Tuesday, November 18, 2014

The Prolifics Blog has Moved!

We've had a makeover! There are plenty of reasons to be excited for the new Prolifics Blog. Better design, greater search functionalities and increased reach to name a few. Best of all, our blog is now fully integrated on the Prolifics website, delivering a more seamless experience for our readers.

Please visit us at: www.prolifics.com/blog

We look forward to connecting with you through our new blog!

Tuesday, October 21, 2014

HIPAA Compliance: A Document Management Approach

Key Healthcare Challenge:
To comply with Compliance for the Health Insurance Portability and Accountability Act (HIPAA).

HIPAA Background:
The Health Insurance Portability and Accountability Act (HIPAA), and its enabling regulations, ensures patient information and records are protected and maintain their integrity.

This requires healthcare organizations to control the use and access to a patient’s private identity and medical information.

HIPAA defines regulations for:
  • Electronic healthcare transactions
  • Health information privacy
  • Security requirements
  • Unique identification for providers
  • Unique identification for health plans
  • Enforcement procedures 
Document Management for Electronic Medical Records

  • Simple and easy to implement
  • Replaces paper patient records and archives with immediate ROI
  • Enables physicians to maintain current work practices:
    • Does NOT require any menu-driven patient information input workflows
    • Can use current paper-based note taking during office visits
    • Provides flexibility to access patient charts immediately at remote locations
  • Can also be implemented in concert with a formal EMR system
    • Link external information (lab reports, correspondence from specialists, signed consent forms) to EMR records
  • Security
  • Audit trail
  • Reporting
  • Electronic Payment Standardization

  • Access and quality of care: users report very significant gains in fast access to patient information.  
  • Reduce costs associated with copying and retrieving health information. 
  • Ensure aspects of system are compliant. 
  • Health information is more tightly controlled, while at the same time more accessible to those who need it. 
  • Data is protected. 
  • Flexible and Scalable
    • Small Medical Practice Applications:
      • Electronic patient records
      • Billing, insurance EOB
    • Personnel records
    • Hospital Applications:
      • Patient records and consent forms linked to EMR system
      • Accounts Payable
      • Billing
      • HR and credentialing
      • Purchasing and supply chain

What does it mean to all healthcare organizations?
Regardless of where patient information originates - scanned from hard copy, faxed, e-mailed, PC-based or mainframe-based - Document Management Software solutions provides a secure repository that can track all aspects of patient information.

Ritesh Sujir is a Delivery Manager in the Testing Practice at Prolifics. He is an accomplished project management professional with 14+ years of experience working with Fortune 500 clients. Ritesh specializes in all aspects across project management and is accountable for the development and maintenance of project plans, risk assessments, and status reports. His recent experience includes clients in the Banking, Retail, and Healthcare verticals.

Tuesday, October 14, 2014

The Case for Penetration Testing

Penetration Testing is the method of testing that focuses on finding areas of weakness in software systems in terms of security. These areas are put to the test to determine if they can be broken into or not.

A penetration test is a proactive and authorized attempt to evaluate the security of an IT infrastructure by safely attempting to exploit system vulnerabilities, including OS, service and application flaws, improper configurations, and even risky end-user behavior. Such assessments are also useful in validating end-users’ adherence to security policies.

The fundamental purpose of penetration testing is to measure the feasibility of systems or end-user compromise and evaluate any related consequences such incidents may have on the involved resources or operations.

Reason for Penetration Testing
  • Security breaches and service interruptions are costly
    • Security breaches and any related interruptions in the performance of services or applications can result in direct financial losses, threaten organizations’ reputations, hamper customer loyalties, and trigger significant fines and penalties.
  • Identifies and prioritizes security risks 
    • Penetration testing evaluates an organization’s ability to protect its networks, applications, endpoints and users from external or internal attempts to circumvent its security controls to gain unauthorized or privileged access to protected assets.

When Should Penetration Testing be Performed?
Penetration testing should be performed on a regular basis to ensure more consistent IT and network security management by revealing how newly discovered threats or emerging vulnerabilities may potentially be assailed by attackers. Tests should also be run whenever:
  • New network infrastructure or applications are added
  • Significant upgrades or modifications are applied to infrastructure or applications
  • New office locations are established
  • Security patches are applied
  • End user policies are modified

Benefits of Penetration Testing
  • Intelligently Manage vulnerabilities
  • Avoid the cost of downtime
  • Meet Regulatory requirements and avoid fines
  • Preserve customer loyalty and corporate image

How to Conduct Penetration Testing
  • It starts with a list of Vulnerabilities/potential problem areas that would cause a security breach for the systems.
  • If possible, this list of items has to be ranked in the order of priority/criticality.
  • Devise penetration tests that would work (attack your system) from both within the network and outside (externally) to determine if you can access data/network/server/website unauthorized.
  • If the unauthorized access is possible, the system has to be corrected and the series of steps need to be re-run until the problem area is fixed.

Criteria for Selecting the Best Penetrating Tool
  • It should be easy to deploy, configure and use.
  • It should scan your system easily.
  • It should categorize vulnerabilities based on severity that needs immediate fix.
  • It should be able to automate verification of vulnerabilities.
  • It should re-verify exploits found previously.
  • It should generate detailed vulnerability reports and logs.

Some of Tools Used for Penetration Testing
  • Metasploit
    • This is the most advanced and popular Framework that can be used to for pen-testing. It is based on the concept of ‘exploit’ which is a code that can surpass the security measures and enter a certain system. If entered, it runs a ‘payload’, a code that performs operations on a target machine, thus creating the perfect framework for penetration testing.
    • It can be used on web applications, networks, servers etc. It has a command-line and a GUI clickable interface, works on Linux, Apple Mac OS X and Microsoft Windows. 
  • WireShark
    • This is basically a network protocol analyzer –popular for providing the minutest details about your network protocols, packet information, decryption etc. It can be used on Windows, Linux, OS X, Solaris, FreeBSD, NetBSD, and many other systems. The information that is retrieved via this tool can be viewed through a GUI, or the TTY-mode TShark utility. 
  • Core Impact
    • CORE Impact Pro can be used to test mobile device penetration, network/network devise penetration, password identification and cracking, etc. It has a command-line and a GUI clickable interface, works Microsoft Windows. This is one of the expensive tools in this line and all the information can be found at below page.
Penetration testing must be performed to manage 
  • Intelligently Manage vulnerabilities
  • Avoid the cost of downtime
  • Meet Regulatory requirements and avoid fines
To learn more about Prolifics' testing solutions, visit: http://www.prolifics.com/solutions/quality-assurance-testing

Ritesh Sujir is a Delivery Manager in the Testing Practice at Prolifics. He is an accomplished project management professional with 14+ years of experience working with Fortune 500 clients. Ritesh specializes in all aspects across project management and is accountable for the development and maintenance of project plans, risk assessments, and status reports. His recent experience includes clients in the Banking, Retail, and Healthcare verticals.

Tuesday, September 30, 2014

The Key to a Successful ECM Solution

Without intending to diminish the features of ECM, I think it's important that we recognize that most of what we rely on for content management and document management is the solution that wraps around the core capabilities of ingestion, extraction, storage, rendition, metadata, classification, retention, and workflow within ECM platforms. In the vast majority of solutions, the user experience is not driven by the ECM core capabilities. It's delivered by a business activity aligned user interface that supports a work task with the content, metadata, and workflow necessary to get the job done.

In the solution narrative, business users are so important that they get forgotten. Establishing an ECM platform can be a sizable investment, and the temptation is to aim for generic user interfaces and start by pushing out of the box capabilities onto users. When that works, I'm all for it! ECM can be done on a configuration basis, and new UIs like Content Navigator do so much more than prior front ends were capable of. Unfortunately, that doesn't work very often.

The reality of our world - or so my selection of specific smartphone apps informs me - is that successful adoption is tied to a user experience first. Capability is the second factor. Reliability is the third. What came out of the box is pretty much an infrastructure concern, and most users are happily unaware of the underpinnings and the technology that they rely on unless it breaks down too often or they lose their data or it requires a manual to use.

Solutions leverage ECM. ECM out of the box is not, per se, a solution. There's so much more we can do with the digital paper trail of our organizations. We do that by enabling the business solution with ECM and enhancing the business capabilities with the content and metadata and content initiated workflows within ECM. Out of the box is great when it comes to delivering the engine, transmission, and chassis. Business users get excited when you bolt on the rest so they can go for a drive.

Joe Ruske is the ECM Technology Manager at Prolifics. He has over twenty years of experience in Information Technology including analysis, design, development, integration, facilitation, vendor management, and management. His professional expertise includes business process design, information systems architecture, software design, security, heterogeneous systems integration, project implementation, and client management. 

Mid-Level Company Mobility Program - iOS or Android?

Case at Hand:
A mid-sized company with a workforce of 500+ employees, out of which 40-60% are stationed at client locations more than 50% of the working hours. The company wants to provide a mobile platform to keep the employees connected at all times. With BB on its way to decline, the company decides to establish a new mobile computing platform for its employees, along with a BYOD support option, provided the mobile device is compatible with the company network and user has complete documentation supporting his/her proof of purchase etc.

Evaluating the various options, the company IT admins should look into the following factors here:

Getting the Work Done: 
Both android iOS supports MS Exchange accounts, android even has the meeting invite response.

Both android and iOS support MS office. There are multiple 3rd party app providers for working with MS office on both leading mobile platform. Google recently even release Google Docs, Sheet and Slides – which have the native capability to edit the MS office 3 most important formats – Word, Excel and PowerPoints, and that too for free! Also google drive provides a large cloud drive for free which can be used for free and seamlessly integrates with Google’s office solutions.  So, a ‘+1’ for android in this department.

Network Support for Admins: 
This is important – as there is a BYOD option that the company wants to explore. However if the company decides to go with android instead of iOS, the network admins are sure to have a tough time due to android fragmentation. Even if most of the android users are on KitKat (4.2+), the various UI customizations by the OEMs can still create nightmares for the admins trying to troubleshoot device related issues over a call. Here the iOS scores +1 due to vertical integration between software and hardware and minimal fragmentation and more or less the same UI over all iOS devices.

Both android and iOS provides robust security with device encryption and remote wipe features. iOS maintains an edge here as android devices are easier to unlock bootloader and obtain ‘root’. It’s also easier to ‘sideload’ applications in android than in iOS which can be security admin nightmare.

Also starting from iOS 8 the device encryption will be switched on by default. Starting with Android L google is rumored to keep android device encryption switched on by default which will give it added protection. However despite all this, the perception of security in iOS is more than that of android as it had issues of malware infections in the past through the official Google Play Store. Due to fingerprint scanner present on all newer iOS devices, iOS gains one more +1 here.

Cloud Implementation: 
Google’s cloud services are much robust than apple’s which is just foraying into the cloud area with its iCloud initiatives. Android can use enterprise J2EE backend services, whereas iOS is a bit limited in scope in this area. Hence developer support can be better for android than iOS due to the popularity with J2EE framework. +1 for android here

Killer Apps: 
For many Google maps and Google Now are two killer apps that overshadow the apple maps / Siri by a large margin. Google seamless integration of data across its multiple services results in a much powerful contextual device. Regarding other apps, google and Apple are almost tied as both platforms carry almost all the required apps by developers. The android emulator is supposed to be one of the best and hence app development is a breeze. +1 for Android here.

Office work – Google
Network admin – iOS
Security – iOS
Cloud implementation – Google
Apps / Solutions – Google

The company management should allocate weights to the various parameters and evaluate the costs associated with network administration of each platform. As of now both platforms are quite competitive and provide their own sets of value addition and challenges for a company-wide BYOD program.

Monday, September 8, 2014

Adding IT Value to Evolving Business Models

Executive Summary:
Change has become the new normal across industries. The healthcare industry is dealing with changing market dynamics and is only now realizing the full impact of the Affordable Care Act. The financial services sector is facing growing regulatory challenges on one side and the opportunities offered by the recovering global economy on the other side. The US retail and B2B banking sector is under the impact of changing customer preferences vis-à-vis mobile banking. US Retailers are also dealing with domestic “low price” challengers and the avenues offered by the investment opportunities in the emerging economies, especially in the e-commerce sector. Manufacturers have the need to optimize the production and supply chains in order to lower costs. This article explores how effective IT decision making could help firms deal with the constant flux in their business models.

The market dynamics in healthcare is changing, as the firms involved understand the true impact of the Affordable Care Act. There is increased competition because of insurance exchanges and the existing market shares are being disrupted (see exhibit 1).The reimbursement models are being updated, the healthcare networks are evolving and the Medicare market is expanding as more baby boomers retire. Hospitals are revamping their service delivery models to better improve patient outcomes and insurance companies (payers) are trying to negotiate better contracts with hospitals (providers) and formulate the most optimal benefit plans for patients. Under such a scenario, it’s critical for both the payers and providers to understand the evolved preferences of the old and new clients/customers. Do customers prefer a high deductible plan with wide coverage or a low deductible plan with narrow coverage? What type of group insurance are the employers demanding with geographically diversified work force? Are more employees telecommuting to work and if yes, have their insurance needs changed?

The second key aspect is to re-evaluate the firm’s business value. How can I drive better business value in the changed landscape? Are we targeting the correct market segment? Are our plans/benefits still relevant? Are our claim adjudication systems capable of meeting the new SLA’s? After deliberating on the above questions, the firms have to assess the capabilities that need shoring up. Creating a rules based, flexible reimbursement, network, contract and benefit management systems and having a better control of the business processes by automating them will help the insurance companies. Since the changes are continuous, it’s beneficial to set up a Service Oriented Architecture within the enterprise and better integrate the disparate source systems. Firms can deal with changes better when a service oriented enterprise is created.

Exhibit 1:
Financial Sector:
As the global economy recovers from the financial crisis of 2008, it presents both challenges as well as opportunities. Various regulatory requirements put in place such as Basel III, Dodd Frank Act, Simpson-Bowles Plan etc., to prevent a repeat of the financial crisis force significant changes to the business model of the financial firms. A KPMG study on the impact of regulations on the financial services sector predicts a high impact on the net income of the firms (See exhibit 2). With these regulatory changes, firms have to update their IT systems to better capture critical data. Firms are better off undertaking an effort to optimize their IT infrastructure, overhauling their enterprise application security, enhancing their digital user experience interfaces to capture additional data and migrating and modernizing their IT applications. These efforts could be staggered to prevent disruptions to the everyday business but are very critical to effectively comply with regulatory requirements. 

The recovery of the global economy also provides new opportunities for growth to the sector. As new business models are discovered and new market segments identified, the firms have to put in place business processes and rules to capture those segments. Digitizing business processes and rules gives better control to the firms and the required flexibility to deal with any future changes.

Exhibit 2:  

The new retail and B2B banking customer is increasingly conducting his/her transactions via the mobile application. As per a McKinsey & Co survey, today 65 percent of customers interact with their banks through multiple channels. Human interactions are generally reserved for more complex problems: only 25 percent of agent phone calls are inquiries that could be serviced in other channels. Banks that do not provide the seamless banking experience to customers across various channels – branch, mobile and web – risk the possibility of losing out the customer’s business to other banks that provide a seamless experience. Effective mobile strategy that provides banking value to the customer and also provides banks an ability to cross sell products to the consumer similar to a physical branch is needed. Banks need to adopt cloud mobile development platform such as IBM Worklight to quickly create mobile applications and roll it out to the end consumer.

In a B2B setting, banks that can quickly set up new accounts and add/update financial products to the banking business customer can capture additional market share. The sales representatives should be able to present the product information and capture customer information on a tablet. Designing and selling new financial products that offer convenience to the businesses will provide the competitive edge to the banks.
US retailers are being challenged over price by “online only” retailers such as Amazon and other competitors that are offering e-commerce channel. The retailers are struggling to reduce high costs due to big investment in stores. A key method to reduce high inventory costs is to have an integrated supply chain visibility and to be able to sync the merchandize ordering with that of supplier inventories. Also retailers can no longer have fulfillment channels in silos. There is a need to integrate the fulfillment channels and provide visibility across – a consumer should be able to add a desired product to their wish list on the website, review that product in store, purchase the product in store or place an order online and receive the product. The product return procedures should be similar irrespective of where the product was purchased. In order to provide the new business value, the retailers need to transform the customer digital experience, better integrate their source systems and modernize their IT applications by moving them into new platforms.

 E-Commerce provides an exciting opportunity in the emerging markets. As per RESEARCHANDMARKETS study, the e-Commerce industry in India is expected to grow at a CAGR of 40%, from US $ 5.9 billion in 2010 to US $ 34.2 billion in 2015E. An India based e-Commerce retailer, Flipkart, recently raised $1 billion in fresh funding. Amazon is increasing its presence in India as well. The emerging middle class of the developing economies provides a huge opportunity for the retailers. The new consumers with disposable income favor purchases of latest technology products, mainly electronic goods, over the internet. There is a significant margin that could be captured here. These new markets provide additional area of growth for those retailers with global ambitions. The retailers should fortify their e-commerce offerings and build a strong supply chain integrated with their e-commerce sites both over the web and mobile. The proliferation of smart phones in emerging economies also provides a huge opportunity in the m-commerce space. The mobile development strategy is critical to capture this opportunity.
With increased competition from global competitors, US manufacturers face a growing need to optimize production and reduce costs. It is more critical than ever to identify the core strengths in manufacturing and outsource any parts that are better off supplied by a supplier with a low cost. The manufacturers need to constantly evaluate available supply chain options and choose the most cost effective option. As per a KPMG survey, many manufacturing executives (49 percent globally; 54 percent U.S.) admit that their companies currently do not have visibility of their supply chain beyond Tier 1 suppliers. Moreover, only 9 percent of the 335 global respondents of the 2013 KPMG survey say they have complete visibility of their supply chains. This number is even lower among U.S. executives, with only 7 percent claiming complete supplier visibility (see exhibit 3). Adopting a robust Business Analytics and Decision Management solution is a key lever in the changed landscape. Using a business analytics and reporting software such as IBM Cognos provides the manufacturers with access to real time data on production capacity, inventory management, supplier inventories, budgeting, forecasting etc., so that  more informed decisions could be made.

Exhibit 3:

While updating the business model to better deal with the changing landscape is a challenge, overhauling and effectively implementing an IT ecosystem will help smooth the journey to a great extent. Taking the help of advances in IT will help to reduce the productivity disruptions caused while modifying the current business model. Choosing a trusted IT business partner that can provide holistic IT services will also go a long way in alleviating this pain.

To learn about how Prolifics provides business value to clients around the world, visit www.prolifics.com.

N.R. Vijay is a Solution Architect in the Business Process Management division of Prolifics. He has over 10 years of consulting experience across domains such as Retail, Healthcare and Banking. Specializing in technology, management concepts and enterprise strategy, he is focused on change management and process improvement initiatives. He co-authored a whitepaper titled "Improving Customer Loyalty through Business Process Optimization and Advanced Business Analytics"

Wednesday, August 27, 2014

Achieving Regulatory Compliance with Decision Management

The 2008 financial crisis affected each of us in some manner. In particular, financial institutions and banks felt most of the heat. There were several repercussions of this crisis in the form of increased regulations and various legislation in an effort to curtail such an occurrence in the future. The aim of such regulations is to maintain confidence in the financial system, to increase financial stability, to protect consumers at some level and to reduce financial irregularities.

Since financial institutions now live in a climate of increased compliance and regulation, there has been an increase of consulting firms – both technical and advisory – in providing specialized services to help these institutions implement regulatory compliance so that these institutions can focus on their business while complying with these ever changing regulations.

It would be futile to jump into a solution of how this can be achieved without understanding what regulatory compliance means. Compliance means conforming to a rule which can be a policy, standard or law. Regulatory Compliance describes the goal that companies aspire to achieve in order to comply with relevant laws and regulations.

Where do business rules fit in the picture?
Business rules are by definition a statement that describes the policies or constraints of an organization. Since compliance requires conforming to a policy in general, business rules fit the perfect picture as a placeholder of such policies. This is for various reasons. First, rules are repeatable and tractable to automation. Second, rules are transparent and easily traceable. This makes for increased visibility of the policies which are to be complied with. Business rules implemented with IBM’s Operational Decision Management software can be exported to a word or excel document, and even be emailed to an organization’s legal department in the format they are written. Third, rules can be changed easily with zero down time to make the change to production. This helps organizations cope with an ever-changing regulatory environment and allow them to focus on its business rather than inviting preseason resources keeping up with a changing regulatory environment.

How can regulatory compliance be achieved by Operational Decision Management (ODM)?
The best way to describe ODM’s capabilities for regulatory compliance would be to take existing compliance policies that firms have to constantly deal with, and propose an implementation using ODM. We take one of the most challenging regulations that was recently (2010) enacted by the 111th US Congress – it is the Foreign Account Tax Compliance Act or more popularly known as FATCA. The act aims to tackle tax evasion by US Citizens to tax havens or strong data protection countries like Switzerland. Foreign financial institutions like banks, insurance firms and fund houses are affected by FATCA and need to comply with FATCA regulations. Individuals with US nationality, US address or phone number and corporations with substantial US ownership are affected by this legislation. Complying with FATCA became so complex and necessary at the same time that IBM has offered a specialized FATCA solution in their offerings.

One of the challenges FATCA brings is the amount of information it requires an organization to process which especially creates a hassle to the organization’s technology platform. There are three different impacts to the technology platform with FATCA – customer classification, transaction monitoring and finally IRS reporting.

In our business case example, let us study customer classification. In order to comply with FATCA, financial organizations have to collect a W-9 form from all account holders who are US Persons. This is clearly business logic which can take an ugly and complex turn when implemented in application code. The solution: WebSphere Operational Decision Management (ODM). The above business logic can be copied word to word and represented in the form of a business rule. It can be created in what is called a rule designer. This is how the same business logic looks like when written in ODM as a business rule:

The above business rule can be exported as-is to what is called the decision center which is the special portal that business users have access to with the ODM suite of products. Decision Center gives immense visibility to the rules across an organization. Major stakeholders can log in to this portal and view the contents of critical decision tables or business rules. Returning to our scenario above, the same FATCA rule when deployed to the decision center, can be edited by business users by click of a button. Clicking on the “Edit” link below, the rule can be easily modified by a non-technical user:

Any changes to these business rules in general can be directly deployed to production environment, through the decision center portal. Obviously, there are various recommended governance strategies that provide checks and balances along with regression testing, so that incorrect information is not pushed to production servers. Nevertheless, the capability to change an existing policy (or a decision table) is available with ODM.

Regulations are here to stay and the sooner organizations adapt to implement compliance with these regulations, the better they will become for their competition. In our example for FATCA we just saw how ODM can be leveraged to implement changes at a lightning pace. There is much more that can be achieved with ODM, this just gives a small glimpse of what your organization can look forward to when selecting ODM as a solution to meet your organization’s compliance.

Akshat Srivastava is a Senior ODM Consultant at Prolifics with about 7 years of experience in the IT industry having worked in insurance, banking, retail and public sector companies. He is experienced in all aspects of the development life cycle, including bottom-up estimates, analysis, design, development, testing, release management, and bug-fixing. He has created rule based solutions at various clients, authored rule repositories and best practice documents while focusing on WebSphere Operational Decision Management as the implementation environment. He has also created BPM applications for client onboarding for leading financial institutions. Akshat holds a bachelor’s degree in computer science from California State University.