www.jigsawtree.com
Follow us on
Piece’s 03
In this issue...
Our services
A case study from
one of our clients
Technology
Regulatory
Is it time you
took a fresh
look at your
IT security?
New version of GABRIEL
is now available – learn
more below
Welcome to edition number 3,
we hope you enjoy the read.
Last weekend I attended the last football match with Sir Alex Ferguson in charge
and it was a fantastic match with an unbelievable 5:5 draw to West Brom.
The atmosphere in the stadium was highly charged
and the Manchester United fans clearly assumed
the win was theirs as they were 3-0 and 5-2 up but a
second half hat trick from Romelu denied a final
farewell victory. It made me think about our business
and how we achieve some great results for clients
who are overwhelmed about changes that they need
to make in their business.
Being a small business means that we have to be
clear on the tactics we will employ and work
collaboratively with the client and others to achieve
the desired outcomes.
By working in this way we build a team in order to be
able to deliver achievable goals before the final whistle.
In this months newletter we have included a case
study of a client who went through significant
changes and we worked alongside them to make
sure the transition worked well and the staff were
included in the journey. We have an article written
by Ron Hulme of CM Systems who specialist in IT
insfructure and are experienced in working within
the financial services sector, which I believe sets
them above others working in that space. Finally the
FCA have made some changes to the Gabriel report
which we have given some more details on.
As always we hope you enjoy the read and welcome
your comments, feedback and suggestions for
inclusion in future newsletters.
Our services
Carpenter Rees engaged
with Jigsaw Tree during
2012. Learn more about
their experience and the
outcomes they achieved.
1. What has been your experience with
Jigsaw Tree in the following areas:
Feel of the consultancy
The feel of Jigsaw Tree consultancy was very professional. Our
organisation has been through significant change recently, including a
management buy out where we have gone from being part of a plc
group of 120 employees, to a smaller company of 20 employees. With
RDR looming we needed help and Jigsaw Tree provided the clear
guidance we required.
Outcomes of the consultancy
Jigsaw Tree enabled us to step back and take a look at our business
model. Jigsaw Tree provide impartial, professional and most importantly
for us, an independent approach to change.
The service Jigsaw Tree provided helped us review and interrogate our
internal processes and as independent consultants, were able to ask the
difficult questions from an external perspective. It helped us get the
message across that we where taking our approach to change seriously
and Jigsaw Tree’s breadth of knowledge and experience gave us some
fantastic ideas for improvement.
2. How has it changed the way you work:
Improved systems
Where we used to work well as individuals with the software and
systems we now have a more uniform approach for all users.
Improved communication
Jigsaw Tree’s ‘fridge’ approach enabled us to determine the true feeling
of our staff and highlighted unknown issues and made it possible for the
company to embark on a collective journey for change. It also made it
clear how important it is to communicate and keep everyone informed of
change and why it was taking place.
Improved reporting
Our reporting has been improved because the driver for our change
process was determining the desired outcomes and outputs at the start
of the process. “We started with the end in mind”.
3. What differences has it made to the people
in your company:
We have been through a lot of uncertainty and Jigsaw Tree has enabled
us to work together as a team now from management through to the
consultants and administration team.
4. Why would you recommend Jigsaw Tree
to other users?
Jigsaw Tree provides consultancy across the organisation from
management functions, to software providers and day to day running of
the business. Jigsaw Tree provides the whole package.
5. Do you have any advice for other organisations
embarking on a consultancy process?
Our advice to others would be open your organisation to change, be
prepared to listen and engage with the process.
Technology
Business’s spend large
amounts of money on
systems and tools that
protect the business from
intrusion from the
outside…. but what about
the threat from the
inside?
Most people know that a firewall is used to protect unwanted intruders. It’s
a layer of protection from the outside, and depending on type and cost will
go beyond a simple filter of unwanted traffic. Properly used it can even
allow unwanted traffic into a network under controlled surveillance.
Properly configured it can provide protection for both the network
communications and any secondary WIFI guest networks and restrict
rogue infected machines who have hopped onto it.
Firewalls like end point Anti Virus software provide protection against
unwanted malware, virus and Trojans. Software tools available from an
Internet browser will provide protection from Identity theft or Phishing
although web filtering systems are more sophisticated and protective in
feature for those with more budget
Email filtering and deep quarantine cloud systems, specialise in preventing
unwanted mail even reaching a business network and provide options in
the event of connectivity failure. Knowledge of these services and how
they interact with the general network programs and the user culture is a
bigger requirement than the acquisition of the products and services being
used. The combined understanding of a business sector and best IT
practice add icing to this cake.
Personal Tablets and portable devices (iPads, iPhones, laptops etc.) are a
potential risk, because they are often loaded with films, music even file
sharing applications which may not even be free of virus. Quite innocently,
both the user and the WIFI owner won’t know that this device is posing a
threat, because the perimeter is configured with basic features rather than
customized to suit the needs of the user culture. These devices often hold
sensitive client data which could be at risk because the personal software
held on them is not ring fenced from the business data. Many firms do not
look at the protection on them and plan for how to react if the device is
lost. Encryption software and security wipe features may be an additional
cost but show that a firm is taking their data security seriously.
If securing the perimeter is a necessity, then policing the network on the
inside is a priority. Ironically, a business will secure its network with layers
of protection to secure threats from the outside but grant unsolicited
access to the Internet from the inside without a user policy, without access
filtering or blocking to known dangerous sites. A business will allow
company emails without disclaimer signature and allow all network users
to load software from any source, upgrade software without test or known
intelligence of its bugs or how it will affect other applications running on the
network. In addition to this they may grant users freedom to take data from
the network, and bring it back on a stick or other device from their home
computers, which may or may not be protected and thereby innocently
transfer malware, or greater threats to the network integrity.
Full use of Group Policy in Microsoft Windows Server software will
empower users but control and prevent them from creating threats to
network security. The restriction of use of the Network Administrator
password, not to be taken lightly must be enforced. The rotation of
network user passwords and implementation of a password policy should
be enforced as, too, should user restriction of general user rights. Data
can not be protected if every user has full admin rights to move, delete or
extract files and folders. Businesses are not secure if all staff can load any
software or customize his or her computer. Protection from the outside is a
threat but an even bigger one is from the inside where you least expect it.
Is it time you took a fresh look at your IT security?
For further information contact:
Ron Hulme
[email protected]
0203 307 0370
Regulatory
New version of GABRIEL
is now available
The FCA have now published information on the new version of
Gabriel which includes a new quarterly update for technical users and
Independent Software Vendors, this would be an opportune time to
check with your back office providers to ensure they are keeping pace
with the new updates that will be available from the FCA.
The question is, if the structure and information required changes, how
long will they allow the software vendors to make the relevant recoding
for their technology?
The changes that have been made seem to be minor and include
the following:
Problem corrected where RMA-L was missing from the schedule
where some firms who were required to provide information on
consultancy charges under PS11/13). All firms should check to
ensure whether they should be providing this.
Labels in section RMA-K have been reworded on rows 4,5, and 6 to
ensure their meaning is clearer and this follows feedback from firms.
Previous formatting issues in relation to IE8 have been resolved.
There is also a section of submission of Non-Gabriel Paper (NGP) and
this is the term that the FCA have given to the reports that have to be
submitted outside of our electronic system. These can be sent to the
FCA by email using [email protected] or mail and fax.
When these are issued remember to include your firms reference
number (FRN) and the name of the report being submitted and the
reporting period it covers in the subject line, if sending by email.
Changes to RMA-G if you enter data where your firm does not hold
those permissions an error message will appear during validation.
Whilst these changes appear to be minor it is important to ensure that
when data is submitted to the FCA it is done so in the required format.
In addition to this having confidence that your technology partner is
keeping pace with any changes so that you get the data you need in the
right format, will save you time.
business improvement is a journey not a race
e: [email protected]
www.jigsawtree.com
Follow us on
© 2013 Jigsaw Tree, all rights reserved.
Registered Number: 07969155. Registered Address: 117 Battenhall Road, Battenhall, Worcester, WR5 2BU