ToT 011:

7 Steps to Evaluate Your Technology

John Barker
October 1, 2023
Read Time: 4 Minutes 30 Seconds

We all need frameworks.  Frameworks give us the structure to fit similar tasks into different situations.  Whenever I work with a new client, I want to start with the exact same framework.

You need to establish a baseline and set priorities first. This will have the most impact and reduce the greatest risk. Do this before you implement any random changes.  You are just shooting in the dark If you don’t establish a baseline.

Take these 7 steps that I use with clients and apply them to your own business.

1. Technology Calibration

Technology calibration for your business is the first area that I use.  I need to understand your mission.  In fact, you may need to refresh your employees on what your real mission for the company is.  Every initiative you undertake needs to take steps to improve your company’s mission.

Typical starting questions that I like to ask during this first phase include:

  1. How are decisions made in the company?
  2. What are the key metrics do you track?
  3. Does everyone have clearly defined roles?
  4. Does everyone understand the company’s financial position?
  5. What areas of business technology do you think need improvement for the business mission?

2. Technology Evaluation

Next move on to evaluating the technology. This is broken into two parts.  The first part is just what technology is in use (hardware and software).  The second part deals with evaluating the cybersecurity of your business.

Typical starting questions during phase two include:

  1. Is our technology formally documented? (Includes inventory, physical, and logical diagrams)
  2. What metrics are being tracked at the tech level to measure performance?
  3. Has the company accrued technical debt by not investing enough money?
  4. Does the technology department have a budget?

3. Cybersecurity Evaluation

Certain cybersecurity items will also emerge during the technology evaluation step.  After step 2 begin a formal cybersecurity evaluation.

Typical starting questions to work through include:

  1. Does our company fall under any specific cybersecurity compliance framework? If so what
  2. If not, then which one makes the most sense as a starting point? (HINT NIST CSF is a good starting point)
  3. Do we have a written system security plan in place?
  4. What cyber practices have we implemented to date? (MFA, Backups, account security, etc)
  5. Do you have cybersecurity champions in each department?

4. Risk Playbook

Now that the technology and cybersecurity evaluations are complete, it’s time to prioritize.  You have limited resources, so you must determine the first things to tackle.

There are two main questions to consider.

What initiative will have the greatest positive impact?

What initiative will reduce the greatest impactful risks?

I would advise fixing any glaring, impactful risks before implementing new technology to improve business functions.  Unless you can knock two birds with one stone.

5. Project Management

Once you have determined one or two priorities to tackle you need to put in a plan to execute.

  1. Who is the responsible decision maker?
  2. What is the stakeholder and scope?
  3. What are the resources necessary?
  4. What is the budget?
  5. How do you communicate and manage change with stakeholders?
  6. Are there any risks associated?
  7. What is the test approval scenario?
  8. What does deployment look like?
  9. Is there a continuous improvement needed after initial deployment?
  10. Who signs off that the project is complete?

6. SOP Playbook

You’ve tackled your biggest opportunities and threats.  Now you need to begin standardizing your operations.  Standardization makes it easier to replicate tasks successfully.  It makes delegation of tasks easier.  Training new hires becomes simpler.  It reduces the need for unnecessary meetings when just updating a centralized SOP is the only task necessary.  It reduces the risk of screwing something up.

Items to consider when developing SOPs for your Technology Department:

  1. What tool(s) are necessary for centralized SOP creation and review?
  2. Can alerts be triggered for regularly used SOPs?
  3. Who has final ownership and approval of the SOP knowledge base?

Technology SOPs that I like to see as a starting point are:

  1. Onboarding and offboarding process from HR
  2. Standard IT configuration
  3. System Patching
  4. Technical Support workflow and response
  5. Communication
  6. CI/CD process
  7. Backup Testing

I have a recent post with a template for SOPs you can review here.

7. Staff Training Playbook

There are two final areas to consider with staff training.  Continuous technical training and certification for the IT staff.  Regular cybersecurity training for your entire employee base.

Its not a secret that technology changes rapidly. In 2023, A.I. has made these changes as fast as I’ve ever seen.  You need to keep your technology team up to date on the latest trends and tools that can improve your business.

The entire staff needs to keep up to date on cyber threats.  In the cybersecurity evaluation, we check to see if you have identified a cyber champion in each functional department.  These designees can assist the technology/security team with cyber bulletins, phishing tests, or general knowledge.  Your team may find cyber training more impactful coming from one of their own teammates instead of the “IT person.”

That’s all for this week.

See you next Sunday.


Whenever you’re ready, there is one way I can help you:
I can help if you need help whipping your technology back into shape, looking to improve your cybersecurity, or just need someone to look over shoulder.
Click the above link, send me some details about your business, and schedule a zoom meeting.
Simple as that.

About the Newsletter

Get One Tip every Sunday morning to optimize and secure your business technology.

John Barker

John Barker

John has over 25 years of technology experience and earned a Bachelor’s in Business Management & MBA.  He also holds CISSP and PMP certifications.