Hi there folks, would really appreciate some guidance on this (especially as this is the second time I have written this, and the #$%@ing website lost the first post…)

Recently taken over a small company (15 direct employees), for whom I’ve been working with for the last 1.5yrs as a contractor. We’re in the training business, not IT, for context.

TL/DR – how should I` go about identifying, creating, implementing and managing an IT policy for our growing business?

Long version:
Company has bumbled along successfully for 10 years, with no focus at all on IT other than an office 365 subscription and a general mentality of ‘mucking along to get the work done’.

This year we will do double the business of any previous year, and the trajectory looks great. Already implemented this year was standard use of Webex, and also a CMS/process (the lack of which was horrific for a company in our field). Both hugely positively impactful.

But, positive strategic and operational experiences with those 2 initiatives, + growth, is drawing into the open serious cracks with things like webex (unfortunately), os issues, other software, hardware, routers, printers/scanners etc etc. Ultimately, it is already affecting the interaction between us and our clients. Not good.

The company mostly runs on Macs, as do I, so thats a relief (hold your hate!), but unless I implement something soon I can see that I will spend a huge amount of time as default tech support. That is already happening and is not sustainable.

We clearly need some kind of IT policy and approach, your guidance, thoughts, ideas and insults great appreciated. 👍

Also, we are small, and profits are not yet matching growth, so a ‘cost effective’ approach is kinda important. I know, light, strong cheap etc etc…

https://cloud.google.com/why-google-cloud/

I would suggest taking a look at Cyber Essentials program to give you a steer on things you need to look out for before cracking on with anything, as well as a useful marketing badge should you go through the process. There is also some useful info on the NCSC website for how to evaluate cloud type services which should give some food for thought.

Outsource. I realise that you are trying to contain costs but finding a decent consultancy who is willing to work to your budget requirements will probably save you money over time. The problem with mucking along is that it is far more expensive and time consuming to unmuck down the line.
Also, how much is your time worth? You’ll probably find you are the most expensive IT support you can find.

Stay away from Google Cloud (or AWS for that matter). If you don’t have the tech skills to know what you need you don’t have the skills to operate it.

You can get a long way with using software as a service apps – Office 365, Google App Suite, Salesforce (not Salesforce), Blaze etc.

So all you really need is local networking and hardware support. A third party can do that *if* you keep them in their box. They’ll try to force Citrix etc on you because it makes life easier for them but hell for you. If you don’t keep data locally, see the cloud stuff above, then support is easier.

Eventually you’ll need an IT department. I’ve never seen an organisation where outsourced IT works, but you can postpone it until the 30-50 employee stage.

Some situations I have encountered at small companies.
One IT person hired due to obviouse cot issues.
IT is overrun with keeping current system working to have time to implement new systems.
IT person hired is junior IT guy so overwhelmed by the task of implementing new system on a low budget without the experience to fall back on.

Outsource for now but as above keep them in their box. IT can have a habit of wanting to grow control over everything and put in place big corporate systems or just generally want control to the point doing your job becomes a pita. Note this is not good IT practice but common .IME.

Stay away from Google Cloud (or AWS for that matter)

Sorry I posted the wrong link above -I meant to link to the link correctly posted below (I didn’t check the content of the page I posted the original link to – oops)

https://gsuite.google.co.uk/intl/en_uk/

Whatever you end up with make sure SAP is at it’s heart. Don’t know what that even is or what it does, but it’s all anyone talks about in my place. SAP this and SAP that. Can’t pay suppliers this, can’t pay subbies that. No, you can’t just order that simple product, it’s not on SAP. They must save a fortune not paying all those bills and buying stuff.

The problem with mucking along is that it is far more expensive and time consuming to unmuck down the line.

This.

Sounds to me like what you want to do there is recruit a technically competent IT manager.

No, you can’t just order that simple product, it’s not on SAP. They must save a fortune not paying all those bills and buying stuff.

You’ve clearly never looked at how much SAP costs.

you should be able to outsource the printers, os and network.  The strategy stuff needs to stay with you otherwise you end up having to adapt yourselves to systems other than that systems being adapted to you.   You might be able to bring in consultants to get things to help with webex, cms or other systems but if you don’t already have a reasonable idea of what you want they will quickly drag you down the line of what they can do quickly and have done before.  Outsourcing basic infrastructure is nice though

Cougar

Subscriber
No, you can’t just order that simple product, it’s not on SAP. They must save a fortune not paying all those bills and buying stuff.

You’ve clearly never looked at how much SAP costs

I’m pretty sure he was being sarcastic… 🙃

Ah. Yes.

Hard to tell in text when I’m not paying attention properly.

Either hire a hands-on IT Manager or get a small local IT Support Company in to help. In terms of an IT Policy – I’m assuming you are refering to things such as backup policy, acceptable usage, privacy/monitoring, data security – that’s pretty standard stuff so I’d imagine you should be able to find a template online and tweak away. Again, a 3rd party IT firm could knock something up in a jiffy.

How do you know you can’t afford a local it support company, asked any in for a chat?

Marvellous input, thanks all. SAP then, eh? 😆

Some good clarification points above – yes its about policy, but also general strategy and management. I’ll take a peek online and see what can be found, but if there are any recommendations for templates, or even current policies that anyone can share without damaging confidentiality, would be greatly appreciated.

A good point about a outsourcing or a dedicated IT resource – I’ll look into both, suspect local IT firm would be first step.

SAP

Sold A Pup

There’s a couple of ways to do it..

i. Hire a senior/junior combo. Senior strategies and has a good knowledge of the tech required for your business, leads on support. The junior is their dogsbody, learns the ropes & provides cover. Everything’s in house and fully accountable

ii. Hire a person with supplier management experience & get a third party in to do the work for you. Supplier manager keeps them in check, plans with supplier on business need

Those might be over-resourced for what you need at this moment in time but it depends what your 3 year strategy looks like 🙂

lolz to SAP comment, same thing where i work too. It is actually HAL.

It’s a tricky situation, you’re a big enough company to have a reliance on IT and need IT to help support your growth plans but you’re maybe not big enough yet to afford (or it be worth you investing in) a dedicated IT department or business analysis/consultancy.

I work for a global outsourcer/IT services provider so am probably a little biased on the benefits of outsourcing, done right it absolutely can work well, done wrong and at best it’s a waste of money.

I think you need to break it down into two areas:

1). Immediate/short-term issues impacting the business. e.g. desktop support, is your data safe and backed up, are there things you need to be doing that you aren’t because you don’t have a certain IT system in place? etc. etc.

2). Mid-long term stuff like deploying IT systems to support the business growth, ensuring you’re GDPR compliant (some would argue that should be short term…), DR/BCM plans, strategic apps and processes

For 1). you probably should get a local IT services company in, initially to do an evaluation of your current environment with suggestions for short term improvements. I wouldn’t go for one of the big IT services companies for this as you’ll get buried in a mire of process and long engagements which isn’t what you need.

Hopefully the local IT company will provide sound advice (maybe ask for a second opinion here) and also a plan + costs for you to address them (or at least they can provide that as a second engagement). That said you need to have set aside a decent budget for dealing with issues. If you spend £10k on an assessment for them to tell you need to spend £30-40k to address short term issues but you only have a £10k total IT budget then there’s not a whole lot of point even getting the assessment done.

I would also expect cloud or on-premise (or hybrid) to be looked at during this stage. If you don’t already have a significant on-premise IT infrastructure investment and are growing fast then cloud seems an obvious choice for your server & storage requirements. Done badly though it can be costly and leave you exposed to security issues in the same way on-premise IT can.

For the 2). stuff that would start with the local IT company, and possibly you’ll have taken on an IT manager (both to manage the relationship with the local IT company but also to have someone close to the business who you trust that will be vital to any strategic IT planning & investment.

Part 2). though is a bit open-ended and depends how big you grow and how much you can invest. Business analysis may be useful but then you may already have that covered – it can provide a fresh pair of eyes and they would generally have a better idea of what’s available out there in IT land to support a business such as yours, to find the right BA though you might need to engage a bigger IT services firm as you need someone both with some experience in your type of business but also a good knowledge & experience of the IT side of things. These people are hard to find (and even with a big IT services company as a small account you’d risk being given the fresh out of uni person straight from the graduate recruitment programme…).

Seminars/industry events (with an IT focus) are probably a good source of info as well, you basically want to learn from other people’s mistakes and not have IT constraining your business.

Thanks Fuzzy Wuzzy, thats extremely helpful.

You really, really don’t need any on prem kit other than laptops, printers and conference gear. Run for the hills if a local IT firm wants to install Windows kit in a Mac environment.

60+ people across 3 locations and we running quite happily as cloud natives.

For similar use cases to you we use Gsuite, Slack, Notion, Zoom and Fleetsmith for macs. Look at Zapier as well for automating stuff in a sensible fashion. You might consider CharlieHR or Bob for people management and something like Workable if you’re hiring. Hi spot is cheaper than Salesforce and probably an easier learning curve.

For the benefit of people who should know better – having IT kit in your own data centre is on-premises. It’s a small thing, I know, but irritating as ****.

For an organisation your size I would certainly be considering going cloud only. Office 365 is not a bad option and these days MS technology is pretty friendly with other operating systems beyond Windows. The Office 365 / Azure suite can offer you Teams (effectively the replacement for Skype for Business and is far more integrated than Webex) along with the desktop office apps, plenty of security options to provide things like Multi factor authentication, security insights and protection and Conditional access to protect access to your stuff. There are also CRM options available. Obviosuly it all costs money but it almost certainly cheaper than trying to run and manage your own internal IT operation.

OK – some instant decisions made in the short term:
Cloud for CMS? check
Salesforce.com? check

Data safety and integrity – next priority

Prertty much what fuzzy says, but I’d add – try and speak to other, similar sized companies and ask them about their IT support. There are good and bad outsourcing companies for this kind of thing. I worked for one who were pretty good but had a support model that involved paying in advance which isn’t good if the company turns out to be crap.
Also, have a clear idea about what you want in workflow terms so your outsourcing company gives a solution that fits you not them
I’d be staying clear of SAP based on experience (used to work for an outsourcing IT support company)

Our company has had one full time IT person since it was about 20 people. We’re now bigger and outsource basic stuff to a 3rd party, CompleteIT, with the full time bod looking after critical infrastructure rather than faffing about with people’s email issues.

We use SalesForce at work but you need someone to customise it for you, we have ended up with one of the pre-sales team looking after SF as part of his role. You also need to get people to update it with their info, which is the biggest issue as that bit is not enforced very well…..

Data safety and integrity – next priority

What data? If it’s your documents, spreadsheets etc I’d highly recommend doing everything in g-suite. Impossible for a stolen laptop, errant cup of coffee or failed disk to expose a flaw in your backup process. Has the benefit of allowing people to collaborate on a single doc, rather than 2020-strategy-20191122-v2.6-Geoff-changes-latest.doc

If you’re talking about confidential or PII data that’s making it’s way in to sales force, you’re relying on their security practices and whatever data validation they offer.

If you’re talking about confidential or PII data that’s making it’s way in to sales force, you’re relying on their security practices and whatever data validation they offer.

Which are perfectly robust and meet all the standards required. I’m currently implementing a system that will store the PII data for 25M people on Salesforce. The solution is secure by design, and it meets all the legal frameworks it needs to.

https://trust.salesforce.com/en/

https://compliance.salesforce.com/en

Obviously, you as an end user are responsible for ensuring the accounts you give people on the platform only allow them access to what they’re supposed to see, and have suitable auditing in place, but that goes for any IT system.

Definitely look at some local MSPs (managed service providers), I used to work for one that mainly dealt with small to medium sized businesses, from 2 to 200 employees.

A good one will be able to look at what IT you currently have, what you need, and tailor a support package to your needs. Whether that’s O365 with Onedrive, or a file server, also they’ll look at your domain, like do you even have a domain controller with active directory or are all your computers on local accounts? They’ll deal with any security risks too (MFA!!) and so on. Back ups, disaster recovery etc, networking, ability to work from home with a vpn, and so on…

They’ll also manage any changes, like new users – make sure they have a decent change control process in place, then a new starter just means a form to complete with the required access, and they create and manage the account.

And believe me you’ll be glad you’ve got them when Doris in accounts gets a dodgy email and you end up needing a few GB of data restoring…

That could never happen to us Tallpaul, here name is Vanessa! 😆

More great thoughts, thank you. Shit’s getting real, glad I asked.

The Ubiquiti networking kit when properly configured will allow you prevent Doris/Vanessa seeing the dodgy stuff and unleashing the ransomware. It’s currently phoning home though on the latest updates, this may be important if you need to be very secure. It’s reasonably priced compared to the CISCO stuff and updates happen monthly, you may prefer to hire a consultant to do this rather than getting involved.