Personal Trainer Inc.[Type the document subtitle]

This document is the group project for CIS 2321 Capstone. This project is a group effort constructed based on the case study, Personal Trainer Inc., assigned by the instructor. We have compiled data as outline in the case study in order to build the below recommendations.

William Breadon

11/27/2013

Pat te rson and Wi lde rIT consu l t ing

5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

October 31, 2013

Ms. Cassia Umi PresidentPersonal Trainer, Inc. 5498 Healthy Way, Chicago, IL. 54321

Dear Ms. Umi,

I am writing this letter to submit an interesting data solution to Personal Trainer, Inc. which may cut your costs by 50 percent and dramatically improve overall efficiency.

Our company, Patterson & Wilder IT Consultants, has more than 18 years of experience in analyzing, designing, implementing and maintaining Information Systems for growing businesses. The objective of Patterson & Wilder is to evaluate your existing infrastructure and propose a cost effective system that can be implemented in a timely manner with minimal disruption to Personal Trainer Inc. For an expanding company like Personal Trainer, Inc., Patterson & Wilder can assist with the development of an Enterprise Information System that will not only increase productivity now, but will allow for expansion well into this 21st century. This Enterprise System would integrate all of Personal Trainer, Inc. business processes; i.e. payroll, billing and other accounting data into a central system. This type of system supports Personal Trainer, Inc. business goals by capturing large volumes of member and employee information and securely storing them. The data collected and entered would be stored in a manner that allows for the day to day access by employees and warehoused so that it can be retrieved to analyze trends in treatment. In addition to member information, the system would be able to assist Personal Trainer, Inc. with billing, suppliers and payroll. By combining all processes into once central system, Personal Trainer, Inc. would experience a reduction in cost of data entry and storage as well as increased employee efficiency and customer satisfaction. You can contact me, Suzan Park at (555) 543-5432 or email at s.park@ pattersonwilderit.com.

I am looking forward to meeting you in person and discussing your data solution needs.

Thanks in advance for your time.

Brian Patterson Brian PattersonPresident, Patterson & Wilder(555) 543-5432

1

Pat te rson and Wi lde rIT consu l t ing

5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

Company History

Patterson and Wilder IT Consultants was established in 1995 to provide data solutions for small and medium businesses. Our company has more than 18 years of experience in analyzing, designing, implementing and maintaining Information Systems for growing businesses. The objective of Paterson and Wilder is to evaluate existing infrastructures and propose a cost effective system that can be implemented in a timely manner with minimal disruption to expanding small business operations.

2

Table of ContentsModified Letter to Owner....................................................................................................................................................4

Problem Statement.................................................................................................................................5Project Scope..........................................................................................................................................5Constraints...............................................................................................................................................5System Requirements for Accounting System and Web Page...................................................6Benefits Accounting and Web Base Data Systems........................................................................6Time and Cost Estimates......................................................................................................................8Feasibility Estimates..............................................................................................................................9Recommendations...............................................................................................................................11Statement of Work Signature Page..................................................................................................12Overview of Proposed Computer System Function.....................................................................13Process Models.....................................................................................................................................14Statement of System Requirements................................................................................................15Solution Candidates.............................................................................................................................16Software candidate weighted evaluation........................................................................................17Recommendation of Software candidate........................................................................................17Hardware/Software costs....................................................................................................................18Revised Feasibility Analysis..............................................................................................................18Scalability Statement for system......................................................................................................20Implementation Plan Time estimate.................................................................................................20Security Plan: Personal Trainer, Inc.................................................................................................21Risk Management Plan........................................................................................................................28Formal System Proposal…………………………………………………………………………………………………………. 31

Addendum…………………………………………………………………………………………………………………………………. 32

3

Pat te rson and Wi lde rIT consu l t ing

5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

Modified Letter to OwnerNovember 15, 2013

Ms. Cassia Umi PresidentPersonal Trainer, Inc. 5498 Healthy Way, Chicago, IL. 54321

Dear Ms. Umi:

I am writing this letter to submit an interesting data solution to you and Personal Trainer Inc. which may cut your costs by 50 percent and dramatically improve overall efficiency. Patterson and Wilder IT Consultants is proposing that Personal Trainer Inc. implement an in-house design software package along with web page enhancements. For an expanding company like Personal Trainer, Inc. an in-house design software package will not only increase productivity now, but will allow for expansion well into this 21st century. The in-house design software package would concentrate on several aspects of the member records and training program information for Personal Trainer Inc. The in-house design software package supports Personal Trainer Inc.’s business goals by processing and storing the data created during daily operations. The stored data would allow for timely access by employees. Also, the stored data can be retrieved to analyze trends in program progress and help to design future programs for members in the future. In addition to member information, the system would be able to assist Personal Trainer Inc. with billing and members able to pay via web site. By concentrating on your member records and reducing manual processes, Personal Trainer Inc. would experience an increase in employee efficiency, customer satisfaction and profitability. I look forward to meeting you in person and discussing your data solution needs.

Thanking you in advance for your time

Brian Patterson Brian PattersonPresident, Patterson & Wilder(555) 543-5432

4

Problem Statement Expanding Company wants to be able to offer on line services for the members of their fitness clubs. A new online web access is needed to fill the new demands of the company. Also they want offer membership sales and upgrades to new and existing customers. Personal Trainer Inc. wants to be able to off two memberships as well as allowing paying for special programs such as child fitness.

Project ScopePatterson and Wilder is proposing that Personal Trainer Inc. have a web page designed to allow easy access for customers, staff and new members. This will allow members to access all clubs from one location. Also, this project will consist of consolidating member records into a database allowing access by different departments simultaneously. During the project, desktop and laptop workstations will be established in each department and reception areas. Patterson and Wilder will provide training, and support to all departments in the company. The proposed testing and implementation is expected to be completed by May 2014.

ConstraintsIn order to implement an efficient member management system, the following barriers exist in the current Personal Trainer locations.

Availability of Web Designers capable of meeting customer requirements.. Daily operations interface while trying to launch new Web Page. After hours work for data conversion. Night crews may have to be utilized to update hardware to prevent daily operations. Schedule designed based on new facility build out, contractor delays may delay project. Employees may need basic computer skills training to proficiently complete Software

training. Training will have to be done during normal business hours

5

System Requirements for Accounting System and Web PageThis is a high level description of the capabilities required of the new system. During Requirements gathering, detailed descriptions will be provided to Personal Trainer, Inc. prior to system design and implementation.

The system must be able to make future dated member appointments, special services and personal program tracking.

The system must produce daily schedules, reporting, monthly billing statements and personal program performance.

Member Information must be accessible by all departments. Must be able to enter related member information and training programs Must be able to support all users simultaneously without delayed system response

times. System must be easily maintained by employees after implementation. Must have system backup capability. System must be compatible with current Network. System must have lifespan of at least 5 years.

Benefits Accounting and Web Base Data Systems Personal Trainer Inc. is proposing to interface current accounting system with a new web base system for employees and customer to be able to access 24/7. By storing the information in a database, the Company will reduce manual processes and associated costs which will improve profitability.

Reduce Cost Poor manual handoffs between departments result in a significant waste of time. Electronic data will help to increase productivity by reducing manual process used to

create schedules, reports and mailing lists. This could be a savings of at least one fulltime employee (FTE).

By automating processes that are currently handled manually, personal can take on additional responsibilities.

Increased revenue By automating manual processes, billing information will flow to external customers

quicker which can result in significant financial benefits. Cycle time reports showing outstanding balance can be created for monitoring for

appropriate personal.

Ability to Implement Changes Electronically stored data will allow for changes to various levels of memberships and

special services added in the future

6

Improved Customer Service A documented process that is followed through process automation reduces manual

errors and the risk of fraud. Member satisfaction will improve when employees are able to more spend time with

them in the facilities assisting them to accomplish their personal goals. Internal customers will benefit from schedules/reports produced accurately and in a

timely manner.

7

Time and Cost Estimates

Option 1 Build Software – In house Development

Task Duration High Level Description Cost

Requirements Definition4 days

Analyze current processes to determine user requirements

$1920

Design5 days

Develop prototype of user screens and reporting for working version of system and new data base

$3500

Implementation 4 days System Hardware and Software installed $3000Initial Training

20 hoursTrain the Trainer and Hands on training provided for each employee based on tasks performed

$2400

Testing 10 days Test scenario development and UAT by SME

$1200

Software 8 weeks Build- In house development $7,000Hardware

2weeks

Includes desktops, laptops, servers, routers, cabling etcMay be able to negotiate for bundled hardware costing $5,000

$18,243

Total Time 12 Weeks Total Costs $37,263

Option 2 Buy Software

Task Duration High Level Description CostRequirements Definition 4 days Analyze current processes to determine user

requirements$1920

Customization 5 days Customize out of the box solution $3400Implementation 4 days System Hardware and Software installed $4000Initial Training

20 hoursTrain the Trainer and Hands on training provided for each employee based on tasks performed

$3500

Testing 10 days Test scenario development and UAT by SME $1200Software Based on software solution $12,000Hardware

2 weeks

Includes desktops, laptops, servers, routers, etcMay be able to negotiate for bundled hardware costing $5,000

$18,243

Total Time 6 Weeks Total Costs $44,263

Maintenance/Support Costs

Maintenance/Support Annual License fee for purchased software

0.00

8

Feasibility Estimates

Operational Feasibility

The current system is difficult to maintain because of the proximity of the various fitness centers to corporate headquarters.

The new system will not result in workforce reduction, cause any new demands on the users, but will require training to properly allow users to utilize the system.

Customers will not experience any adverse effect and will see better customer service and access to personal training records and account data.

Technical Feasibility

Hardware, software, and network resources will need to be updated. In house design of using a relational data base model. Outsource company to develop required Web Site Enhanchements Technical expertise is not required for day-to-day operations, but will be required for

maintenance. The proposed platform will allow future growth.

Economic Feasibility

Total Cost of Ownership By not implementing a new system, Personal Trainer, Inc. will be required to hire more

personnel to handle all the manual tasks needed to complete daily operations. Additionally, the risk of losing member files and program tracking data is greatly increased when there is not a central database to keep customer information.

Tangible Benefits Reduces the over-all amount of time needed for all administrative tasks

Intangible Benefits Employees will not have to worry about keeping track of member files and reduce the

stress of creating daily and month reports.

Schedule Feasibility June 2014 is an adequate amount of time to finish and implement the system.

9

Personal Trainer Inc. Organizational Chart

10

Recommendations

Personal Trainer, Inc. currently manages all member records at each location. This process creates bottlenecks of data and redundant work for several employees. Due to the amount of manual work, critical aspects of the business such as payment processing and training program records. Patterson and Wilder is proposing to assist Personal Trainer, Inc. in updating the current accounting software to allow interface of customers for web access to accounts payments, purchases and access to customer training records . This will be accomplished in a three step plan of data base design, user interface design and application architecture. The member data will be managed more efficiently and increase productivity in the office. Increased productivity usually means increase in revenue usually at the same time lowering overhead costs. By automating tasks, the business may see a reduction in costs, employee boredom, manual errors and increased productivity.

11

Statement of Work Signature Page

I agree that the business requirements represent the defined scope of this project, and represent our best understanding of the requirements. Any additional business functionality realized during the completion of the functional or technical specifications will be considered new requirements that will mean a revision to this document and could impact the scope, costs, resources and implementation time line for this project.

Name Title Signature Date

Cassie Umi President, Personal Trainer, Inc.

Reed Curry Operations Manager

Janet Macdonald Finance Manager

Tai Tranh Sales & Marketing Manager

Susan Park IT Consultant, Patterson & Wilder IT Consultants

12

PHASE 2

Overview of Proposed Computer System Function Output

The system must produce daily schedules by provider The system must be able to produce daily appointment list for special services The system must be able be able to produce weekly Facility Reports to track production

by store. The report may be created on a monthly and yearly basis. The system must be able to produce monthly financial reports and sales trends for each

store to assist in sales and marketing. The system must be able to produce monthly billing statements to be accessed via

corporate web site The system must be able to allow members to access customized training programs and

personal services from web based access.Inputs

Must be able to migrate current accounting system with web. Must be able to allow online sales, registration and account monitoring by customers. Must be able to allow payments for monthly fees and special services Must be able to take reservations for special events and services. Must be able to enter individual member information for each person in family with

individual access to their personal records and training programs by household. Process

The system must be able to determine which accounts are still outstanding lock out customers 60 days past due.

The system must be able to determine when a member is not meeting goals for follow up counseling on training program and generate list for trainers.

Performance

Must be able to support 24 users simultaneously. Response time should not exceed four seconds The system must be operational seven days a week. System must be easily maintained by employees after implementation

Controls

The system must provide logon security at the operation system level and at the application level.

Member records must be added, changed or deleted only by the Facility Managers. The system must maintain separate levels of security for users and the system

administrator. Must have system backup capability

Process Models Context Diagram

13

DFD-0 (Parent DFD)

DFD – 1 (Child DFD)

Statement of System RequirementsSystem needs to be configured to ease user interface and output reports as required

Member information programs payments special services Daily appointment list and services by location

14

Daily Schedules, class rosters and registrations Web Page interface for payment, registration and personal programs Ease of use by managers, Instructors, staff and members Member must be able to register for classes online Security controls to safeguard personal and accounting information

System needs to be able to accept the following data Inputs

Membership registration information Accounting data, payments, discounts and special programs data Member personal program tracking and performance

Service Level Agreement should include the following:

Support 24 users simultaneously. Response time should not exceed four seconds The system must be operational six days a week. Version upgrades should be easily installed by employees Installation support should be available within 25 hours of contact.

Security

The system must provide logon security at the operation system level and at the application level.

Delete capability by Office Administrator only. The system must maintain separate levels of security for users and the system

administrator. Must have role based security to maintain member confidentiality Must have system backup capability

Solution Candidates The following software candidates provide out of the box applications which are designed for physical training facilities.

Prepackaged Software Systems and In House Development and Outsourcing

Member Information Registration at Facility or Online Customizable Management Reports which requires additional training and

development. Allows entry of records by Managers and Trainers at various levels

15

Different levels of access for different users Ability access class schedules and rosters Connect to server on iPhone Work with current network system

Bundled Commercial Software

Easy Member Search Automatic bill preparation Allows scheduling of Classes

o Member rostero Allows overbooking of classes if authorizedo Shows training history of members and instructors

Allows electronic billing Multi-divisional reporting capabilities Accounts receivable management Real-time entries Canned reports and ability to customize reports with limited user knowledge User Support Group with 24/7 Hotline to report issues.

Cost: $5,000

In Development and Outsourcing

Track members and their personal information Track services that the training facilities perform along with the cost for reporting

purposes Track member visits to gyms including services performed, quantity, time, etc. Record member training programs and progress Track accounting data of member in order to allow access to gyms and services Record payments and services requested Ability to generate reports with additional user training.

Cost: $6,000

16

Software candidate weighted evaluationFeasibility Criteria Wt.

Commercial Software integration Rate In House development

& Outsourcing Rate

Operational Feasibility 30%

Functionality. A description of to what degree the candidate would benefit the organization and how well the system would work.

Alow importsation of currents datat bases into a more relible system and ease daily operations 4

Allows for updating current softeware and interfacing with new Web interface allond with the new design database 4

Political. A description of how well received this solution would be from both user management, user, and organization perspective.

System provides on site training and support 3

System provides on site training and support 3

Operational Score 2.1 2.1Technical Feasibility 30%

Technology. An assessment of the maturity, availability (or ability to acquire), and desirability of the computer technology needed to support this candidate.

Current suggested hardware configuration will support the software 3

Current suggested hardware configuration will support the software 5

Expertise. An assessment of the technical expertise needed to develop, operate, and maintain the candidate system.

Requires additional training to develop reporting 3

Canned reports and customized reports with limited user knowledge. New Training will be minimal 5

Technical Score 1.8 3Economic Feasibility 30% 3 4

Cost to develop: 10000 7000

Payback period (discounted): 0 0

Net present value: 10000 7000

Expected LifeSpan 3 5

Detailed calculations: Economic Score 0.9 1.2

Schedule Feasibility 10%An assessment of how long the solution will take to design and implement.

Customization and implementation 4 weeks 4

Customization and implementation 4 weeks 4

Schedule Score 10 0.4 0.4

Ranking 100% 5.2 6.7

Recommendation of Software candidate

It is recommended that Personal Trainer Inc. use an in-house team to develop and design a prototype along with outsourcing for web development. This package allows users to perform all daily tasks through their desktop computer with ease. General and customized reports can be created by a user without needing to have advanced knowledge of the software. The use of the in-house developed software will allow users to break away from handling hard copy files and manually creating reports and summaries, and will grant the ability to accomplish all tasks in a timely manner.

17

Hardware/Software costs Resource Material as of Friday 11/15/13

Personal Trainer Project

Resource Name Type Std. Rate

World Elect. Cat 5 Cable Materials $ 650.00

HP ProBook 455 G1 Materials $ 499.95

HPP2000 MSA Storage Materials $ 6,798.25

HP Z1 Workstation Materials $ 2,679.00

In-house Development Staff $ 10,500.00

Out Source Web Enhancements Materials $ 2,500.00

Revised Feasibility Analysis

Operational Feasibility

Switching to a completely electronic system will allow employees to efficiently carry out daily tasks without having to worry about losing any paper files.

Users will be able to customized and print reports in a fraction of the amount of time needed to create the reports by hand. One person will be able to create the necessary daily, weekly, monthly, quarterly, and yearly reports instead of having all staff members work together to complete them.

There will be a slight transition time while the users are trained on how to properly utilize the new software system but members will not see any adverse effects of the transition.

The new system will allow the company to grow without having to worry about an increased workload on the employees for administrative tasks

Technical Feasibility

The company will need to purchase new hardware and design new software to successfully implement a new system. This avenue will allow integration with current software reducing the training cost. Current users will be able to navigate the system easily due to familiarity with current software systems

Once training on the new system has been completed, the users will have adequate knowledge to support themselves in any technical issues. Advanced expertise will only be needed for system maintenance and emergency situations.

18

With additions of new facilities, new employees will need to be hired to allow growth of the company. A new system will allow growth of the company without needing any additional resources.

Economic Feasibility

Total Cost of Ownership Training Hardware and software updates Maintenance and repairs The cost of hiring a new long-term employee to help with the growing workload

will only temporarily fix the problem of being slowed down with large amounts of paperwork. If the company keeps growing, it will be required to continuously hire new employees and spend more money of salaries, or purchase a new system that allows for growth.

Tangible Benefits A new system allows users to generate reports to see who has overdue

payments more efficiently and on time. Allows for users to create and submit insurance paperwork in a shorter amount of

time. Users will be able to customize reports to fulfill and obligations whether it is to

managers or members program tracking needs.

Intangible Benefits User-friendly system improves employee job satisfaction by allowing more to be

accomplished. An organized and central database system will allow faster customer service. Electronic member files are more convenient and will not be lost going from

person to person.

Schedule Feasibility None of the hardware needs to be custom ordered but, the software needs to be

built. Everything depends on current staff meeting development schedules and should require minimal installation.

There is enough man-power to develop, employ, and train users on the new system.

Personal Trainer Inc. employees are more than willing to accept a centralized database system to accomplish daily tasks which will result in faster implementation of the new system.

Scalability Statement for system

19

The In-house development and Outsourcing designed for Personal Trainer Inc. will accommodate the required 14 desktops and laptops with minimal stress on the network. The following components, HPP2000 MSA Storage, Cisco 2811 Integrated Services Router, HP ProBook 455 G1, HP Z1 Workstation. The increase in resources will not reduce the performance level of acquiring information from the data warehouse. The system should handle complex queries from multiple user within the acceptable response time.

Implementation Plan Time estimate

Task Dependency Start Finish

Convert Files(Outside vendor to convert manual files)

2/10/2014 5/19/2014

Gather detailed requirements2/10/2014 2/18/2014

Design/Customization Following Requirements2/19/2014 3/19/2014

Installation of Software Can occur simultaneously with Hardware install 4/9/2014 4/11/2014

Installation of Hardware Can occur simultaneously with Software install 3/24/2014 4/14/2014

Training Following install, simultaneously with testing

4/16/2014 5/6/2014

Testing Following install, simultaneously with training

5/7/2014 5/19/2014

20

Security Plan: Personal Trainer, Inc.This plan was developed by Reed Curry, Operations Manager, in cooperation with other key members of Personal Trainer Inc. staff and Suzan Parks It Consultant with Patterson and Wilder.

Objectives

This security plan is a modification from past plans. We will take a broad view of the security risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the virus attacks on small business such as ours earlier this year, and we hope to avoid a disaster like that! However, I hope that by taking a wider view, we may be able to plan for threats we don’t know about yet.

I realize that we are limited in time, people, and (of course) cash. Our main priority is to continue to grow a successful business. The project team has weighed these constraints carefully in deciding what to do and has tried to strike a balance between practicality, cost, comfort, and security measures. We are all convinced that updating system protocols is need as the company continues to grow.

I am taking responsibility for leading this review and ensuring that all the action items are carried out. I am concerned about the risks we face, although having reviewed the plan, I am sure we can address them properly. This project has my full support and is a high priority for the business.

Circulation

Because this document contains important security information, it is confidential. You are requested to keep it under lock and key when not actually using it, and please don’t leave it lying around or make photocopies. We will not be sending this document via e-mail or storing it on the server—paper copies only, please. The following people are authorized to view this document:

Cassia (President) Reed (Operations Manager) Janet (Financial Manager) Bleak and Blue (our lawyers) Watson, our outside security consultant

Project Team

The project team includes:

Reed, project leader Janet Suzan – IT Consultant Watson, advising our staff and carrying out some of the implementation

21

In addition, we consulted with staff members from sales, marketing, and design to get their feedback about what they wanted and how the plan might affect them.

Section 2: Assessment Results

Our assessment has produced the following results.

Skills and Knowledge

Our technology consultant, Watson, is familiar with the whole situation and will be our expert guide. However, we need to internalize as much of this knowledge as possible by doing as much of the work as we can. Doing so will also help us save money. Luckily, Reed is an amateur computer enthusiast. He has attended a security training course.

Each member of the project team has read the available security planning guides from Microsoft and the Internet Engineering Task Force (IETF) in preparation. The company as a whole is reasonably technically literate, but (with one or two exceptions) they see computers as tools to get the job done and don’t know much about how they work.

Our Network and Systems

Desktops: Twenty-four (one per member of staff plus two old machines acting as print servers)

Laptop computers: Six (one each for the senior manager, one for Cassia, and three for the sales team)

Printers: 15 (printer-fax combo units for each location and three at corporate) Servers: One (running Small Business Server 2012 and looking after files, the Internet

connection, e-mail, and our customer database) Internet connection: 1.5 Mbps cable modem connection

The server and several of the computers are linked by 100 Mbps Cat5 Ethernet cables. The remainder is linked by an 802.11n+ wireless network with an access port. All computers run Windows 7 Professional except for the two print servers.

Security

We compared each computer against the checklist in the Security Guide for Small Business. We also ran the MBSA. These actions produced the following results:

Virus protection: Will be controlled as auto update s at the server level.

Spam-filtering software: Spam protection will be active along with Adware and Malware protection.

22

Firewall: We ha install a military grade firewall and encryption systems to protect corporate and customer information

Updates: All the Windows 7 Professional systems are up-to-date because they were automatically checking and downloading updates. Microsoft Office is also up to date due to the installation of automatic updates as approved by the IT department.

Passwords: All passwords will be random characters using numbers, letters, with at least one upper case and one special character. Passwords will be changed every 6 months and not duplicated for at least three years.

Physical security: We had the insurance people in last year, so the window locks, doors, and alarms are pretty good. All computers not in use will be logged off when user not present. No passwords shall be written down in work stations. All doors and desk shall be locked when occupants are not present to control information leaks. All generated paper work shall be shredded if it contains any financial or personal information from members, suppliers or employees.

Laptop computers: All the laptop computers had shiny bags with big manufacturer logos. No security locks.

Wireless networking: Each employee wanting to use the Wi-Fi or server system must log into system with their user name and password.

Web browsing: Everyone thinks that having fast Internet access is a great perk, but they are using it all the time and without much thought to the risks. Through a content filtering audit, we found that 20 percent of our Web browsing was unrelated to work. We don’t have a policy on acceptable use, and no one is taking any security measures. Inappropriate sites will be blocked at the server level.

Backups: We back up data on the server to a redundant sever system on a weekly basis, but we haven’t tested restoring the data since the system has recently been installed. The server contains our primary customer database, so well-tested backups are essential, as is keeping a copy of backups offsite.

Assets

Besides the physical property, our main assets are:

Our member information and marketing collateral Records of our contracts with vendors Our e-mail database and archive of past e-mail messages Sales orders and the customer database Financial information Paper legal records stored in various filing cabinets

All these assets are considered secret and should be accessible only on a need-to-know basis. In addition, they need to be protected and backed up as safely as we can manage.

23

Risks

We believe the risks break down into four main categories:

Intruders (viruses, worms, hijacking of our computer resources or Internet connection, and random malicious use). These are the risks that anyone using computers connected to the Internet faces. High risk, high priority.

External threats (rivals, disgruntled ex-employees, bad guys after money, and thieves). They are likely to use the same tools as hackers, but in deliberately targeting us they may also try to induce members of staff to supply confidential information or even use stolen material to blackmail or damage us. We need to protect our assets with physical and electronic security. High risk, high priority.

Internal threats. Whether accidental or deliberate, a member of staff may misuse his or her privileges to disclose confidential information. Low risk, low priority.

Accidents and disasters. Fires, floods, accidental deletions, hardware failures, and computer crashes. Low risk, medium priority.

Priorities

1. Intruder deterrence: Firewall Virus protection Strengthening the wireless network Ensuring that all computers are updated via server Ongoing user education and policies

2. Theft prevention: Laptop computer security Security marking and asset inventory Moving the server into a secure, lockable room Security locks for desktop and laptop computers

3. Disaster prevention: More frequent backups with offsite storage Ensure backup of users’ local data Offsite backup of critical paper documents Regularly testing the backups by performing a restore

4. Internal security and confidentiality: Strong password policy and user education Secure printers for accounts, HR, and mangers Review security for filing cabinets and confidential documents

24

Section 3: Security Plan

After performing our assessment, we have devised the following security plan.

Action Items

1. Ask our ISP or technology consultant to provide firewall upgrades if needed.2. Enable Windows Firewall on the server and on all desktop computers.3. Make sure that antivirus software is installed on all computers and that it is set to

automatically update virus definitions.4. Configure computers running Office Outlook 2010 to use Junk E-mail filtering. Select,

purchase, and install adware and malware software on server, if necessary.5. On the wireless network, disable service set identifier (SSID) broadcasting, choose and

configure a sensible SSID, enable WPA encryption, enable MAC filtering, and configure the access point to allow traffic only from the desktop and laptop computers in the office..

6. Review all machines to make sure that they are fully updated, and set them to automatically refresh those updates.

7. Buy new, nondescript laptop computer bags and locks.8. Securities mark all desktop computers, laptop computers, and their components.9. Log all serial numbers.10. Buy and install desk security locks for desktop computers.11. Find a suitable, lockable room for the server and move it there.12. Review backup and restore procedures. Ensure that user data is either stored on the

server or copied across regularly prior to backups. Implement daily backups. Ensure that a full backup goes offsite once a week. Ensure that the backup is password protected and encrypted. Review paper documents, and make photocopies for secure offsite storage of critical documents.

13. Configure Microsoft Server 2012 and individual machines to enforce reasonably strong passwords. Discuss with users what would be an acceptable balance of convenience and security. (We don’t want them writing down their new passwords.)

14. Configure workstations to log users out and require a password to log on again if the workstation is idle for more than 5 minutes.

15. Buy cheap printers for accounts, HR, and the two directors so that they can have private documents printed securely.

Policy Changes

Kim will update the staff handbook to include new policies on:

Acceptable use of e-mail and the Internet Use of passwords Who can take company property away from the office

After she has completed a first draft, it will be reviewed by the directors and the company’s attorneys before being rolled out.

25

User Education

We expect to give up to two hours of user training in small groups as a result of these changes. Training will cover:

The importance of security Passwords Laptop computer security Virus prevention Safe Internet browsing Updating software and operating systems from a server Introducing the new staff policies Making sure employees understand the consequences for not complying with policies Assessing employees’ understanding of the new policies Periodically reviewing the practice of the new policies

Project Time Line and Responsibilities

The top three priorities—firewall, virus protection, and strengthening the wireless network—will receive urgent attention from our security consultant, Watson. The remaining tasks will be done by our own staff in order of priority.

We expect the top three priorities to be completed within a week and the remaining tasks within 30 days of new system integration. Reed will be responsible for purchasing and implementing the technical changes. Tai will be responsible for all the policy and training requirements. Janet will oversee the project and be responsible for any other tasks that arise.

Response Planning

In the event of a security breach, we will contact Watson. His company has a one-hour response policy during office hours and a four-hour response policy at all other times to deal with serious incidents, such as virus infections. In addition, Reed will monitor the server and firewall regularly to make sure that no breaches have occurred.

Ongoing Maintenance and Compliance

Gary will be responsible for security on a day-to-day basis, with Reed taking overall responsibility. Reed will continue his own self-education on the topic, subscribe to security bulletins from Microsoft and our antivirus software supplier, and liaise with Watson on a regular basis to monitor compliance with the new policies.

On a monthly basis, Reed will make sure that Windows and our antivirus software are updated and that the backup and restore procedures are working properly. He will also be responsible for ensuring that new computer equipment is properly configured and up-to-date.

Tai will be responsible for ensuring that new staff joining the company is fully trained in the company’s security policies and procedures.

There will be a full, formal review of this plan in six months.

26

Section 4: Resources and Budget

The following expenditure has been approved:

Software and Hardware Purchase antivirus software. Configure Office Outlook 2010 to filter junk e-mail. Update a hardware firewall. Purchase security locks and new nondescript laptop computer bags.

Professional Advice

Bleak and Blue Esq. to review our rewritten staff policies Watson for advice during the creation of this plan Watson for help with implementation

Internal Resources

Although we are not paying for our own staff directly, to be clear about the allocation of resources and the time that is available for this work, we have authorized the use of internal staff as detailed above.

27

Risk Management PlanDepartment: IT ConsultantsProduct or Process: In-House Development and OutsourcingDocument Owner: Suzan Parks

Project or Organization Role: IT Modifications for Personal Trainer Inc.

Version Date Author Change Description001.1 11/15/13 William Breadon Initial documentation of plan

Project Risk Management Plan Purpose

A Project Risk Management Plan is a controlling document that incorporates the goals, strategies, and methods for performing risk management on a project. The Project Risk Management Plan describes all aspects of the risk identification, estimation, evaluation, and control processes. The purpose of developing such a plan is to determine the approach for cost-effectively performing risk management on the project.

Stakeholder Roles and Responsibilities

Role Risk Management Responsibility AssignmentProject Manger The Project Manager is responsible

for the Project Risk Management Plan being implemented and for reporting to the Project Sponsor and Management Group.

William Breadon

Consultant Insuring Compliance and schedules maintained for customer needs

Suzan Parks

Risk Management Process and Activities

Risk Management Activity

Risk Management Task Description Ownership (Participants)

Data Base Development Ability of Current Staff to develop the required relational data bases

Gary Lewis - Manager

Web Enhancements Addition of interfaces with customers, forms, registration and security integration

Suzan Parks - Consultant

28

Risk Management Plan Audit Log

Record Name Responsibility Approval Authority Distribution

Schedules Suzan Parks Cassia Uri Management

Development Gary Lewis Cassia Uri Finance, Sales & Operations

Installation Reed Curry Cassia Uri Operations

Training Suzan Parks Cassia Uri Consultant, Operations

Risk Assessment and Management Table

Risk MGMT Chart

Low Risk

Low/Medium

RiskMedium

RiskMedium/

High Risk High Risk

Impact 5

Cost, Process model

Equipment damage

Technology, Design

processes

4 Change in focus Resource

3 Complexity

2 Estimation

1

(low) 1 2 3 4 5

29

Risk Type Risk and Description Risk Chance

Risk Impact

Risk Priority Risk Owner

Project Management Risks

Inadequate project definition

Stakeholders uncertain of project scope

Medium Medium Medium William Breadon

Development In-house software not constructed to specifications or needs

High High High Gary Lewis

Web Enhancements

Integration of changes and navigation problems

Low Low Low Suzan Parks

Probability

Risk CategoriesSchedule, scope, budget, effort, people, unexpected issues

Risk ClassificationColor Rating # ActionRED 25 Critical or Major, needs mitigation now

YELLOW 15 to 20 Moderate, should be monitored weeklyBLUE 6 to 12 Low to Medium, should be monitored monthly

GREEN 1 to 5 Low, should be monitored quarterly

Risk Management Plan Approvals

Prepared by:William BreadonProject Manager

Approved by:Suzan ParksProject Sponsor

Jim PattersonExecutive Sponsor

Cassia UriMember Sponsor

30

Formal System Proposal

Based on analysis of the current functions, it appears that In-House development and design along with Outsourcing Web Design and Enhancements would be the most cost effective solution for Personal Trainer Inc.

The software, developed in-house, will meet the exact demands and needs of Personal Trainer Inc. In-house development will negate useless software in system delaying data flows and errors. This approach will allow all users to transition to the updated system meeting your unique needs and demands. Logon security at the system level as well as the application level is supported by the software. Role based security is also available through packaged software if this option is required.

The hardware has the capability to perform within the required response time based on the 24 users currently employed by Personal Trainer Inc. The network also has the capacity to grow with the company to support up to 40 users. The network has the ability to store incremental backup data as well as weekly full system backup.

System implementation should be completed within 12 weeks with minimal disruption to the operations of the Physical Trainer Inc. Training will be hands-on conducted in a testing environment. The User Acceptance Testing will also provide additional training time for the users. Testing scenarios will be based on real life errors experiences by the company.

Following implementation, User support is available for a period of 3 months. Patterson and Wilder have created a User Support Group to discuss issues that may arise during the day to day operations of the system.

The implementation of the hardware and software will help Personal Trainer Inc. achieve its business goal of increasing employee efficient, reduce billing errors, and increasing profitability. Employees will be able to accept additional responsibilities due to reduced manual processes integrating all facilities and corporate headquarters. The critical aspects of the business such as billing, personal training programs, special services and structured training programs will meet the needs of Personal Training Inc. The improvements will allow all users and members simple access increasing overall customer satisfaction.

31

Addendum

Project Schedule:

32