March eNews Preview: Documents, Technology and People
ERP, Events March 15th, 2010
From our friends at Acom
Designing a Document Management Strategy is complicated. Concentrate on three elements: Documents, Technology and People. These three elements are essentially the “what, how and who” of your document strategy: what documents are important, how they are produced, and who cares about how they perform.
Documents are, naturally, the subject of your strategy. In order to increase the strategic value and tactical effectiveness of your documents, it stands to reason that you should determine which ones are the most important to your organization. Identify the “vital few” documents that offer the highest return and the best likelihood for success in terms of meeting the needs of your organization. Target these documents in your strategy.
Technology enables the document process. Computers, printers, databases, networks, and all their associated systems and programs are the means by which documents are created, produced, and processed. This is an area that most of us have little trouble concentrating on (almost to a fault), but by performing a fresh and comprehensive survey of the technology used to produce your target documents you establish a technical grounding for your recommendations. Once you understand your current capabilities you are in a better position to make meaningful and intelligent choices about trends in technology that might improve your process.
In the end, people are the reason documents are produced - without cavemen there would be no cave drawings; without people there would be no documents. It seems reasonable, therefore, that the people who populate the document process in your organization are the best people to describe the process. Examine your “document constituency.” Who are the people who create, use, and care about your documents? Recognize and incorporate their needs and objectives into the scope of your strategy. Authors, readers, producers and stakeholders all have specific, varied, and sometimes conflicting, interests. Include these interests when designing your document strategy.
Read more here, and attend our free webinar for more information about creating your Document Management Strategy!
Tuesday, April 20, 2010
11:00am Pacific Time
Register here.
![[Facebook]](http://174.141.5.213/wp-content/plugins/bookmarkify/facebook.png)
![[LinkedIn]](http://174.141.5.213/wp-content/plugins/bookmarkify/linkedin.png)
![[Twitter]](http://174.141.5.213/wp-content/plugins/bookmarkify/twitter.png)
MAS 500 Warehouse Automation Changes
Uncategorized March 11th, 2010
To MAS 500 Warehouse Automation customers:
Effective April 1, 2010, there will be several important changes regarding the Sage MAS 500 Warehouse Automation module that you should be aware of. The Sage MAS 500 Warehouse Automation and LabelXpert solutions have always been developed by Scanco, and marketed and sold by Sage under an OEM agreement (similar to common private label business practices). The agreement with Scanco is scheduled to end on March 31, 2010, resulting in several changes.
Given Scanco’s extensive product knowledge as the developer of Warehouse Automation and LabelXpert, we expect this to be a smooth transition, and many things will remain the same, such as:
• No interruption in product usage
• Warehouse Automation and LabelXpert products will continue to be available (from Scanco instead of Sage)
• No change to product pricing
• Customer support will continue without interruption
• No change to support hours (9:00 AM – 8:00 PM Eastern Time)
• Scanco will continue all product development and updates
CHANGES STARTING APRIL 1, 2010
Several changes will take place starting April 1, 2010.
SUPPORT CONTACT – Customers with existing support contracts will continue to be supported by Scanco without interruption. For plans expiring after March 31, 2010, Scanco will process renewals of support plans for Warehouse Automation and LabelXpert modules. Scanco offers one support plan that includes unlimited support cases, priced at 20% of list price.
Sage will continue resolving any existing Warehouse Automation support cases opened by March 31, 2010. Any new support cases starting April 1, 2010 should be directed to Scanco. Scanco’s hours of support operation will be the same as Sage (9:00 AM – 8:00 PM Eastern Time).
Scanco Support: 877-722-6261 or support@scanco.com
PRODUCT NAME – In the future, the Warehouse Automation solution will be referred to as: Scanco Warehouse Automation for Sage MAS 500. Product information is available on Scanco’s web site at www.scanco.com.
PRODUCT DISTRIBUTION AND INSTALLATION – Warehouse Automation is already included on the Sage MAS 500 v7.3 product DVD, and may be installed from the v7.3 DVD. The next release of Sage MAS 500 v7.4 (mid-2011) will not include Warehouse Automation or LabelXpert, and Scanco will distribute versions that are compatible with v7.4.
Scanco will distribute all product updates and hot fixes for Warehouse Automation and LabelXpert starting April 1, 2010 (future Sage MAS 500 Product Updates will not include Warehouse Automation).
LICENSING AND REGISTRATION – In the short term, Sage will continue to issue license keys to unlock Warehouse Automation. Scanco is working on new licensing capabilities that will allow them to control licensing of their products. Details will be announced when the new Scanco licensing program is available.
If you have any questions about any of these changes, contact Blytheco by phone at 800.425.9843 or by email.
MAS 90-200 Version 4.4 Integrated Solutions Matrix
ERP, Sage Software March 5th, 2010
A new Integrated Solutions Compatibility Matrix (link below) has been published for MAS 90 and MAS 200 Version 4.4.
The matrix shows version compatibility info for products that work with MAS 90 and MAS 200, such as Crystal Reports, FAS, FRx, and more.
Questions? Contact Blytheco by phone at 800.425.9843 or by email.
Sage will be performing data center maintenance this weekend on Friday, March 5th, 2010 at 11:00 pm ET. During this time, the Sage MAS 500 registration server will be intermittently unavailable.
If you experience registration issues, please wait 30 – 60 minutes and retry your registration.
If you are still unable to successfully use the registration functions over the weekend, please contact Blytheco at 877.411.2339 during normal business hours of Monday through Friday, 8:00am Eastern Time through 5:00pm Pacific Time.
Document Management: What’s Your Strategy?
Uncategorized March 1st, 2010
What single aspect of business is critical to profitability yet “owned” by no one? The answer is: the Document. After all, most organizations have an IT director, but how many have a “document director?” The result may be a proliferation of documents that do not effectively serve corporate objectives.
To see the consequences, imagine a corporate strategy that includes these three basic elements:
- Increase Revenue
- Decrease Costs
- Increase Customer Satisfaction
If, for example, customer documents are daunting or confusing, and communication is unclear, what will be the effect on these basic corporate objectives? Customers may either be late with their payments or not pay at all. The result: revenue will decrease. Customers may call the company for clarification. The result: costs will increase. Customers may become frustrated and angry about the way the company does business. The result: satisfaction will decrease. What will result in the end is a total reversal of the fundamental corporate objectives.
Consider the consequences when looking at internal processes.
In this case, corporate strategy may be:
- Decrease Effort
- Increase Productivity
- Reduce Labor (headcount)
If internal documents are misleading, hard to find, outdated or inaccurate, what will be the effect on work processes? More effort will be required and productivity will decrease. Eventually, additional staff may be needed; as a result headcount will increase. Once again: a total reversal of corporate objectives.
Alignment of Strategies
The essential questions are:
- What is your corporate strategy and how can your document strategy support it?
- What IT strategies are needed to enable both?
How we manage documents has a great deal to do with how we manage business. A document strategy can help make documents part of the success of a business rather than one of the problems.
Learn more about Blytheco’s document management solution. Attend our free webinar: “Go Beyond Paperless with ACOM Solutions.”
Tuesday, March 16, 2010, 11:00am Pacific Time. Register here.
New SPMs for MAS 90-200
ERP February 25th, 2010
Sage has published new Supported Platform Matrices for MAS 90 and MAS 200 as of February 16, 2010, showing supported hardware and operating system configurations for Version 4.4.
Payment Card Security
ERP, Professional Services February 24th, 2010
As published in The South Carolina CPA Report, by Blytheco consultant Don West, CPA, CISA, CISSP, PMP, CITP.
Albert Gonzalez and two others were charged in August with hacking into the computer systems of Heartland Payment Systems, 7-Eleven and Hannaford Brothers and stealing data on over 130 million credit and debit cards. Gonzalez was already in jail on charges that he had hacked TJX (T.J. Maxx, Marshals and more). That case involves 47.5 million cards. In each case the intrusions went on for months before being detected.
If an organization stores, processes or transmits payment card Primary Account Numbers (PAN) it must comply with the industry requirements for data security. Compliance doesn’t guarantee security but it helps. Not complying can result in fines, adverse publicity and loss of the ability to accept payment cards.
Compliance is difficult and expensive even for larger merchants. It can be prohibitive for smaller ones. You can greatly reduce the cost and effort by reducing your exposure, by not storing cardholder data electronically.
PCI (Payment Card Industry) Security Standards Council
The payment card industry has been working for years to increase the security of card data. At first the card associations established their own policies and standards. In 2006 Visa Inc., MasterCard Worldwide, American Express, Discover Financial Services and JCB International formed the PCI Security Standards Council and agreed to incorporate the resulting standards and certifications into their compliance programs.
PCI Data Security Standard (DSS)
The foundation of the Councils work is the Data Security Standard. Version 1.2.1 was released in July, 2009. It is a very specific and detailed list of requirements for securing card holder data. It contains hundreds of requirements organized as follow:
Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters
Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks
Maintain a Vulnerability Management Program
Requirement 5: Use and regularly update anti-virus software or programs
Requirement 6: Develop and maintain secure systems and applications
Implement Strong Access Control Measures
Requirement 7: Restrict access to cardholder data by business need to know Requirement 8: Assign a unique ID to each person with computer access.
Requirement 9: Restrict physical access to cardholder data.
Regularly Monitor and Test Networks
Requirement 10: Track and monitor all access to network resources and cardholder data.
Requirement 11: Regularly test security systems and processes.
Maintain an Information Security Policy
Requirement 12: Maintain a policy that addresses information security for employees and contractors.
PCI Payment Application Data Security Standard (PA-DSS)
This standard started as the Visa Inc. program known as the Payment Application Best Practices. Its goal is to help software vendors and others develop secure payment applications that support compliance with the PCI DSS.
Qualified Security Assessors (QSAs), Payment Application QSAs (PA-QSAs) and Approved Scanning Vendors (ASVs)
QSAs, PA-QSAs and ASVs are companies and individuals certified by the Council to perform required services for the higher level merchants (See the table below).
Applicability
Applicability of the standards to a particular entity can be confusing. The main rule is:
“PCI DSS requirements are applicable if a Primary Account Number (PAN) is stored, processed, or transmitted. If a PAN is not stored, processed, or transmitted, PCI DSS requirements do not apply.”
Generally the deadlines for compliance with the DSS have passed and all merchants who meet this rule should be compliant now. Estimates of actual compliance vary.
The issuing associations direct the acquiring banks as to how they manage merchant compliance. An example is merchant levels based on card acceptance volume. The following table shows the Visa levels and validation requirements.
|
Level / Tier |
Merchant Criteria |
Validation Requirements |
|
1 |
Merchants processing over 6 million Visa transactions annually (all channels) or Global merchants identified as Level 1 by any Visa region 2 |
Annual Report on Compliance (“ROC”) by Qualified Security Assessor (“QSA”) |
|
Quarterly network scan by Approved Scan Vendor (“ASV”) |
||
|
Attestation of Compliance Form |
||
|
2 |
Merchants processing 1 million to 6 million Visa transactions annually (all channels) |
Annual Self-Assessment Questionnaire (“SAQ”) |
|
Quarterly network scan by ASV |
||
|
Attestation of Compliance Form |
||
|
3 |
Merchants processing 20,000 to 1 million Visa e-commerce transactions annually |
Annual SAQ |
|
Quarterly network scan by ASV |
||
|
Attestation of Compliance Form |
||
|
4 |
Merchants processing less than 20,000 Visa e-commerce transactions annually and all other merchants processing up to 1 million Visa transactions annually |
Annual SAQ recommended |
|
Quarterly network scan by ASV if applicable |
||
|
Compliance validation requirements set by acquirer |
Notice that Level 1 merchants, those with the highest volume, are required to employ QSAs and ASVs and submit reports. Level 4 merchant validation requirements on the other hand are either recommended or set by their acquiring bank.
Each card association sets its own levels and validation requirements. American Express for example only has three levels. The rule of thumb is that each merchant should consult their acquiring bank.
Requirements also vary greatly depending on how you handle cardholder data (CHD).
Self-Assessment Questionnaire (SAQ)
The Self Assessment Questionnaire referred to in the table above is actually four different questionnaires depending on how CHD is handled. The following table shows the SAQ Validation Types.
|
SAQ Validation Type |
Description |
SAQ: V1.2 |
|
1 |
Card-not-present (e-commerce or mail/telephone-order) merchants, all cardholder data functions outsourced. This would never apply to face-to-face merchants. |
|
|
2 |
Imprint-only merchants with no electronic cardholder data storage |
|
|
3 |
Stand-alone terminal merchants, no electronic cardholder data storage |
|
|
4 |
Merchants with POS systems connected to the Internet, no electronic cardholder data storage |
|
|
5 |
All other merchants (not included in Types 1-4 above) and all service providers defined by a payment brand as eligible to complete an SAQ. |
Type 1 merchants outsource everything and never have CHD in their systems. SAQ A has 13 questions. Types 2 and 3 either use paper only or the small terminals that are not connected to the Internet or internal systems and do not store CHD electronically. SAQ B has 26 questions. Type 4 merchants use a Point of Sale (POS) system connected to the Internet but no internal systems. They do not store CHD electronically. SAQ C has 41 questions.
Validation Type 5 merchants store CHD electronically and must answer 225 questions. Obviously the key is to not store CHD electronically.
Note: Service providers are entities that process CHD for merchants. They are outside of the scope of this article.
Onerous requirements for small merchants
The requirements of the DSS for merchants that store CHD electronically are extremely complex and expensive. Here are a few examples:
1. DSS 1.3 requires segregating the CHD network from the Internet and passing all inbound and outbound traffic through a Demilitarized Zone (DMZ). This means additional hardware, configuration and management.
2. DSS 10.5.5 requires file integrity monitoring. This means adding systems that constantly monitor critical files within the CHD system, operating system files for instance, and notify you of any changes. More hardware, software and management.
3. DSS 10.6 requires that log files for all components in the CHD system are kept for months and reviewed daily. This can be thousands of entries per day. More hardware, software and management.
his is a small sample of the requirements. As I said earlier, meeting these requirements is very difficult and expensive.
Alternatives for small merchants
Large merchants can justify implementing and maintaining compliant systems. Many smaller, Level 4, merchants can’t. The answer is to not store CHD electronically. In other words, don’t be a SAQ D merchant.
If you accept cards on line there are two basic ways to do it. I’ll use PayPal as an example. PayPal offers “PayFlow Pro” and “PayFlow Link” as ways that a web site can accept payment cards.
With PayFlow Pro, buyers enter their card data on your web site. Your system sends the card data to PayPal for processing and PayPal sends the results of the transaction back to your system. Your system stores CHD electronically and you are a SAQ D merchant.
If you use PayFlow Link, when the buyer is ready to check out he or she is sent to a PayPal web page. All card data is entered in PayPal’s system, not yours. Your system still receives transaction results but it does not store CHD electronically. You are now a SAQ A merchant.
If you are a face-to-face merchant, a retail store or restaurant for example, it can be more complicated. If your Point of Sale (POS) system does not store CHD electronically you are a SAQ C merchant. As I said above, SAQ C only has 41 questions and answering them satisfactorily is much easier than those on SAQ D. If your system stores CHD electronically, as a great number of them do, you are a SAQ D merchant.
So the question is, do you need to store CHD electronically? There are several reasons to do so. One is as a service to the buyer to make it easier to make a purchase on your web site. Amazon’s “One Click Ordering” is an example. It is automatically enabled on your account the first time you place an order and enter your information. Some people love it. It can’t work without storing your CHD electronically. Even without the one click service a lot of sites store your data just to make it easier for you to make a purchase.
If you go into a sports bar and order a drink you may be asked for a card before you are served. Some just put them in a box and hold them. (The wisdom of that and you allowing it is outside the scope of this article) Some pre-approve some amount on the card. That POS system is storing your CHD. They do it to prevent you from walking out without paying.
A very popular reason to store CHD is to handle charge backs. Frequently people will make a purchase and then claim they didn’t do it. Many merchants think they have to have the card data to prove it was a valid purchase. This is not true and even if it was the merchant would have to compare the cost of charge backs to the cost of PCI compliance. After telling a small merchant that compliance would cost him tens of thousands of dollars he said he had to have the CHD to fight charge backs. I asked him how many he had, and he said a couple per month. His average charges are under $100.
Conclusion
Payment card data security is a huge concern and will get worse before it gets better. All organizations that store, process or transmit Cardholder Data must comply with the PCI DSS. Compliance is either relatively painless or an expensive, demanding, ongoing process depending on how you accept and process cards.
Breaking News!
I mentioned earlier that Level 4 validation requirements were set by the acquiring banks. Until recently this has remained mostly a voluntary process of self assessment with no requirement to submit the forms to anyone. On August 1 BB&T notified all of its merchant account holders that they had to complete and submit the self assessment forms, including an Attestation of Compliance by the Executive Officer. First National Merchant Services and First American Payment Systems have done the same thing.
Voluntary self assessment for the smallest merchants is quickly becoming a thing of the past.
Save Time with Precise, Integrated Budgeting
ERP February 23rd, 2010
Potential car buyers may be attracted by the buffed exterior and vacuumed interior of your vehicle, but the savvy ones will kick the tires and look under the hood. Likewise, when potential investors or buyers come knocking, consider your Income (P&L) Statement the appearance of the car. Clearly important but not the whole picture.
Looking at the Cash Flow Statement is like kicking the tires. Will the tires hold up? Is your cash flow strong enough to support ongoing operations and future growth?
Even more important is looking under the hood, or at the Balance Sheet. Like a car engine to the car buyer, no other financial report gives as immediate and accurate a picture of your company’s overall health. Hence the Balance Sheet’s other name, the “Statement of Financial Position”.
The typical financial planning cycle
Despite the importance of all three financial reports, the Income Statement – the shiny exterior – gets 90% of the attention during budgeting time, due to busy schedules and inadequate tools. The Income Statement doesn’t show Accounts Receivable or Accounts Payable, so it can’t possibly tell the whole story.
In the typical scenario, after much number-crunching, the Income Statement is ready for prime-time. With only a day or so left in your budgeting cycle, the Balance Sheet is built at a 50,000-foot level – just the basics with little to no granularity of data. Precision suffers. That lack of precision flows over to the Cash Flow Statement, built of course from the Balance Sheet. The two subpar statements are manually synchronized with the more vetted Income Statement and your financial plan achieves sign-off.
Technology hurdles
Lack of time is not the only obstacle impeding accurate and thorough Balance Sheets and Cash Flow Statements. Most financial reports today are created in spreadsheets, with no easy way to capture the ebb and flow of cash, especially if using the accrual method. As a result, many companies use averages or estimates for Accounts Receivable and Payable, or ignore the Balance Sheet altogether.
Where Balance Sheets stand alone
Capital expenditures are one of many business variables that must be taken into account when conducting strategic planning. Usually, the cost of new equipment, for example, won’t appear on your Income Statement until it begins to depreciate. Until that time, the Balance Sheet is the only place you can see precisely how much capital you need when.
Many companies use the Income Statement alone for this type of analysis, adding up the amount of money they’ll lose until break even and assuming that is the amount of necessary capital. They couldn’t be more wrong. Without the Balance Sheet, they are merely guessing.
Out-of-the-box solution
Detailed, plausible and defensible financial reports are not a pipedream. The creators of Budget Maestro & Planning Maestro have been in your shoes and knew there had to be a better way, so they designed software that:
- Works right out of the box, implementing in hours and requiring little to no IT involvement
- Generates precise, integrated, synchronized, real-time Cash Flow Statements and Balance Sheets, as well as Income Statements and other financial reports.
- Builds the Balance Sheet and Cash Flow Statement off the P&L transactions so you don’t have to add data a second or third time.
- Is an affordable investment in improving your financial management and ability to make strategic business decisions.
To learn more about Budget Maestro, join us for a free webinar on Thursday, March 18, 2010, 2:00pm Eastern Time. Register here.
February eNews Preview: Useful Resources to Improve HR Management
Human Resources February 22nd, 2010
This year’s Sage Summit customer conference included presentations from top industry experts in compliance, benefits management, payroll, and HR. For those of you who couldn’t attend, here’s a recap of the highlights presented during the Sage Abra Spotlight on HR track.
Why HR is Critical in Today’s Downturn
In this session, Dorothy Knapp Hill of SHRM talked about how the economy has affected the role of HR professionals by forcing them to focus all of their attention on cutting costs. She further counseled the room about how to avoid layoffs and presented case studies of companies that were getting creative about cutting costs, avoiding layoffs, and engaging and retaining employees. Key takeaways included:
- Employees who are not laid off can suffer “layoff survivor sickness,” a term coined to reflect the negative emotions that can impact organizational performance and/or cause an exodus of workers that results in greater losses than the cuts achieved by layoffs.
- Workers are increasingly dissatisfied. 53% of employees are only staying with their present employer until the economy recovers.
- Average cost to replace an employee is 150% of the employee’s base salary, according to the Bliss-Gately “Cost to Replace Tool.”
- When we do pull out of recessions, the business environment will not be the same as before. We will emerge into full scale global competition that requires HR professionals to talk the language of business.
For additional SHRM support resources: www.shrm.com.
Windows 7 Compatiblity
ERP, Sage Software February 18th, 2010
Curious about Windows 7 compatibility with Sage products? See Sage’s Windows 7 Compatibility Announcement below.
In a nutshell:
- MAS 500 supports Windows 7 as of Version 7.2 Product Update 1.
- Compatibility with Windows 7 is being tested for MAS 90/200 Versions 4.3 and 4.4 - look for more info in March.
For more information on back versions and more, read the Windows 7 Compatibility Announcement.