ISSP

 

Executive Summary_ 3

Introduction_ 3

ISSP Mission, Vision, and Objective 3

Mission_ 3

Vision_ 3

Objective 3

Statement of the Problem_ 4

Objective_ 4

current status_ 4

Onsite 4

Mobile and Offsite 5

Areas of Consideration: 7

SWOT Analysis 7

PESTE Considerations 7

recommendations_ 8

Upgrade equipment using existing software 8

Upgrade software using existing equipment 10

Continue using same equipment and software 12

Funding Strategies_ 13

Implementation plan_ 13

Advocacy 13

Infrastructure building, Resource Acquisition, and Management 13

systems Development and Maintenance 13

Risk Management 13

Monitoring and Evaluation_ 13

Decision_ 13

Recommendation_ 13

References_ 14

 

Executive Summary

This is a proposal for the introduction and implementation of an Enterprise Resource Plan (ERP) for Cosgayon Law Office, a single-lawyer law firm operating out of the Province of Capiz and handling a myriad of cases both within the Province and the neighboring provinces of Iloilo and Aklan and Metro Manila, with online consultation services for clients located in the Philippines and outside the country.

Due to budgetary constraints, there is only one lawyer handling all cases and legal issues for the Company. He handles a diverse variety of cases, from civil to criminal to administrative cases and even personal matters involving clients. There are two (2) employees in the Company, an Administrative Assistant who handles office work including the interview of clients, internal communications, preparation of documents and ordinary pleadings, schedule management, and other office needs and requirements and an Operations Assistant who handles external matters related to the business of the Company and acts as a liaison with retained clients.

At present, the Company primarily handles cases being heard and pending in the provinces of Capiz, Aklan, and Iloilo but also handles some cases in Metro Manila, Cebu, and Negros. It also accepts online consultation personally or online from as far away as the United States of America, Canada, Australia, and the Middle East, with some clients in Mainland China and Taiwan, Japan, and Indonesia, mostly involving interpersonal relationships, inheritance, and local land disputes.

Introduction

ISSP Mission, Vision, and Objective

Mission

To provide efficient and cost effective legal services to the clients of the Company.

Vision

To use Information Technology effectively in delivering legal services to clients.

Objective

To provide a streamlined approach to providing legal services, both in person and online with integrated access to all files, regardless of location.

Statement of the Problem

How can the operations of the Cosgayon Law Office be made more efficient and cost effective using Information Technology?

Objective

Implement an IT solution to the inefficiencies of Cosgayon Law Office.

current status

Onsite

At present, the Company has the following IT hardware equipment:

  • One (1) main server located at the premises
    • Windows 2000 Server
    • LAN and WiFi router
    • Intel Core2 Duo Processor
    • 8GB RAM
    • 3TB capacity
    • Uninterruptible Power Supply and Surge Protector
  • Two (2) personal computers being used by manager and by Administrative Assistant
    • Windows XP
    • Interconnected by LAN
    • File and internet sharing using LAN
    • Communications software installed
      • Yahoo Messenger
      • Skype
      • Viber for PC
      • Facebook
      • RealPop for internal communications
      • Email
      • Dropbox and Google Drive for cloud file sharing
      • Evernote for note sharing
    • Two (2) laptops for assistant and for offsite work
      • One (1) MSI netbook
        • Windows XP
        • Atom 1.6Ghz CPU
        • 80GB SSD
        • File and internet sharing using Wifi
        • Communications software installed
          • Yahoo Messenger
          • Skype
          • Viber for PC
          • Facebook
          • RealPop for internal communications
          • Email
          • Dropbox and Google Drive for cloud file sharing
          • Evernote for note sharing
        • One (1) Asus Laptop
          • Windows XP
          • Core2 Duo CPU
          • 160GB HDD
          • File and internet sharing using Wifi
          • Communications software installed
            • Yahoo Messenger
            • Skype
            • Viber for PC
            • Facebook
            • RealPop for internal communications
            • Email
            • Dropbox and Google Drive for cloud file sharing
            • Evernote for note sharing

Mobile and Offsite

Aside from their personal cellular phones, all members of the staff have been equipped with mobile devices connected via WiFi. The equipment are as follows:

  • Administrative Assistant
    • Cherry Mobile Flare S4
    • Android Lollipop
    • Communications software
      • Yahoo Messenger
      • Skype
      • Viber
      • Facebook
      • Email
      • Dropbox and Google Drive for cloud file sharing
      • Evernote for note sharing
    • Operations Assistant
      • Cherry Mobile Flare S4
      • Android Lollipop
      • Communications software
        • Yahoo Messenger
        • Skype
        • Viber
        • Facebook
        • Email
        • Dropbox and Google Drive for cloud file sharing
        • Evernote for note sharing
      • Counsel
        • Asus Laptop
          • Windows 7
          • Intel I5 CPU
          • 200GB HDD
          • File and internet sharing using Wifi
          • Communications software installed
            • Yahoo Messenger
            • Skype
            • Viber for PC
            • Facebook
            • RealPop for internal communications
            • Email
            • Dropbox and Google Drive for cloud file sharing
            • Evernote for note sharing
          • Samsung Grand II Duos
            • Data ready with hotspot function
            • Communications software
              • Yahoo Messenger
              • Skype
              • Viber
              • Facebook
              • Email
              • Dropbox and Google Drive for cloud file sharing
              • Evernote for note sharing
            • Samsung Note 8.0
              • Data ready with hotspot function
              • Communications software
                • Yahoo Messenger
                • Skype
                • Viber
                • Facebook
                • Email
                • Dropbox and Google Drive for cloud file sharing
                • Evernote for note sharing
              • Samsung Note 10.1 2014 edition
                • Communications software
                  • Yahoo Messenger
                  • Skype
                  • Viber
                  • Facebook
                  • Email
                  • Dropbox and Google Drive for cloud file sharing
                  • Evernote for note sharing

Areas of Consideration:

SWOT Analysis

Strengths Weaknesses
·         Efficient and IT knowledgeable staff

·         Interconnected devices

·         Streamlined operations

·         Excellent Time Management system

·         In house printers and scanners connected via LAN (Paladin Business Center)

·         Located at the center of the City at the business district

·         Highly skilled employees

 

·         Minimal capitalization

·         Minimal employees

·         Voluminous paper records from cases

·         Too many clients for one lawyer to handle thus needing efficient time management

·         Ageing and obsolete equipment

·         Inefficient collection process

·         Unconsolidated Accounting Process using Excel and Microsoft Money

·         Limited Office Space

Opportunities Threats
·         Increasing focus on digital technology by the Supreme Court

·         Faster computing power, faster wireless communications, and bigger data capacities for mobile devices

·         Power outages

·         Espionage

·         Loss of digital files

PESTE Considerations

Political   ·
Economic   ·         Online payment schemes like Paypal, Google Wallet, Western Union, Globe and Smart Money

·

Socio Cultural   ·
Technological   ·         Faster internet

·         Bigger capacity drives

·         Faster wireless devices

·         Cheaper accounting software

·         Better scanning technology

Environmental   ·         The thrust of the Supreme Court for electronic means of filing pleadings will greatly reduce the use of paper and paper products

·         Energy efficient equipment

recommendations

Upgrade equipment using existing software

  • Rationale

Upgrading obsolete equipment will increase the efficiency with which tasks are started and completed, reducing systems downtime and lag from waiting for computers to boot up and/or to process calculations needed for accounting and word processing software.

  • Current Status and Discussion

At present, the Company has the following equipment:

Equipment Processor RAM Storage OS
1. Server 2.4 Ghz 8GB 3 TB Win2000
2. PC 3.6 Ghz 4GB 1 TB Win XP
3. PC 2.4 Ghz 2GB 500GB Win XP
4. Netbook 1.6 Ghz 1GB 80GB Win XP
5. Laptop 2.4 Ghz 2GB 120GB Win XP
6. Laptop Intel I5 4GB 240GB Win 7

These were not upgraded to Vista or the later versions of Windows because their processors could not handle the requirements for these newer operating systems and also because of privacy and infection issues which were not addressed.

  • Steps
  • Determine minimum system requirements
  • Canvass prices from computer sellers and retailers, both on site and online
  • Include cost of installation of equipment and software to cost
  • Include downtime needed for new system to be set up and staff to be familiarized with the system
  • Costs and Expenses
  • Minimum system requirements
Equipment Processor RAM Storage OS
1. Server Xeon 6 Core 1.6 Ghz 64 GB 5 TB Win Server 2016
2. PC Intel I5 8 GB 2 TB Win 10
3. PC Intel I3 8 GB 1 TB Win 10
4. Laptop Intel I5 4 GB 500 GB Win 10
5. Laptop Intel I3 4 GB 500 GB Win 10
  • Canvass Prices including cost of installation

Prices of computer systems from local and online computer retailers were acquired and the following were their prices for supplying the equipment, installing the software, installation of the equipment, and training of the personnel:

Store Equipment Software Installation Training
B and E P122,000.00 Free[1] Free Free
Clipdata P125,000.00 Free Free Free
PC Express P109,000.00 Bundled[2] P5,000.00 P5,000.00
Lazada P103,000.00 Bundled P5,000.00 P5,000.00
  • Downtime from installation

The time period needed to install the new systems, physically install the network equipment, and configure the system to specifications varied from provider to provider, with the average downtime pegged at 3 days. Online providers do not install and configure the equipment and thus additional cost for these is required, on average costing P5,000.00 and lasting for 5 days to install, configure, and test systems.

  • Total Economic Cost
Store Equipment Downtime Total
B and E P122,000.00 P15,000.00[3] P137,000.00
Clipdata P125,000.00 P15,000.00 P140,000.00
PC Express P114,000.00 P25,000.00 P139,000.00
Lazada P108,000.00 P25,000.00 P133,000.00

Upgrade software using existing equipment

  • Rationale

The existing equipment is obsolete, with both PCs and two (2) laptops running on Windows XP and the latest purchase running on Windows 7. Upgrading equipment and software to meet current technology demands is necessary for a faster and more efficient workplace environment.

  • Current Status and Discussion
Equipment Processor RAM Storage OS
1. Server 2.4 Ghz 8GB 3 TB Win2000
2. PC 3.6 Ghz 4GB 1 TB Win XP
3. PC 2.4 Ghz 2GB 500GB Win XP
4. Netbook 1.6 Ghz 1GB 80GB Win XP
5. Laptop 2.4 Ghz 2GB 120GB Win XP
6. Laptop Intel I5 4GB 240GB Win 7
  • Steps
  • Determine minimum requirements of highest possible software upgrade
  • Determine if existing system can support new software
  • Costs of software licenses
  • Determine downtime in terms of installation and staff familiarization
  • Costs and Expenses
  • Recommended minimum system requirements
Software Processor RAM Storage
Windows Server 2012 4 Ghz 2 GB 40 GB
Windows 7 1 Ghz 1 GB 16 GB
Windows 8 2 Ghz 2 GB 16 GB
Windows 10 2 Ghz 4 GB 16 GB
Microsoft Office 2016 2 Ghz 4 GB 3 GB
Quickbooks 2 Ghz 4 GB 1GB
  • Cost of Software
Software Microsoft Lazada B and E Clipdata
Software P7,500.00 P7,500.00 P8,000.00 P8,000.00
Downtime P11,000.00 P11,000.00 P12,000.00 P12,000.00
Total Free Free Free Free
  • Downtime
Software B and E Clipdata
Windows Server 2012 2 days 2 days
Windows 7 1 day 1 day
Windows 8 1 day 1 day
Windows 10 1 day 1 day
Microsoft Office 2016 .5 day .5 day
Quickbooks .5 day .5 day
Total 4 days 4 days

Installation, reconfiguration, and customization for Microsoft and Lazada were outsourced and was estimated at double the time estimate given by local retailers.

  • Total Economic Cost

The existing equipment cannot handle higher versions of Windows Server software and operating systems, thus only Windows 7, Microsoft Office 2016, and Quickbooks were considered.

Store Software Downtime Total
B and E P20,000.00 P20,000.00[4] P40,000.00
Clipdata P20,000.00 P20,000.00 P40,000.00
Microsoft P18,500.00 P40,000.00 P38,500.00
Lazada P18,500.00 P40,000.00 P38,500.00

Continue using same equipment and software

  • Rationale
  • Current Status and Discussion
  • Steps
  • Required Involvement

Funding Strategies

 

Implementation plan

Advocacy

 

Infrastructure building, Resource Acquisition, and Management

 

systems Development and Maintenance

 

Risk Management

 

Monitoring and Evaluation

 

 

Decision

 

Recommendation

 

References

 

[1] Licensed software of own choice, including OS, Microsoft Office and other programs

[2] Licensed OS only

[3] Average income per day pegged at P5,000.00

[4] Average income per day pegged at P5,000.00

Advertisements

Wireless Connections

Gone are the days when one can only work in the confines of the four walls of an office. With the advent of wireless technology, one can do one’s job practically anywhere in the world where there is an internet connection available.

A wireless mouse and keyboard connected via radio frequency allows positioning of these devices to the comfort even of southpaws. Remote connections via infrared allows control over devices not close at hand. Bluetooth connections allow headphones and other devices to connect wirelessly. And WiFi and cellular data networks allow connections to the internet without messy cables and wires.

LAN vs. WiFi.

There was a time when the only way to connect computers was with a thick bulky RJ45 cable connected to a router in a local area network (LAN), allowing two or more computers to share files and an internet connection. But these wires had to be routed through walls, under furniture, along baselines, and were expensive and prone to breaks along its length.

LAN

A “wireless” network connection through a dial up modem was also possible, but this tied up the phone line and was practically useless at speeds of only 56kps.

modem

Wireless Fidelity or WiFi revolutionized all these. It allowed computers to access each other and the internet without cables or wires and at speeds rivaling those of wired networks.

Opportunities.

Being able to access files and individual computers anywhere at any time gives organizations the opportunity for better working efficiency. No longer do employees have to be physically present at the workplace at all times, with the costs and expenses that entails. This makes for a better working environment for employees and higher productivity.

The usual eight hour workweek may be extended indefinitely with these technologies in use, allowing the manager to continue his work even when the office is closed.

Safe usage.

Wireless technology allows the manager and his staff unlimited and unimpeded access to files and data at any time of the day from anywhere. However, others may also be able to access these same resources and use them to unscrupulous ends.

To ensure that no digital intrusions take place that would damage not just the reputation of the company but also is data, safeguards must be set in place, such as a secure connection via VPN instead of an open network, firewalls and routers to prevent unauthorized access, and anti virus programs to prevent infections from viruses and worms.

 

Outsourcing Security: To Do or Not To Do?

security_article_010.jpg

Cyberattacks.

Trade secrets, confidential customer information, crucial data. These are but some of the things that every company needs to secure from intruders. The damage to the organization may include suspension of operations, loss of intellectual property, loss of investor and customer confidence, harm to its reputation, and leaks of sensitive information to third parties, including the media.
The 2013 cyberattack on Target, wherein card numbers of 40 million customers and the personal data of 70 million more were stolen, the February 2015 attack on Anthem wherein 80 million patient database records were stolen, even internet security firms like Bitdefender are not immune, a fact which it learned to its dismay in July 2015 when computer usernames and passwords were accessed using a cloud-based system. The breach by Impact Team of the adultery website Ashley Madison in 2015 that revealed the names of millions of erring spouses and the 2014 attack on Dropbox have shown how vulnerable even the most secure sites can be and the damage that insufficient security can cause.
Ashley Madison
Incidents of cyberterrorism by Chinese crackers, cyberattacks by Anonymous, and individual hackers defacing websites or denial of service attacks have increased with the increase in the computing power of personal computers and laptops.
There is no question that internet security is a necessary investment. The question though is whether it should be done inhouse or by a service provider.
Having an inhouse IT team manage security has a distinct advantage: the confidentiality of systems and processes and sensitive information is not compromised by handing the keys over to an outsider. However, when one considers the cost involved in hiring, training, and maintaining a team of IT experts to secure and monitor a system can sometimes be prohibitive. The cost may be justified where the organization deals mainly in sensitive information and attacks are frequent and sophisticated. However, where the volume of attacks is few and far between, a full time inhouse security team working 24/7 is not justifiable.
Which brings to mind outsourcing IT security.

Managed Security Service Providers.

Managed Security Service Providers (MSSPs) are companies providing network security services. The roots of MSSPs are in the Internet Service Provider (ISP) system of the mid to late 1990s, wherein ISPs would provide customers a firewall appliance, usually as onsite equipment, to manage their security. This evolved into a separate business enterprise.
Over the years, businesses have turned to MSSPs to deal with threats related to information security such as targeted malware, customer data theft, skills shortages, and resource constraints. A survey commissioned by information security provider Trustwave found that most IT professionals felt more pressure in 2013 to “secure their organisations” than they did in 2012, with 58% expecting even greater pressure to be exerted on them this year. According to Trustwave’s ‘2014 Security Pressures’ report, 79% of the IT professionals surveyed said they were “pressured to unveil IT projects”, despite fears that security issues were unresolved. More than one in 10 (16%) said that this pressure was exerted “frequently”, whilst 63% said the pressure was exerted on one or two IT projects last year.

The services may  include round-the-clock monitoring and management of intrusion detection systems and firewalls, overseeing patch management and upgrades, performing security assessments and security audits, and responding to emergencies.

These services may be done onsite, online, or a combination of the two.

 

Advantages and disadvantages.

Similar to hiring a security agency to secure the physical premises of an organization, securing the services of a Managed Security Service Provider (MSSP) has several advantages:

 

  • Cost effective – much like the cost of training, expenses for equipment, and benefits for security guards, the cost of training and maintaining a dedicated technical staff is spread over several organizations and not shouldered exclusively by a single company, thus providing an economy of scale not available to the organization needing security. MSSPs usually have full time Security Incident and Event Managers (SIEMs) who can detect, analyze, and provide solutions to threats, something a single company can not afford.

 

 

  • Specialized security – some organizations are overseen by a regulatory body that require specialized security measures be set in place. Developing such security measures inhouse would not be feasible considering the costs of training and development.

 

Outsourcing, though, also has its disadvantages, some of which are:

 

  • Sensitive information is given over to a third party – outsiders are given custody of confidential data and may not be as trustworthy as inhouse personnel.

 

 

  • Single point of failure – where all data is outsourced, with no local backup, failure of the MSSP might cause the collapse of the organization.

 

 

  • Contract limitations – client agreements might prohibit the outsourcing of confidential information.

 

 

Issues.

MSSPs offer a myriad of services, oftentimes bundled into packages. Some of the issues that a manager should consider are:

  • Should the entire security process be outsourced? If not, what should be retained inhouse?
  • Should the company choose for onsite security, through cloud, or a combination of the two?
  • Should the outsourced security processes be handled by a single MSSP or by multiple specialized MSSPs?
  • Should the company retain local backups of its sensitive files?

 

Protection.

When engaging the services of an MSSP, certain limitations and restrictions should be set forth in the service level agreement, for the protection of the company from liability:

    • Boundaries – realistic boundaries and a clear delineation of duties and responsibilities between the MSSP and inhouse staff should be defined. This will define which party shall be liable for what acts or omissions.

 

  • Inhouse IT – corporate employees should be able to conduct routine maintenance and repairs on equipment and software in order to minimize downtime. Training of these employees should be included in the service contract.

 

 

  • Clear services – uptimes, downtimes, response times, and escalation procedures and the services expected from the MSSP should be clearly defined.

 

    • Evaluation procedures – compliance with the service level agreement should be regularly monitored and action should be taken when the criteria for the service are not met. A before and after report should be conducted to determine if the increase in efficiency and effectiveness justified the cost involved in securing the services of an MSSP.

 

Making Better IT Decisions

3 Skills

 

In this digital age, one of the most important investments an organization can make is in Information Technology. Decisions involving what kind of system to put in place and when can sometimes make or break an organization, the right decision catapulting it to greatness and the wrong one causing it to plummet to obscurity. It is not enough for managers to simply rely on the recommendations of IT experts, he should also have a basis for his decisions.
To be effective, every manager  should at least have these three skills in order for him to effectively do his job:

 

  • Technical Skills
  • Analytical Skills
  • Conceptual Skills

 

Technical Skills.
While not every manager is expected to have the technical knowhow to discuss and weigh IT options on his own, nevertheless, he should have at least a general idea  of what the system is supposed to do and what it can actually do so he can decide for himself on whether or not to implement a particular system, to what extent, and when it should be implemented. There are comprehensive and modular ERPs available on the market that could overhaul the entire IT system of an organization or only a small part thereof, depending on the needs of the particular organization and its available funds. A manager needs to be able to understand the technical aspect of these systems in order to make objective decisions.
Analytical Skills.
An effective manager needs to be able to analyze problems and formulate solutions to address these problems. In management, this is defined as the ability to break problems down into parts in order to see relationships or interdependencies. These managers tend to plan well and lead projects successfully by accurately forecasting financial results and develop plans to meet goals and objectives. Seemingly insurmountable problems can be tackled piece by piece, with a person overlooking the whole operation, instead of being met headon. A manager needs to be able to analyze business processes and assess what information technology requirements can be used to solve inadequacies in these processes.
Conceptual Skills.
Managers need to be able to grasp the entire concept, seeing the forest not just the trees. An effective manager needs to be able to see the big picture by seeing the enterprise as a whole, seeing past the myriad parts that make up the entirety, so he can effectively supervise what needs to be done and where, in order to achieve the goals set for the organization.

Information Technology and me

adapt_or_die1

It is not the strongest of the species that survives, nor the most intelligent that survives. It is the one that is the most adaptable to change”

Often mistakenly attributed to Charles Darwin and albeit a total departure from his theory of the evolution of the species, nevertheless adaptation to change is a requirement for survival in any environment. Like it or not, the world out there is becoming more and more digital, where one can do more with a cellphone today than with a roomful of calculators just a few decades ago, where a seven inch tablet can contain more books than the Great Library at Alexandria, where more information can be found literally at the tip of one’s finger than could be gleaned from a building full of books.

And in an industry where information is the key to every endeavour, information technology rules supreme.

Gone are the days when the tools of one’s trade could consist of simple analog devices like a pen and paper, books and folders, portfolios and briefs. The modern practitioner needs to have at his disposal every bit of information he can gather, ready for use when and as needed. And there is no tool that could deliver that than information technology and the gadgets it has spawned over the years.

My love affair with electronic gadgets started with one of those old digital 256KB organizers made by Casio, given to me by my father when I was in college. It could show me my daily schedule, my personal notes, make calculations, and tell me how many people I actually knew.

Casio  tanager

When I got a job and started earning, one of the first things I bought was a used Palm IIIx. It was a dinky clunky monochrome 4MB 16Mhz Dragonball powered device that kept erasing everything I put in it, but I loved it. That was later replaced by a beautiful sliding Palm Tungsten T3 with 64MB of RAM and a 400Mhz Intel CPU that had non volatile memory and kept my data even after a soft reset. Best of all, she had an infrared port and I was able to control any remote controlled device, causing me hours of amusement at the consternation of restaurant owners who kept wondering why their television sets had been possessed by the devil. When she finally gave up the ghost, a Palm T/X took her place.

Palm iiixTungsten220px-Palm_TX  220px-Treo700p

Since then, I have always had an electronic device with me at all times, finding them essential to my life and my work. My computers at home and at my office are all connected with my two tablets and cellphone and with those of my secretary and assistant, who, more often than not, receive instructions and transmit information through email, Viber, Whatsapp, Skype, Yahoo Messenger, and our internal secure communications system. Files and documents are shared via LAN and wifi for easier sharing and over Evernote and Google Keep for online collaboration, and shared over cloud services like Google Drive and Dropbox so I can access everything anywhere at any time.

Note 8Tab 10

Information technology allows me to make better use of my time, even when I am not at the office.