuts across the board- from plumbing jobs, electrical installation and maintenance projects, window cleaning or repair, tenants in the property you’re managing, to package delivery firms. If your customers keep witnessing delays, cancelled appointments, to oversights like double booking which end up messing their individual schedules, they are likely to stop hiring your services and seek out a competitor.?

Field service jobs are particularly prone to such blunders, especially with the traditional manual way of doing things. While smartphones and computers have been infused into the day-to-day running of businesses, it is still common to find companies relying on manual processes to schedule their appointments, track the employees providing the services, monitor the progress of the jobs and ask for status updates, to managing inventory and invoices for completed tasks. This creates a major bottleneck in operations. The Small & Medium Business Trends Report, that took responses from nearly 500 SMB owners and leaders, showed that they spend an average of 23% of each workday manually inputting data. This is time that would have otherwise been spent tending to the customers? needs. It creates a backlog of tasks, forcing the customers to wait for longer to get their issues handled.?

The inefficiencies witnessed in these traditional methods led to the advent of field service business management software. These systems come in to optimise operations and enhance your service delivery. As a business, automating your scheduling, job tracking, routing procedures and handling the invoicing, all through a single platform, greatly reduces your workload. Managing inventory, communicating with your employees out in the field through handy apps on their phone, giving them access to a database of reports and notes on the various jobs they have been tasked with – these all aid in smoothing out the sorting of tasks, and gets rid of the mounds of paperwork that would have been required.?

From Your Customer’s Perspective

When you’re facing a plumbing leak at home, electrical faults that result in power outages in the office building, damaged gas boilers that are hampering operations in the industrial plants- you want them to be addressed. Homeowners, business owners and facility managers in these situations are anxious about getting the issue resolved- yet the firm they are relying on to handle it is caught up in a logistical nightmare, boggled down by paperwork that prevents them from sending their technicians to the location. You really don’t want to hear a series of excuses about why your problem could not be addressed in time. While delays can be a nuisance, cancelled appointments are altogether exasperating. See, the customer is left in a difficult position, since the problem is not resolved, and they have to contend with having to make a subsequent appointment- of which they will not be sure if they can bank on the hired firm to deliver on its mandate. With an FSM, you get to prevent such incidents from occurring.

How Your Customers Benefit From Field Service Job Management Software

Reliable services

Firstly, the customer wants services that they can count on. When an issue arises and an appointment scheduled, they want it to be honoured. With the FSM, you get to accurately schedule the tasks, from the timing involved to assigning it to the appropriate technician, who is skilled in the task. With the automated scheduling and dispatching, the technician downtime that was previously witnessed is reduced- which has the welcome benefit of cutting down your operational costs.?

Speaking of which, the confusion that was previously seen when perusing through documents and simply calling up the first employee whose skill is similar to the job description, is avoided. Here, the field service management platform enables you to determine the most appropriate member of your workforce to handle the task. This makes them more motivated at their job, resulting in higher quality results- whether it’s an installation task, repair and maintenance project, or cleaning service for companies providing them in residential and commercial buildings.?

Get it done right the first time around

The field service scheduling software enables the technician to have all the information pertaining to the job accessible in real-time. This is availed via app– that the technicians will have on their phones. It is through this very app that they will make updates of the tasks being handled, sending in notes, photos and reports to the system. These will, in turn, be monitored at the head office all through the progress of the job, being managed through the interactive FSM dashboard.?

With the customer’s history being accessed by the technician, information that includes the specs and hazards about the particular job being handled, notes from the previous technicians who had been tasked to the building- such as the installation crew and previous repairs that had been done, will enable the personnel on the ground make well-informed decisions throughout the course of the task. Any issues that arise will also be taken note of, equipment and parts ordered through the app as well, ensuring that things proceed seamlessly. That way, the percentage of situations getting fully resolved during the first appointment increases- which translates to fewer cases of complaints being made.?

Instant invoicing

Immediately the job is done, the customer inputs their e-signature through the app, and the technician marks the task as completed, the very same FSM is used to process the invoice and send out an emailed copy to the customer. This will be an accurate invoice, without any data loss, and the customer can then proceed to make the payment through their preferred mode- from credit card payments to cash, without having to wait for hours for paperwork to be processed. All this information is securely stored on the cloud-based platform.

Creating a great first impression

Your image is a core part of your operations. Certainly, you don’t want to come off as disorganised- and your customers will be quick to note this with issues like missing records, outdated reports, lateness, and improper assigning of tasks. On the other hand, having a modern digital solution integrated into your field service operations will enable you to make a great first impression, showing the level of professionalism with which you offer your services.

Customer access

FSM platforms like FieldElite also give the customers themselves access to the system, through their own dashboard. This is particularly handy given that there are cases where the customer will have multiple jobs to be carried out- like property managers who keep on having cases of plumbing accidents, electrical faults, and cleaning service needs in the different buildings that they are in charge of.?

Through the customer portal, they will be able to make appointments, track the history of repair and maintenance jobs carried out on the property, and follow up on queries. What’s more, together with the IoT where FieldElite links to ecoVaro, one can have an interactive energy management system in place to keep accurate tabs on the energy consumption, efficiency, point out areas where repairs are needed, and have technicians come over- with the bookings being made through the FSM.

Enhance Customer Experience And Score New Business Opportunities

Customer service is a key aspect of your operations. When your customers are well tended to, with their needs being met in a timely and proficient manner, it wins you their loyalty, and they’ll be more open to sending referrals your way- growing your market share. Feedback- from testimonials on your site to the reviews on your social media handles, also aids in this- and you want to have satisfied clients who will put out a good word about your brand. By investing in field software for service businesses, you will increase your employees? productivity, monitor trends, improve communication between your head office and the technicians on the ground, all of which come together to increase customer satisfaction.