IT Systems Scorecard by Nauman Sheikh
Robert Kaplan and David Norton publicized the concept of a Balanced Scorecard for strategic management of a business in early 90s. The idea was to evaluate a business from multiple perspectives in addition to financial goals to have a holistic view of the organization’s ability to deliver on its vision. The Balanced Scorecard has since become a fertile area of management theory which continues to evolve in all sorts of specialized areas. The four perspectives of the balanced scorecard were financial, customer, internal processes and human resources.
Read more
The Contract By Omer Bin Ahsan
The success of a project largely depends on the comprehensiveness and the character of the Project Contract. The Contract defines how delivery and acceptance for the product and service will be conducted. However, a lack of legal acumen in Pakistan pertaining to the software industry means that the contracts are loosely defined and rarely referred to. A weak contract for software vendors puts the vendors in a weaker position in terms of asserting delivery against defined scope. IT Managers have their performance benchmark defined by non-IT management and it is always in terms of support availability and cost performance.
Read more
Creating and Implementing the Framework
There are risks in every business and with the level of competition and data making the world go round, security has become high priority for organizations everywhere. You need to have someone who knows what the organizational objectives are, and create policies and processes so that the work remains secure and uninterrupted. Because there are so many processes ongoing in a large-scale enterprise, you need a framework which will align business and IT Security strategies. Read more
Where’s the Priority for Security?
Through the CIO Pakistan group on LinkedIn, we asked our members to answer the following question: How has your security priority changed in the past one year? Keeping in mind that all kinds of security goes through an evolutionary process, the demand for security features to better manage corporate data across an enterprise, is also changing. With so much insecurity hanging over everyone, it was interesting to find out just how proactive a company’s IS strategy is.
For example, Mohammad Nawaz, Manager, Business Services at Creative Chaos, says the need for a better Information Security solution has become absolutely important for all organizations. Most companies start by logging all activity over their networks, and try to cap unnecessary access to the internet, or more precisely websites or locations that could potentially be a source of threat to the network.” Though Nawaz didn’t comment on his own company’s evolving strategy, he did continue to say that, “Organizations focus on the overall protection of their infrastructure and their investments within the office space, hence the need for surveillance and asset security solutions, such as IP cameras, locking solutions and personnel entry gadgets are becoming very common, and increasingly used by most companies.”
Chris Kinsville-Heyne, founder of C3i Strategic Solutions based out of Dubai, says that their priority remains the same. “It tends to be our Intellectual Property that we need to be secure about. As C3i Strategic Solutions provides tailored training programs to many blue-chip organizations, much of the information supplied to us by corporations is highly confidential in nature. Ensuring this information remains secure is an absolute priority for us, and rightly so. We have a responsibility placed on us and our clients trust us with sensitive material.”
Though it’s all about securing your intellectual property, one of the biggest known weaknesses in the system is still the human interaction. You can patch network security with firewalls and proxy servers, clean all the viruses you want, but when it comes down to it, while you’re securing the machines, it’s the people that still break through the security measures.
“Security” according to Khurram Jafri, “is not some activity, event or onetime action. It is a continuous process and revolves around technology, people & processes and the strategy may vary from organization to organization. As far as my employer is concerned, we have sound polices and procedures in place for risk management.” Khurram is the Assistant Director, Quality & Risk Management at Ernst & Young in Pakistan. “EY’s global network is secure being under constant process of evaluation.”
Khurram explains that in the current security situation, everybody needs to have proper security measure in place whether it’s information security or physical security. But with a shift towards IP communications in the marketplace, a lot of companies are able to offer products that are smart devices. Rabia Azfar, Regional Manager Service Delivery and Support at Wateen explains, “As a company, we are mainly focusing on technology-driven surveillance, but I think it is a moral responsibility of each individual to be vigilant about their own surroundings. It is also a need of time to avoid spreading unauthentic information as casual gossip to avoid any chance of a possible breach.” Zeeshan Ahmad, Manager Operations at Aglix says, “Initially we were looking for surveillance and information security management system, but down the road, severe situation in the region compelled us to develop remote surveillance systems. Now Information Security is our prime concern.”
With the availability of infrastructure that makes it possible for you to monitor your industry or operations remotely, it makes sense to take that leap. PTCL’s DDX network which is already in place throughout Pakistan or radio links which can be set up to manage the connectivity and WAN or MAN which the solution runs on.
Can you Manage Disaster Proactively?by CSO pakistan
January 5, 2009 by graphics
Filed under CSO, Cover Story
Business continuity, Disaster Recovery, Redundancy and Uptime – these are no longer terms restricted to a server room in an IT company. They’ve come out from the technical infrastructure and begun making an impact on real life, practical processes.
The question of whether or not you can manage disaster is perhaps an incomplete one considering humans have been given the will and desire to survive through the most challenging circumstances. So the fact that the survival is already happening, is somewhat irrelevant. What people are becoming more aware of is the fact that they are unable to prepare themselves to cope with disaster. In order to maintain the continuity of business, it is essential to be able to have the necessary backup or secondary switch that you can turn on, and keep going.
A few months ago, we covered LMKR and how they had managed the aftermath of the Marriott Bombing, something that people appreciated around the world. Other IT companies were also able to follow their DR plans and mitigate the aftereffects of the tragic incident, but here’s the point: because IT companies know about all of this because the largest chunk of their business is dependent on their intellectual property. In a world where technology helps manage business, you really don’t have an excuse to get caught unprepared.
Whether it is a natural disaster or an attack of sorts, have you thought to ask your office building on what their DM plan is? How about the school where your children may go? In the event of chaos, what plan of action will be followed? Same list of questions apply to hotels, restaurants, city district planning agencies – this is an endless list. In a lot of cases where disaster planning for physical damage is done, people still fail to plan how they are going to rehabilitate themselves back into the system. It’s the same sustainability (or lack there of) challenge all over again. If you conduct a Business Impact Analysis in your organization, it will help you to figure out what your various operations are and since most apps are linked to one another, how long you can afford to have one app or area down, before it begins impacting the core business function.
You’d like to think that the BIA is something that is done through technology, but it’s not. The majority of the BIA planning is done by an analyst who can communicate with each of the departments and areas and actually assess the importance of every step of the organizational and virtual hierarchy.
Before selecting a Disaster Recovery strategy, the Disaster Recovery planner should refer to the company’s business continuity plan which should specify the key metrics of Recovery Point Objective (RPO) and Recovery Time Objective (RTO) for various business processes. The metrics specified for the business processes must then be mapped to the underlying IT systems and infrastructure that support those processes.
While it is important to have Disaster RPOs and RTOs in place, here’s something to think about: what if the critical data you are currently using, becomes corrupt? Worse yet, what if someone accidentally deletes some portion? Well, the IT manager will head over into the most recent backup data, and simply recover. But because when there is no crisis as such, the data backup is usually done on a 24-hour, daily basis, think about the situation you are creating for the organization – the daily RTO and RPO back is up 24-24 (24 hours each), whilst lets say that you define the disaster RTO and RPO to be 4-4. In the event of an unplanned incident which is not necessarily a disaster, you can’t get to the data until 24 hours later, which means that unless you ‘declare’ the organization to be in a state of disaster, you will have lost 24 hours worth of data! So it is imperative that your regular metrics match with your disaster or in-crisis metrics.
You can always rebuild brick and mortar however once your virtual operations are compromised, there is nothing you can do to bring it back.
Initiating the Process for Business Continuity
Business Continuity is the umbrella which sits on top of Disaster Recovery. Recovering lost data or assets is simply a part of business continuance.
Depending on how your organization is set up and structured, you or your clients need to have real-time access to specific bits of data so that business can be continued.
If you run a company where your major interaction with your customers is through a website interface, then it would serve you well if you were mirroring that website in a secondary location, whereby customers trying to resolve the DNS of one server, can be redirected to another. In case you cluster the application so that you are able to make that switch. Clustering will also help you to reroute your data through an alternate node should an unplanned incident happen on the node outside your organizational premises. This is something which helps you to become more fault tolerant regardless of the fact that the solution you might be running isn’t a high availability solution. So if PTCL gets a cable fault, at least you can still be running your operation.
It is also important to have role-based recovery in place, rather than specify one, single individual who will be responsible for a specific task in the time when the crisis is hot. Different people react differently in the time of crisis and you don’t want to have to put someone in a place he or she can’t handle. Rather, put the position or job description to manage the recovery.
Here are some of the standard backup measures which you may want to keep in mind:
• Backups made to tape or high capacity, highly available media and sent off-site at regular intervals (preferably daily)
• Backups made to disk on-site and automatically copied to off-site disk, or made directly to off-site disk
• Replication of data to an off-site location, which over comes the need to restore the data (only the systems then need to be restored or synced). This generally makes use of Storage Area Network (SAN) technology
• High availability systems which keep both the data and system replicated off-site, enabling continuous access to systems and data
In many cases, an organization may elect to use an outsourced disaster recovery provider to provide a stand-by site and systems rather than using their own remote facilities. While a lot of companies, especially banks and financial sector organizations, are actively setting up their own DR sites, Pakistan does have a Tier 4 Data Center and Disaster Recovery site running, which is managed by CubeXS Weatherly (cubexsweatherly.com).
In addition to preparing for the need to recover systems, organizations must also implement precautionary measures with an objective of preventing a disaster situation in the first place. These may include some of the following:
• Uninterruptible Power Supply (UPS) and/or Backup Generator to keep systems going in the event of a power failure. Have appropriate fire prevention and anti-virus tools in place.
Developing the DM and BCP:
Naseer Akhtar, President and CEO of Infotech
At what point in a company’s business or operational lifecycle, should the Disaster Management or Business Continuity Plan be developed?
Any business, regardless of its type and size of operation, need a DM and BCP in order to continue and sustain the business operations. Starting from a corner grocery shop, up to a national or a multi-national bank, everyone needs to find alternate service delivery channels to their customers in case of a disaster. The best time to put DM and BCP in place is when ever the realization occurs to continue serving customers.
With such a tumultuous political and economic environment, how can company know what strategy will work best for the company?
Political and economic environment should not impact on decision for a company to develop and implement such strategic initiatives.
What are the different categories which a BCP can be prioritized?
The best approach to strategize, plan and implement BCP is to conduct Business Impact Analysis of each business unit, in order to prioritize various critical functions and processes. You categorize different processes and make redundant, for example, the ones that are mission critical, and work your way down from there. You manage the strategy so that in the event of an incident, your business can continue, albeit from a different location.
How frequently should a DM or BC strategy be revised?
As and when a need occurs, but should be done on an annual basis. And it is a critical component of the policy.
Companies working through all the crises in the world are forced to be reactive as opposed to proactive. Is it possible to make up for lost time?
It’s never too late! Each company must cater for and budget as soon as the importance is realized, and or a situation occurs. This is an evolutionary process but the management must believe in the critical importance of a BCP in place. Until they don’t, the implementation and execution will never work.
What’s the biggest challenge a DM/BCP consultant, faces?
Most companies tend to carry out the planning and implementation exercise internally. Ideally it should be outsourced to an outsider to conduct Business Impact Analysis and suggest a suitable strategy and approach on BCP.
Naseer may be contacted at naseer@infotech.com.pk
The Weakest Link by CSO Pakistan
Technology, at the end of the day, is only as secure as the person using it. You can have all the content filters and packet sniffing software in place across your network, but if there is someone viewing something he shouldn’t be, there is little you can do. Another example. Install all the anti-virus software applications you can get your hands on and spend day and night to keep them updated. Put in an outgoing quota on your email server so that nobody can send attachment or receive .exe or zipped files. But if someone sends a link to a site which will inadvertently install a small server on your machine, there is nothing you can do to stop it.
You can buy the most secure system in the world at your disposal, but if you have a disgruntled person in your IT department, it is as vulnerable as a sponge. Footprints, access codes, loop holes and exceptions can all be masked into any system, and altering the log so that the knowledge of that backdoor is only known to the person creating it, is all a reality.
You access all your web accounts and even plug into your enterprise network using your cellphone. Like most people, you have your passwords saved. God forbid your cellphone gets into the wrong hands and you will have trouble recalling which accounts you accessed and which passwords you need reset.
Do you see a trend here? You should, because we’re certainly not outlining the script from a movie. No matter what you deploy to secure your network and system, until you do something to secure and mobilize the human factor in any organization, you are going to always be vulnerable. And no, it doesn’t matter whether your organization is small or large. As long as you have people, you are going to have ways to get into the system.
Social Engineering
Social Engineering is something that gives true character and personality to a “smooth talker”. Someone who will use his or her social skills to get you to reveal critical packets of information which can be used to break down your business, is an increased risk in the corporate environment. Ever been in a situation where you divulged some confidential information to a friend or a confidante? Shown off a credit card that has your photo ID on it just so they can ‘wow’ at your smile? A casual conversation where you revealed some classified information to impress someone? In today’s age of increased corporate competitiveness, there are more chances that it will be used to get into a network, gain access through a firewall and exploit an organization.
People! The biggest risk, in this case, is also the biggest asset in any organization. You obviously can’t function without people in place. But security is not about code or software. It’s about seeing the people and noticing a change in their behavior. If there is a modification, debug and defuse it before the problem causes irreparable and irreversible damage to the repute of the organization.
You do need to enforce policies in place and while these policies are there to protect the business, they are also implemented keeping in mind the behavior of the company’s team members.
So next time you think about how secure your office or network is, take a moment to look at the office environment around you. The organization, network or security solution is only as strong as its weakest link.
DataPoints
January 3, 2009 by graphics
Filed under Articles, CMO, Event Updates, PASHA ICT Awards 2008
How much of Pakistan is on Facebook?
It’s always interesting, almost mind-blowing, to find out just how many Pakistanis are logged in anywhere. The number of registered users from Pakistan on one of the world’s largest social networking communities, Facebook, is an eye-opener!
Read more
IT Systems Scorecard
January 3, 2009 by graphics
Filed under Applied Insight
Robert Kaplan and David Norton publicized the concept of a Balanced Scorecard for strategic management of a business in early 90s. The idea was to evaluate a business from multiple perspectives in addition to financial goals to have a holistic view of the organization’s ability to deliver on its vision. The Balanced Scorecard has since become a fertile area of management theory which continues to evolve in all sorts of specialized areas. The four perspectives of the balanced scorecard were financial, customer, internal processes and human resources.
Similar to the Balanced Scorecard as a concept which changed the approach towards performance management, John Zachman published a paper called Framework for Enterprise Architecture in 1989. It is commonly known as the Zachman Framework and it provides a two dimensional view into Information Technology. Over the last 2 decades the Zachman framework has also become a foundation for IT management theories and pieces of the framework have provided for numerous tools, methodologies and best practices. Today the term enterprise architecture refers to a holistic planning and management framework of all aspects of an information technology department. The Zachman Framework has become for IT what periodic table is for chemistry. Its visual representation follows a similar look and feel. A simplified view is presented below
Each cell is filled up with the relevant information at the intersection of a viewpoint with the information technology component. It will be important to note that this framework was designed in the mainframe era long before the multi-tiered web based systems became a norm in IT industry. The conceptual foundation of the framework remains intact even after 20 years but implementation details within each cell have been evolving with the innovation in technology.
The detailed explanation or overview of either the Balanced Scorecard or the Zachman Framework is beyond the scope of this article. which is concerned with developing a scorecard that allows the business owners and IT management to effectively assess the state of a system. Readers not familiar with these two concepts will not have any problems following the methodology being produced below to score or grade a system for effective management and planning of IT resources employed in building or maintaining an application system. This scorecard inherits ideas both from the Balanced Scorecard and Zachman Framework.
Why a Scorecard
Let’s look at the problem first as to why an IT system would need a scorecard. A scorecard provides a point in time evaluation of the overall state of an IT application system. Similar to the need for a balanced scorecard where only the financial metrics were not enough and a holistic view was needed, the traditional IT systems metrics dealt with down time and maintenance issues. A more holistic view of the IT system which combines the development perspective, the business perspective and the infrastructure perspective was not available. The lack of such a holistic scorecard made it difficult for the application system to support the business in high priority areas of expansion, stability and compliance. It is therefore required that each system should go through a review and a scorecard developed. This will allow business to assess the readiness of the system to meet changing business needs as well as address cost pressures in tough economic times. The scorecard will allow management to track performance of the system and estimate its future stability from security, compliance, stability and ability to adapt to changing business needs. With frequent scorecards benchmarked, the IT management can continue to improve upon areas lacking an acceptable grade.
The scope of computing has broadened over the last 70 years. Initially, computing systems were used for heavy scientific calculations; the more famous ones being deciphers during the Second World War. Later on communication and record keeping became commercial drivers for computer systems. While there is no agreement on when exactly computing or scientific computing changed into Information Technology, it is safe to assume that mainframe systems when deployed in large corporations to run their business processes is when computing became IT. The score of the scorecard is limited to IT application systems which are built and deployed to automate business processes. All other systems related to scientific calculations, weather forecasting, risk modeling or archival applications are not covered through this scorecard.
Application System Scorecard
The scorecard is a snapshot of the state of the system along two dimensions, an IT dimension comprising Data, Function, Infrastructure and Development and a dimension of maturity comprising People, Process, Technology and Documentation. The cells at the intersection of the two dimensions are scored from 1 to 5. The following table depicts the scorecard template:
For each application system Data refers to its data structure including all the entities, relationships and attributes. Function refers to the business process that the system automates. Infrastructure is the environment including hardware and networking where the system is running while Development refers to the design and implementation code used to program the system. On the other dimension elements of quality are gauged on People, Processes, Technology and Documentation.
All the cells are explained below for their scoring schemes. The schemes explain the bottom (1) and the top end (5) of the score and leave the intermediate scales to the relative subjectivity of the evaluator.
Data – People: A score of 1 is where programmers built the structure as they moved along with coding with no database design specialist available. A score of 5 is where a trained Data Architect finished a holistic design of the entire system in the design stage of the development
Data – Process: A score of 1 is where no process exists to modify the data model. A score of 5 is where the process estimates the impact in terms of data migration, program code, performance and integration with other systems before a data model change is approved and version control is in place
Data – Technology: A score of 1 is where some obsolete database system is being used like Clipper, FoxPro or Dbase and/or no database security controls in place. A score of 5 is where a mainstream RDBMS with up-to-date version and patches is used with best practice security controls
Data – Documentation: A score of 1 is where no documentation is available and 5 is where a detailed data dictionary with logical and physical models is available
Function – People: A score of 1 is where no subject matter expertise is available for the business process and 5 is where a senior business analyst well versed in all aspects of the business process is available being able to address audit, security and integration requirements in addition to functional requirements
Function – Process: A score of 1 is where no change management process is in place while a 5 is where extensive pre and post analysis as well as testing takes place along with version control
Function – Technology: A score of 1 is where obsolete front-end technology is utilized and or web based GUI is not available. A score of 5 is where a robust thin client user front-end is available and changing the look and feel does not require complex code changes
Function – Documentation: A score of 1 is where no documentation on the business process is available while a score of 5 is where detailed process flows and data flows are available
Infrastructure – People: A score of 1 is where specialized roles and skills are not available for networking, system administration and DBA activities. A score of 5 is where certified staff in specialized skills is available
Infrastructure – Process: A score of 1 is where regular maintenance for back-up and patches is not performed and BCP and DR plans are not in place. A score of 5 is where a standard like ISO or ITIL is in place
Infrastructure – Technology: A score of 1 is where obsolete and vulnerable networking and storage systems run the application. A score of 5 is where modern hardware like SAN storage, blade servers and networking appliances are in place for the application system
Infrastructure – Documentation: A score of 1 is where no documentation of the equipment is available like models, vendors, specifications, etc. A score of 5 is when a hardware asset management system is in place along with BCP and DR plans and documentation on infrastructure design
Development – People: A score of 1 is where developers are not trained in any kind of SDLC and coding best practices. A score of 5 is where staff is certified in programming and design techniques
Development – Process: A score of 1 is where no change management or any SDLC is in place. A score of 5 is where the system development is governed by established processes like PRINCE or CMMI
Development – Technology: A score of 1 is where obsolete programming language or environment is being used. A score of 5 is where Object Oriented or multi-tiered development environment, reusable components and testing tools are available to developers
Development – Documentation: A score of 1 is where no formal documentation is in place while a score of 5 required detailed specification and testing plans available in a use-case like format
An enterprise architecture group outside of the development and infrastructure teams should be responsible for scoring the application systems. The reports of the score should be submitted to the upper management. A matrix filled up with numbers with detailed descriptions below is a simple report that can be used to assign targets for the next review cycle. These reports over time will also help address the build Vs buy decisions as well as outsourcing decisions. Hiring can also be influenced looking at the areas with weakness across multiple systems. Overall, a periodic health check using this scorecard provides an apple to apple comparison between teams, management and service providers to better manage an IT department with improved quality and lower costs. A history of periodic scorecards on application systems also raise flags early enough in the process when strategic shifts in business are going to force IT changes. Similarly, technology risk, compliance and readiness of certain business processes to take on a merger/acquisition or major business change can be pro-actively managed.
Making NGO’s
A Not-For-Profit has the same challenge a For-Profit organization has – it needs funding to stay afloat. While it is easy to say that a “good” charity will attract the dollars or rupees, closer inspection reveals a very different picture. Over the course of time, law enforcement agencies have come down hard on NGOs since people have abused the potential funding magnets.
With time, the legal issues tend to follow every type of organization. However there are strategies that the IT Heads of NGOs and not-for-profits can use technology to make their processes more accountable. You’re sitting up asking how this is possible?
Well, because technology frameworks allow for a great deal of documentation, you have an automatic insertion of accountability. Timestamps of when someone submitted a document or logged in can all be part of the internal systems which can be simple to maintain. If you deploy something known as SAAS, or Software as a Service, this could be the answer to some of your woes.
Donors and sponsors want to see how you are using the funds that come into your organization. In addition to having your objectives and mission in place, you also need to have your accounting and audit processes in place. You also need to be able to garner support from within the community so you have can generate collaborative support for the work that you are doing. If someone can’t pay in cash, they might be able to do so in kind.
A cursory search online reveals a US-based company called Convio.com who specializes in SAAS for NGOs. An interesting solution that they offer is called the Convio Common Ground, which is a web-based constituent relationship management system to track an organization’s interaction with its sponsors and donors. Based on the weakness which you have identified in your charity organization, the company seems to have a solution and consultancy in place to help.
The concept of Cloud Computing, Virtualization and Outsourcing already helps to cut IT management costs, so the concept fits in well with that of the Not-For-Profit. Cloud Computing ERPs can help to consolidate data and convert it into information and service and entire portfolio of users who need access to that data. Access to a Unified Database, which consolidates the data generated or input from the ERM (Enterprise Resource Management) and the ERP (Enterprise Resource Planning), into one consolidated, meaningful database. Effectively, if you can pull in data from your Sales and Business Development, Operations, Finance and Services departments, you will be able to figure out a way forward more accurately based on the historical analysis that all this data can produce for you.
Reaching Out
While you don’t want to engage in a spam effort which actually puts off the internet audience, you should be thinking about using your web presence a lot more effectively than you already are perhaps. A lot of expatriate Pakistanis who perhaps want to donate but simply have no way of simply sending their money into an accountable and reliable NGO of their choosing, restricts them from being able to donate as they would like to. If you don’t have a landing page that shows your genuine outlook to potential donors, you are not going to be able to tap into an available funding resource.
A few months ago, through Tariq Mustafa, a network engineer who works at Multinet, Anthony Craig of CEOcial.com made a request to make a small donation to a grassroots community school. When we submitted a number of possibilities, Anthony selected the one Not-For-Profit community school that had a website up. The Al Zohra Welfare Foundation is a small community center and school which benefits women and girls from within its surrounding locality. Despite the fact that its website (alzohrawelfare.org) doesn’t have a lot of detailed information, the fact of the matter is this – because the website showed the school and some of its work, perhaps that’s what encouraged Anthony to send his donation across. CEOcial.com is a community which provides a platform where CEOs who travel a lot, can coordinate their schedules and perhaps set up meetings at the airports during extended transit times. But someone willing to give, will try and at least verify the details through the web, prior to sending the donation.
Have your audit reports out. Put out all the contact information so people can have the peace of mind that there is going to be a way to measure how their money is going to be utilized within the scope of the NGO.
Blog. And if you don’t know how to blog, then reach out to the blogging community and let them know that you need help. You don’t need to have your name plastered across the WWW, but you should have frequent information being posted either on your own website, which can then be sent via RSS and other sources to other blogs, typically the ones that write about social activism.
Marketing and promotional budgets are something that no company ever has enough of. NGOs are no exception to this rule. Since mainstream media also looks to the web for information and current events, there are more chances that you will be acknowledged by the mainstream media if you are being written about online. Mobilizing people, funds or resources can be relatively free of cost if you discount the value of the time you will spend reaching out. A growing number of events, whether they are Crosby Asset Management letting people know that they are having a tree-planting day or publicizing a concert or gathering, if you can use the online resources that you have available to you, you can get the word out more effectively than the headache of agencies, designs and additional costs. While there are times when print and electronic collateral should be used, the majority of initiatives can be promoted at little or no budget.
For NGOs that are interested in better understanding how the various components of the interactive web can help, you may also want to read up the case study about The Second Floor, a project of PeaceNiche, which is an NGO run by Sabeen Mahmud. CMO Pakistan ran a story about her in the December 2008 issue, which you can also search for online.
Reputation is very critical when it comes the online media. None of the activities can happen above if you abuse the “goodness” that comes with running a charity. But once again, because Web 2.0 allows a level of transparency, if people can interact with you, call and speak with you or engage over email with you, this might just work for you.
According to a survey done by Convio.com in the form of a report called “Wired Wealthy”, high dollar donors actually only make up 1% of the kinds of people who normally support a charity organization. A relatively large population of people who are more likely to support charities and organization in cash or kind, seem to be the kinds of people who are wired and connected to the world wide web. These are people who have been using the Internet for about 12 years, spend an average 18 hours online every week and actually use the web to make their everyday tasks easier.
According to the same survey report, it is reported that 60% of people say that if an organization has a website, they feel more personally connected to the cause. The survey findings also suggest that this group of people is more likely to visit an organization’s website after making a donation. They will also view videos online.
Online donations is a problem for charities working out of Pakistan. Since there are limited online options to have a reliable online “donation” solution for NGOs, most people still rely on bank transfers. Either the liability issue makes it problematic for companies to deploy an online donation solution, else it just costs too much. Until micro payments enter the picture in a more sensible, practical manner, the integration process will probably remain on hold.
Technology offers a lot of solutions for companies who have meager budgets and want to change the way the world works. Working with communities is indeed a very honorable thing, but if nobody knows what you have accomplished, you will always struggle with funding. If you can manage to make at least a one-time investment and get your bearings right with the right Content Management System, CRM solution and ERP for NGOs, it will help you be more accurately organized in the long run.
If you have your processes in place, the sustainability will eventually come into place.
Understanding RFID in Your Business
We live in a great big world that is driven by a lot of business in it, and there are a lot of ways that enable the integration of technology into the operational asset of a company so that work can be done more efficiently. Farhan Masood is the CEO of a company called Solo Smart which, amongst other things, develops innovative technological solutions and we contacted him to talk a bit more about a technology that is being used increasingly for tagging communications and identification. RFID, or Radio Frequency Identification, according to Wikipedia.com, is an automatic identification method, which relies on storing and remote retrieval of data using devices called RFID tags or transponders.
Read more
