INL’s Cellular Data Stipend Jonathan Homer NLIT 2009.

Slides:



Advertisements
Similar presentations
Cellular Telephone Use Guidelines AA Roundup June 27, 2007.
Advertisements

1 Wireless Communication Device Allowance Policy – Getting Out of the Cell Phone Business.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
Bring Your Own Device (BYOD) Understanding BYOD June 27, 2013 © 2013 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks.
Customer Relationship Management (CRM) Case Study.
Cell Phone and Internet Stipend Program For Employees (NEW PARTICIPANTS)
Tips and Ideas to Help Sell Your Security Program Practical Lessons Learned as the Principal Security Officer in Systems at the Social Security Administration.
Copyright 2004 Turning Point Solutions Establishing Lines Of Communication Before a Crisis.
Risk Management a Case Study DATALAWS Information Technology Law Consultants Presented by F. F Akinsuyi (MSc, LLM)MBCS.
Date: 03/05/2007 Vendor Management and Metrics. 2 A.T. Kearney X/mm.yyyy/00000 AT Kearney’s IT/Telecom Vendor Facts IT/Telecom service, software and equipment.
Centers for IBM e-Business Innovation :: Chicago © 2005 IBM Corporation IBM Project October 2005.
Pertemuan Matakuliah: A0214/Audit Sistem Informasi Tahun: 2007.
Office of Inspector General (OIG) Internal Audit
Vulnerability Assessments
Oracle Security and GRC Professional Development Program.
Patrick Herron VP – Product Management. Confidential and Proprietary. Subject to Non-Disclosure Agreement. Voice & Telephony MessagingConferencing Instant.
Wireless Solution Training for the (Enterprise) Carpeted Office February 2004 Tina Herrera
1 Unified Communications Survey Summary Results Market Connections, Inc. June 2007.
1 BUSINESS CONTINUITY AND DISASTER RECOVERY PLANNING Reducing your Risk Profile MIDWEST DATA RECOVERY INC.
SAFETY AND HEALTH PROGRAMS 1. This presentation is adapted from the OSHA Safety and Health Programs presentation available on the OSHA website. CREDITS.
Rutgers Integrated Administrative System RIAS Phase III – HRMS, Budgeting, and Enterprise Reporting Treasurer’s Luncheon December 2, 2008.
A Print Counts Solution Designed for Clerk of the Circuit Court 2010.
INFORMATION SECURITY GOVERNANCE (ISG) Relates to the security of information systems Is an element of corporate governance.
 Jonathan Trull, Deputy State Auditor, Colorado Office of the State Auditor  Travis Schack, Colorado’s Information Security Officer  Chris Ingram,
Think management system Personnel Management System Financial Management System Risk Management System Environmental Management System.
A Security Training Program through Transformational Leadership and Practical Approaches Tanetta N. Isler Federal Information Systems Security Educators’
C © 2013 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 1 C © 2013 Cisco and/or its affiliates. All rights.
Faye Business Systems Group presents: The Top 10 Reasons Why CRM Implementations Fail.
Cloud Computing Zach Ciccone Claudia Rodriguez Annia Aleman Xiaoying Tu Nov 14, 2013.
Contract Administration Stacy Sassman Purchasing Agent Iowa State University Cory Harms Associate Director of Purchasing Iowa State University.
How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.
1 The Auditor’s Perspective Division of Sponsored Research Research Administration Training Series Presented by: Joe Cannella Audit Manager,
IIA_Tampa_ Beth Breier, City of Tallahassee1 IT Auditing in the Small Audit Shop Beth Breier, CPA, CISA City of Tallahassee
ISO17799 Maturity. Confidentiality Confidentiality relates to the protection of sensitive data from unauthorized use and distribution. Examples include:
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
43 rd Annual Western States Highway Equipment Managers Association Conference Washington State Department of Transportation Presentation August 29, 2011.
HIGH INTENSITY DRUG TRAFFICKING AREA FINANCIAL MANAGEMENT DATABASE PROJECT.
LeToia Crozier, Esq., CHC Vice President, Compliance & Regulatory Affairs Corey Wilson Director of Technical Services & Security Officer Interactive Think.
AGA’s 2015 IG Survey: Accelerating Change IG Panel Discussion of Survey Results September 15, 2015.
Chapter 12 Integrated Information Systems for Chronic Care: A Model Linking Acute and Long Term Care.
Planning for security Microsoft View
GLOCO – Integrated Corporate Portal Part 3 – Implementation Plan Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena.
GLOCO – Integrated Corporate Portal Part 3 – Implementation Plan Presented by Team 3 1 Team 3 Members: Joyce Torres Kenneth Kittredge Pamela Fisher Ruzhena.
University of Minnesota Internal\External Sales “The Internal Sales Review Process” An Overview of What Happens During the Review.
Lynn Schmidt, PhD ATD Puget Sound October 21, 2014.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Budget Cuts During a Mobility Boom: Best Practices for Stretching Your Wireless Budget and Managing the Wireless Device Lifecycle Keith Martin Director.
PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.
Visibility. Intelligence. response Information Security: Risk Management or Business Enablement? Mike Childs Vice President Rook Security.
Checking and Corrective Action EPA Regions 9 & 10 and The Federal Network for Sustainability 2005.
Staff Assessment Technology Services Department Palmyra Area School District.
Impact Research 1 Enabling Decision Making Through Business Intelligence: Preview of Report.
IS3220 Information Technology Infrastructure Security
Mobile Device Management and Accountability Multnomah County Auditor’s Office.
Impact Research 1 Deploying Wireless LANs for Business Benefit Summary Document.
Internal Audit Section. Authorized in Section , Florida Statutes Section , Florida Statutes (F.S.), authorizes the Inspector General to review.
Mobile Device Management and Accountability Multnomah County Auditor’s Office Nicole Dewees.
A cross functional team was formed to review the current revenue protection process, the potential impact due to the implementation of Smart Metering.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Public Purchasing in Florida MyFloridaMarketPlace Brief September 16, 2005.
THE CONSUMERIZATION OF IT By Patricia Coonelly, Anthony Dipoalo, Tom Stagliano.
IS&T Project Reviews September 9, Project Review Overview Facilitative approach that actively engages a number of key project staff and senior IS&T.
Welcome to the ICT Department Unit 3_5 Security Policies.
Updating the Value Proposition:
Information Security: Risk Management or Business Enablement?
Legislative-Citizen Commission on Minnesota Resources July 18, 2018
1915(i)& (k) Implementation Update
JOINED AT THE HIP: DEVSECOPS AND CLOUD-BASED ASSETS
Personal Mobile Device Acceptable Use Policy Training Slideshow
Presentation transcript:

INL’s Cellular Data Stipend Jonathan Homer NLIT 2009

DOE IG-0669 “Contractor organizations to consider eliminating all use of Government-owned or managed cellular phones, where not critical to emergency response and continuity of operations, and adopting a flat rate reimbursement program for employees using personal cellular phones for official business.” - Recommendations, Section 2

User Experience Except: - Changes in Travel Plans - Unexpected Child Care Changes

Manager Experience

Cellular Department

User Experience

Manager Experience

Cellular Department

What Is A Stipend? Prepaid Compensation Covers business-use costs associated with cellular phone and/or data Pre-Tax Dollars

Result Of Stipend Implementation – Users Nearly eliminated “audit fear factor” (3% reportable vs. 60% previous program) Increased exposure to new technology through new devices and networks Reduced environmental impact by elimination of redundant equipment and services

Result Of Stipend Implementation - Management Reduced Labor Costs Reduced Audits and Assessments Eliminated Equipment – No INL hardware life cycle costs Prevents Legacy Accounts – Integrated into termination process

History 2005 INL Internal Audit led to a Business Council initiative to examine cell phone functionality and efficiency, reduce audit/compliance exposure, and avoid potential unallowable costs Office of Inspector General (OIG) Report DOE/IG-0669, Use and Management of Mobile Communications Services – recommended that the Department reimburse federal and contractor employees for the use of personal cell phones for official business INL implemented Cellular Stipend Program for voice service in 2006 Piloted data service in INL Internal Audit said about Cell Phones & Voice/Data Devices ► Wireless Tracking Database is not accurate – Vendor billing data and database do not agree – Database does not include T-Mobile Information ► Management oversight is inadequate but difficult to improve – High personal use carries audit and unallowable cost risks – Many cell phones have inappropriate service plans – Policies need improvement/updating (incidental use, emerging technologies, etc.) – INL continued to pay monthly service charges for lost, damaged and/or unassigned (e.g. terminated employee) cell phones ► Employees vulnerable to equipment abuse issues

What To Fix / What Not To Reduce Costs Reduce Audit Exposure Maintain Security Reduce Customer Exposure to Audits (misuse) Improve Customer Relations Decrease per-line costs Expand Data Connections (iPhone, etc) Increase Customers Paycheck

3 Step Process Setup the System Run The Pilot Get Customer Buy-in

Setting Up The System Have a Plan – Establish what you are trying to accomplish – Integrate management goals with operations path forward Build a System – Stipends don’t work unless fully automated (Significant ROI) – K.I.S.S.

Stipend Program Screenshot

Stipend Risks and Mitigation Personal & 3 rd Party Software – bleed-over – No difference between government owned and personal – MSC is applied to both devices equally Employee termination – device may not be able to be physically destroyed – No current government requirement – Device is wiped upon termination – No greater risk than a lost/stolen device

Stipend Risks And Mitigation (cont) Security investigations – potentially more difficult – Judge’s order may be needed – Not expected to be a common issue Sensitive foreign travel – security risks – Best practice calls for employee to use a pooled phone, regardless of government owned vs. personal

Setting Up The Pilot Define the scope – At the INL: 2006: Voice Pilot 2008: Data Pilot Define The Timeframe: – INL: Learned all our lessons in the first 90 days Define the Audience: – Cross cut organizations – Audience can be relatively small (50 individuals)

Leveraging Pilot For Continual Success When setting up pilot, select individuals from across the organization Involve pilot participants in regular discussions, get them talking and spreading the word for you Actively resolve pilot participant concerns – you want all the good rumors you can get Publish your pilot’s success as part of your full deployment

Getting The Lab Onboard Again - K.I.S.S. Focus on the customer benefits Have a defined communications program – all team members should share the same story Spend 10 minutes explaining the system One-On-One experience works best

Key Selling Points One device Choice of device Choice of providers No audits for misuse No additional cost

Stipend Population 2005: Internal Audit 2006: Voice Stipend 2008: Data Pilot Program 2009: Full Stipend Program available to lab 2010: Transition Complete

Conclusion No significant security risks introduced by the data stipend No breach of financial rules An automated tracking process was essential Keys to success: Effective organizational responsibilities, policy/procedures, and defined processes

Questions Or Comments?

Contact Information Jonathan Homer (208)

Customer Surveys 300 Employees Using Stipend 50 Managers Over Stipend’d Employees 300 Employees Not Using Stipend

Business Needs

Costs

Costs (cont)

Security

Abuse

Other Statistics 91% of managers feel that the stipend program reduces the lab’s exposure to risk (audits, abuse, etc). 87% of all survey participants who were not a part of the stipend program had already heard of the program by word of mouth. 66% of non-program participants wanted more information about the stipend