How frequently should I attend my ERP User Conferences?

The ERP company hosting the conference will tell you “every year.” The business unit paying for the trip will often tell you “almost never.” The answer really lies somewhere in between. Since your ERP is likely your most critical business system, we would recommend not waiting more than three years without attending the conference. Keeping up to date on the latest features, learning about upcoming features, and weighing-in on desired features are all beneficial. In addition, networking and learning how your peers are leveraging system functionality are components you really cannot get anywhere else. Still can’t make it? No worries, Cornerstone regularly attends several ERP conferences each year. We can tell you the pros and cons of different conferences and share with you insights we gain at these events.

I’m in real estate and I keep hearing “Disruptive technology” in reference to industry concerns. Please explain.

Harvard Business School professor Clayton M. Christensen coined the term ‘disruptive technology’ in his 1997 best-selling book, “The Innovator’s Dilemma.” Christensen states that disruptive technology lacks maturity, often has performance problems, appeals to a limited audience, and may not yet have a proven practical application. As an unused, unapplied and untested alternative, it takes time for disruptive technology to be predominantly deployed.

However, because disruptive technology is new it has certain advantages, enhancements, and functionalities over competitors. This technology consists of ground-breaking products that significantly alter the way businesses or entire industries operate, and ultimately renders existing technology obsolete. Examples of disruptive technology are Email and Cell Phones.

Disruptive technologies are sometimes described as being simultaneously destructive and creative, with the power to change the way we work, live, think and behave.

Do we have to integrate all of our systems?

No, of course, you do not have to integrate all your systems. There’s an easy rule to follow to determine which systems should be integrated. Your goal should be “One Time Entry, Closest to the Source of Origin”. That means if any systems require entry of the same piece of information causing duplicate entry work in the organization, then most likely those systems should be integrated. “Closest to the Source of Origin” means that typically the first person/role that receives the information should be entering it into one system to feed all the systems.

Think about what makes the Microsoft stack so appealing…they have integrated their products as much as possible and they keep going for more. If a user is set up in the Outlook Exchange Server, they that same user is available in SharePoint, Delve, Sway, O365, etc. You should want that same level of efficiency in your own organizations. If you need help with the concepts or putting this into play, give us a call. We’ve got decades of experience in just this philosophy.

How do I determine what system is best for my company?

It’s best to be analytical when determining a what system is a good fit for your company. Start with a list of requirements and a wish list. Rate these items on priority (high, medium, low, etc.). It is often helpful to have a weighted average on the specific requirements.

Next, meet with the key stakeholders and get in-depth input. Be sure to include the technology platform and support in your requirements. From this you can develop your RFP (request for proposal). These requests should be sent to 5 or 6 software companies that initially meet your needs. Based on the responses and the related scoring, reduce the field to 3 players and then request a demo of each. Be sure you have your requirements of what you want in the demo; this is a scripted demo.

Of course, you are getting the quotes for initial outlay in cost and the ongoing costs. Factor in the cost of implementation as well. From this comparison, you should be able to determine the best fit for your organization.

Remember, this is not your normal skill set. Frequently companies use Cornerstone to guide them through this process, including predesigned templates and letters. We not only have experience in small to large RFPs, but we know most of the systems out there. That inside knowledge often helps tip the scale for the searching company to the best fit.

What are the data security regulations that I need to comply with?

If you are not in the IT, Legal, or Audit department, first seek out a data security, privacy, or IT auditor staff member. If you have more than one of these individuals on staff, you may need to talk to multiple people to get you started. Certainly you will need to work with one or more of these people (if you have them on staff) to obtain necessary compliance.

There are many regulations surrounding data security and whether you need to comply with them depends upon what type of data you process, how you collect, process, and store it, what type of company you are, where you are located and more. Here are some of the types of regulations that exist today:

> PCI-DSS: If you accept credit card payments for any type of purchase, you must comply with this regulation.

> Sarbannes/Oxley (SOX): If you are a publicly traded company, you must comply with this regulation.

> GDPR: If you process personal data from EU residents (even temporary residents), you must comply with this regulation. Canada residents are also protected by “CASL” and US residents are protected by the “CAN-SPAM” act.

> GLBA (Gramm-Leach-Bliley Act): Compliance to this regulation is required by banks and financial institutions.

> HIPAA: The Health Insurance Portability and Accountability Act applies to all companies who collect, store and process personal medical information.

Note: when researching regulations/laws that your company needs to comply with, be sure to search for state and local laws as well as federal and international. Many states like California and Massachusetts have their own relevant compliance requirements.

Should all of our systems authenticate to the same place?

Many software systems can be configured to authenticate to your network account repository – the most popular one being Active Directory. The primary advantage for users is one password for access to multiple systems. For administrators it is also being able to deactivate an account in one central location for all systems. If you are using Active Directory you can then apply policies around user’s accounts as well.

So, for ease of management and to be able to apply available management tools, having central authentication is a time (and therefore money) saver for both users and administrators.

On the downside, authenticating to one repository for multiple systems means that if a password is compromised an unauthorized user could potentially gain access to all systems the authorized user has access to. In addition, if that repository experiences an outage users could be locked out of multiple systems. Thus, make sure you plan accordingly and implement best practices for security before switching to central authentication.

How is Click Dimensions different from online services like MailChimp?

Click Dimensions is integrated with Microsoft Dynamics 365 (CRM). This means when you login to CRM, you will see Click Dimensions options included with CRM options on most menus. Click Dimensions offers not only typical menu options for mass emailing marketing materials, but also collects website visit information like Google Analytics does (they are not the same but both supply similar information). Because it is integrated with Microsoft CRM, Click Dimensions can automatically update Contacts, Leads, and Accounts, and make use of custom workflows to gather more information on how your marketing efforts are progressing in real time.

Our IT strategy needs to plan for change; we can’t pre-plan even a year at a time. Can you help?

The strategy needs to include not only budgeting of dollars but also timing.  You should always be looking at this based on a minimum of two years.  But, start with one year and you will see how easily you can roll into 24 months.  Tie your strategy plan to your company’s fiscal calendar year.

Include in your plan the items, the timing, the reason, the dollars and the manpower.  You should also include risk factor analysis for each item.  This will help you identify potential hiccups ahead of time and be ready to respond quickly.

The best approach to an IT strategy plan needs a two-prong approach.

The first channel is based on what the IT team knows needs to be done to support the organization’s infrastructure.  This includes things like server/hardware upgrades, cloud-based changes, major software updates, security systems, etc.  You will also want to include IT staffing projections to support the company and the projected plans.

The second channel is to be sure you are aligned with the organization.  Two to three months before your year end, you should meet with each functional area lead and get their plans for the upcoming 12-24 months.  Learn things like head-count planned, initiatives projected, etc.  Remember to include major initiatives such as an acquisition and minor initiatives such as a staff reduction.  The IT plans should be interwoven with the entire company.  It sounds simple, but adding staff to the AP department translates to more client machines and licenses, as well as additional support from IT.  Do you have enough staff to support the planned growth?

By documenting your plan, you will be able to substantiate any budget and/or initiative changes for things that were not planned from other departments.

Remember, your overall goal is to be proactive instead of reactive.

I’m only in phase 1 of my project. Why do I have to consider security now?

Project cycles today focus on short term accomplishments to better deploy functionality while keeping the business running. Overall, this increases the probability for project success. Security requirements have long been associated with compliance, and thus have been considered long term goals. One of the reasons for this is because compliance is commonly assessed on a 6-month or annual basis, and then corrections are made.

In recent years, however, compliance and security have been evolving to include continuous monitoring, meaning security measures are largely in place and the process for evaluating them has matured. Changes to systems and the network environment are more likely to be controlled, and user access reviewed regularly.

This means that while your project may be creating new functionality or implementing new systems, these changes may need to ‘fit into’ an overarching security foundation and framework already in place. And, of course, if you don’t reach out now to determine what the requirements are, you will be setting yourself up for potentially costly rework later when the regular compliance assessment is completed.