tag:blogger.com,1999:blog-105181462024-03-07T19:57:13.884-05:00Michael Stein's NON-PROFIT TECHNOLOGY BLOGThoughts on technology, software, and organizational life.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.comBlogger241125tag:blogger.com,1999:blog-10518146.post-71500859155558154432009-08-19T04:37:00.034-05:002010-04-30T11:07:06.498-05:00PCI compliance anxiety ratchets up<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWVZzDc9Z2b1Ptt7U7-TDCvwNOFEsrSBUxwa0hmnvtkKIHzbkohvaDCKnsuLSL-J1yaQ2w4jxud8z_CrzZjcGxxtNYCyztDQ97TRAMusdoiEeaT_uCNOUnz7NpjZfpmQCPC0Go/s1600-h/pci.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 110px; height: 83px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWVZzDc9Z2b1Ptt7U7-TDCvwNOFEsrSBUxwa0hmnvtkKIHzbkohvaDCKnsuLSL-J1yaQ2w4jxud8z_CrzZjcGxxtNYCyztDQ97TRAMusdoiEeaT_uCNOUnz7NpjZfpmQCPC0Go/s320/pci.jpg" alt="" id="BLOGGER_PHOTO_ID_5372138596514042146" border="0" /></a><span style="font-weight: bold; color: rgb(102, 0, 0);">In the last few weeks our office phones have been ringing with calls from clients concerned about PCI compliance.</span> A mounting realization that enforcement of these credit card standards is indeed coming, the October deadline to use compliant applications, and widespread confusion about what the standards are and who they apply to, is bringing the issue of credit card security to a boil. [UPDATE: I've created an entire page of PCI information at: <a href="http://membersonlysoftware.com/pci">http://membersonlysoftware.com/pci</a> ]<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">The background:</span> PCI is an association of the major credit card issuers. The PCI Data Security Standard (PCI-DSS) is a list of twelve security requirements that merchant account holders must meet. According to the standard, <span style="font-style: italic;">"PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply."</span> In other words, if you ever send a credit card number through to the bank for processing, you've got to pass muster. Validation of compliance may require an on-site audit, or may be done by self-assessment and a notarized attestation. And while 12 requirements does not sound like much, the sub-points of each requirement make it clear that the standard affects pretty much every aspect of your IT system and your payment processes.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">The biggest misconception we see among our clients is the idea that if they are using the right credit card processing system or software, they are compliant.</span> Of course there are requirements that payment applications must meet. <span style="color: rgb(0, 0, 0);">Failure to use compliant software is a sure path to flunking your compliance audit.<span style="font-weight: bold;"> </span></span><span style="color: rgb(102, 0, 0);"><span style="color: rgb(0, 0, 0);">But using compliant software does not begin to guarantee that you the merchant are yourself compliant. The entire security of your computer system comes under the purview of the PCI.</span></span><span style="font-weight: bold; color: rgb(102, 0, 0);"> </span><span style="color: rgb(0, 0, 0);">In addition, any paper systems that might contain account number data are also involved.</span><br /><blockquote style="font-style: italic; color: rgb(51, 51, 255);">Failure to use compliant software is a sure path to flunking your compliance audit. <span style="font-weight: bold;"> </span><span style="color: rgb(51, 51, 255);">But using compliant software does not begin to guarantee that you the merchant are yourself compliant.</span></blockquote><br />Let's look at one example. Requirement #1 reads <span style="font-weight: bold; color: rgb(102, 0, 0);">"Install and maintain a firewall configuration to protect cardholder data."</span> You might think the fact that you have an industry standard firewall product installed gets you a pass on this one. But that is just a starting point. The requirement's details indicate that you need<br /><ul><li>a written policy on how any change to the router or firewall configuration is approved and made. </li><li>a network diagram that shows all connections and all devices and a process to make sure the diagram is up to date. </li><li>documentation of the business case for all ports that are open and all protocols that are in use. </li><li>a formal review of all firewall and router settings every six months.</li></ul> But back to the your software applications. Requirement 6 simply reads "Develop and Maintain secure systems and applications." How is <span style="font-weight: bold;">secure </span>defined here, and how do you prove it in a PCI audit?<br /><br />Software applications that are sold "off the shelf"" can apply for the PA-DSS certification. (The Payment Application Data Security Standard - this is a <span style="font-style: italic;">separate </span>standard governing just the software that management credit card payments). Software that is customized for a user organization <span style="font-weight: bold; color: rgb(102, 0, 0);">cannot </span>receive the PA-DSS designation. Instead custom software comes under the scope of each user's PCI compliance audit and may require a code review. <span style="font-weight: bold; color: rgb(102, 0, 0);"><br /><br />The best solution for a customized application is for it to avoid ever coming into contact with a credit card account number, and simply delegate all card handling to a certified PA-DSS compliant application.</span><br /><br />This is a bigger deal than you might think. For example, if you want to capture the credit card number for a donation in page you have carefully designed and branded, you will need to code review and validate this page as part of your compliance even if all it does is pass this number to a PA-DSS certified payment app.<br /><br />But your greatest exposure arises if you <span style="font-style: italic;">store </span>credit card numbers for any reason after the moment of the transaction. For example, many non-profits charge sustaining donors' pledges against their credit cards on a monthly basis; YMCA's often charge for their dues this way. The requirements for protecting credit card data of this sort are daunting. Maintaining this sensitive data in an encrypted database using the latest encryption technology may not be enough if you cannot document your procedures for controlling access to the keys, monitoring physical access to the server, and so on. <span style="font-weight: bold; color: rgb(102, 0, 0);"><br /><br />The best solution, is to hand off ALL credit card storage as well to a PA-DSS certified application that stores the numbers out in the internet cloud, far from your server, and your liability. </span><span style="color: rgb(0, 0, 0);">We've selected to partner with CAMcommerce, for example, whose PA-DSS certified xCharge application is a dream to integrate with and will provide Members Only users with the security they need. </span><span style="font-weight: bold; color: rgb(102, 0, 0);"><br /><br /></span><span style="color: rgb(0, 0, 0);">All of this demands that custom applications find new ways of interfacing with payment software. For example, a very widely-used method for interfacing with payment applications</span><span style="font-weight: bold; color: rgb(102, 0, 0);"> </span><span style="color: rgb(102, 0, 0);"><span style="color: rgb(0, 0, 0);">involves the business application creating a batch file that is submitted to the payment app. This file contains credit card numbers written out in plain text. And the application returns a batch of response data, again with the number in plain text. This approach is certainly not compliant with the new security requirements. Like Y2K a decade ago, PCI and PA-DSS compliance are going to keep programmers busy for a while.<br /></span></span><hr /><span style="font-size:85%;">Additional Information: The <a href="https://www.pcisecuritystandards.org/">PCI Security</a> site is full of information about the standard and compliance testing. "<a href="https://www.pcisecuritystandards.org/pdfs/pci_dss_saq_navigating_dss.pdf">Navigating PCI-DSS</a>" is a fifty page introduction to the terms of the standard and the meaning and intent of each clause. It's the best thing to read to get a sense of what this is all about. The Full PCI_DSS specification can be downloaded from <a href="https://www.pcisecuritystandards.org/security_standards/pci_dss.shtml">this page</a></span>. <span style="font-size:85%;">And when you are ready, you can also find the <a href="https://www.pcisecuritystandards.org/saq/index.shtml">self-assessment questionnaire</a> here. </span><input id="gwProxy" type="hidden"><!--Session data--><input onclick="jsCall();" id="jsProxy" type="hidden"><div id="refHTML"></div>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com3tag:blogger.com,1999:blog-10518146.post-70399858284102541022009-07-15T05:56:00.018-05:002009-07-15T10:00:55.557-05:00Capability Stairsteps<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaNT49WWnqJ_8lY80mXz8gNHYO5Z3GeO_fVChMvqa9N83_oFYLoG9Y1Qvu-oMRRu3i7-xVzFLwxoFG6O_zX_qnif95Teg6xR2fq5-jIXcN-M6D-p85jGOA3wnecwfcwOGuvYJO/s1600-h/stairs.gif"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 276px; height: 320px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhaNT49WWnqJ_8lY80mXz8gNHYO5Z3GeO_fVChMvqa9N83_oFYLoG9Y1Qvu-oMRRu3i7-xVzFLwxoFG6O_zX_qnif95Teg6xR2fq5-jIXcN-M6D-p85jGOA3wnecwfcwOGuvYJO/s320/stairs.gif" alt="" id="BLOGGER_PHOTO_ID_5358663439673249282" border="0" /></a><br />When we begin a new deployment of our software applications at an organization, we always ask the users "How will you know if this project was a success or not?" We're usually expecting to hear things like "Our staff will spend significantly less time putting together monthly reports" or "We will finally have agreement between the membership lists on the website and in the AMS." But at a recent project kickoff the bar for success was really low: "Our staff will actually use the system."<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Problems with the adoption of new IT tools can rob an implementation of much of its ROI.</span> And the the solution is not simply making sure you've picked the right tool and delivered the proper training. There are specific steps that need to be taken to encourage user adoption.<br /><br />My friend Russ Eisentstat of <a href="http://www.truepoint.com/who_we_are/index.html">TruePoint</a> uses the phrase "capability stairsteps" to emphasize the incremental nature of such transitions. These steps may involve partial use of the new tool, use by a subset of the eventual target user community, or both. <span style="font-weight: bold; color: rgb(102, 0, 0);">But before you can climb these steps you need to design them - </span><span style="font-weight: bold;"><span style="color: rgb(102, 0, 0);">adoption will not necessarily spread naturally or completely unless the organization creates a plan and monitors it</span>.</span><br /><br />The example Russ and I discussed related to the use of a wiki to capture organizational knowledge. One of my long-standing contentions is that an enormous amount of organizational knowledge exists in emails between stakeholders. If these emails were simply captured and organized, a great deal of knowledge documentation could be managed with little or no new writing. But both of us had limited success in encouraging our own organizations to use our wiki.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">What would a stairstep model for adoption of the wiki look like? </span><span style="color: rgb(51, 0, 0);"><span style="color: rgb(0, 0, 0);">First we need to put someone in charge!</span></span><span style="font-weight: bold; color: rgb(51, 0, 0);"> </span>This is a step that is often ignored in this type of change management. Someone needs to take personal responsibility for the effort to develop the wiki into a useful tool. As soon as we have identified the wikimaster, we have at least one more committed user.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">The next step is to identify the barriers to adoption so we can plan to eliminate them. </span> Russ and I both agreed that the main barrier is the catch 22 of social sites: the wiki is not attractive to users if it is not yet rich with useful information -- but this will not happen until people begin using it. This barrier can be reduced by "priming the pump." Step two is that the wikimaster takes active responsibility for getting the first fifty articles on the site. He can poll users frequently to get them to send him any material that would be apporpriate for inclusion. This spreads some buzz about the wiki without asking people to utilize it themselves in any way.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">A second barrier: it takes a bit more learning to become adept at posting than just to read the site. </span> So this suggests the next increment. Step three is to encourage the use of the wiki as a passive repository of information, without leaning on people to post. People can still rely on the wikimaster to post their articles, but can begin to turn to the wiki to look for information they might need.<br /><br /><img src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjM8RGFCDNVdcV1HFunLYlBRG5REnBCXywsPKn4ukxtHu7EcZ0wldkw6yTQqzNYYzGW72DY2erXDpxy8symQmrz2kP2J6z5yPB-mEhJlJLUE1o9ej5JVTxOxftCPnS7fv7udlQ/s800/stairsteps.png" style="width: 500px;" /><br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Only now do we tackle active contribution - again a step at a time.</span> In Step four might the wikimaster to encourages people to comment on exisiting articles - reminding them of this capability, and having existing champions comment to prime the discussion on this forum.<br /><br />Step five might be then to put in place rules for how others should post their own articles - how to tag them, how to deal with the home page, how new articles are announced, and so on. At this point a training or informational session might be held for new posters.<br /><br />So what I had thought was a one step procedure - "let's start using this new tool" - has become a five step staircase. This model of identifying barriers and building a step to climb over each one in sequence can be used to encourage adoption of systems of all kinds.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-11618809149366967422009-04-22T09:53:00.008-05:002009-04-23T06:26:33.335-05:00Earth Day Roundup<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gupyKZmcD1m22g4tP52M2LQo4cJO1zp_6brn1J1B6KTEbt_FnQI2BY3wwzLfHHwqz0WM1WMwisZvEc0qUmTXNccB3OswwBM0f-I_e8qezXxnyU_YcP6FOyF35OzXG81vYbQT/s1600-h/earthday.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 118px; height: 119px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi9gupyKZmcD1m22g4tP52M2LQo4cJO1zp_6brn1J1B6KTEbt_FnQI2BY3wwzLfHHwqz0WM1WMwisZvEc0qUmTXNccB3OswwBM0f-I_e8qezXxnyU_YcP6FOyF35OzXG81vYbQT/s320/earthday.jpg" alt="" id="BLOGGER_PHOTO_ID_5327846379064780514" border="0" /></a>Links to some interesting reading this Earth Day:<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Green IT.</span> A couple months ago I posted about "Green IT" and the growing awareness that information technology demands fuel and creates emissions like all other energy consuming activities. But <a href="http://news.bbc.co.uk/2/hi/technology/8001749.stm">this article</a> in the BBC took me by surprise... email SPAM is a major contributor to IT energy consumption, utilizing 33bn kilowatt-hours of energy every year, enough to power more than 2.4m home, and in the process contributing 17 million tons of carbon dioxide to our greenhouse gas burden.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Green Education.</span> A bit of good news for all the non-profits making efforts to educate their constituency about green issues: it makes a difference. <a href="http://yosemite.epa.gov/opa/admpress.nsf/bd4379a92ceceeac8525735900400c27/a193caab28eabbc08525759700532a00">The EPA reports</a> that there is a measurable improvement in air quality associated with environmental education. <blockquote style="font-style: italic;">Nearly half of the surveyed institutions hosting education programs reported an improvement in air quality at their facilities due to actions taken by students, including doing service-learning projects and fostering community partnerships. Examples include decreased levels of carbon monoxide and mold, and enactment of a policy that decreased car or bus idling.</blockquote><span style="font-weight: bold; color: rgb(102, 0, 0);">Green Markets?</span> Free-marketeers have been extolling the value of "Cap and Trade" solutions to control emissions... but there is mounting evidence that it is not so simple. An article in the British New Scientist reviews the results of the ETS (Emissions Trading Scheme) currently in place in the EU. The approach works when the price of permits is high. But if the value falls, the incentive to improve emissions falls right with it:<br /><blockquote style="font-style: italic;">As heavy industries mothball factories, energy use drops and demand for permits goes down. At the same time businesses try to raise cash by selling their unused permits, flooding the market and further depressing prices. French energy company EDF recently complained that carbon markets were failing just like the market for subprime mortgages. As a result, all kinds of green energy schemes are grinding to a halt.</blockquote>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-34558988549770994122009-03-21T12:25:00.015-05:002009-03-21T15:00:52.470-05:00Daily News, Daily Blues<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://michaelatmo.blogspot.com/2009/03/daily-news-daily-blues.html"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 119px; height: 111px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjSMYcwe7rWCg1xgvQ88giPCuLsWD-Na55Hz6-8_pkmHfccVoLiap8xTCgDqWiD3Cn4_B7JkZkEc9tQEADwiWv90uZf3wHkXwqZ7dZ58iwg8YYwsE22ba2inVBMmqJv4zU4bQFy/s320/newspaper.jpg" alt="" id="BLOGGER_PHOTO_ID_5315715634018770962" border="0" /></a>In the last few months, it seems that at every social gathering I attend, the conversation gets around to "Newspapers - what's going to happen to them?" The closing of the Seattle Post-Intelligencer's print operations a few weeks back, coupled with Hearst Corporation's announcement that may close the venerable San Francisco Chronicle as well, has brought the plight of print journalism into focus. And I've been finding that my friends get really worked up about it -- it's clear the newspaper as it exists today has real meaning in people's lives.<br /><br /><span style="font-weight: bold;">It's not a problem that suddenly snuck up on us.</span> Back in the summer of '06, <span style="font-weight: bold;">The Economist</span> <a href="http://www.economist.com/opinion/displayStory.cfm?Story_ID=7830218">was already talking</a> about the decline of print, and predicting that the future would see the closing of most local papers, and a new mix that consisted of "an elite group of serious newspapers available everywhere online, independent journalism backed by charities, thousands of fired-up bloggers and well-informed citizen journalists..."<br /><br /><span style="font-weight: bold;">The problem of course is the collapse of the traditional business model of the newspaper</span>. In that model advertisers pay publishers enough to support the news-gathering operation because advertising in a newspaper with decent reporting was the best way to get their copy in front of readers. As <a href="http://www.shirky.com/weblog/2009/03/newspapers-and-thinking-the-unthinkable/">essay</a> by new-media guru <span style="font-weight: bold;">Clay Shirky</span> points out, this is no longer the case, because<br /><blockquote style="color: rgb(51, 102, 255);">"...the core problem publishing solves — the incredible difficulty, complexity, and expense of making something available to the public — has stopped being a problem."<br /></blockquote><span style="font-weight: bold;">The Internet has disrupted the old economic realities of information distribution.</span> Because of that, advertisers have migrated to the net in droves. In the past, classified advertising was the most lucrative source of advertising revenue for the publisher - Rupert Murdoch referred to it as "a river of gold" - but that river is now reduced to a trickle, leading the Economist to say that Craigslist has done more than anything to destroy the newspaper. And publishers' reponse to that loss of revenue has been to cut expenses by shrinking the paper and reducing the news staff - in other words, by making their product less desirable.<br /><br />Shirky says, "<span style="color: rgb(51, 102, 255);">Society doesn’t need newspapers. What we need is journalism</span>." But the newspapers have provided a concentration of resources for serious journalism that the new media alternatives, such as The Huffington Post, let alone individual bloggers, have not yet demonstrated an ability to replace. <span style="font-weight: bold;">Walter Isaacson</span>, former managing editor of Time and former CEO of CNN, assumes that the print edition is dead but the institution need not perish with it. <a href="http://www.time.com/time/business/article/0,8599,1877191,00.html">He proposes </a>that the solution is for the major pappers to begin charging for their websites.<br /><blockquote style="color: rgb(51, 102, 255);">Even an old print junkie like me has quit subscribing to the New York <i>Times</i>, because if it doesn't see fit to charge for its content, I'd feel like a fool paying for it. This is not a business model that makes sense. </blockquote>Isaacson envisions both a subscription basis (as the Financial Times and Wall Street Journal currently have) as well as a micropayments model where individual articles have a small fee (five or ten cents each) for non-subscribers. Conventional wisdom is that people will not pay to read the newspaper online, but Isaacson is convined that it can be done. After all, he points out, people pay to text.<br /><hr /><span style="font-weight: bold;font-size:85%;" >Some resources:</span><span style="font-size:85%;"><br /><a href="http://www.economist.com/opinion/displayStory.cfm?Story_ID=7830218">"<span style="font-style: italic;">Who Killed the Newspaper</span>", </a><a href="http://www.economist.com/opinion/displayStory.cfm?Story_ID=7830218"><span style="font-weight: bold;">The Economist, </span></a><a href="http://www.economist.com/opinion/displayStory.cfm?Story_ID=7830218">August 24, 2006.</a><br /><a href="http://www.newyorker.com/reporting/2008/03/31/080331fa_fact_alterman">Eric Alterman, "<span style="font-style: italic;">The News Business: Out of Print</span>," </a><a href="http://www.newyorker.com/reporting/2008/03/31/080331fa_fact_alterman"><span style="font-weight: bold;">The New Yorker,</span></a><a href="http://www.newyorker.com/reporting/2008/03/31/080331fa_fact_alterman"> March 31, 2008</a><br /><a href="http://www.shirky.com/weblog/2009/03/newspapers-and-thinking-the-unthinkable/">Clay Shirky, <span style="font-style: italic;">"Newspapers and Thinking the Unthinkable"</span>,March 13th, 2009</a><br /><a href="http://www.time.com/time/business/article/0,8599,1877191,00.html">Walter Isaacson, <span style="font-style: italic;">"How to Save your Newspaper"</span>, <span style="font-weight: bold;">Time</span>, Feb 5th, 2009</a><br /><a href="http://dilbertblog.typepad.com/the_dilbert_blog/2007/10/the-future-of-n.html">Scott Adams, <span style="font-style: italic;">"The Future of Newspapers"</span>, Oct 1, 2007</a></span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com4tag:blogger.com,1999:blog-10518146.post-6758465260224852582009-01-27T06:05:00.007-05:002009-01-27T07:53:11.749-05:00What is Green IT?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKXUqdPJm-SwVGXpVWZMctyp-IASkIhNmjHePFjhpPPdqi6gA9VUhjCx192Gji5yNMUrYHSKdPQjHcLDFmETxNwldfjbNy5Hw9V8Fx18YAncMc6moBij_IgHIpI-4hw6zWHtVR/s1600-h/greenit.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 114px; height: 92px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjKXUqdPJm-SwVGXpVWZMctyp-IASkIhNmjHePFjhpPPdqi6gA9VUhjCx192Gji5yNMUrYHSKdPQjHcLDFmETxNwldfjbNy5Hw9V8Fx18YAncMc6moBij_IgHIpI-4hw6zWHtVR/s320/greenit.jpg" alt="" id="BLOGGER_PHOTO_ID_5295935941084597922" border="0" /></a><br />For a couple of years now we've been seeing talk of Green IT, and as early as 2007 management consulting giants <a href="http://www.gartner.com/it/page.jsp?id=526309">Gartner </a>and <a href="http://www.mckinseyquarterly.com/Information_Technology/Management/How_IT_can_cut_carbon_emissions_2221">McKinsey </a>were addressing Green issues as a major issue facing IT managers. The McKinsey report offers a concise statement of the issue:<span class="cHead"><br /></span><blockquote style="color: rgb(51, 51, 255);"><span class="cHead">The rapidly growing carbon footprint</span> associated with information and communications technologies, including laptops and PCs, data centers and computing networks, mobile phones, and telecommunications networks, could make them among the biggest greenhouse gas emitters by 2020. However, our research also suggests that there are opportunities to use these technologies to make the world economy more energy and carbon efficient</blockquote>So Green IT is really two issues: making information technology itself more energy efficient, and going beyond that to using IT to reduce the carbon footprint of other operations. Today's <a href="http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9126804&source=rss_news">EnergyWise </a>announcement by Cisco underscores the growing concern managers have in both these areas.<br /><br />The EDS blog The Next Big thing devoted <a href="http://www.eds.com/sites/cs/blogs/eds_next_big_thing_blog/archive/2008/11/18/what-do-you-mean-by-green-it-part-8.aspx">eight posts</a> last autumn to an in-depth look at the idea of Green IT and lays out a path that considers both of these issues in detail, focusing on the green data center.<br /><br />Many of these ideas seem more appropriate for a Google or Microsoft than for a medium-sized non-profit or association. Techsoup <a href="http://blog.techsoup.org/node/646">offers some suggestions</a> for Greening the smaller workplace. These include virtualizing your servers to use fewer boxes, and using your technology to minimze travel.<br /><br />Has your organization grappled with these issues? Have your solutions saved you money, added complexity, or both?Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-39103567817526800702008-10-07T07:11:00.010-05:002008-10-08T09:02:58.878-05:00Three common security pitfalls<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZacI5m2fZjUodsNNZvgYg2Ty4TMGwnZIwFoFox4Bu_cifdN-KgceqFcDq08_0GIrgX4eYOQV2kBvuE7hWPDKw68NeODtVwMrS1WteuY9YZU3b0sZBRVCLDUhItyZHJNv3cw_3/s1600-h/secure1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgZacI5m2fZjUodsNNZvgYg2Ty4TMGwnZIwFoFox4Bu_cifdN-KgceqFcDq08_0GIrgX4eYOQV2kBvuE7hWPDKw68NeODtVwMrS1WteuY9YZU3b0sZBRVCLDUhItyZHJNv3cw_3/s320/secure1.jpg" alt="" id="BLOGGER_PHOTO_ID_5254750721349514770" border="0" /></a>Security is a growing concern in the non-profits community. The requirements may be legally mandated, as in the case of HIPAA and client health care information. The issue may be competitive -- you do not want to hand out your grant applications to the other orgs in your building before you've even sent them off to funders. And everyone has finally woken up to the need to secure supporters' credit card information and comply with PCI standards.<br /><br />Organizations are putting increasing pressure on vendors of applications and networks to assure security through the use of encryption, https, and user specific access to data fields and tables. But we see three simple security flaws over and over again in the smaller non-profits.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Inadequate physical security of the servers.</span> Is your database server sitting in the unlocked phone closet? Is your web server in a room shared by three programmers? I know one group with real privacy concerns who keep the server on a counter in the break room. It doesn't really matter how much you lock your network down with the latest firewall technology and encryption techniques if the servers can be waltzed out of the building without causing a stir.<br /><br /><span style="color: rgb(102, 0, 0);"><span style="font-weight: bold;">Inadequate password security</span>.</span> I see this everywhere I go - users know each others passwords. It may even become part of standard operating procedure: "to do this, I log in as Eileen." Let your OS help you with this: require users to change their passwords frequently. Require complex passwords. Beat up on people who tell others what their password is. And if you have legally mandated privacy concerns, consider adding biometrics to your user authentication procedure - USB thumb scanners are widely available these days.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Improper Disposal of Computers</span>. When the time comes to dispose of a pc, what do you do with it? All your security efforts were for naught if you just sit the machine in the trash. Wipe that drive! Reformatting the drive does not do it - it just clears the directory structure. Any snoop can still read your data after a reformat. There are numerous software packages on the market for just this purpose - a number of government agencies have standardized on cyberCide. You can destroy the drive with a few well-placed drill holes - but the software approach is easier - and then you can still donate the old.<hr /><span style="font-style: italic;font-size:85%;" >Thanks to Sean Henriques for a tweeting a link that made me start thinking about this!</span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com2tag:blogger.com,1999:blog-10518146.post-27984713974584705742008-07-22T04:50:00.012-05:002008-12-09T19:14:47.891-05:00The Summertime Blues<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWfcavUHjqFfU6yu1AliGwZeXZndmd7-Q5HaLjzSr1RMSnSIrFS4rFgBgmlHVGZ27UHsV5QMWjIkRPmiP0na34YQNoW_T5x1DE8yukw2w0aM5ZljNkx3UPzz2vneE4ccxf-823/s1600-h/beach.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjWfcavUHjqFfU6yu1AliGwZeXZndmd7-Q5HaLjzSr1RMSnSIrFS4rFgBgmlHVGZ27UHsV5QMWjIkRPmiP0na34YQNoW_T5x1DE8yukw2w0aM5ZljNkx3UPzz2vneE4ccxf-823/s320/beach.jpg" alt="" id="BLOGGER_PHOTO_ID_5226202418694745538" border="0" /></a>You'll love those lazy hazy crazy days of summer - those days of hot dogs and pretzels and beer... remember that old tune? I can remember listening to it on the radio as we drove to the Catskills in my Dad's old Dodge. But vacations are different now - everywhere I'm reading articles about how we Americans don't really get away from our work anymore when we go on holiday. We go loaded with smartphone and laptop and a plan to get six weeks of special projects done during six days on the beach. I know that's how I made my last trip miserable.<br /><br />But I don't think we should get too new-agey about this one. <span style="font-weight: bold;">For the techie in the non-profit or association space, taking a guilt- and anxiety-free vacation is not about state of mind, but about preparation.</span> It's about making sure your organization, your clients, your users, really will be OK during your absence. Its a sort of preparation you need to be thinking about in one way or another before any absence - whether its a day off to paint your kitchen or a month-long trip through India.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Prepare your users.</span> Your users depend on you on a daily basis for solutions, for advice, for troubleshooting. The longer your absence is going to be, the earlier you need to let people know about it. Make sure all your key users understand when and for how long you will be out, and give them a good understanding of the limits on your availability during your vacation. Encourage them to think <span style="font-weight: bold;">now </span>about needs that might emerge during your time off. Make sure they factor your absence into their timeframes for special projects! And let them know where to turn for help while you are gone.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Prepare your backup.</span> The folks who are going to be filling in for you during your vacation need to know exactly where your major projects are at, how to find the information they might need, and who they can turn to for further help. Make sure they know exactly how and when they can contact you, and when you be unavailable. What should you prepare them for? Look through your last years log of issues you've had to resolve. And be careful: documenting your network is useless if you have not made sure the right people know where to find that document.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Don't have a backup person?</span> - no wonder you and your coworkers are anxious! Take care of this first. If its not someone on your staff, make arrangements with a consultant.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Prepare yourself.</span> Your work pattern needs to change as you get ready to leave. We did a project several years ago for Deutsche Bank in Frankfurt. Frequently our partner Jochen would fly there for meetings. Pressed by the users to make enhancements to the application on a short time frame, he'd crank out code in his hotel room in the evening and install it the next day. Then he'd get on a plane to come back to D.C. <span style="font-style: italic;">Inevitably </span>the user would have some huge issue with what he had done while he was on his seven-hour flight home. None of us back in the office had a clue what the requirements were or what the discussion had been. We've identified this as the <span style="font-weight: bold;">Friday Install </span>problem. Now we know to wait until we are in a position to support before we change. When your absence is going to be longer than seven hours, this issue becomes much more sensitive. Make sure you are not adding to the support burden in the days before you leave.<br /><br />And send me a postcard!Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-8611218256804642512008-07-13T20:37:00.008-05:002008-12-09T19:14:48.061-05:00Building your Donor base on Facebook - The Nature Conservancy's experience.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdfiuFM00z_I3_T7ol8T_c_JXS7yjXriw5rENJ7-NmO_svmaLZRxviizjTb8EIegQvah8aswSMlmzWj2wea3NVhWq1zDIP7MGyElA1vcLXXnLBKseOiF3rFSx9pfc0jgn_1lod/s1600-h/lilgreen1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdfiuFM00z_I3_T7ol8T_c_JXS7yjXriw5rENJ7-NmO_svmaLZRxviizjTb8EIegQvah8aswSMlmzWj2wea3NVhWq1zDIP7MGyElA1vcLXXnLBKseOiF3rFSx9pfc0jgn_1lod/s320/lilgreen1.jpg" alt="" id="BLOGGER_PHOTO_ID_5222683801793190098" border="0" /></a>There's been a lot of excitement in the last year about social networking in general, and about Facebook in particular. And a lot of talk about the value of social networking for non-profits. But is there really a return on investment for non-profit participation on these sites?<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Here's a success story.</span> The Nature Conservancy (TNC) is a 501(c)3 organization that works in the U.S. and over 30 other countries to protect ecologically important lands and waters. <span style="font-weight: bold;"><span style="color: rgb(102, 0, 0);">Using tools readily available on Facebook, the organization has raised almost $48,000 in the first six months of their social-networking effort.</span> </span>They did this by creating a Cause and a Fan Page for the org, and by forming a relationship with an ecology oriented game on Facebook, (lil) Green Patch. Six months later the <span style="color: rgb(0, 153, 0);">(lil) Green Patch</span> application is one of the most popular on Facebook, with of 6 million users!<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Jonathon Colman , TNC's Associate Director for Digital Marketing recently developed a slide presentation that summarizes the organization's experience using Facebook as a marketing tool.</span><br />You can find the presentation <a href="http://www.slideshare.net/jcolman/bridge-conference-24july08">here</a>. The slide presentation raised a number of questions in my mind, so I messaged Jonathon on Facebook and we chatted about (lil) Green things.<br /><br /><span style="font-weight: bold;">Me </span>-<span style="font-style: italic;"> How did (lil) Green Patch come about? Was TNC involved in the creation of lil green patch or was it already on line when you formed your relationship with it? </span><br /><br /><span style="font-weight: bold;">Jonathon </span>- No, the Conservancy was not involved with the creation of (Lil) Green Patch. It was already on Facebook when we found it by doing a search on our name (hence my first recommendation to organizations seeking to use Facebook for marketing purposes).<br /><br />At that point, (Lil) Green Patch already said that they were going to donate a share of their advertising revenue to the Conservancy, but had trouble connecting with the right people in our organization. I immediately wrote them and we started the conversation. From the very first conversation, we encouraged (Lil) Green Patch and other Facebook application developers to donate to us directly through our Facebook Facebook Cause.<br /><br /><span style="font-weight: bold;">Me </span>- <span style="font-style: italic;">Can you explain the business model of the application? How does it make money for you?</span><br /><br /><span style="font-weight: bold;">Jonathon </span>- The application is supported by advertising on the site. It's a share of their advertising revenue that's donated to the Conservancy's Cause at http://apps.facebook.com/causes/2979?recruiter_id=1833869 on a month-by-month basis, depending on the application's usage and ads impressed/clicked on. It tends to be somewhere between $6000-$9000/month.<br /><br /><span style="font-weight: bold;">Me </span>- <span style="font-style: italic;">how can a consumer be sure an app actually is providing the social benefit it claims? The other day I got several messages in my inbox accusing another app (oceans-related) of not really having a relationship with any non-profit.</span><br /><br /><span style="font-weight: bold;">Jonathon </span>- This is why we're asking (Lil) Green Patch and other Facebook applications like Stop Climate Change Now to donate to us directly via our Facebook <span style="font-weight: bold;">Cause </span>-- it provides a complete change of accountability to the application developers and to the Conservancy.<br /><br />When an application donates via the Cause, it's very simple for everyone to see how much was donated: just visit the <a href="http://apps.facebook.com/causes/2979?recruiter_id=1833869">Cause </a> and scroll down to the "Hall of Fame". You'll see that, to date, (Lil) Green Patch has given $44,650. Clicking on their name of the amount that they've donated yields a graphical chart containing the people that they've recruited and/or recent donations that they've made.<br /><br /><span style="font-weight: bold;">Me </span>- <span style="font-style: italic;">So do you need to have folks on staff to oversee the maintenance and ongoing development of the app? </span><br /><br /><span style="font-weight: bold;">Jonathon </span>- Not at all. The Conservancy is in no way involved with the ongoing maintenance nor development of (Lil) Green Patch. Anyone can participate in this process, actually - There's a discussion board and links to the developers' profiles off of the <a href="http://www.facebook.com/apps/application.php?id=7629233915">main application page</a> where you can talk with other users and get in touch with the development team.<br /><br /><span style="font-weight: bold;">Me </span>- <span style="font-style: italic;">This is all very exciting. But what skills do you think a non-profit needs to bring on board to develop a marketing program built on social media?</span><br /><br /><span style="font-weight: bold;">Jonathon </span>- My team at the Conservancy has incredibly talented editors, producers, a designer, and even a project manager. I couldn't do anything without them. In terms of social media, I think that organizations need to find people who can bring the right balance of:<br />- Writing for the web (specifically writing for members)<br />- Engaging in search engine marketing and optimization;<br />- Marketing to verticals and other segments<br />- Researching marketing and communities<br />- Testing and documentation<br />- Recording metrics and interpretation of "actionable" data<br />- Taking the "long view" on building a social media program and not expecting success right away<br /><br />The right person could come from a direct mail background or from a marketing communication background or even a business information/analytics background... They just need to have some intuition and be willing to fail a few time sin order to succeed. That said, my background is actually not in marketing, but in technical writing .Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com4tag:blogger.com,1999:blog-10518146.post-16565560195375916412008-07-02T21:11:00.006-05:002008-12-09T19:14:48.373-05:00A new chapter.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit4MerpHVFGR-ds6F4MKWb_MDcfZkl0C1M1jzfT_Dld9-TI1g9dq2EVCv9_3Av-CrjhClGtIrSxz1C9bQD3BBFKClKURPE5hX0rD0hOCo7aBiPo5ysnAF1yE4ZhiuFFqf2Juhs/s1600-h/dashboard1.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 237px; height: 147px;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEit4MerpHVFGR-ds6F4MKWb_MDcfZkl0C1M1jzfT_Dld9-TI1g9dq2EVCv9_3Av-CrjhClGtIrSxz1C9bQD3BBFKClKURPE5hX0rD0hOCo7aBiPo5ysnAF1yE4ZhiuFFqf2Juhs/s320/dashboard1.png" alt="" id="BLOGGER_PHOTO_ID_5218607642983211506" border="0" /></a>The other day a friend dropped by the office to talk to us about how we manage chapters in our software. For example, he wondered if we assumed that the national organization did the dues billing, and distributed revenue to the chapters? Or the reverse: that chapters collect the dues and send it upstream to headquarters? The conversation led me to think about the forces that make organizational policies so often unwieldy and complex.<br /><br />We've learned that there is no general pattern that governs the relationship between an organization and its chapters. <span style="font-weight: bold; color: rgb(102, 0, 0);">These relationships are not structured by logic but through the working out of real conflicts of interest and mission between national, state, and local bodies.</span> And these conflicts are resolved differently in every case. The challenge for IT is to model the internal reality for the specific organization.<br /><br />Chapters are interesting because they are a very clear-cut example of what goes on in the definition of almost any organizational policy - a process of compromise between interest groups within the org. <span style="font-weight: bold; color: rgb(102, 0, 0);">Streamlining inefficient or irrational policies is so much harder than one would expect because the differences between groups are so rarely spelled out. </span>In the case of chapters, it is just easier to see these interest collisions.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">It works like this. </span><span style="color: rgb(0, 0, 0);">Not surprisingly, chapters want as much independence from the national as possible. And specifically, financial independence. But at the same time, they would like as much service from the parent org as they can wrangle.</span> So the more successfully independent the chapters become, the harder administrative life is in Washington or New York.<br /><br />For example a national conservation group we work with manages all the dues billing for its chapters and state divisions. These very autonomous chapters and divisions each create their own membership structures and dues levels. Thus the membership database mus t be able to store three membership types for each member: one each for National, State, and Chapter levels. And they must allow a person to hold multiple chapter and division memberships. All of these dues amounts must be reflected on each member's renewal notices. It's clearly an enormously complex system for the national to maintain. But this approach works in the interest of the chapters - and the chapters have the upper hand in this case.<br /><br />So when the policies you are trying to model seem resistant to simplification, remember you are dealing with real conflicts, not just procedural craziness.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com1tag:blogger.com,1999:blog-10518146.post-68744265564572466382008-04-11T05:57:00.007-05:002008-12-09T19:14:48.446-05:00Social media and the Surveillance Culture<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNId3bXwT6cJoXyB-iOeSNFh1fACYiXXDx32EDq_-xIAKEykgKY3eND3utWGs0focF_RJkGZfxsGSr5lI1PgFixFRYVJL_4foU17l-zFApk-hojeCsdIe700_IRQNNGmpSx6YV/s1600-h/spying.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhNId3bXwT6cJoXyB-iOeSNFh1fACYiXXDx32EDq_-xIAKEykgKY3eND3utWGs0focF_RJkGZfxsGSr5lI1PgFixFRYVJL_4foU17l-zFApk-hojeCsdIe700_IRQNNGmpSx6YV/s320/spying.jpg" alt="" id="BLOGGER_PHOTO_ID_5187945996651638130" border="0" /></a>Living as I do right in the heart of D.C., things like this happen: I had lunch the other day with a friend who is very knowledgeable about the hacker world within in the so-called "intelligence community".<br /><br />This is a world where it's common to get your secret clearance before you are old enough to buy a beer. And a sizable crew of these young folks are deployed to monitor - and participate in on behalf of the agency - all sorts of social media activity. Our conversation focused on Facebook, Second Life, and Skype.<br /><br /><span style="font-weight: bold; font-style: italic; color: rgb(51, 51, 255);">"The Agency is deeply involved in Facebook," I was told.</span> This includes both developing techniques to pierce the Facebook's security, and active communication with persons of interest. "Security and Privacy are non-existent on Facebook" my informant told me. The same with Second Life. <span style="font-weight: bold; font-style: italic; color: rgb(51, 51, 255);">Organizations hold meetings on Second Life, I put on a sexy female avatar with my breasts hanging out, and I'm just accepted. </span>All the guys have learned to use female avatars and personae on the sites. People will tell you anything" More ominously, I was told they have had some success accessing the computers of people connected to Second Life.<br /><br />As for Skype, the e-bay owned internet phone service: "<span style="font-weight: bold; color: rgb(51, 51, 255); font-style: italic;">There is basically no security employed by Skype. You can use an ordinary packet-sniffing software like any network engineer might buy to detect calls from a specific IP address and reassemble them. We've been working on editing them on the fly to change the content of an active conversation."</span><br /><br />Just something to bear in mind, eh?Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-5333835864838168152008-04-03T05:40:00.012-05:002008-12-09T19:14:48.613-05:00Control and Flexibility<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWe0BYExSgmqmQEFWrYTv6vk-wsLu_TBNz3Bn7ATTTmyWwxIGoMSM54ChJcP-I53iMFLqpO3SOzqIx9PO6iARQchrnp52rct74dai8Bfcc1ryjufTdkb3uvNpsZlL6u30POJoL/s1600-h/yoga.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWe0BYExSgmqmQEFWrYTv6vk-wsLu_TBNz3Bn7ATTTmyWwxIGoMSM54ChJcP-I53iMFLqpO3SOzqIx9PO6iARQchrnp52rct74dai8Bfcc1ryjufTdkb3uvNpsZlL6u30POJoL/s320/yoga.jpg" alt="" id="BLOGGER_PHOTO_ID_5185793308887571298" border="0" /></a>Control and Flexibility. These might be two of your goals in in working with your personal trainer. But in configuring your network and key applications, there is always a tension between these ambitions. How much do you lock down to prevent error and occasional malfeasance? How much do you leave open so that each staff member has the greatest ability to work freely and serve your community without running into roadblocks? <span style="font-weight: bold; color: rgb(102, 0, 0);">It's one of the key areas where we see organizational culture influencing Information System design</span><br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">For example, board members and donors are hoping you keep good track of the comings and goings of their dollars. </span>So there is a pressure to lock down access to financial records to one or two highly qualified individuals. On the other hand, if it takes the CFO to issue a five dollar refund check, you've created a real bottleneck. Somewhere between these two is your financial control balance point.<br /><br />This fulcrum won't be in the same place for all organizations. For example, a YMCA with it's hectic point-of-sale environment and fifty or sixty part-time or volunteer front-desk staff will arrive at a different solution from a trade association with a full time staff of ten professionals.<br /><br /><span style="color: rgb(102, 0, 0); font-weight: bold;">The same dichotomy between control and flexibility arises when you start to push out e-commerce capabilities to your community.</span> We see some organizations who are loathe to let a member change his own address. "Do you really work with organizations who do that? What if they make a typo or something?" And at the other extreme, there are organizations who say "If someone calls and wants to register for our workshop, we direct them to the website to enter it themselves. We genlty insist they do it themselves. Staff time is a scarce commodity". Again, your organization needs to find its own comfort point along this scale.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">You should rethink this balance periodically though - it is not a simple issue. </span> Too little flexibility and you weaken your staff, your donors, and your membership, diminishing commitment they bring into the organization. Too little control and time, money, and energy flow out the door.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-61923807606112251932008-03-27T08:08:00.007-05:002008-12-09T19:14:48.717-05:00Timeboxing Risks<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQGTdfGTW1qyOKN_tPFHpI6-70PICq2_G4LrvXNLlYHtn9v4HH7ahItu0H3JV5V4cc-cC2kzP-DXhvgFI14XiqY880xYugFUUTxQWAb8FpWB6ocdrqZB9GN0r0D6eP3GgVNuux/s1600-h/risk.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiQGTdfGTW1qyOKN_tPFHpI6-70PICq2_G4LrvXNLlYHtn9v4HH7ahItu0H3JV5V4cc-cC2kzP-DXhvgFI14XiqY880xYugFUUTxQWAb8FpWB6ocdrqZB9GN0r0D6eP3GgVNuux/s320/risk.jpg" alt="" id="BLOGGER_PHOTO_ID_5182425414577379314" border="0" /></a>Before I got delayed we were talking about delivering software projects on time. Using the Timeboxing approach, the delivery schedule is the one absolute in the implementation plan. What features will be included in the delivery can slip, but never the date.<br /><br />New requests from the user are added to the queue, but the date is not modified to accomodate them. Unexpected technical problems may delay a feature, but never an install. With this approach, progress may be slower than anticipated, but it never halts, as it can with traditional scheduling, where an installation might be put on hold until all the planned features are completed. We've outlined the benefits to this approach, but there are also some risks.<br /><br />The most critical risk is <span style="font-weight: bold; color: rgb(102, 0, 0);">safety</span>. If Timeboxing is taken to mean that we just work away at the application until the scheduled delivery date, and then install whatever we have, users can get some nasty shocks. A major new feature might be only partially implemented. Spurious messages meant only for the programmers might appear. Untested calculation might charge people incorrect fees.<br /><br />The solution is <span style="font-weight: bold;">release planning.</span> <span style="color: rgb(102, 0, 0); font-weight: bold;">Timeboxing is not a come as you are party. </span> Sometime before the due date, the team needs to decide what requests can actually be included. Testing on those items must be completed. Features that are not ready for prime time need to be hidden. Changes that should not be delivered need to be rolled back out. This is where a good version control system comes in. Even the sacred install date can be slid by a day or so - not more -- to assure that the work already done is ready to debut. <span style="font-weight: bold; color: rgb(102, 0, 0);">What this really means is that internally the timebox needs to end a day or two early, so the app can be cleaned up for its public appearance</span><span style="color: rgb(102, 0, 0);">.</span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com1tag:blogger.com,1999:blog-10518146.post-23448998936010333112008-03-21T05:57:00.012-05:002008-12-09T19:14:48.981-05:00The Humane Society's LOLsealsBut before we get back to delivering IT projects on time, let's look at some funny pictures.<br />Certainly none of us have been spared the <span style="font-weight: bold;">LOLcats </span>phenomenon - where folks photograph cats and give them funny captions. Here's one my god-daughter Leah posted on Facebook, for example:<br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGq5a7Lp-ZqdBDFiyB8sdC0hTTrAV0nRmwZppncg6VdYwF6C2h0W5DHuQec0VzBXl32iI3oIKEAY8d7UqZxSwt95EW6A18UR2Xdcgf7JN61IyGhGVmrwRhufnemicnBrlz8okO/s1600-h/LOLglutz.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjGq5a7Lp-ZqdBDFiyB8sdC0hTTrAV0nRmwZppncg6VdYwF6C2h0W5DHuQec0VzBXl32iI3oIKEAY8d7UqZxSwt95EW6A18UR2Xdcgf7JN61IyGhGVmrwRhufnemicnBrlz8okO/s320/LOLglutz.jpg" alt="" id="BLOGGER_PHOTO_ID_5180150232961734274" border="0" /></a><br />Taking off on the popularity of this craze, my friend Carie Lewis, the dynamic internet marketing manager for the <a href="http://www.hsus.org/">Humane Society of the US </a>- one of the most savvy non-profits around when it comes to interactive and social media - has launched an <span style="font-weight: bold;">LOLseals </span>contest on the HSUS website. <a href="http://www.hsus.org/marine_mammals/protect_seals/protect_seals_what_you_can_do/lolseals.html">Take a peak.</a><br /><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdo-XDBW8UXdqh3iG09NJEpa9EeJpBNmGa6-1jNIJ3rFNxe6W2MZ1d6-AqqZiw2Agwh3eKweZiHHJcnzCFsaxbWO-33TMH2LDzo-RHGX56h0SfHobZ9Rt_LyqPiKcAWKf3RNv7/s1600-h/lolseals.jpg"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdo-XDBW8UXdqh3iG09NJEpa9EeJpBNmGa6-1jNIJ3rFNxe6W2MZ1d6-AqqZiw2Agwh3eKweZiHHJcnzCFsaxbWO-33TMH2LDzo-RHGX56h0SfHobZ9Rt_LyqPiKcAWKf3RNv7/s320/lolseals.jpg" alt="" id="BLOGGER_PHOTO_ID_5180152135632246418" border="0" /></a><br />The idea is to create your own caption for one of the seal pictures. A panel of celebrity judges will announce a winner, who will take home a bunch of great HSUS seal gear. It's a great idea to encourage engagement and awareness of the ongoing plight of Canadian seals.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">What is exciting about this contest is the way it changes the images used in educating folks about the seals.</span> The Canadian Seal Hunt is still the worlds largest slaughter of marine mammals. And it happens every year. We are all used to seeing images of baby seals being clubbed. This campaign reminds us of how appealing these animals are, rather than forcing us to look at violent images we've learned to shield ourselves against over the years. It gives the community a new way to engage with the issue, a new way to feel about these animals. It can be hard to find a new way of presenting the same old story - HSUS has found a way here.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com5tag:blogger.com,1999:blog-10518146.post-14560244351253461332008-03-20T06:06:00.010-05:002008-12-09T19:14:49.135-05:00Timeboxing your Development Efforts<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHkl6yQfe57FIjNFVEp9NErkYFfJmdZOsMB0mqgMSKO7vNPDjnjn8jqKW83Bjx_9pvEmUDUM__UMBGMBNbkFxtcyNp6DuYHHyPyYlQ6URKVFmSAydsUSpS_vtpxu4mWow7RdCo/s1600-h/timebox.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgHkl6yQfe57FIjNFVEp9NErkYFfJmdZOsMB0mqgMSKO7vNPDjnjn8jqKW83Bjx_9pvEmUDUM__UMBGMBNbkFxtcyNp6DuYHHyPyYlQ6URKVFmSAydsUSpS_vtpxu4mWow7RdCo/s320/timebox.jpg" alt="" id="BLOGGER_PHOTO_ID_5179788369082144370" border="0" /></a>How can you make sure you meet your promised deadlines when implementing software projects at your organization? And without late night pizza-driven coding sessions? One approach is <span style="font-weight: bold; color: rgb(0, 0, 0);">Timeboxing</span>.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">Timeboxing, quite simply, is an approach to IT implementation planning where the one thing that you do </span><span style="font-weight: bold; color: rgb(102, 0, 0); font-style: italic;">not </span><span style="font-weight: bold; color: rgb(102, 0, 0);">allow to shift around on you are delivery dates. </span> Everything else may seem totally out of your control. The users have eighteen new features they absolutely need. Your best programmer quits suddenly because she was offered a bit part in a horror movie. You just can't find that bug where new members are going in without their addresses. But you will install <span style="font-weight: bold;">SOMETHING </span>on March 18th.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">When I first read about timeboxing more than a decade ago, it seemed a nearly impossible technique to explain to the user community.</span> Folks in our client organizations had a list of fixes and enhancements they wanted, and they were not interested in seeing a new version until these were done. But software methodologies have grown to emphasize a more iterative approach to development. In these so-called agile methodologies, fixing the schedule for each new delivery makes perfect sense.<br /><br />In the <a href="http://michaelatmo.blogspot.com/2006/01/it-planning-with-scrum.html">Scrum </a>development model, for example, a new version is typically delivered every thirty days. At the beginning of the cycle, the team agrees on what outstanding requests will be included in this release. But if the work does not proceed as smoothly as planned, some of the requests will be left out to allow the iteration to complete on time. The ones that were not completed will be included in the next round.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">The advantages of this approach?</span><br />1. Users are not left waiting for new features already written as a delivery date keeps moving out to accommodate incoming requests.<br />2. By getting more features into users hands more quickly, the feedback cycle is tightened and the applications improve more quickly.<br />3. By allowing feature lists to slip, the "Death March" pressures around deadlines are alleviated, allowing programmers to perform work of a higher quality.<br /><br />Of course there are risks to timeboxing as well. We'll look at what they are and how release planning can mitigate them in the next post.<br />------<br />More reading on timeboxing can be found <a href="http://del.icio.us/MichaelAtMo/timeboxing">here</a>.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-41495027096805963022008-02-07T06:25:00.000-05:002008-12-09T19:14:49.312-05:00Policing your Online Image<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpE_yTkZVXfgh_AuTLsH9wyzHeTNKhYFiNhhssTTRLZGRoml-DrUA251ABTtPRx-LHzWicIFbLzRvHFCPcIDSs0AQG9rKki2ndcbY-pZrBKJGCSrpUyw3tzOmsL_p2d8KLlbiJ/s1600-h/cop.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhpE_yTkZVXfgh_AuTLsH9wyzHeTNKhYFiNhhssTTRLZGRoml-DrUA251ABTtPRx-LHzWicIFbLzRvHFCPcIDSs0AQG9rKki2ndcbY-pZrBKJGCSrpUyw3tzOmsL_p2d8KLlbiJ/s320/cop.jpg" alt="" id="BLOGGER_PHOTO_ID_5164203949840156930" border="0" /></a>The other day I noticed one of my clients had an account on Facebook and I asked her how she was using it. "Mainly", she said, "to police our staff to make sure they haven't posted anything that would reflect badly on our organization".<br />-- "You could also take the opportunity to post stuff yourself that would promote your organization and mission", I prompted.<br />--"I don't think so." she chuckled. Then I'd have to be on here twice as much patrolling the responses to my posting."<br /><br />With a growing number of non-profit communicators finding a powerful role for the social media in their online strategy, it's disturbing to realize how many of their peers still approach things this way. Another client of our voiced this same fearful approach when I was urging them to set up an intranet for in-house conversation and information among their several hundred employees. "Impossible - who will read each of those postings to keep an eye out for inappropriate language or content?"<br /><br />The fallacy here is simple. These managers believe they currently have control over the organization's image and they don't want to loose it. The fact is, people are already saying whatever they want about them - in private emails, on blogs, on Facebook walls.<br /><br /><span>Marketing guru Seth Godin <a href="http://sethgodin.typepad.com/seths_blog/2008/01/tribal-manageme.html">in a recent post </a>compares classic brand management to what he calls "tribe management".:<br /></span><blockquote style="font-style: italic; color: rgb(51, 51, 255);">...what people really want is the ability to connect to each other, not to companies. So the permission is used to build a tribe, to build people who want to hear from the company because it helps them connect, it helps them find each other, it gives them a story to tell and something to talk about.</blockquote> In other words, when non-profit communicators give up and join the tribe that already exists around their organization, they <span style="font-weight: bold;">discover that participating in the conversation is far more powerful than policing it.<br /></span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com3tag:blogger.com,1999:blog-10518146.post-37569387446605025712008-01-29T17:39:00.001-05:002008-12-09T19:14:49.474-05:00VRM: CRM's flip side<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA3gJTtOuG15CeWBYr4wauXebKbDi3h9MJMGMX3m3pjMQeXMqdIhoQi1n8XDzlmjH3s6HDz24R26Q-jrasutj5pB1tptsFe1TbasOXnVJP85ST6fgthVCvK05GJ96P-Hjqtbcn/s1600-h/vrm.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgA3gJTtOuG15CeWBYr4wauXebKbDi3h9MJMGMX3m3pjMQeXMqdIhoQi1n8XDzlmjH3s6HDz24R26Q-jrasutj5pB1tptsFe1TbasOXnVJP85ST6fgthVCvK05GJ96P-Hjqtbcn/s320/vrm.png" alt="" id="BLOGGER_PHOTO_ID_5161665349290313970" border="0" /></a>Every non-profit now talks about needing to improve their CRM. But thanks to <a href="http://jayderagon.com/blog/?p=649">a post by Jay Deragon</a>, I've been doing some reading this week about the emerging concept of VRM, or Vendor Relationship Management -- If <span style="font-weight: bold;">CRM </span>refers to software-based tools for organizations to manage their relationships with customers, constituents, and supporters, <span style="font-weight: bold;">VRM </span>is the complimentary set of tools, helping those individuals to manage their relationships with companies, organizations, and communities. The idea is appealing - but its actual application still seems quite hazy.<br /><br />The center of the VRM hub-bub seems to be <a href="http://cyber.law.harvard.edu/projectvrm/Main_Page">Project VRM</a> at Harvards' Berkman Center for Internet and Society. Their wiki states that<br /><blockquote style="font-style: italic; color: rgb(51, 51, 255);">CRM systems until now have borne the full burden of relating with customers. VRM will provide customers with the means to bear some of that weight, and to help make markets work for both vendors and customers — in ways that don't require the former to "lock in" the latter.<br /><br />The goal of VRM is to improve the relationship between Demand and Supply by providing new and better ways for the former to relate to the latter. In a larger sense, VRM immodestly intends to improve markets and their mechanisms by equipping customers to be independent leaders and not just captive followers in their relationships with vendors and other parties on the supply side of the marketplace.<br /></blockquote>Any system that will allow particpation of both vendors and customers (or donors and fundraisers, or politicians and supporters...) starts to point toward the more collaborative environments that are being termed "social media" these days. And indeed, we find VRM being discussed on sites like <a href="http://www.socialcustomer.com/2006/12/vrm_vendor_rela.html">"The Social Customer"</a> blog by Christopher Carfi, which is trying to evolve models of customer service and marketing that assume a more empowered and participatory customer base.<br /><br />We are all both customers and vendors. But what does a VRM/CRM collaboration look like? This still seems an open question. I'm not yet seeing anything much more concrete than Carfi's call for "a robust way for customers to manage their own online identities without getting trapped in any vendor's silo. " <span style="font-weight: bold; color: rgb(102, 0, 0);">CRM systems today are offering concrete Return on Investment to their users. The VRM conversation needs to focus on how to provide concrete measurable benefits for customers if this paradigm is gain traction.</span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com1tag:blogger.com,1999:blog-10518146.post-44691454873827904202008-01-06T19:02:00.000-05:002008-12-09T19:14:49.803-05:00Systematizing User Support<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-JaF10UNBKma9eABE3Pol1hbaLMXTzg0-Msc6hBRjyLOrND3-AR0JuAsQ6cuGoAIT6O_LVdRnKghuJd-P9zwHaIrI5cc7njgBaGZFEl7aUD0nVwgMOP1dkUIYEF3lvuh0hG9U/s1600-h/scream.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg-JaF10UNBKma9eABE3Pol1hbaLMXTzg0-Msc6hBRjyLOrND3-AR0JuAsQ6cuGoAIT6O_LVdRnKghuJd-P9zwHaIrI5cc7njgBaGZFEl7aUD0nVwgMOP1dkUIYEF3lvuh0hG9U/s320/scream.jpg" alt="" id="BLOGGER_PHOTO_ID_5152702658743210098" border="0" /></a>When I started this "Help-Desk" series I wrote: <span style="color: rgb(0, 0, 153); font-style: italic;">"A great step forward for your informal user support desk is to provide them with a few procedures and tools that can help them be effective and efficient in this function."</span><span style="font-style: italic;"> </span> But so far all I've talked about is the toolkit: putting a ticketing system in place. What about those improved procedures?<br /><br />Actually, for our little company developing a ticketing system proved to be the key to process improvement: the system made it easier for us to describe, refine, and enforce our approach to support. Turns out it's easier to think calmly and rationally about <span style="font-weight: bold; color: rgb(0, 0, 0);">tickets </span>than about this crisis or that.<br /><br />The key was the <span style="font-weight: bold; color: rgb(0, 0, 0);">Status </span>field in each the ticket. I know this sounds obvious, but it took us a while to realize it: <span style="font-style: italic; color: rgb(0, 0, 153);">giving each ticket a well-defined status makes the status if each ticket clear.</span> So as we have made improvements in our process, we've added, removed, or renamed statuses, and made changes to the rules governing status change.<br /><br />In the early days of our company, we had a customer support process that Jochen Heyland, our CTO, jokingly describes like this. <span style="color: rgb(0, 0, 153); font-style: italic;">"When a ticket comes in, determine if it is urgent or not. If it is urgent, panic. Drop everything else and address it immediately. If it is not urgent, just forget about it."</span> I still see this panic-driven approach in play at numerous small non-profits. It arises when no other process is defined and you need to think about how to handle each request as it comes over the transom.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">How do you improve this?</span> We've moved to a system where any defect reported by a user -- if all goes well -- will pass through 9 statuses. These are Submitted, In review, Approved for action, In progress, Ready to test, In testing, Ready to install, Client testing, Completed. We will also decide if it has Urgent or Normal priority. You might come up with a different process path. That's fine. But having clear terminology for each step helps make the entire process repeatable and controllable.<br /><br />For example, we used to mark an item <span style="font-weight: bold; color: rgb(0, 0, 0);">Completed </span>once we'd tested it and made it available to the user. But we realized that at that point we were still waiting for the user's final words that a problem had indeed been corrected. So we added the <span style="font-weight: bold; color: rgb(0, 0, 0);">Client Testing</span> status. When items languish in this status for too long, we can take action - like calling to see if the problem has indeed been corrected.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">You also need to define the steps on various side paths.</span> For example a defect report might end up with the status Cannot Replicate. Or a request for consultation or training might need to go through Needs Estimate, Estimate Ready, Estimate Pending Client Approval before it gets to Approved.<br /><br /><span style="font-weight: bold; color: rgb(102, 0, 0);">With this in place, a great deal of your internal administrative work can be accomplished just by calling up a list of items with a particular status. </span>You can sit down as a team and do this. Check what is <span style="color: rgb(0, 0, 0); font-weight: bold;">in progress</span> and see how they are coming along. See what has been <span style="font-weight: bold; color: rgb(0, 0, 0);">approved</span> but not tackled yet -- and find out why. Look for items witht he priority <span style="font-weight: bold; color: rgb(102, 0, 0);"><span style="color: rgb(0, 0, 0);">urgent</span> </span>and make sure they jump to the top of the queue. <span style="font-weight: bold; color: rgb(102, 0, 0);">Voila: Order out of chaos.</span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com1tag:blogger.com,1999:blog-10518146.post-17242460693535412622008-01-03T06:28:00.000-05:002008-12-09T19:14:49.966-05:00Turning Help Desk Tickets into Business Intelligence<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipdrT_8Qcu5kJnySLjtLJM9KFgXTC7TCMpy2Ta5zraWXnvkNMLGQ4ylGehRjGJIz_RTD5AweJR0RgOFNEslHa7g0HYc3kqf8y3GSQgxpRAT4BsTgmV3wBZX2rQaMxNKZKFpZsN/s1600-h/tickets.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipdrT_8Qcu5kJnySLjtLJM9KFgXTC7TCMpy2Ta5zraWXnvkNMLGQ4ylGehRjGJIz_RTD5AweJR0RgOFNEslHa7g0HYc3kqf8y3GSQgxpRAT4BsTgmV3wBZX2rQaMxNKZKFpZsN/s320/tickets.jpg" alt="" id="BLOGGER_PHOTO_ID_5151220482709229650" border="0" /></a>I was claiming that getting your informal help desk operation organized with a ticketing system does more than streamline that operation - it provides information that can increase your organization's effectiveness. It can have a real impact on mission. So what information do you want to track in your help desk ticketing system?<br /><br />Of course you need to know who reported it, how they described it, when it came in, who worked on it, and how it was resolved. But the key is to know<span style="font-weight: bold; color: rgb(102, 0, 0);"> what type</span> of requests you are getting, and <span style="color: rgb(102, 0, 0); font-weight: bold;">how much time</span> you spend on each. The values you allow for request type, and whether you allow for a single type or multiple tags, depend on the knowledge you hope to gain. You are trying to partition your universe here, so that you can learn how many and what kinds of problems each area spawns.<br /><br />You might begin for example with a very simple set of issues.<br /><ul><li>Networking and Hardware Issues.</li><li>Office Suite Issues.</li><li>CRM and Database Issues</li><li>Website Issues</li></ul>Then break out areas you have specific questions about. For instance, if you are trying to verify that you spend far to much time on new user setups, you might want to break that out on its own. Or if you feel you are inadequately protected against vius and malware attack, add malware protection and recovery to the list. Maybe you want to distinguish between problems that had to be resolved by a vendor (like software bugs) and which you could resolve in house.<br /><br />Which types of problems you worked on gains more meaning if you log the amount of time you spent in each ticket. Then you know things like: <span style="font-weight: bold; color: rgb(102, 0, 0);">in the first quarter I spent 10 hours helping people search for documents they misfiled, for a cost to the organization of $400.00 of my time and an estimated additional equal amount in lost productivity. So finding a tool that helps with this problem could be worth up to $3,200 a year to us.<br /><br /></span><span style="color: rgb(0, 0, 0);">Of course you won't know today what questions you want to ask of your data six months from now. So you really ought to allow for multiple topic tags. For example, if a user reports a problem with scanning credit cards, you may want to tag the request with numerous related terms - Point of Sale, Credit Card, Payment Processing, and Accounting. And you probably want to allow for a full text search of the description, in case you are looking for a term you had not thought to use at the time. Now you are really set to answer questions about the support your IT infrastructure has required.<br /><br />Next we'll look at how the ticketing system can help you deliver that support most effectively.</span>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com1tag:blogger.com,1999:blog-10518146.post-41321389400006519942008-01-02T05:57:00.000-05:002008-12-09T19:14:50.059-05:00The Non-Profit Help Desk.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwf04ibE_-94M0_xoNt6fetK_S4-PqOOvt7ugastFllNSHxExNsO2D9s80CZOW4Daol3A4sisTOtycOcNtdsxt16-jJiOp_Z_KowJ_TZetpP_H9RXTTX21WFAg8P1d1mXnvkPr/s1600-h/helpdesk.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjwf04ibE_-94M0_xoNt6fetK_S4-PqOOvt7ugastFllNSHxExNsO2D9s80CZOW4Daol3A4sisTOtycOcNtdsxt16-jJiOp_Z_KowJ_TZetpP_H9RXTTX21WFAg8P1d1mXnvkPr/s320/helpdesk.jpg" alt="" id="BLOGGER_PHOTO_ID_5150845948676116546" border="0" /></a>Every organization -- no matter how small - needs to have an IT Help Desk of some sort. <span style="font-weight: bold; color: rgb(102, 0, 0);">Actually, every organization already has one, because everyone on staff has figured out "Who ya gonna call?" when hardware or software refuses to behave.</span> A great step forward for your informal user support desk is to provide them with a few procedures and tools that can help them be effective and efficient in this function.<br /><br />I'm not saying your help desk needs more technical skill. Not at all. As the Wizard of Oz might say, "The non-profit sector is full of help desks that have no more technical skill than yours has. But what they do have that you do not is a <span style="font-weight: bold; color: rgb(102, 0, 0);">Ticketing System</span>.<br /><br />It's remarkable what even the simplest ticketing system for tracking user requests will do for your informal help desk operation. The users benefit because their requests are less likely to slip through the cracks. Having a formal queue of requests reduces the panic element in support, and this immediately makes the system more efficient. for the entire organization.<br /><br />But it's the knowledge you gain over time from the ticketing system that is the real benefit. A ticketing system lets your organization track what kinds of support requests are coming in and who submits them. It allows them to know how much time is spent in the aggregate, and on specific types of support. <span style="font-weight: bold; color: rgb(102, 0, 0);">This information provides real business intelligence pointing towards I.T. improvements that you know in advance will save staff time and thus have a positive impact on mission.</span><br /><br />What should a Ticket include? More coming up.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-37085877379034142762007-12-21T07:03:00.000-05:002007-12-21T07:36:57.456-05:00Happy Holidays!<div style="float: left; padding-right: 6px;"><a href="http://family.webshots.com/photo/2950883390042644830sJWYIH"><img src="http://thumb10.webshots.net/t/59/59/8/83/39/2950883390042644830sJWYIH_th.jpg" alt="db_Frost_and_Gingerbread1" /></a></div>It's been a quiet month on the blog -- because it has been anything but quiet here at Members Only Software.<br /><br />The <a href="http://ywcanca.org/">YWCA of the National Capital Area</a> launched their Members Only installation this month - so we've been up and down 9th Street quite a few times, working with NPower to get their new server up, talking to the bank to make sure our software was handing Electronic Funds Transfer the way they want, getting the register drawers set up, and a million other details. This is a great organization with the motto: <span style="font-weight: bold; color: rgb(102, 0, 0);">Eliminating Racism, Empowering Women.</span> So how can we not be excited to work them? Last time I checked, that goal hadn't been quite reached yet, so I guess we'll be busy in 2008 as well. I know we will be revamping their fundraising and helping them set up a new website in the next few months.<br /><br />We've also been hard at work on several new projects we're hoping to launch in February. These organizations are working in diverse areas and show at a glance the wide contribution non-profits are making. The February launches will include the <a href="http://pesd.stanford.edu/">Program for Energy and Sustainable Development</a> at Stanford University, The <a href="http://danforthmuseum.org/">Danforth Museum of Art</a> in Framingham Massachusetts, and the <a href="http://arcmi.org/">ARC/Michigan.</a><br /><br />We've also finished a pro-bono project. Using a donated CMS from our good friends at <a href="http://www.orchidsuites.net/">Orchid Suites</a>, and a beautiful design by Erica Trauba, we've built <a href="http://www.malihealth.org/">a new website</a> for the folks at the Mali Health Organizing Project, a group that is helping a community in Mali to build its own clinic.<br /><br />Closer to home we've said good-bye to our Technical Ops Coordinator of many years, <span style="color: rgb(102, 0, 0); font-weight: bold;">Raven Matthews,</span> who has moved on focus on security issues on federal computer systems. In her place will be <span style="font-weight: bold; color: rgb(102, 0, 0);">Mildred Blanco</span>, who will be starting with us mid-January.<br /><br />So have a great holiday, and we'll be back with more news in January!Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-59428083365945163212007-11-27T06:30:00.000-05:002008-12-09T19:14:50.341-05:00One Laptop per Child meets the Competition<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeCb3IGCY4lkXjO7lvB4J-rLW1q8BGV4Sahi4iz6b3TDC8_OH0HPXR7-xZ_89ZSZ6IKv5dAedWgwzR9YsnAHYALEQZPkgFukQFxLL912B34-t9YqzUdMD0kkESV_Uxp4Oax_fS/s1600-h/olpc1.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjeCb3IGCY4lkXjO7lvB4J-rLW1q8BGV4Sahi4iz6b3TDC8_OH0HPXR7-xZ_89ZSZ6IKv5dAedWgwzR9YsnAHYALEQZPkgFukQFxLL912B34-t9YqzUdMD0kkESV_Uxp4Oax_fS/s320/olpc1.jpg" alt="" id="BLOGGER_PHOTO_ID_5137487641101072578" border="0" /></a>A lengthy article in the <a href="http://online.wsj.com/article/SB119586754115002717.html?mod=home_we_banner_left">Wall Street Journal</a> highlights the effect that the One Laptop per Child Initiative has had on the pc industry. <span style="font-style: italic;">The background if you haven't been following: <a href="http://laptop.org/vision/index.shtml">OLPC </a>is a non-profit venture started by the MIT professor Nicholas Negroponte to create laptop computers that could be sold for $100 each and put them in the hands of millions of schoolchildren in less developed countries. </span> The program has had it's critics in the past - educators have worried that the initiative would compete with scarce dollars needed for books and classrooms in the third world, and that the pcs would simply pass through the hands of schoolchildren and be traded on the black market.<br /><br />But the current article points to one of the unexpected results of the initiative... competition from mainstream vendors who do not want to miss out on this possibly lucrative market. In particular, Intel, whose chief rival AMD provides the processor for the OLPC machine, has launched its own "<a href="http://www.intel.com/intel/worldahead/classmatepc/">Classmate</a>" laptop, and is winning support from the governments of many countries OLPC expected to sell to. In addition, education ministries in some of the target countries have been wary of the Linux OS and custom-written open source applications on the OLPC, fearing that their students will not learn the Windows and Office applications that are so prevalent in the business world. The result is that low-cost laptops are being sold to schools in many developing countries today, but surprisingly few are OLPC units.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com2tag:blogger.com,1999:blog-10518146.post-33573018802015972162007-10-30T06:36:00.000-05:002007-10-30T06:50:25.160-05:00Asthma Free School Zones<div style="float:left;margin-right:6px"><object width="425" height="355"><param name="movie" value="http://www.youtube.com/v/rPbmgb--7tM"></param><param name="wmode" value="transparent"></param><embed src="http://www.youtube.com/v/rPbmgb--7tM" type="application/x-shockwave-flash" wmode="transparent" width="425" height="355"></embed></object></div>One really simple way to use less fuel and improve air quality is to avoid using your vehicle's engine - except when driving. Seems simple enough, but our friends at New York's <a href="http://afsz.org">Asthma Free School Zones</a> have been finding it quite a challenge to get this message across. Focusing on the idling of school buses in front of elementary schools, the organization has been able to demonstrate that the air quality at the schools is measurably worse than just a few blocks away. And statistics show a mounting rate of childhood asthma. So remember - <span style="font-style: italic;">idling gets you nowhere.</span> Here's a recent clip about the organization's work from News 12. For more information, you can contact AFSZ at 212-533-6615Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-79706533465705444372007-10-19T04:32:00.000-05:002008-12-09T19:14:50.465-05:00Networking and News Sites scramble to keep up with Facebook.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbdrNyG7WD3acLpAUoIfUfW7w1ajdA8waObMXYuAHDVtQXqk1H7kCg3a4B13MB9b27HaqJ27qKoZrD3ztmVDda8yUOGRhXiWRof4FI5XSKvrae1Y51kz3nfAzYVZWWFE8kdIPG/s1600-h/keyboard.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgbdrNyG7WD3acLpAUoIfUfW7w1ajdA8waObMXYuAHDVtQXqk1H7kCg3a4B13MB9b27HaqJ27qKoZrD3ztmVDda8yUOGRhXiWRof4FI5XSKvrae1Y51kz3nfAzYVZWWFE8kdIPG/s320/keyboard.jpg" alt="" id="BLOGGER_PHOTO_ID_5122986621227450370" border="0" /></a>So in this blog and elsewhere there's been a lot of hullabaloo about Facebook lately. If you weren't sure that this was a herald of a real change in how people expect to use the web, take a look at these four announcements from other major web players. <span style="font-weight: bold;"><br /><br />1) Google:</span> Back last month, <a href="http://www.techcrunch.com/2007/09/21/google-to-out-open-facebook-on-november-5/">TechCrunch reported</a> that google was getting ready for an announcement about an open developer's API that would compete with the attention that the Facebook Platform is getting from developers.<br /><blockquote style="font-style: italic; color: rgb(51, 51, 255);">The short version: Google will <strong>announce a new set of APIs on November 5</strong> that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.</blockquote><span style="font-weight: bold;">2)LinkedIn</span>, the professional networking site that often seems like little more than a sharable rolodex, has an announcement of its own. <a href="http://bits.blogs.nytimes.com/2007/10/12/linkedin-plans-to-open-up-in-a-closed-sort-of-way/">BITS</a> reported on October 12th that LinkedIn CEO Dan Nye is "<span style="font-style: italic;">rushing to copy the electronic underpinnings of Facebook’s elegant application programming interface, or A.P.I., that allows outside developers to weave their own programs into its site.</span>" But to preserve the all-business-all-the-time feeling of the popular site (current growth is at 1 million new accounts every 25 days) Nye has vowed:<span style="font-style: italic; color: rgb(51, 51, 255);"></span><blockquote><span style="font-style: italic; color: rgb(51, 51, 255);">“We have no interest in doing it like Facebook with an open A.P.I. letting people do whatever they want,” Mr. Nye said. “We’re not going to have people sending electronic hamburgers to each other.”</span></blockquote><span style="font-weight: bold;">3) MSNBC</span> meanwhile <a href="http://www.msnbc.msn.com/id/21138371">ran a report</a> that it had purchased social news site Newsvine. Newsvine is not as well none as social news innovator Digg, where users rank stories and push them to the "front page". But as MSNBC reported,<br /><blockquote style="font-style: italic; color: rgb(51, 51, 255);">the site has generated significant buzz since its launch in March 2006 because of its inventive merger of mainstream reporting from The Associated Press and ESPN; the contributions of individual users, who are paid for their writing; and the social media model of user-driven ranking of the news.</blockquote><span style="font-weight: bold;">4) MySpace,</span> Facebooks's most direct competitor, has decided that it too needs to be more like it's college-educated sibling. They've recently announced a Myspace platform, with structures and capabilities strikingly like those of it's rival.<br /><span style="font-style: italic; color: rgb(51, 51, 255);"></span><blockquote><span style="font-style: italic; color: rgb(51, 51, 255);">The new developer platform... will essentially be a set of APIs and a new markup language that will allow third party developers to create applications that run within MySpace. Developers will be able to include Flash applets, iFrame elements and Javascript snippets in their applications, and access most of the core MySpace resources (profile information, friend list, activity history, etc.). Applications will need to be hosted on MySpace servers.</span> </blockquote>Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com0tag:blogger.com,1999:blog-10518146.post-72593446002753615852007-10-16T05:45:00.001-05:002008-12-09T19:14:50.630-05:00Measuring the Return from of Social Media.<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjanACF3-eGKOsOSbVeDWB-5HEcYnWJ-mEyHPAz63Et0eUO7I0KKO3JDWepRBcsezN4_mgLECdzvPi_hyK0dwKR7_L62adU-mK12cYPmf5OtIGZDdDQwBxpx9o5i7tWBIVIji50/s1600-h/measuring.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjanACF3-eGKOsOSbVeDWB-5HEcYnWJ-mEyHPAz63Et0eUO7I0KKO3JDWepRBcsezN4_mgLECdzvPi_hyK0dwKR7_L62adU-mK12cYPmf5OtIGZDdDQwBxpx9o5i7tWBIVIji50/s320/measuring.jpg" alt="" id="BLOGGER_PHOTO_ID_5121894612907540466" border="0" /></a>A few years ago, when web tools were just beginning to allow the interactive environments we're seeing everywhere today, I wrote a piece called <a href="http://michaelatmo.blogspot.com/2005/10/bread-and-butter-20.html">Bread and Butter 2.0.</a> In it I juxtaposed the excitement technologists were trying to communicate about web 2.0 features with the more prosaic "bread and butter" technology issues that non-profits were struggling with. But times have changed - and more organizations are learning that social media can help deliver those bread and butter goals of building and maintaining a base of donors, volunteers, and supporters. And importantly, the return on investment in these technologies can be measured in terms of donations, page views, and names who receive your updates.<br /><br />For example, the ASAE (American Society of Association Executives) just ran an article called <a href="http://www.asaecenter.org/PublicationsResources/ANowDetail.cfm?ItemNumber=28468">Expand your Audience through Social Media. </a> Largely an interview with Jonathon Colman of <a href="http://www.nature.org/">The Nature Conservancy,</a> the article focuses on how building trust and presence in online communities can build actual, countable page views on your website: Jonathon describes a campaign where his social networking promotion of a website article earned it 16 thousand views in a single day. Seems pretty bread and butter to me.<br /><br /><span style="font-weight: bold;">Fundraisers are starting to pay attention to social media as well.</span> An <a href="http://www.fundraisingsuccessmag.com/story/story_singlepg.bsp?sid=78437&var=story">article in Fundraising Success</a><i> </i>describes the efforts of numerous organizations in integrating special media into their marketing and development plan. <a href="http://www.liferollson.org/site/pp.asp?c=egLLKTNJE&b=2256813">Life Rolls On Foundation</a> is an L.A. based charity that serves people with spinal chord injuries. Their efforts focused around starting a MySpace page and delivering news, updates, donation requests, and invitations to events to their MySpace community. By now, that community totals over 11,000 friends! This is a list few development directors would turn up their noses at.<br /><br />Involvement in these new media should not be seen as a hazy excursion into a new-age realm of vaguely possible intangible benefits. Social media involvement can be a core part of your marketing and development efforts. And you should expect to use simple metrics to assess their success - donations, subscribers, page views. You may discover these new tools are pretty bread and butter after all.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com2tag:blogger.com,1999:blog-10518146.post-15114971049818695192007-10-14T06:49:00.001-05:002008-12-09T19:14:50.780-05:00Facebook Developers Garage<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcUUEXVE0Thcmsnt-mRe3uoSKjJmcvQFLzndztEIw6zU_TV1D-07KEhdMIcQfJjwwdElKrS2w_lCMKqkssyp6ZQgAkZ0t3367XBA2EZpZKnr_wd2Ny_fjzOKuyYwS-4K3ug43a/s1600-h/fdgdc.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer;" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhcUUEXVE0Thcmsnt-mRe3uoSKjJmcvQFLzndztEIw6zU_TV1D-07KEhdMIcQfJjwwdElKrS2w_lCMKqkssyp6ZQgAkZ0t3367XBA2EZpZKnr_wd2Ny_fjzOKuyYwS-4K3ug43a/s320/fdgdc.jpg" alt="" id="BLOGGER_PHOTO_ID_5121247133702766562" border="0" /></a>Last week I attended the Facebook Developers Garage in DC. I'd pictured it as a room with a bunch of developers at tables, laptops open, showing off the ways they'd managed to build useful tools using the Facebook Platform or API. Instead, it was largely a presentation by folks from the Facebook Platform team - Ami Vora and Ezra Callahan. <span style="font-weight: bold;">The evening made clear the excitement, both inside and outside Facebook, that the open platform is generating, as well as the general confusion about what would constitute a truly useful Facebook app and how a developer would monetize it.</span><br /><br />Facebook's rate of growth alone make developers want to be associated with it. <span style="font-weight: bold;">Currently at about 45 million users, the service is adding about 250,000 users </span><span style="font-weight: bold;">each day</span><span style="font-weight: bold;">.</span> Half of all Facebook users visit the site every day. And despite Facebook's origins as a university-based site, these new users are predominantly older. To attract the developer community, the vc's associated with Facebook have created <span style="font-weight: bold;">fbFund</span>, which makes small seed grants ($25K-$250K) to help development groups get a project launched.<br /><br /><span style="font-weight: bold;">Success with the Facebook framework brings its own challenges. </span>TJ Murphy of Freewebs spoke about the experience he had with the Warbook game he wrote. It rapidly picked up 87,000 users, half of whom played ever day. Third party developers are required to host their own apps. So TJ found himself scrambling to scale up: currently the game is hosted at Amazon.<br /><br />It's the chance of getting in front of audiences this size that is attractive to organizations trying to build their brand. How to do it is the open question. Most third party apps to date have been social entertainments: tools to share music, or book reviews, for example, or utilities to enhance the poking and posting functions of the site. Some of these are quite nice: I really enjoy Christain Montoya's Social Tags application.<br /><br />But when a member of the audience took the mike to ask how many of the developers in the room were thinking of using the platform to develop a customized presence for individual client organizations who wanted to leverage the popularity and stickiness of the site, I saw no hands but mine. And the people I chatted with at the event seemed to be primarily developers... I met only one representative of a non-profit who was there to explore the possibility of extending the presence of his org via Facebook.<br /><br />Despite the confusion at this early point, I think it is clear that social networking is going to play an increasing role in non-profit strategies in the near future - and that Facebook, with its developers platform and huge user base, will be a focus of this networking.Michael Steinhttp://www.blogger.com/profile/12836272340266206986noreply@blogger.com7