Homeowners insurance, appliance warranties, automobile maintenance, living a healthy lifestyle, even regular church attendance can be considered proactive commitments. To protect against unfavorable consequences in the future, you pay some smaller price in the present. Or, in Wiktionary.org terms, proactive means “acting in advance to deal with an expected change or difficulty.”
Note the reference to an expected change or difficulty. Digital data corruption or loss in one form or another happens regularly. Seasoned managed IT leaders expect this to occur, either through hardware failure, environmental catastrophe, or through malicious or unintentional acts. Experienced IT leaders constantly lead the charge to be proactive so that when the inevitable happens, they can recover quickly and effectively. Most small and many larger businesses don’t do a good job of being proactive protecting their data.
Healthcare businesses are required to be HIPAA compliant. HIPAA compliance takes the form of a forced proactive approach to protecting the privacy and security of patient data. Any business that processes customer financial data is forced to be proactive through the Gramm-Leach-Bliley Act (GLBA). If you’re a credit card processor, your business is forced to be proactive in response to PCI DSS requirements. HIPAA, GLBA and PCI DSS, however, are not comprehensive. They are, what I consider, baseline requirements for proactive IT. Gaps still exist. Each business entity has unique requirements. No one-size-fits-all requirement for proactive IT exists. Frameworks exist, however, that can provide a comprehensive set of standards and practices that can inform business operations.
A proactive IT leader will take the best and most appropriate approaches from frameworks such as CobiT (http://www.isaca.org/Knowledge-Center/COBIT/Pages/Overview.aspx), NIST (http://www.nist.gov/information-technology-portal.cfm) and ITIL (http://www.itilcertification.org/) to name just a few. Proactive IT seeks to take the necessary steps – either technological, process, policy or training – to mitigate risk today and prepare for risk mitigation in the future. Business leaders are often skeptical in making an investment in proactive IT. All one needs to do is calculate the business impact – lost revenue, lost customer confidence, non-productive overhead cost, etc. – to understand what business continuity is really worth to make a case for proactive IT investment. If you’re a small business, you can give proactive IT a real boost by engaging a managed services firm that will bring a proactive IT element to your business. Managed services firms have to be proactive by design to be cost competitive and to retain and grow their customer base.
Remember, insurance companies are some of the largest companies in the world for a reason. Plan for expected digital change or difficulty by adopting a proactive approach to IT management. Contact Orion Group to get started today.