Personal Trainer

Inc.
[Type the document subtitle]
This document is the group project for CIS 2321
Capstone. This project is a group effort
constructed based on the case study, Personal
Trainer Inc., assigned by the instructor. We have
compiled data as outline in the case study in
order to build the below recommendations.
William Breadon

Patterson and Wilder

I T c o ns u l t i n g

October 31, 2013

Ms. Cassia Umi
President
Personal Trainer, Inc.
5498 Healthy Way,
Chicago, IL. 54321
Dear Ms. Umi,
I am writing this letter to submit an interesting data solution to Personal Trainer, Inc. which may cut your costs by
50 percent and dramatically improve overall efficiency.
Our company, Patterson & Wilder IT Consultants, has more than 18 years of experience in analyzing, designing,
implementing and maintaining Information Systems for growing businesses. The objective of Patterson & Wilder is
to evaluate your existing infrastructure and propose a cost effective system that can be implemented in a timely
manner with minimal disruption to Personal Trainer Inc.
For an expanding company like Personal Trainer, Inc., Patterson & Wilder can assist with the development of an
Enterprise Information System that will not only increase productivity now, but will allow for expansion well into
this 21st century. This Enterprise System would integrate all of Personal Trainer, Inc. business processes; i.e.
payroll, billing and other accounting data into a central system. This type of system supports Personal Trainer, Inc.
business goals by capturing large volumes of member and employee information and securely storing them. The
data collected and entered would be stored in a manner that allows for the day to day access by employees and
warehoused so that it can be retrieved to analyze trends in treatment. In addition to member information, the
system would be able to assist Personal Trainer, Inc. with billing, suppliers and payroll. By combining all processes
into once central system, Personal Trainer, Inc. would experience a reduction in cost of data entry and storage as
well as increased employee efficiency and customer satisfaction.
You can contact me, Suzan Park at (555) 543-5432 or email at s.park@ pattersonwilderit.com.
I am looking forward to meeting you in person and discussing your data solution needs.
Thanks in advance for your time.

Brian Patterson
Brian Patterson
President, Patterson & Wilder
(555) 543-5432

5432 Short Circuit Blvd, Chicago, IL 54321

555.543.5432 ph 555.543.5433 fax
www.pattersonwilderit.com

Patterson and Wilder

I T c o ns u l t i n g

Company History
Patterson and Wilder IT Consultants was established in 1995 to provide data
solutions for small and medium businesses. Our company has more than 18 years
of experience in analyzing, designing, implementing and maintaining Information
Systems for growing businesses. The objective of Paterson and Wilder is to
evaluate existing infrastructures and propose a cost effective system that can be
implemented in a timely manner with minimal disruption to expanding small
business operations.

5432 Short Circuit Blvd, Chicago, IL 54321

555.543.5432 ph 555.543.5433 fax
www.pattersonwilderit.com

Table of Contents
Modified Letter to Owner....................................................................................................................................................4
Problem Statement...................................................................................................... 5
Project Scope.............................................................................................................. 5
Constraints.................................................................................................................. 5
System Requirements for Accounting System and Web Page.........................................6
Benefits Accounting and Web Base Data Systems.........................................................6
Time and Cost Estimates.............................................................................................. 8
Feasibility Estimates.................................................................................................... 9
Recommendations..................................................................................................... 11
Statement of Work Signature Page.............................................................................. 12
Overview of Proposed Computer System Function......................................................13
Process Models......................................................................................................... 14
Statement of System Requirements............................................................................ 15
Solution Candidates................................................................................................... 16
Software candidate weighted evaluation.....................................................................17
Recommendation of Software candidate.....................................................................17
Hardware/Software costs............................................................................................ 18
Revised Feasibility Analysis....................................................................................... 18
Scalability Statement for system.................................................................................20
Implementation Plan Time estimate............................................................................. 20
Security Plan: Personal Trainer, Inc.............................................................................21
Risk Management Plan............................................................................................... 28
Formal System Proposal. 31
Addendum. 32

Patterson and Wilder

I T c o ns u l t i n g

Modified Letter to Owner

November 15, 2013
Ms. Cassia Umi
President
Personal Trainer, Inc.
5498 Healthy Way,
Chicago, IL. 54321
Dear Ms. Umi:
I am writing this letter to submit an interesting data solution to you and Personal Trainer Inc. which may cut your
costs by 50 percent and dramatically improve overall efficiency. Patterson and Wilder IT Consultants is proposing
that Personal Trainer Inc. implement an in-house design software package along with web page enhancements. For
an expanding company like Personal Trainer, Inc. an in-house design software package will not only increase
productivity now, but will allow for expansion well into this 21st century. The in-house design software package
would concentrate on several aspects of the member records and training program information for Personal Trainer
Inc. The in-house design software package supports Personal Trainer Inc.s business goals by processing and storing
the data created during daily operations. The stored data would allow for timely access by employees. Also, the
stored data can be retrieved to analyze trends in program progress and help to design future programs for members
in the future. In addition to member information, the system would be able to assist Personal Trainer Inc. with
billing and members able to pay via web site. By concentrating on your member records and reducing manual
processes, Personal Trainer Inc. would experience an increase in employee efficiency, customer satisfaction and
profitability.
I look forward to meeting you in person and discussing your data solution needs.
Thanking you in advance for your time

Brian Patterson
Brian Patterson
President, Patterson & Wilder
(555) 543-5432

5432 Short Circuit Blvd, Chicago, IL 54321

555.543.5432 ph 555.543.5433 fax
www.pattersonwilderit.com

Problem Statement
Expanding Company wants to be able to offer on line services for the members of their fitness
clubs. A new online web access is needed to fill the new demands of the company. Also they
want offer membership sales and upgrades to new and existing customers. Personal Trainer
Inc. wants to be able to off two memberships as well as allowing paying for special programs
such as child fitness.

Project Scope
Patterson and Wilder is proposing that Personal Trainer Inc. have a web page designed to allow
easy access for customers, staff and new members. This will allow members to access all clubs
from one location. Also, this project will consist of consolidating member records into a
database allowing access by different departments simultaneously. During the project, desktop
and laptop workstations will be established in each department and reception areas. Patterson
and Wilder will provide training, and support to all departments in the company. The proposed
testing and implementation is expected to be completed by May 2014.

Constraints
In order to implement an efficient member management system, the following barriers exist in
the current Personal Trainer locations.

Availability of Web Designers capable of meeting customer requirements..

Daily operations interface while trying to launch new Web Page.
After hours work for data conversion.
Night crews may have to be utilized to update hardware to prevent daily operations.
Schedule designed based on new facility build out, contractor delays may delay project.
Employees may need basic computer skills training to proficiently complete Software
training.
Training will have to be done during normal business hours

System Requirements for Accounting System and Web Page

This is a high level description of the capabilities required of the new system. During
Requirements gathering, detailed descriptions will be provided to Personal Trainer, Inc. prior to
system design and implementation.

The system must be able to make future dated member appointments, special services
and personal program tracking.
The system must produce daily schedules, reporting, monthly billing statements and
personal program performance.
Member Information must be accessible by all departments.
Must be able to enter related member information and training programs
Must be able to support all users simultaneously without delayed system response
times.
System must be easily maintained by employees after implementation.
Must have system backup capability.
System must be compatible with current Network.
System must have lifespan of at least 5 years.

Benefits Accounting and Web Base Data Systems

Personal Trainer Inc. is proposing to interface current accounting system with a new web base
system for employees and customer to be able to access 24/7. By storing the information in a
database, the Company will reduce manual processes and associated costs which will improve
profitability.
Reduce Cost
Poor manual handoffs between departments result in a significant waste of time.
Electronic data will help to increase productivity by reducing manual process used to
create schedules, reports and mailing lists. This could be a savings of at least one
fulltime employee (FTE).
By automating processes that are currently handled manually, personal can take on
additional responsibilities.
Increased revenue
By automating manual processes, billing information will flow to external customers
quicker which can result in significant financial benefits.
Cycle time reports showing outstanding balance can be created for monitoring for
appropriate personal.
Ability to Implement Changes

Electronically stored data will allow for changes to various levels of memberships and
special services added in the future

Improved Customer Service

A documented process that is followed through process automation reduces manual
errors and the risk of fraud.
Member satisfaction will improve when employees are able to more spend time with
them in the facilities assisting them to accomplish their personal goals.
Internal customers will benefit from schedules/reports produced accurately and in a
timely manner.

Time and Cost Estimates

Option 1 Build Software In house Development
Task

Duration

Requirements Definition
4 days
Design
5 days
Implementation
Initial Training

4 days
20 hours

Testing

10 days

Software
Hardware

8 weeks
2weeks

Total Time

12 Weeks

High Level Description

Cost

Analyze current processes to determine

user requirements
Develop prototype of user screens and
reporting for working version of system and
new data base
System Hardware and Software installed
Train the Trainer and Hands on training
provided for each employee based on tasks
performed
Test scenario development and UAT by
SME
Build- In house development
Includes desktops, laptops, servers, routers,
cabling etc
May be able to negotiate for bundled
hardware costing $5,000
Total Costs

$1920
$3500
$3000
$2400
$1200
$7,000
$18,243

$37,263

Option 2 Buy Software

Task
Requirements Definition

Duration
4 days

Customization
Implementation
Initial Training

5 days
4 days
20 hours

Testing
Software
Hardware

10 days

2 weeks
Total Time

6 Weeks

High Level Description

Analyze current processes to determine user
requirements
Customize out of the box solution
System Hardware and Software installed
Train the Trainer and Hands on training
provided for each employee based on tasks
performed
Test scenario development and UAT by SME
Based on software solution
Includes desktops, laptops, servers, routers,
etc
May be able to negotiate for bundled
hardware costing $5,000
Total Costs

Cost
$1920
$3400
$4000
$3500
$1200
$12,000
$18,243

$44,263

Maintenance/Support Costs
Maintenance/Suppor

Annual License fee for purchased

0.00

software

Feasibility Estimates
Operational Feasibility

The current system is difficult to maintain because of the proximity of the various fitness
centers to corporate headquarters.
The new system will not result in workforce reduction, cause any new demands on the
users, but will require training to properly allow users to utilize the system.
Customers will not experience any adverse effect and will see better customer service
and access to personal training records and account data.

Technical Feasibility

Hardware, software, and network resources will need to be updated.

In house design of using a relational data base model.
Outsource company to develop required Web Site Enhanchements
Technical expertise is not required for day-to-day operations, but will be required for
maintenance.
The proposed platform will allow future growth.

Economic Feasibility
Total Cost of Ownership
By not implementing a new system, Personal Trainer, Inc. will be required to hire more
personnel to handle all the manual tasks needed to complete daily operations.
Additionally, the risk of losing member files and program tracking data is greatly
increased when there is not a central database to keep customer information.
Tangible Benefits
Reduces the over-all amount of time needed for all administrative tasks
Intangible Benefits
Employees will not have to worry about keeping track of member files and reduce the
stress of creating daily and month reports.
Schedule Feasibility
June 2014 is an adequate amount of time to finish and implement the system.

Personal Trainer Inc. Organizational

Chart

10

Recommendations
Personal Trainer, Inc. currently manages all member records at each location. This process
creates bottlenecks of data and redundant work for several employees. Due to the amount of
manual work, critical aspects of the business such as payment processing and training program
records. Patterson and Wilder is proposing to assist Personal Trainer, Inc. in updating the
current accounting software to allow interface of customers for web access to accounts
11

payments, purchases and access to customer training records . This will be accomplished in a
three step plan of data base design, user interface design and application architecture. The
member data will be managed more efficiently and increase productivity in the office. Increased
productivity usually means increase in revenue usually at the same time lowering overhead
costs. By automating tasks, the business may see a reduction in costs, employee boredom,
manual errors and increased productivity.

Statement of Work Signature Page

I agree that the business requirements represent the defined scope of this project, and represent our best
understanding of the requirements. Any additional business functionality realized during the completion of
the functional or technical specifications will be considered new requirements that will mean a revision to
this document and could impact the scope, costs, resources and implementation time line for this project.

12

Name

Title

Signature

Cassie Umi

President, Personal
Trainer, Inc.

Reed Curry

Operations Manager

Janet Macdonald

Finance Manager

Tai Tranh

Sales & Marketing

Manager

Susan Park

IT Consultant, Patterson &

Wilder IT Consultants

Date

PHASE 2

Overview of Proposed Computer System Function

Output

The system must produce daily schedules by provider

The system must be able to produce daily appointment list for special services
The system must be able be able to produce weekly Facility Reports to track production
by store. The report may be created on a monthly and yearly basis.
13

The system must be able to produce monthly financial reports and sales trends for each
store to assist in sales and marketing.
The system must be able to produce monthly billing statements to be accessed via
corporate web site
The system must be able to allow members to access customized training programs and
personal services from web based access.

Inputs

Must be able to migrate current accounting system with web.

Must be able to allow online sales, registration and account monitoring by customers.
Must be able to allow payments for monthly fees and special services
Must be able to take reservations for special events and services.
Must be able to enter individual member information for each person in family with
individual access to their personal records and training programs by household.
Process

The system must be able to determine which accounts are still outstanding lock out
customers 60 days past due.
The system must be able to determine when a member is not meeting goals for follow
up counseling on training program and generate list for trainers.
Performance
Must be able to support 24 users simultaneously.
Response time should not exceed four seconds
The system must be operational seven days a week.
System must be easily maintained by employees after implementation
Controls

The system must provide logon security at the operation system level and at the
application level.
Member records must be added, changed or deleted only by the Facility Managers.
The system must maintain separate levels of security for users and the system
administrator.
Must have system backup capability

Process Models
Context Diagram

14

DFD-0 (Parent DFD)

DFD 1 (Child DFD)

Statement of System Requirements

System needs to be configured to ease user interface and output reports as required

Member information programs payments special services

15

Daily appointment list and services by location

Daily Schedules, class rosters and registrations
Web Page interface for payment, registration and personal programs
Ease of use by managers, Instructors, staff and members
Member must be able to register for classes online
Security controls to safeguard personal and accounting information

System needs to be able to accept the following data Inputs

Membership registration information

Accounting data, payments, discounts and special programs data
Member personal program tracking and performance

Service Level Agreement should include the following:

Support 24 users simultaneously.

Response time should not exceed four seconds
The system must be operational six days a week.
Version upgrades should be easily installed by employees
Installation support should be available within 25 hours of contact.

Security

The system must provide logon security at the operation system level and at the
application level.
Delete capability by Office Administrator only.
The system must maintain separate levels of security for users and the system
administrator.
Must have role based security to maintain member confidentiality
Must have system backup capability

Solution Candidates
The following software candidates provide out of the box applications which are designed for
physical training facilities.
Prepackaged Software Systems and In House Development and Outsourcing

Member Information
16

Registration at Facility or Online

Customizable Management Reports which requires additional training and
development.
Allows entry of records by Managers and Trainers at various levels
Different levels of access for different users
Ability access class schedules and rosters
Connect to server on iPhone
Work with current network system

Bundled Commercial Software

Easy Member Search

Automatic bill preparation
Allows scheduling of Classes
o Member roster
o Allows overbooking of classes if authorized
o Shows training history of members and instructors
Allows electronic billing
Multi-divisional reporting capabilities
Accounts receivable management
Real-time entries
Canned reports and ability to customize reports with limited user knowledge
User Support Group with 24/7 Hotline to report issues.
Cost: $5,000

In Development and Outsourcing

Track members and their personal information

Track services that the training facilities perform along with the cost for reporting
purposes
Track member visits to gyms including services performed, quantity, time, etc.
Record member training programs and progress
Track accounting data of member in order to allow access to gyms and services
Record payments and services requested
Ability to generate reports with additional user training.
Cost: $6,000

17

Software candidate weighted evaluation

Recommendation of Software candidate

It is recommended that Personal Trainer Inc. use an in-house team to develop and design a
prototype along with outsourcing for web development. This package allows users to
perform all daily tasks through their desktop computer with ease. General and customized
reports can be created by a user without needing to have advanced knowledge of the
software. The use of the in-house developed software will allow users to break away from
handling hard copy files and manually creating reports and summaries, and will grant the
ability to accomplish all tasks in a timely manner.

18

Hardware/Software costs
Resource Material as of Friday 11/15/13
Personal Trainer Project
Resource Name

Type

Std. Rate

HP Z1 Workstation

Materia
ls
Materia
ls
Materia
ls
Materia
ls

In-house Development
Out Source Web
Enhancements

Staff
Materia
ls

$
650.00
$
499.95
$
6,798.25
$
2,679.00
$
10,500.00
$
2,500.00

World Elect. Cat 5 Cable

HP ProBook 455 G1
HPP2000 MSA Storage

Revised Feasibility Analysis

Operational Feasibility

Switching to a completely electronic system will allow employees to efficiently carry out
daily tasks without having to worry about losing any paper files.

Users will be able to customized and print reports in a fraction of the amount of time
needed to create the reports by hand. One person will be able to create the necessary
daily, weekly, monthly, quarterly, and yearly reports instead of having all staff members
work together to complete them.

There will be a slight transition time while the users are trained on how to properly utilize
the new software system but members will not see any adverse effects of the transition.

The new system will allow the company to grow without having to worry about an
increased workload on the employees for administrative tasks

Technical Feasibility

The company will need to purchase new hardware and design new software to
successfully implement a new system. This avenue will allow integration with current
software reducing the training cost. Current users will be able to navigate the system
easily due to familiarity with current software systems

19

Once training on the new system has been completed, the users will have adequate
knowledge to support themselves in any technical issues. Advanced expertise will only
be needed for system maintenance and emergency situations.

With additions of new facilities, new employees will need to be hired to allow growth of
the company. A new system will allow growth of the company without needing any
additional resources.

Economic Feasibility
Total Cost of Ownership
Training
Hardware and software updates
Maintenance and repairs
The cost of hiring a new long-term employee to help with the growing workload
will only temporarily fix the problem of being slowed down with large amounts of
paperwork. If the company keeps growing, it will be required to continuously hire
new employees and spend more money of salaries, or purchase a new system
that allows for growth.
Tangible Benefits
A new system allows users to generate reports to see who has overdue
payments more efficiently and on time.
Allows for users to create and submit insurance paperwork in a shorter amount of
time.
Users will be able to customize reports to fulfill and obligations whether it is to
managers or members program tracking needs.
Intangible Benefits
User-friendly system improves employee job satisfaction by allowing more to be
accomplished.
An organized and central database system will allow faster customer service.
Electronic member files are more convenient and will not be lost going from
person to person.
Schedule Feasibility
None of the hardware needs to be custom ordered but, the software needs to be
built. Everything depends on current staff meeting development schedules and
should require minimal installation.
There is enough man-power to develop, employ, and train users on the new
system.
Personal Trainer Inc. employees are more than willing to accept a centralized
database system to accomplish daily tasks which will result in faster
implementation of the new system.

20

Scalability Statement for system

The In-house development and Outsourcing designed for Personal Trainer Inc. will
accommodate the required 14 desktops and laptops with minimal stress on the network.
The following components, HPP2000 MSA Storage, Cisco 2811 Integrated Services Router,
HP ProBook 455 G1, HP Z1 Workstation. The increase in resources will not reduce the
performance level of acquiring information from the data warehouse. The system should
handle complex queries from multiple user within the acceptable response time.

Implementation Plan Time estimate

Task

Dependency

Convert Files
(Outside vendor to convert
manual files)
Gather detailed requirements
Design/Customization

Following Requirements

Installation of Software

Can occur simultaneously

with Hardware install
Can occur simultaneously
with Software install
Following install,
simultaneously with
testing
Following install,
simultaneously with
training

Installation of Hardware
Training
Testing

Start

Finish

2/10/2014

5/19/2014

2/10/2014

2/18/2014

2/19/2014

3/19/2014

4/9/2014

4/11/2014

3/24/2014

4/14/2014

4/16/2014

5/6/2014

5/7/2014

5/19/2014

21

Security Plan: Personal Trainer, Inc.

This plan was developed by Reed Curry, Operations Manager, in cooperation with other key
members of Personal Trainer Inc. staff and Suzan Parks It Consultant with Patterson and
Wilder.

Objectives
This security plan is a modification from past plans. We will take a broad view of the security
risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the
virus attacks on small business such as ours earlier this year, and we hope to avoid a disaster
like that! However, I hope that by taking a wider view, we may be able to plan for threats we
dont know about yet.
I realize that we are limited in time, people, and (of course) cash. Our main priority is to continue
to grow a successful business. The project team has weighed these constraints carefully in
deciding what to do and has tried to strike a balance between practicality, cost, comfort, and
security measures. We are all convinced that updating system protocols is need as the
company continues to grow.
I am taking responsibility for leading this review and ensuring that all the action items are carried
out. I am concerned about the risks we face, although having reviewed the plan, I am sure we
can address them properly. This project has my full support and is a high priority for the
business.

Circulation
Because this document contains important security information, it is confidential. You are
requested to keep it under lock and key when not actually using it, and please dont leave it
lying around or make photocopies. We will not be sending this document via e-mail or storing it
on the serverpaper copies only, please. The following people are authorized to view this
document:

Cassia (President)
Reed (Operations Manager)
Janet (Financial Manager)
Bleak and Blue (our lawyers)
Watson, our outside security consultant

Project Team
The project team includes:

Reed, project leader

Janet
Suzan IT Consultant
22

Watson, advising our staff and carrying out some of the implementation

In addition, we consulted with staff members from sales, marketing, and design to get their
feedback about what they wanted and how the plan might affect them.

Section 2: Assessment Results

Our assessment has produced the following results.

Skills and Knowledge

Our technology consultant, Watson, is familiar with the whole situation and will be our expert
guide. However, we need to internalize as much of this knowledge as possible by doing as
much of the work as we can. Doing so will also help us save money. Luckily, Reed is an
amateur computer enthusiast. He has attended a security training course.
Each member of the project team has read the available security planning guides from Microsoft
and the Internet Engineering Task Force (IETF) in preparation. The company as a whole is
reasonably technically literate, but (with one or two exceptions) they see computers as tools to
get the job done and dont know much about how they work.

Our Network and Systems

Desktops: Twenty-four (one per member of staff plus two old machines acting as print
servers)
Laptop computers: Six (one each for the senior manager, one for Cassia, and three for
the sales team)
Printers: 15 (printer-fax combo units for each location and three at corporate)
Servers: One (running Small Business Server 2012 and looking after files, the Internet
connection, e-mail, and our customer database)
Internet connection: 1.5 Mbps cable modem connection

The server and several of the computers are linked by 100 Mbps Cat5 Ethernet cables. The
remainder is linked by an 802.11n+ wireless network with an access port. All computers run
Windows 7 Professional except for the two print servers.

Security
We compared each computer against the checklist in the Security Guide for Small Business. We
also ran the MBSA. These actions produced the following results:

Virus protection: Will be controlled as auto update s at the server level.

23

Spam-filtering software: Spam protection will be active along with Adware and
Malware protection.

Firewall: We ha install a military grade firewall and encryption systems to protect

corporate and customer information

Updates: All the Windows 7 Professional systems are up-to-date because they were
automatically checking and downloading updates. Microsoft Office is also up to date due
to the installation of automatic updates as approved by the IT department.

Passwords: All passwords will be random characters using numbers, letters, with at
least one upper case and one special character. Passwords will be changed every 6
months and not duplicated for at least three years.

Physical security: We had the insurance people in last year, so the window locks,
doors, and alarms are pretty good. All computers not in use will be logged off when user
not present. No passwords shall be written down in work stations. All doors and desk
shall be locked when occupants are not present to control information leaks. All
generated paper work shall be shredded if it contains any financial or personal
information from members, suppliers or employees.

Laptop computers: All the laptop computers had shiny bags with big manufacturer
logos. No security locks.

Wireless networking: Each employee wanting to use the Wi-Fi or server system must
log into system with their user name and password.

Web browsing: Everyone thinks that having fast Internet access is a great perk, but
they are using it all the time and without much thought to the risks. Through a content
filtering audit, we found that 20 percent of our Web browsing was unrelated to work. We
dont have a policy on acceptable use, and no one is taking any security measures.
Inappropriate sites will be blocked at the server level.

Backups: We back up data on the server to a redundant sever system on a weekly

basis, but we havent tested restoring the data since the system has recently been
installed. The server contains our primary customer database, so well-tested backups
are essential, as is keeping a copy of backups offsite.

Assets
Besides the physical property, our main assets are:

Our member information and marketing collateral

Records of our contracts with vendors
Our e-mail database and archive of past e-mail messages
Sales orders and the customer database
Financial information
24

Paper legal records stored in various filing cabinets

All these assets are considered secret and should be accessible only on a need-to-know basis.
In addition, they need to be protected and backed up as safely as we can manage.

Risks
We believe the risks break down into four main categories:

Intruders (viruses, worms, hijacking of our computer resources or Internet connection,

and random malicious use). These are the risks that anyone using computers connected
to the Internet faces. High risk, high priority.

External threats (rivals, disgruntled ex-employees, bad guys after money, and thieves).
They are likely to use the same tools as hackers, but in deliberately targeting us they
may also try to induce members of staff to supply confidential information or even use
stolen material to blackmail or damage us. We need to protect our assets with physical
and electronic security. High risk, high priority.

Internal threats. Whether accidental or deliberate, a member of staff may misuse his or
her privileges to disclose confidential information. Low risk, low priority.

Accidents and disasters. Fires, floods, accidental deletions, hardware failures, and
computer crashes. Low risk, medium priority.

Priorities
1.

Intruder deterrence:
Firewall
Virus protection
Strengthening the wireless network
Ensuring that all computers are updated via server
Ongoing user education and policies

2.

Theft prevention:
Laptop computer security
Security marking and asset inventory
Moving the server into a secure, lockable room
Security locks for desktop and laptop computers

3.

Disaster prevention:
More frequent backups with offsite storage
Ensure backup of users local data
Offsite backup of critical paper documents
Regularly testing the backups by performing a restore

4.

Internal security and confidentiality:

Strong password policy and user education
25

Secure printers for accounts, HR, and mangers

Review security for filing cabinets and confidential documents

Section 3: Security Plan

After performing our assessment, we have devised the following security plan.

Action Items
1. Ask our ISP or technology consultant to provide firewall upgrades if needed.
2. Enable Windows Firewall on the server and on all desktop computers.
3. Make sure that antivirus software is installed on all computers and that it is set to
automatically update virus definitions.
4. Configure computers running Office Outlook 2010 to use Junk E-mail filtering. Select,
purchase, and install adware and malware software on server, if necessary.
5. On the wireless network, disable service set identifier (SSID) broadcasting, choose and
configure a sensible SSID, enable WPA encryption, enable MAC filtering, and configure
the access point to allow traffic only from the desktop and laptop computers in the office..
6. Review all machines to make sure that they are fully updated, and set them to
automatically refresh those updates.
7. Buy new, nondescript laptop computer bags and locks.
8. Securities mark all desktop computers, laptop computers, and their components.
9. Log all serial numbers.
10. Buy and install desk security locks for desktop computers.
11. Find a suitable, lockable room for the server and move it there.
12. Review backup and restore procedures. Ensure that user data is either stored on the
server or copied across regularly prior to backups. Implement daily backups. Ensure that
a full backup goes offsite once a week. Ensure that the backup is password protected
and encrypted. Review paper documents, and make photocopies for secure offsite
storage of critical documents.
13. Configure Microsoft Server 2012 and individual machines to enforce reasonably strong
passwords. Discuss with users what would be an acceptable balance of convenience
and security. (We dont want them writing down their new passwords.)
14. Configure workstations to log users out and require a password to log on again if the
workstation is idle for more than 5 minutes.
15. Buy cheap printers for accounts, HR, and the two directors so that they can have private
documents printed securely.

Policy Changes
Kim will update the staff handbook to include new policies on:

Acceptable use of e-mail and the Internet

Use of passwords
Who can take company property away from the office
26

After she has completed a first draft, it will be reviewed by the directors and the companys
attorneys before being rolled out.

User Education
We expect to give up to two hours of user training in small groups as a result of these changes.
Training will cover:
The importance of security
Passwords
Laptop computer security
Virus prevention
Safe Internet browsing
Updating software and operating systems from a server
Introducing the new staff policies
Making sure employees understand the consequences for not complying with policies
Assessing employees understanding of the new policies
Periodically reviewing the practice of the new policies

Project Time Line and Responsibilities

The top three prioritiesfirewall, virus protection, and strengthening the wireless networkwill
receive urgent attention from our security consultant, Watson. The remaining tasks will be done
by our own staff in order of priority.
We expect the top three priorities to be completed within a week and the remaining tasks within
30 days of new system integration. Reed will be responsible for purchasing and implementing
the technical changes. Tai will be responsible for all the policy and training requirements. Janet
will oversee the project and be responsible for any other tasks that arise.

Response Planning
In the event of a security breach, we will contact Watson. His company has a one-hour
response policy during office hours and a four-hour response policy at all other times to deal
with serious incidents, such as virus infections. In addition, Reed will monitor the server and
firewall regularly to make sure that no breaches have occurred.

Ongoing Maintenance and Compliance

Gary will be responsible for security on a day-to-day basis, with Reed taking overall
responsibility. Reed will continue his own self-education on the topic, subscribe to security
bulletins from Microsoft and our antivirus software supplier, and liaise with Watson on a regular
basis to monitor compliance with the new policies.
On a monthly basis, Reed will make sure that Windows and our antivirus software are updated
and that the backup and restore procedures are working properly. He will also be responsible for
ensuring that new computer equipment is properly configured and up-to-date.

27

Tai will be responsible for ensuring that new staff joining the company is fully trained in the
companys security policies and procedures.
There will be a full, formal review of this plan in six months.

Section 4: Resources and Budget

The following expenditure has been approved:

Software and Hardware

Purchase antivirus software.

Configure Office Outlook 2010 to filter junk e-mail.
Update a hardware firewall.
Purchase security locks and new nondescript laptop computer bags.

Professional Advice

Bleak and Blue Esq. to review our rewritten staff policies

Watson for advice during the creation of this plan
Watson for help with implementation

Internal Resources

Although we are not paying for our own staff directly, to be clear about the allocation of
resources and the time that is available for this work, we have authorized the use of
internal staff as detailed above.

28

Risk Management Plan

Department: IT Consultants
Product or Process: In-House Development and Outsourcing
Document Owner: Suzan Parks
Project or Organization Role: IT Modifications for Personal Trainer Inc.
Version

Date

Author

Change Description

001.1

11/15/13

William Breadon

Initial documentation of plan

Project Risk Management Plan Purpose

A Project Risk Management Plan is a controlling document that incorporates the goals, strategies, and
methods for performing risk management on a project. The Project Risk Management Plan describes all
aspects of the risk identification, estimation, evaluation, and control processes. The purpose of
developing such a plan is to determine the approach for cost-effectively performing risk management on
the project.

Stakeholder Roles and Responsibilities

Role

Risk Management Responsibility

Assignment

Project Manger

The Project Manager is responsible

for the Project Risk Management
Plan being implemented and for
reporting to the Project Sponsor and
Management Group.

William Breadon

Consultant

Insuring Compliance and schedules

maintained for customer needs

Suzan Parks

Risk Management Process and Activities

Risk Management
Activity

Risk Management Task

Description

Data Base Development

Ability of Current Staff to develop the

required relational data bases

Ownership (Participants)
Gary Lewis - Manager

29

Web Enhancements

Addition of interfaces with customers,

forms, registration and security
integration

Suzan Parks - Consultant

Risk Management Plan Audit Log

Record Name

Responsibility

Approval
Authority

Distribution

Schedules

Suzan Parks

Cassia Uri

Management

Development

Gary Lewis

Cassia Uri

Finance, Sales &

Operations

Installation

Reed Curry

Cassia Uri

Operations

Training

Suzan Parks

Cassia Uri

Consultant, Operations

Risk Assessment and Management Table

Risk Type

Risk and Description

Risk
Chance

Risk
Impact

Risk
Priority

Risk Owner

MGMT ChartMedium
Project
Inadequate project Risk Medium
Medium William
Management definition
Breadon
Low
Low/Medium
Medium
Medium/Hig
High Risk
Risk
Risk
Risk
h
Risk
Risks
Stakeholders uncertain
Impac
Cost,
Equipment
Technology,
5
of project scope Process
t
damage
Design
model

Development In-house software

not in High
Resource High
4 constructed to Change
focus
specifications or
needs
Complexity

High

Web
Integration of changes
Enhancemen and navigation
2
ts
problems

Low

Low

Low

processes

Gary Lewis

Suzan Parks

Estimation

1
(low)

Probability

Risk Categories
Schedule, scope, budget, effort, people, unexpected issues
Risk Classification

30

Color
RED
YELLOW
BLUE
GREEN

Rating #
25
15 to 20
6 to 12
1 to 5

Action
Critical or Major, needs mitigation now
Moderate, should be monitored weekly
Low to Medium, should be monitored monthly
Low, should be monitored quarterly

Risk Management Plan Approvals

Prepared by:
William Breadon
Project Manager

Approved by:
Suzan Parks
Project Sponsor

Jim Patterson
Executive Sponsor

Cassia Uri
Member Sponsor

31

Formal System Proposal

Based on analysis of the current functions, it appears that In-House development and
design along with Outsourcing Web Design and Enhancements would be the most cost
effective solution for Personal Trainer Inc.
The software, developed in-house, will meet the exact demands and needs of Personal
Trainer Inc. In-house development will negate useless software in system delaying data
flows and errors. This approach will allow all users to transition to the updated system
meeting your unique needs and demands. Logon security at the system level as well as the
application level is supported by the software. Role based security is also available through
packaged software if this option is required.
The hardware has the capability to perform within the required response time based on the
24 users currently employed by Personal Trainer Inc. The network also has the capacity to
grow with the company to support up to 40 users. The network has the ability to store
incremental backup data as well as weekly full system backup.
System implementation should be completed within 12 weeks with minimal disruption to the
operations of the Physical Trainer Inc. Training will be hands-on conducted in a testing
environment. The User Acceptance Testing will also provide additional training time for the
users. Testing scenarios will be based on real life errors experiences by the company.
Following implementation, User support is available for a period of 3 months. Patterson and
Wilder have created a User Support Group to discuss issues that may arise during the day
to day operations of the system.
The implementation of the hardware and software will help Personal Trainer Inc. achieve its
business goal of increasing employee efficient, reduce billing errors, and increasing
profitability. Employees will be able to accept additional responsibilities due to reduced
manual processes integrating all facilities and corporate headquarters. The critical aspects
of the business such as billing, personal training programs, special services and structured
training programs will meet the needs of Personal Training Inc. The improvements will allow
all users and members simple access increasing overall customer satisfaction.

32

Addendum

Project Schedule:

33