2. 2 E-business Policy and Strategy Plan
Contents
Contents ................................................................................................................................................. 2
I. Mission Statement ......................................................................................................................... 3
II. Considerations .............................................................................................................................. 4
III. Network Security Strategy............................................................................................................. 7
IV. Disaster Recovery ......................................................................................................................... 8
Disasters likely to occur in the Midwest .................................................................................................. 8
Disaster Recovery Plan .......................................................................................................................... 9
V. Privacy Policy .............................................................................................................................. 10
Privacy Policy ..................................................................................................................................... 10
Email Use Policy................................................................................................................................. 10
Policy ............................................................................................................................................. 10
Enforcement ................................................................................................................................... 11
Definitions ...................................................................................................................................... 11
Transition Plan .................................................................................................................................... 12
Testing ............................................................................................................................................... 13
Communication Plan ........................................................................................................................... 13
VI. Testing and Back-Out Plans ....................................................................................................... 15
Testing Process for Network ................................................................................................................ 15
Test validity ........................................................................................................................................ 16
Back-Out Plan .................................................................................................................................... 16
VII. Monitoring System................................................................................................................... 17
Free Monitoring Software .................................................................................................................... 17
Commercial Monitoring Software ......................................................................................................... 17
The Recommended Choice .................................................................................................................. 19
VIII. The Help Desk......................................................................................................................... 20
ITT Student Consulting Services Confidential 2009
3. 3 E-business Policy and Strategy Plan
I. Mission Statement
This group consisting of Alicia Merkins, Johnnie Farmer, Dennis Parker, Jovonda Rodgers,
and Rashad Tarpley has been charged with developing network policies and documented
strategies for creating and growing an E-business,
The proposed organization is to be a 24-hour, 7-day a week company that only takes orders
from online access through the company’s website. Our proposed organization has selected
Indianapolis, IN as its location for its easy access to the rest of the country. The proposed
location was also chosen for the significant distribution and warehouse facilities there.
ITT Student Consulting Services Confidential 2009
4. 4 E-business Policy and Strategy Plan
II. Considerations
Certain physical considerations must be made when planning for the network that will
support our organization. The following functions must be taken into consideration for support:
Customer Access (to identify products for purchase)
o Account Registration - username and password
o Account information will include but is not limited to the individuals name,
address, date of birth, email address and security question for password recovery.
o Database to store all above information
o PayPal affiliation for online payment options
o SSL and https for increased security
Customer Support (for customers who are internet phobic)
o Customer service center with 1-800 number
o Online Chat
o Automatically saved and sent to QA department
o Email support
Outlook
Management Reporting
o Managers will be linked to a separate server for enhanced security
o Payroll functions
Report time worked, breaks, scheduled vacations, etc
Monitor employees
o Incident reports
o Call Monitoring at random to ensure employee accuracy
ITT Student Consulting Services Confidential 2009
5. 5 E-business Policy and Strategy Plan
Warehouse & Distribution Functions
o Inventory reporting
o Shipping reporting
o Separate database and server
Marketing Functions
o All marketing is done primarily online
Occasional Newspaper, Television, Radio
o Advertise with several different websites
Website linking and ads
o Marketing employees must ensure accuracy across all advertisements
System Development & Support Functions
o Server based automated updates
o Company proprietary systems that will only be accessible on company
workstations.
o IT helpdesk
The first services we would implement would be:
At the start of the business we will need to have a secure website, have phone support
and employees set up, provide warehouse with inventory and database to monitor it.
We will also need to ensure that we have an IT support team as well as several
servers to support the various functions of the company.
To accommodate for possible explosive growth we purpose:
ITT Student Consulting Services Confidential 2009
6. 6 E-business Policy and Strategy Plan
Depending on demand we may eventually support phone sales.
We will ensure that our warehouse will support extra inventory in case we need to
keep more in stock.
Network will support extra workstations and servers.
We envision the following services to be added in the future as our organization grows:
As the company grows we may decide to expand our inventory to other avenues and
services.
We will eventually be able to add a FAQ page to our website.
Depending on business we may eventually be able to move to store fronts as opposed
to being an internet only company.
ITT Student Consulting Services Confidential 2009
7. 7 E-business Policy and Strategy Plan
III. Network Security Strategy
Different aspects of security affect different constituencies within the organization and
customers outside the organization in various ways. Security within the organization affects the
employees by maintaining integrity from within. Ensuring that the security policies set forth
within the organization promote customer confidentiality as well as securing all company
confidential information. Customers will feel safe with their online orders and supplying
financial information to our company.
Our team will implement security by setting forth policies and procedures that is
understood and followed across the board on all levels. Any new employees will take an online
training course on company proprietary information and systems as well as security measures,
integrity and customer privacy. All existing employees will take bi-quarterly training sessions as
well. After each training session, all employees will be required to sign a form stating that they
read and understood the policies and procedures. Furthermore, the system administrators will
monitor the network from the email and internet usage to any external drives or downloads being
used on workstations.
Any employees that have been terminated or willing leave the company will be stripped
of their network and facility entry abilities. This includes any facility badges, parking passes,
building security or alarm codes and network log-ins. In addition, their employee email accounts
will be frozen from access internally and externally. In cases where the employee is eligible for
rehire, their log-ins will be disabled for 6 months before being completely deleted from the
system. This will save time and money if the employee were to come back to the company
within the allotted timeframe. All of the above procedures would be completed during or before
a mandatory exit interview that is conducted by a member of management.
ITT Student Consulting Services Confidential 2009
8. 8 E-business Policy and Strategy Plan
IV. Disaster Recovery
We will back up all of our information daily to both our local and non local servers. We will
have network redundancy where if the local server were to go down for any reason we would be
able to connect to the backup server. This will ensure that if a disaster were to occur locally we
will have a server that is not local that we can connect to.
We also create circuit redundancy where our network would be connected through a T1 local
network with a DSL backup so that if the internet server were to go down we would have an
alternate method of connecting. Our backup server would be administered by a server backup
company since we are a small scale ecommerce business. As we grow we may begin to take the
matter into our own hands with our backup systems.
As for our inventory, we will only order enough stock to successfully run our business. We
will keep enough of each item in stock and make weekly orders to our external supplier on a
need-be basis. This will ensure that we do not have too much inventory so that if we were to be
face with a disaster we will not lose millions of dollars worth of merchandise. Weekly reports
will be run on both our inventory and sales to provide projected sales and inventory needs.
Disasters likely to occur in the Midwest
Tornados
Blizzards
Lightening
Hail
Floods
Terrorist attack
ITT Student Consulting Services Confidential 2009
9. 9 E-business Policy and Strategy Plan
Jet fuel spillage/ leakage
Earthquakes
Improper local construction (including building structure, electrical, sewage, etc)
Disaster Recovery Plan
Insurance
Generators
Remote access
Local and non local servers
ITT Student Consulting Services Confidential 2009
10. 10 E-business Policy and Strategy Plan
V. Privacy Policy
Privacy Policy
The privacy policy will consist of a document that the employees will sign that states exactly
what the policy consists of. The privacy policy will state that all employees will have a photo ID
badge that will be required to be in their possession at all times. It will also state the email and
network security will be in place to prevent intruders from getting on the network and obtaining
company and client confidential information.
Email Use Policy
To prevent tarnishing the public image of our organization, when email goes out from our
organization the general public will tend to view that message as an official policy statement
from the SA’s of our organization.
This policy covers appropriate use of any email sent from our E-commerce Business email
address and applies to all employees, vendors, and agents operating on behalf of our
organization.
Policy
1 Prohibited Use
Our organization email system shall not to be used for the creation or
distribution of any disruptive or offensive messages, including offensive comments
about race, gender, hair color, disabilities, age, sexual orientation, pornography,
religious beliefs and practice, political beliefs, or national origin. Employees who
receive any emails with this content from any Company employee should report the
matter to their supervisor immediately.
ITT Student Consulting Services Confidential 2009
11. 11 E-business Policy and Strategy Plan
2 Personal Use
Using a reasonable amount of our organization resources for personal emails is
acceptable, but non-work related email shall be saved in a separate folder from
work related email. Sending chain letters or joke emails from an organizational
email account is prohibited. Virus or other malware warnings and mass mailings
from our organization shall be approved by our VP Operations before sending.
These restrictions also apply to the forwarding of mail received by an employee.
3 Monitoring
Our employees shall have no expectation of privacy in anything they store, send
or receive on the company’s email system. Our organization may monitor messages
without prior notice. Our organization is not obliged to monitor email messages.
Enforcement
Any employee found to have violated this policy may be subject to disciplinary action, up
to and including termination of employment.
Definitions
Term Definition
Email The electronic transmission of information through a mail protocol such as
SMTP or IMAP. Typical email clients include Eudora and Microsoft
Outlook.
Forwarded email Email resent from an internal network to an outside point.
ITT Student Consulting Services Confidential 2009
12. 12 E-business Policy and Strategy Plan
Chain email or letter Email sent to successive people. Typically the body of the note
has direction to send out multiple copies of the note and promises good
luck or money if the direction is followed.
Sensitive information Information is considered sensitive if it can be damaging to Our
organization or its customers' reputation or market standing.
Virus warning Email containing warnings about virus or malware. The overwhelming
majority of these emails turn out to be a hoax and contain bogus
information usually intent only on frightening or misleading users.
Unauthorized Disclosure The intentional or unintentional revealing of restricted
information to people, both inside and outside Our organization, who do
not have a need to know that information.
Transition Plan
The transition plan will consist of the implementation strategy set fourth for new
technologies and systems. It will consist of training schedules, upgrade schedules, etc. The
transition plan that we have in place for new technologies and upgrades are:
Develop a service checklist
Verify software packages will work on new system
Develop test for each service to verify its working
Write a back out plan with specific triggers
Select a maintenance window
Announce upgrade
Execute test
ITT Student Consulting Services Confidential 2009
13. 13 E-business Policy and Strategy Plan
Lock out users
Do upgrades while being supervised
Repeat test and do debugging (if necessary)
If test fail or triggers back out, execute back out
Let users back in
Communicate success or back out to customer
Analyze what went right and what didn’t; modify checklist
Testing
We have taken the steps to ensure quality, security and compatibility with our current
systems. The new technology has gone through extensive testing to guarantee the above factors.
Steps taken for the testing process:
Plan a test process
Test on a single system
Test on multiple systems
File a test request
Get the test committee to approve system test
Schedule a test process
Communicate with users and administrators before test
Test systems at scheduled times
Post a test event analysis
Communication Plan
The communication plan will be implemented for any and all changes to our business
strategies and plans. Any communication will be implemented through email, memos, phone,
ITT Student Consulting Services Confidential 2009
14. 14 E-business Policy and Strategy Plan
and voicemail. All emails will have a read / received receipt to the sender to ensure that the
employees have read the email and it will also be communicated that this receipt ensures
understanding of the communication unless the employee were to communicate back to the
sender with any misunderstandings. The way we will implement our communication plan is first
communicate change to all impacted people what changes are being made, which services will
be unavailable, when and how long they will be unavailable, and what action do they need to
take (if any).
ITT Student Consulting Services Confidential 2009
15. 15 E-business Policy and Strategy Plan
VI. Testing and Back-Out Plans
Testing Process for Network
All tests will be done on a redundant server used to do test. As each service is identified, a
test will be developed that will be used to verify that the service is working properly after the
upgrade. The easiest way to do this is to have all test recorded as scripts that can be run
unattended. A master script can be written that outputs an “ok” or “fail” message for each test.
This test can be run individually as problems are debugged. For more complicated services,
customers may write the test or offer to be on call to execute their own set of manual tests.
In the case of our E-business we use software packages that have an installation verification
suite that can be run. This process is called Recession testing; you capture the output of the old
system, make a change, and then capture output of the new system.
What will be the services provided by our server?
The servers will provide email support as well as client database information and support,
billing information and support, backup support, internet support, etc.
Who are the customers for each of our services?
Email support and internet support apply to the employees of the company
Database support, billing support and internet support apply to the customers.
Backup support applies to the system administrators and employees of the company.
Which software package will provide for each of our services
For the internet we will use a L.A.M.P. (Linux, Apache, MySQL, Php) architecture to
host our services
Database support will be provided through MySQL.
Email services will be provided using Microsoft Exchange/Outlook.
ITT Student Consulting Services Confidential 2009
16. 16 E-business Policy and Strategy Plan
Billing support for customers and employees will be provided using software called
Netace.
Verification tests for each service developed
For all of the services we will enable testing within one of our call center facilities. If
everything goes well within that one call center then the software would be administered
throughout the company. In that call center we would have an IT support team that will support
any potential issues that may occur within the new software and services.
Test validity
We would know if the tests are valid because they are being tested in the real world
environment.
Back-Out Plan
Our back out plan will be based on the agreed upon end time minus the back out time, as well
as the time it will take to test that the back out is complete. We will have an outside member to
clock the progress like a manager. The back out plan would be to transfer any customers to
another department if we were to have any issues within the particular department that is testing
the new software and services. This will ensure that the customers or clients do not suffer during
our testing process while also enabling us to test the product in the real time environment.
ITT Student Consulting Services Confidential 2009
17. 17 E-business Policy and Strategy Plan
VII. Monitoring System
Free Monitoring Software
Employees Monitor Free Edition 2.22 would be the real-time monitoring solution best suited
for our environment. It would allow SAs to invisibly monitor the entire network from one
centralized position, such as instant messaging, file operations, websites visited, applications
used, etc. Employees PC Monitor also can log file operations of the employee's computer, such
as copy, delete, print, create, rename, open, copy file to removable disk, etc. It can send alarms to
the console computer when an employee does a file operation on removable disk, add or remove
a removable disk, open an unwanted website, etc. SAs could also see live screenshots of multi
network computers and take a control of a remote computer, this is especially useful when you
need to assist the person who uses the remote computer or immediately stop unwanted actions,
and you can edit, open, download, and upload files remotely. Employees PC Monitor can also
restrict remote computers’ browsing in Internet Explorer, application using, network accessing,
and send instant message and command (e.g. shut down, restart, run program, open website) to
the remote computer. Additionally Employees PC Monitor provides a powerful remote task
manager, which allows the SAs to view all processes on remote computer and end any of them.
Commercial Monitoring Software
SpectorSoft’s Spector Pro is the best selling commercial monitoring software on the market
today. Spector Pro has deservedly earned its reputation as not only the most trusted monitoring
software in the world, but as also the most feature-rich, while being easy and intuitive... even for
beginners. Whether you want to monitor a computer in secret or in the open, Spector Pro can
capture all the action with little effort on your part.
ITT Student Consulting Services Confidential 2009
18. 18 E-business Policy and Strategy Plan
The program will even contact you remotely by email or cell phone when activity on your
computer triggers specific keywords. Spector Pro has an excellent combination of monitoring
features: Screen Snapshots, Chat/IM Activity, Web Sites Visited, Email Activity, Program
Activity and Keywords Detected. You can also monitor MySpace or Facebook activity, and even
specific online searches. The Top 10 Summary Reports allow you to gauge what sites and
activities are taking up the most time. Spector Pro can even monitor and track files downloaded
over the internet (music, pictures, video, software, etc.).
Furthermore, the software can keep track of what files and documents are being accessed,
removed, edited, renamed, and even printed. More than just monitoring online activity, Spector
Pro can monitor ever program or application run on the computer, including games. You can see
what programs were launched, and how long they were actually used. Though you technically
have to let any user know that they are being monitored Spector Pro has “Stealth Mode”, which
hides the program. The program will not appear on the desktop or task manager. It won't even
show up after a program search and it is not listed on the hard drive, so others cannot tamper or
delete it.
You can access the program with a combination of hot keys and a password. Instead of just a
list of email and chat contacts, viewing the content of these messages greatly increases Spector
Pro’s monitoring effectiveness. The ability to visually record and replay the captured activity
can't be overstated. You can see every web site, every email, and every keystroke if you want.
Spector Pro is certainly effective at what it does, recording all sorts of internet activity. But more
importantly, Spector Pro makes this information easy to overview and monitor efficiently.
ITT Student Consulting Services Confidential 2009
19. 19 E-business Policy and Strategy Plan
The Recommended Choice
With the added features of the commercial Spector Pro over the free Employees Monitor
Free Edition 2.22 and the low cost of only $100.00 I would suggest the commercial software for
our organization.
Price, features, and the added benefit of a support contract for the software all factor into this
being the better option for us.
ITT Student Consulting Services Confidential 2009
20. 20 E-business Policy and Strategy Plan
VIII. The Help Desk
The types if people that we would hire for our help desk are people with strong customer
service and sales skills and experience as well as individuals with IT degrees and IT experience
IT Employees and managers- utilized to resolve any internal IT issues with database,
systems, security, etc.
Customer Service – Utilized to resolve customer issues, billing, and product related
issues, etc.
Sales and Shipping employees and managers- utilized to resolve any shipping or sales
issues or requests.
Quality Assurance employees and managers- ensure quality products, services,
continuing improvement, customer surveys, etc.
Escalation policy to help respond quickly and efficiently
The first step to an escalation is for the representative create a trouble ticket and to
attempt by any means possible (according to the policies and procedures set forth) to
resolve the issue in a timely manner. Rep should spend no more than 15 minutes on
an issue.
If the representative is not able to resolve the issue then the trouble ticket should be
forwarded to their direct manager.
The Manager should attempt to resolve the issue within a timely manner, updating
any progress on the trouble ticket and forwarding it to the department that is better
able to solve the issue.
ITT Student Consulting Services Confidential 2009
21. 21 E-business Policy and Strategy Plan
The assigned department should be able to resolve the issue and update the trouble
ticket.
If the issue were to go further than the assigned department then the issue may require
further investigation.
ITT Student Consulting Services Confidential 2009