Security & Compliance
Spark Alliance, Inc. - Business Solutions Provider


Request a Quote

Lorem ipsum dolor sitame consectetur adipisicing a eltsum eiusmod tempor incdun labore dolore magna aliquer velitsse cillumer the pariatur.

Get an Estimate

Lorem ipsum dolor sitame consectetur adipisicing a eltsum eiusmod tempor incdun labore dolore magna aliquer velitsse cillumer the pariatur.

Book a Mechanic

Lorem ipsum dolor sitame consectetur adipisicing a eltsum eiusmod tempor incdun labore dolore magna aliquer velitsse cillumer the pariatur.

Get Your Motorcycle

Lorem ipsum dolor sitame consectetur adipisicing a eltsum eiusmod tempor incdun labore dolore magna aliquer velitsse cillumer the pariatur.


Let’s start making sense of it all …

For those in the United States, the mad dash to success in the modern business era is unquestionably on.

   After years of taking a "wait and see" approach to Security and Compliance regulations surrounding office technology, businesses are scrambling to get their systems and procedures in order.

   The Department of Homeland Security (DHS) and the National Institute of Standards and Technology (NIST) continue to introduce new rules that put into place heightened protocols for how electronic information (data) is shared as well as how notifications about breaches need to be handled, among other things related to protecting information and privacy in a world of e-commerce and unlimited electronic transaction methods.

   Naturally, a lot of our consulting clients are reaching out for professional help on how to get their business systems in line as these deadlines have came and went. One of the biggest facets of the new laws, which affects companies like ours that provide hands-on IT and business systems consulting, is that for the first time ever we are being required to proactively report the status of our businesses in regards to procedures and technologies in use.

   Any business that is either storing or working with any aspect of either customer or staff information is now being held to the same accountability standards as any medical or enterprise level business. The playing field has been leveled in today’s world. This means IT consultants such as ours, cloud storage providers, email providers, data shredding companies -- if your hands are getting on electronic information in the course of business, you are liable for ensuring strict levels of security and standards.

   Much of the problem with the current regulations that have been on a staggered integration schedule is that there was no single place a business could go to find out exactly what they needed to do and when they needed to get it done by. With as much hot air out there, it's important that we distinguish the truths from the falsehoods. Before we get into the meat of what we wish to cover, we want to make it entirely clear that much of what the compliances and regulations entail, especially surrounding technology usage, are far from being black and white.

   More accurately, the entire set of policies outlining proper technology integration with acceptable safeguards can be seen in shades of gray. With that being said, there are many items which will keep you on the straight and narrow a lot easier without having to second-guess what implications your decisions will have.

   Our goal is to deliver the best process and design strategies to employ the right systems and solutions to scale and grow your business successfully. We'll cover many of those items below. Business System Strategy: People, Process, Technology People When we say "your people," we’re not just referring to your employees -- although obviously they are important. Instead, we’re talking about all your relationships. We call these people our stakeholders, as they have a vested interest in the success of our company. This group consists of employees, customers, vendors, suppliers and advisers.

   Consider the following: How do you treat your employees, the office space you provide them with, the technology your company uses and the compensation plan? It adds up to respect. Have an on-going dialog with your banker throughout the year so they hear from you more often than just when you need money.

   Stay in touch with your customers, as they pay your bills today and are the best source of referrals and future business. Remember, business is nothing more than the sum of your relationships, so invest time in your relationships. Get to know people. Send quick follow-up notes via email. Give them an endorsement on LinkedIn. Send a thank-you card or gift basket to someone special. They will appreciate it and remember it for a long time.

Process (Policies & Procedures) Process is so critical that it's often overlooked as a technical item.

   Processes are the steps you'd take to perform a function, such as making a sales presentation, receiving an order, delivering a service or answering the phone. At Spark Alliance, Inc., we have processes for making changes to an e-commerce website, how to execute change management with the infrastructure, answering customer inquiries and even emergency procedures. Processes eliminate questions like, “How do we do X," or "When do we do Y?" Having a process or set of processes in place gives your team the power to operate on their own and in the same manner that you would. Finally, processes are what will allow your business to scale from one to five, and then twenty to five hundred employees.

   Over time, we’ve seen our processes help us grow successfully and influence our business system strategies. If you want to learn about processes the same way we did, read The E-Myth, an excellent book series by Michael Gerber. An additional book we studied was Give and Take: Why Helping Others Drives Our Success by Adam Grant. Technology All the dollars in the world won't help bad technology, and you need to be confident that your technology delivers on its purpose and promise. You know what that is -- it's the tools you use every day to perform your job functions or deliver results to customers or both. Does your technology work consistently? Is your technology up to date and secure? Is your technology easy to use?

   Maybe you aren't getting as much done as you'd like. Have you looked at ways to improve or enhance your technology? Have you measured the use of your technology and how it improves your efficiency and your service? Our favorite one-question survey we’ve participated in was, "What can we do that will knock your socks off?" Present it as one question and one large text box for your customers to answer in. Try it. I promise that you'll learn a lot. However, the real tell-tale sign of good technology solutions is if your customers and employees are willing to refer what they use to their friends or colleagues. This is another one-question survey called the Net Promoter Score. Essentially, you ask your customers and employees, "On a scale of one to 10, how likely are you to refer what technology you use to a friend or colleague?" Nines and 10s matter, as those people are your promoters. Sevens and eights are your passives, with six and under designated as detractors. Figure this out and then follow up with both your promoters and your detractors to find out where you need to improve. Success Formula Focusing on people, process and technology will empower you to create value where there are gaps, instill processes that will grow your company and nurture relationships across the board to show that you truly care. By being purposeful, you’ll stay on mission and deliver world-class experiences to everyone who comes into contact with your business. Myth: Security through Obfuscation is Good Security We've been helping more than a few clients lately wade through fixing past mistakes about relying too heavily on "security via obfuscation", also known as "security through obscurity" to some. We catch these practices in use with new customers a several times a year, but this discredited approach to security is coming to the surface heavily now that most of the industry is being directly affected by technology performance and security. And it seems that the worst culprits are the smaller organizations, those with perhaps a single owner and a few staff members. These are the ones that tried for



many years to do their own IT infrastructure work and are calling us for an SOS in the face of pain or business impact. "Security through obfuscation" was an easy way out -- a cheap way to keep up a false sense of security. Checking the "box off the sheet" if you want to call it that. The US National Institute of Standards has formally decried the use of such tactics numerous times in official documents, and today’s security breaches and technology vulnerabilities is seemingly the straw breaking the camel's back. What the heck does "security via obfuscation" look like? On the residential side of technology, it's employing SSID masking on your home wireless router to prevent others from "seeing your network". You can read up on how far debunked this practice has become, as even an amateur hacker can get around such lowly safeguards in a matter of minutes. If you were led down a path that believing in obfuscation was a good idea in the past, it very well might have worked decently before. But at a time now when compliance and regulations are holding businesses to higher standards with "reasonable expectations" placed on safeguarding data, you don't want to get caught relying on a security practice that has been debunked far and wide already. Myth: Compliance for My Business Systems Starts and Stops at the Technology Itself Oh, so wrong once again. NIST considers technology infrastructure as key pieces to the compliance paradigm, but it is far from being the end all, be all to ensuring your office is holding itself to the standards expected. The broader discussion is as much one about the people, processes, and procedures in place as it is about the whiz-bang technology being employed to deliver your product or service. Don't allow any consultant to come in and tell you that "I can give you this, this, and this to get you fully compliant for xx amount of money" without speak to the people subject. Foolish thinking, but this is something we see and hear all the time. One of the biggest facets that are underestimated regarding compliance and technology usage is the people side of things. Encrypted disk drives and email systems are wonderful -- but only when used in the proper hands. Employees that



are left untrained for responsible computing in a medical environment are just as dangerous as handing the data outright to third parties. There is rightfully a lot of focus on the technology as of late, but leaving your workers in the dark about how they should be conducting themselves within the network of a business is just as, if not more, important. Processes are also a key game changer in the move to business compliance. Do you have processes in place for how information should be handled at each step of the way? Are you holding your workers accountable for following these procedures? What are the protocols for when customer information is left outside official channels? These are all questions that your organization needs to answer internally, either concurrently when technology upgrades are being done or even beginning the discussion well before any upgrades are in place. Waiting until new technology is set forth and allowing technical training to take all the focus after a rollout will undoubtedly leave workers in a position with little empowerment to do the right thing. Our Deliverable: Make a feasible plan of action to upgrade or implement systems that is the “right solution”. The "buy vs. subscribe" debate is not one we’re going to outline in this document. But whichever route you go, it's important to keep costs in mind and smooth out a transition by handling systems in steps and process. It's not practical, both time-wise and cost-wise, to overhaul an office of 20+ workstations and a 1 or more servers in one weekend. That's a recipe for disaster. We can work with you to create a road map and design plan to keep your business operating while integrating new process and systems. We will also discuss the best options in regards to an on premises or cloud solution. There are benefits and circumstances that make sense for each business based on their needs. We have the expertise to recommend the “right solution”. The ultimate goal is to maximize the value and growth for your business with anything we partner together to deliver. Bad habits also need to change as business compliance becomes ever more serious. Many of these items are common knowledge for the tech community, but those



entrenched in the modern business world are still behind in these office security, processes and best practices. There is a lot of hot air and misconception out there in terms of what business compliance looks like. Wrangling the new laws is no small task, but with some elbow grease and a willingness to learn, you can ensure that your organization is following best practices for achieving and maintaining business compliance. In closing, driving the growth of your business in the concepts of People, Process and Technology in the scope of business systems and technology is sure to deliver growth and success that is measurable, scalable and profitable.



Address: PO Box 2337 Oakdale, CA 95361

Phone: (209) 573-3636



Monday - Friday: 8am - 5pm

Saturday-Sunday: Oncall After Hours Service

24/7:  Services Avaiable


© Copyright. All Rights Reserved.