Personal Trainer Inc.

Personal Trainer Inc.[Type the document subtitle]

This document is the group project for CIS 2321 Capstone. This project is a group effort constructed based on the case study, Personal Trainer Inc., assigned by the instructor. We have compiled data as outline in the case study in order to build the below recommendations.

William Breadon11/27/2013

October 31, 2013

Ms. Cassia Umi PresidentPersonal Trainer, Inc. 5498 Healthy Way, Chicago, IL. 54321

Dear Ms. Umi,

I am writing this letter to submit an interesting data solution to Personal Trainer, Inc. which may cut your costs by 50 percent and dramatically improve overall efficiency.

Our company, Patterson & Wilder IT Consultants, has more than 18 years of experience in analyzing, designing, implementing and maintaining Information Systems for growing businesses. The objective of Patterson & Wilder is to evaluate your existing infrastructure and propose a cost effective system that can be implemented in a timely manner with minimal disruption to Personal Trainer Inc. For an expanding company like Personal Trainer, Inc., Patterson & Wilder can assist with the development of an Enterprise Information System that will not only increase productivity now, but will allow for expansion well into this 21st century. This Enterprise System would integrate all of Personal Trainer, Inc. business processes; i.e. payroll, billing and other accounting data into a central system. This type of system supports Personal Trainer, Inc. business goals by capturing large volumes of member and employee information and securely storing them. The data collected and entered would be stored in a manner that allows for the day to day access by employees and warehoused so that it can be retrieved to analyze trends in treatment. In addition to member information, the system would be able to assist Personal Trainer, Inc. with billing, suppliers and payroll. By combining all processes into once central system, Personal Trainer, Inc. would experience a reduction in cost of data entry and storage as well as increased employee efficiency and customer satisfaction. You can contact me, Suzan Park at (555) 543-5432 or email at s.park@ pattersonwilderit.com.

I am looking forward to meeting you in person and discussing your data solution needs.

Thanks in advance for your time. Patterson and WilderIT consulting

5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

Brian Patterson

Brian PattersonPresident, Patterson & Wilder(555) 543-5432

Company History

Patterson and Wilder IT Consultants was established in 1995 to provide data solutions for small and medium businesses. Our company has more than 18 years of experience in analyzing, designing, implementing and maintaining Information Systems for growing businesses. The objective of Paterson and Wilder is to evaluate existing infrastructures and propose a cost effective system that can be implemented in a timely manner with minimal disruption to expanding small business operations. Patterson and WilderIT consulting5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

Table of ContentsModified Letter to Owner....................................................................................................................................................4Problem Statement5Project Scope5Constraints5System Requirements for Accounting System and Web Page6Benefits Accounting and Web Base Data Systems6Time and Cost Estimates8Feasibility Estimates9Recommendations11Statement of Work Signature Page12Overview of Proposed Computer System Function13Process Models14Statement of System Requirements15Solution Candidates16Software candidate weighted evaluation17Recommendation of Software candidate17Hardware/Software costs18Revised Feasibility Analysis18Scalability Statement for system20Implementation Plan Time estimate20Security Plan: Personal Trainer, Inc.21Risk Management Plan28Formal System Proposal. 31Addendum. 32

Modified Letter to Owner

November 15, 2013

Ms. Cassia Umi PresidentPersonal Trainer, Inc. 5498 Healthy Way, Chicago, IL. 54321

Dear Ms. Umi:

I am writing this letter to submit an interesting data solution to you and Personal Trainer Inc. which may cut your costs by 50 percent and dramatically improve overall efficiency. Patterson and Wilder IT Consultants is proposing that Personal Trainer Inc. implement an in-house design software package along with web page enhancements. For an expanding company like Personal Trainer, Inc. an in-house design software package will not only increase productivity now, but will allow for expansion well into this 21st century. The in-house design software package would concentrate on several aspects of the member records and training program information for Personal Trainer Inc. The in-house design software package supports Personal Trainer Inc.s business goals by processing and storing the data created during daily operations. The stored data would allow for timely access by employees. Also, the stored data can be retrieved to analyze trends in program progress and help to design future programs for members in the future. In addition to member information, the system would be able to assist Personal Trainer Inc. with billing and members able to pay via web site. By concentrating on your member records and reducing manual processes, Personal Trainer Inc. would experience an increase in employee efficiency, customer satisfaction and profitability. I look forward to meeting you in person and discussing your data solution needs.

Thanking you in advance for your time

Brian Patterson

Brian PattersonPresident, Patterson & Wilder(555) 543-5432 Patterson and WilderIT consulting5432 Short Circuit Blvd, Chicago, IL 54321555.543.5432 ph 555.543.5433 faxwww.pattersonwilderit.com

Problem Statement Expanding Company wants to be able to offer on line services for the members of their fitness clubs. A new online web access is needed to fill the new demands of the company. Also they want offer membership sales and upgrades to new and existing customers. Personal Trainer Inc. wants to be able to off two memberships as well as allowing paying for special programs such as child fitness.

Project ScopePatterson and Wilder is proposing that Personal Trainer Inc. have a web page designed to allow easy access for customers, staff and new members. This will allow members to access all clubs from one location. Also, this project will consist of consolidating member records into a database allowing access by different departments simultaneously. During the project, desktop and laptop workstations will be established in each department and reception areas. Patterson and Wilder will provide training, and support to all departments in the company. The proposed testing and implementation is expected to be completed by May 2014.

ConstraintsIn order to implement an efficient member management system, the following barriers exist in the current Personal Trainer locations. Availability of Web Designers capable of meeting customer requirements.. Daily operations interface while trying to launch new Web Page. After hours work for data conversion. Night crews may have to be utilized to update hardware to prevent daily operations. Schedule designed based on new facility build out, contractor delays may delay project. Employees may need basic computer skills training to proficiently complete Software training. Training will have to be done during normal business hours

System Requirements for Accounting System and Web PageThis is a high level description of the capabilities required of the new system. During Requirements gathering, detailed descriptions will be provided to Personal Trainer, Inc. prior to system design and implementation. The system must be able to make future dated member appointments, special services and personal program tracking. The system must produce daily schedules, reporting, monthly billing statements and personal program performance. Member Information must be accessible by all departments. Must be able to enter related member information and training programs Must be able to support all users simultaneously without delayed system response times. System must be easily maintained by employees after implementation. Must have system backup capability. System must be compatible with current Network. System must have lifespan of at least 5 years.

Benefits Accounting and Web Base Data Systems Personal Trainer Inc. is proposing to interface current accounting system with a new web base system for employees and customer to be able to access 24/7. By storing the information in a database, the Company will reduce manual processes and associated costs which will improve profitability.Reduce Cost Poor manual handoffs between departments result in a significant waste of time. Electronic data will help to increase productivity by reducing manual process used to create schedules, reports and mailing lists. This could be a savings of at least one fulltime employee (FTE). By automating processes that are currently handled manually, personal can take on additional responsibilities.

Increased revenue By automating manual processes, billing information will flow to external customers quicker which can result in significant financial benefits. Cycle time reports showing outstanding balance can be created for monitoring for appropriate personal.

Ability to Implement Changes Electronically stored data will allow for changes to various levels of memberships and special services added in the future

Improved Customer Service A documented process that is followed through process automation reduces manual errors and the risk of fraud. Member satisfaction will improve when employees are able to more spend time with them in the facilities assisting them to accomplish their personal goals. Internal customers will benefit from schedules/reports produced accurately and in a timely manner.

Time and Cost Estimates

Option 1 Build Software In house Development TaskDurationHigh Level Description Cost

Requirements Definition4 daysAnalyze current processes to determine user requirements$1920

Design5 daysDevelop prototype of user screens and reporting for working version of system and new data base $3500

Implementation4 daysSystem Hardware and Software installed$3000

Initial Training20 hoursTrain the Trainer and Hands on training provided for each employee based on tasks performed$2400

Testing10 daysTest scenario development and UAT by SME $1200

Software8 weeksBuild- In house development$7,000

Hardware

2weeksIncludes desktops, laptops, servers, routers, cabling etcMay be able to negotiate for bundled hardware costing $5,000$18,243

Total Time12 WeeksTotal Costs$37,263

Option 2 Buy Software TaskDurationHigh Level Description Cost

Requirements Definition4 daysAnalyze current processes to determine user requirements$1920

Customization5 daysCustomize out of the box solution $3400

Implementation4 daysSystem Hardware and Software installed$4000

Initial Training20 hoursTrain the Trainer and Hands on training provided for each employee based on tasks performed$3500

Testing10 daysTest scenario development and UAT by SME $1200

SoftwareBased on software solution $12,000

Hardware

2 weeksIncludes desktops, laptops, servers, routers, etcMay be able to negotiate for bundled hardware costing $5,000$18,243

Total Time6 WeeksTotal Costs$44,263

Maintenance/Support CostsMaintenance/SupportAnnual License fee for purchased software0.00

Feasibility Estimates

Operational Feasibility The current system is difficult to maintain because of the proximity of the various fitness centers to corporate headquarters. The new system will not result in workforce reduction, cause any new demands on the users, but will require training to properly allow users to utilize the system. Customers will not experience any adverse effect and will see better customer service and access to personal training records and account data.

Technical Feasibility Hardware, software, and network resources will need to be updated. In house design of using a relational data base model. Outsource company to develop required Web Site Enhanchements Technical expertise is not required for day-to-day operations, but will be required for maintenance. The proposed platform will allow future growth.

Economic FeasibilityTotal Cost of Ownership By not implementing a new system, Personal Trainer, Inc. will be required to hire more personnel to handle all the manual tasks needed to complete daily operations. Additionally, the risk of losing member files and program tracking data is greatly increased when there is not a central database to keep customer information.

Tangible Benefits Reduces the over-all amount of time needed for all administrative tasks

Intangible Benefits Employees will not have to worry about keeping track of member files and reduce the stress of creating daily and month reports.

Schedule Feasibility June 2014 is an adequate amount of time to finish and implement the system.

Personal Trainer Inc. Organizational Chart

Recommendations

Personal Trainer, Inc. currently manages all member records at each location. This process creates bottlenecks of data and redundant work for several employees. Due to the amount of manual work, critical aspects of the business such as payment processing and training program records. Patterson and Wilder is proposing to assist Personal Trainer, Inc. in updating the current accounting software to allow interface of customers for web access to accounts payments, purchases and access to customer training records . This will be accomplished in a three step plan of data base design, user interface design and application architecture. The member data will be managed more efficiently and increase productivity in the office. Increased productivity usually means increase in revenue usually at the same time lowering overhead costs. By automating tasks, the business may see a reduction in costs, employee boredom, manual errors and increased productivity.

Statement of Work Signature Page

I agree that the business requirements represent the defined scope of this project, and represent our best understanding of the requirements. Any additional business functionality realized during the completion of the functional or technical specifications will be considered new requirements that will mean a revision to this document and could impact the scope, costs, resources and implementation time line for this project.

NameTitleSignatureDate

Cassie UmiPresident, Personal Trainer, Inc.

Reed CurryOperations Manager

Janet Macdonald Finance Manager

Tai TranhSales & Marketing Manager

Susan ParkIT Consultant, Patterson & Wilder IT Consultants

PHASE 2

Overview of Proposed Computer System Function Output The system must produce daily schedules by provider The system must be able to produce daily appointment list for special services The system must be able be able to produce weekly Facility Reports to track production by store. The report may be created on a monthly and yearly basis. The system must be able to produce monthly financial reports and sales trends for each store to assist in sales and marketing. The system must be able to produce monthly billing statements to be accessed via corporate web site The system must be able to allow members to access customized training programs and personal services from web based access.Inputs Must be able to migrate current accounting system with web. Must be able to allow online sales, registration and account monitoring by customers. Must be able to allow payments for monthly fees and special services Must be able to take reservations for special events and services. Must be able to enter individual member information for each person in family with individual access to their personal records and training programs by household. Process The system must be able to determine which accounts are still outstanding lock out customers 60 days past due. The system must be able to determine when a member is not meeting goals for follow up counseling on training program and generate list for trainers. Performance Must be able to support 24 users simultaneously. Response time should not exceed four seconds The system must be operational seven days a week. System must be easily maintained by employees after implementationControls The system must provide logon security at the operation system level and at the application level. Member records must be added, changed or deleted only by the Facility Managers. The system must maintain separate levels of security for users and the system administrator. Must have system backup capability

Process Models Context Diagram

DFD-0 (Parent DFD)

DFD 1 (Child DFD)

Statement of System RequirementsSystem needs to be configured to ease user interface and output reports as required Member information programs payments special services Daily appointment list and services by location Daily Schedules, class rosters and registrations Web Page interface for payment, registration and personal programs Ease of use by managers, Instructors, staff and members Member must be able to register for classes online Security controls to safeguard personal and accounting information

System needs to be able to accept the following data Inputs Membership registration information Accounting data, payments, discounts and special programs data Member personal program tracking and performance

Service Level Agreement should include the following: Support 24 users simultaneously. Response time should not exceed four seconds The system must be operational six days a week. Version upgrades should be easily installed by employees Installation support should be available within 25 hours of contact.

Security The system must provide logon security at the operation system level and at the application level. Delete capability by Office Administrator only. The system must maintain separate levels of security for users and the system administrator. Must have role based security to maintain member confidentiality Must have system backup capability

Solution Candidates The following software candidates provide out of the box applications which are designed for physical training facilities. Prepackaged Software Systems and In House Development and Outsourcing Member Information Registration at Facility or Online Customizable Management Reports which requires additional training and development. Allows entry of records by Managers and Trainers at various levels Different levels of access for different users Ability access class schedules and rosters Connect to server on iPhone Work with current network system

Bundled Commercial Software Easy Member Search Automatic bill preparation Allows scheduling of Classes Member roster Allows overbooking of classes if authorized Shows training history of members and instructors Allows electronic billing Multi-divisional reporting capabilities Accounts receivable management Real-time entries Canned reports and ability to customize reports with limited user knowledge User Support Group with 24/7 Hotline to report issues. Cost: $5,000In Development and Outsourcing Track members and their personal information Track services that the training facilities perform along with the cost for reporting purposes Track member visits to gyms including services performed, quantity, time, etc. Record member training programs and progress Track accounting data of member in order to allow access to gyms and services Record payments and services requested Ability to generate reports with additional user training. Cost: $6,000Software candidate weighted evaluation

Recommendation of Software candidate

It is recommended that Personal Trainer Inc. use an in-house team to develop and design a prototype along with outsourcing for web development. This package allows users to perform all daily tasks through their desktop computer with ease. General and customized reports can be created by a user without needing to have advanced knowledge of the software. The use of the in-house developed software will allow users to break away from handling hard copy files and manually creating reports and summaries, and will grant the ability to accomplish all tasks in a timely manner.

Hardware/Software costs Resource Material as of Friday 11/15/13

Personal Trainer Project

Resource NameTypeStd. Rate

World Elect. Cat 5 CableMaterials $ 650.00

HP ProBook 455 G1Materials $ 499.95

HPP2000 MSA Storage Materials $ 6,798.25

HP Z1 WorkstationMaterials $ 2,679.00

In-house DevelopmentStaff $ 10,500.00

Out Source Web EnhancementsMaterials $ 2,500.00

Revised Feasibility Analysis Operational Feasibility Switching to a completely electronic system will allow employees to efficiently carry out daily tasks without having to worry about losing any paper files. Users will be able to customized and print reports in a fraction of the amount of time needed to create the reports by hand. One person will be able to create the necessary daily, weekly, monthly, quarterly, and yearly reports instead of having all staff members work together to complete them. There will be a slight transition time while the users are trained on how to properly utilize the new software system but members will not see any adverse effects of the transition. The new system will allow the company to grow without having to worry about an increased workload on the employees for administrative tasksTechnical Feasibility The company will need to purchase new hardware and design new software to successfully implement a new system. This avenue will allow integration with current software reducing the training cost. Current users will be able to navigate the system easily due to familiarity with current software systems

Once training on the new system has been completed, the users will have adequate knowledge to support themselves in any technical issues. Advanced expertise will only be needed for system maintenance and emergency situations.

With additions of new facilities, new employees will need to be hired to allow growth of the company. A new system will allow growth of the company without needing any additional resources.

Economic FeasibilityTotal Cost of Ownership Training Hardware and software updates Maintenance and repairs The cost of hiring a new long-term employee to help with the growing workload will only temporarily fix the problem of being slowed down with large amounts of paperwork. If the company keeps growing, it will be required to continuously hire new employees and spend more money of salaries, or purchase a new system that allows for growth.

Tangible Benefits A new system allows users to generate reports to see who has overdue payments more efficiently and on time. Allows for users to create and submit insurance paperwork in a shorter amount of time. Users will be able to customize reports to fulfill and obligations whether it is to managers or members program tracking needs.

Intangible Benefits User-friendly system improves employee job satisfaction by allowing more to be accomplished. An organized and central database system will allow faster customer service. Electronic member files are more convenient and will not be lost going from person to person.

Schedule Feasibility None of the hardware needs to be custom ordered but, the software needs to be built. Everything depends on current staff meeting development schedules and should require minimal installation. There is enough man-power to develop, employ, and train users on the new system. Personal Trainer Inc. employees are more than willing to accept a centralized database system to accomplish daily tasks which will result in faster implementation of the new system.

Scalability Statement for system

The In-house development and Outsourcing designed for Personal Trainer Inc. will accommodate the required 14 desktops and laptops with minimal stress on the network. The following components, HPP2000 MSA Storage, Cisco 2811 Integrated Services Router, HP ProBook 455 G1, HP Z1 Workstation. The increase in resources will not reduce the performance level of acquiring information from the data warehouse. The system should handle complex queries from multiple user within the acceptable response time.

Implementation Plan Time estimate

Task DependencyStartFinish

Convert Files(Outside vendor to convert manual files)2/10/20145/19/2014

Gather detailed requirements2/10/20142/18/2014

Design/Customization Following Requirements2/19/20143/19/2014

Installation of SoftwareCan occur simultaneously with Hardware install 4/9/20144/11/2014

Installation of HardwareCan occur simultaneously with Software install 3/24/20144/14/2014

TrainingFollowing install, simultaneously with testing4/16/20145/6/2014

TestingFollowing install, simultaneously with training5/7/20145/19/2014

Security Plan: Personal Trainer, Inc.This plan was developed by Reed Curry, Operations Manager, in cooperation with other key members of Personal Trainer Inc. staff and Suzan Parks It Consultant with Patterson and Wilder.

Objectives

This security plan is a modification from past plans. We will take a broad view of the security risks facing the firm and take prompt action to reduce our exposure. Everyone remembers the virus attacks on small business such as ours earlier this year, and we hope to avoid a disaster like that! However, I hope that by taking a wider view, we may be able to plan for threats we dont know about yet.

I realize that we are limited in time, people, and (of course) cash. Our main priority is to continue to grow a successful business. The project team has weighed these constraints carefully in deciding what to do and has tried to strike a balance between practicality, cost, comfort, and security measures. We are all convinced that updating system protocols is need as the company continues to grow.

I am taking responsibility for leading this review and ensuring that all the action items are carried out. I am concerned about the risks we face, although having reviewed the plan, I am sure we can address them properly. This project has my full support and is a high priority for the business.Circulation

Because this document contains important security information, it is confidential. You are requested to keep it under lock and key when not actually using it, and please dont leave it lying around or make photocopies. We will not be sending this document via e-mail or storing it on the serverpaper copies only, please. The following people are authorized to view this document:

Cassia (President) Reed (Operations Manager) Janet (Financial Manager) Bleak and Blue (our lawyers) Watson, our outside security consultant

Project Team

The project team includes:

Reed, project leader Janet Suzan IT Consultant Watson, advising our staff and carrying out some of the implementation

In addition, we consulted with staff members from sales, marketing, and design to get their feedback about what they wanted and how the plan might affect them.

Section 2: Assessment Results

Our assessment has produced the following results.

Skills and Knowledge

Our technology consultant, Watson, is familiar with the whole situation and will be our expert guide. However, we need to internalize as much of this knowledge as possible by doing as much of the work as we can. Doing so will also help us save money. Luckily, Reed is an amateur computer enthusiast. He has attended a security training course.

Each member of the project team has read the available security planning guides from Microsoft and the Internet Engineering Task Force (IETF) in preparation. The company as a whole is reasonably technically literate, but (with one or two exceptions) they see computers as tools to get the job done and dont know much about how they work.

Our Network and Systems

Desktops: Twenty-four (one per member of staff plus two old machines acting as print servers) Laptop computers: Six (one each for the senior manager, one for Cassia, and three for the sales team) Printers: 15 (printer-fax combo units for each location and three at corporate) Servers: One (running Small Business Server 2012 and looking after files, the Internet connection, e-mail, and our customer database) Internet connection: 1.5 Mbps cable modem connection

The server and several of the computers are linked by 100 Mbps Cat5 Ethernet cables. The remainder is linked by an 802.11n+ wireless network with an access port. All computers run Windows 7 Professional except for the two print servers. Security

We compared each computer against the checklist in the Security Guide for Small Business. We also ran the MBSA. These actions produced the following results:

Virus protection: Will be controlled as auto update s at the server level.

Spam-filtering software: Spam protection will be active along with Adware and Malware protection.

Firewall: We ha install a military grade firewall and encryption systems to protect corporate and customer information

Updates: All the Windows 7 Professional systems are up-to-date because they were automatically checking and downloading updates. Microsoft Office is also up to date due to the installation of automatic updates as approved by the IT department.

Passwords: All passwords will be random characters using numbers, letters, with at least one upper case and one special character. Passwords will be changed every 6 months and not duplicated for at least three years.

Physical security: We had the insurance people in last year, so the window locks, doors, and alarms are pretty good. All computers not in use will be logged off when user not present. No passwords shall be written down in work stations. All doors and desk shall be locked when occupants are not present to control information leaks. All generated paper work shall be shredded if it contains any financial or personal information from members, suppliers or employees.

Laptop computers: All the laptop computers had shiny bags with big manufacturer logos. No security locks.

Wireless networking: Each employee wanting to use the Wi-Fi or server system must log into system with their user name and password.

Web browsing: Everyone thinks that having fast Internet access is a great perk, but they are using it all the time and without much thought to the risks. Through a content filtering audit, we found that 20 percent of our Web browsing was unrelated to work. We dont have a policy on acceptable use, and no one is taking any security measures. Inappropriate sites will be blocked at the server level.

Backups: We back up data on the server to a redundant sever system on a weekly basis, but we havent tested restoring the data since the system has recently been installed. The server contains our primary customer database, so well-tested backups are essential, as is keeping a copy of backups offsite.

Assets

Besides the physical property, our main assets are:

Our member information and marketing collateral Records of our contracts with vendors Our e-mail database and archive of past e-mail messages Sales orders and the customer database Financial information Paper legal records stored in various filing cabinets

All these assets are considered secret and should be accessible only on a need-to-know basis. In addition, they need to be protected and backed up as safely as we can manage.Risks

We believe the risks break down into four main categories:

Intruders (viruses, worms, hijacking of our computer resources or Internet connection, and random malicious use). These are the risks that anyone using computers connected to the Internet faces. High risk, high priority.

External threats (rivals, disgruntled ex-employees, bad guys after money, and thieves). They are likely to use the same tools as hackers, but in deliberately targeting us they may also try to induce members of staff to supply confidential information or even use stolen material to blackmail or damage us. We need to protect our assets with physical and electronic security. High risk, high priority.

Internal threats. Whether accidental or deliberate, a member of staff may misuse his or her privileges to disclose confidential information. Low risk, low priority.

Accidents and disasters. Fires, floods, accidental deletions, hardware failures, and computer crashes. Low risk, medium priority.Priorities

1. Intruder deterrence: Firewall Virus protection Strengthening the wireless network Ensuring that all computers are updated via server Ongoing user education and policies

2. Theft prevention: Laptop computer security Security marking and asset inventory Moving the server into a secure, lockable room Security locks for desktop and laptop computers

3. Disaster prevention: More frequent backups with offsite storage Ensure backup of users local data Offsite backup of critical paper documents Regularly testing the backups by performing a restore

4. Internal security and confidentiality: Strong password policy and user education Secure printers for accounts, HR, and mangers Review security for filing cabinets and confidential documents

Section 3: Security Plan

After performing our assessment, we have devised the following security plan.

Action Items

1. Ask our ISP or technology consultant to provide firewall upgrades if needed.2. Enable Windows Firewall on the server and on all desktop computers.3. Make sure that antivirus software is installed on all computers and that it is set to automatically update virus definitions.4. Configure computers running Office Outlook 2010 to use Junk E-mail filtering. Select, purchase, and install adware and malware software on server, if necessary.5. On the wireless network, disable service set identifier (SSID) broadcasting, choose and configure a sensible SSID, enable WPA encryption, enable MAC filtering, and configure the access point to allow traffic only from the desktop and laptop computers in the office..6. Review all machines to make sure that they are fully updated, and set them to automatically refresh those updates.7. Buy new, nondescript laptop computer bags and locks.8. Securities mark all desktop computers, laptop computers, and their components.9. Log all serial numbers.10. Buy and install desk security locks for desktop computers.11. Find a suitable, lockable room for the server and move it there.12. Review backup and restore procedures. Ensure that user data is either stored on the server or copied across regularly prior to backups. Implement daily backups. Ensure that a full backup goes offsite once a week. Ensure that the backup is password protected and encrypted. Review paper documents, and make photocopies for secure offsite storage of critical documents.13. Configure Microsoft Server 2012 and individual machines to enforce reasonably strong passwords. Discuss with users what would be an acceptable balance of convenience and security. (We dont want them writing down their new passwords.)14. Configure workstations to log users out and require a password to log on again if the workstation is idle for more than 5 minutes.15. Buy cheap printers for accounts, HR, and the two directors so that they can have private documents printed securely.Policy Changes

Kim will update the staff handbook to include new policies on:

Acceptable use of e-mail and the Internet Use of passwords Who can take company property away from the office

After she has completed a first draft, it will be reviewed by the directors and the companys attorneys before being rolled out.User Education

We expect to give up to two hours of user training in small groups as a result of these changes. Training will cover: The importance of security Passwords Laptop computer security Virus prevention Safe Internet browsing Updating software and operating systems from a server Introducing the new staff policies Making sure employees understand the consequences for not complying with policies Assessing employees understanding of the new policies Periodically reviewing the practice of the new policiesProject Time Line and Responsibilities

The top three prioritiesfirewall, virus protection, and strengthening the wireless networkwill receive urgent attention from our security consultant, Watson. The remaining tasks will be done by our own staff in order of priority.

We expect the top three priorities to be completed within a week and the remaining tasks within 30 days of new system integration. Reed will be responsible for purchasing and implementing the technical changes. Tai will be responsible for all the policy and training requirements. Janet will oversee the project and be responsible for any other tasks that arise.

Response Planning

In the event of a security breach, we will contact Watson. His company has a one-hour response policy during office hours and a four-hour response policy at all other times to deal with serious incidents, such as virus infections. In addition, Reed will monitor the server and firewall regularly to make sure that no breaches have occurred. Ongoing Maintenance and Compliance

Gary will be responsible for security on a day-to-day basis, with Reed taking overall responsibility. Reed will continue his own self-education on the topic, subscribe to security bulletins from Microsoft and our antivirus software supplier, and liaise with Watson on a regular basis to monitor compliance with the new policies.

On a monthly basis, Reed will make sure that Windows and our antivirus software are updated and that the backup and restore procedures are working properly. He will also be responsible for ensuring that new computer equipment is properly configured and up-to-date.

Tai will be responsible for ensuring that new staff joining the company is fully trained in the companys security policies and procedures.

There will be a full, formal review of this plan in six months.Section 4: Resources and Budget

The following expenditure has been approved:Software and Hardware Purchase antivirus software. Configure Office Outlook 2010 to filter junk e-mail. Update a hardware firewall. Purchase security locks and new nondescript laptop computer bags.Professional Advice

Bleak and Blue Esq. to review our rewritten staff policies Watson for advice during the creation of this plan Watson for help with implementationInternal Resources

Although we are not paying for our own staff directly, to be clear about the allocation of resources and the time that is available for this work, we have authorized the use of internal staff as detailed above.

Risk Management PlanDepartment: IT ConsultantsProduct or Process: In-House Development and OutsourcingDocument Owner:Suzan ParksProject or Organization Role: IT Modifications for Personal Trainer Inc.

VersionDateAuthorChange Description

001.111/15/13William BreadonInitial documentation of plan

Project Risk Management Plan PurposeA Project Risk Management Plan is a controlling document that incorporates the goals, strategies, and methods for performing risk management on a project. The Project Risk Management Plan describes all aspects of the risk identification, estimation, evaluation, and control processes. The purpose of developing such a plan is to determine the approach for cost-effectively performing risk management on the project.Stakeholder Roles and ResponsibilitiesRoleRisk Management ResponsibilityAssignment

Project MangerThe Project Manager is responsible for the Project Risk Management Plan being implemented and for reporting to the Project Sponsor and Management Group.William Breadon

ConsultantInsuring Compliance and schedules maintained for customer needsSuzan Parks

Risk Management Process and ActivitiesRisk Management ActivityRisk Management Task DescriptionOwnership (Participants)

Data Base Development

Ability of Current Staff to develop the required relational data basesGary Lewis - Manager

Web EnhancementsAddition of interfaces with customers, forms, registration and security integrationSuzan Parks - Consultant

Risk Management Plan Audit LogRecord NameResponsibilityApproval AuthorityDistribution

SchedulesSuzan ParksCassia UriManagement

DevelopmentGary LewisCassia UriFinance, Sales & Operations

InstallationReed CurryCassia UriOperations

TrainingSuzan ParksCassia UriConsultant, Operations

Risk Assessment and Management TableRisk TypeRisk and DescriptionRisk ChanceRisk ImpactRisk PriorityRisk Owner

Project Management RisksInadequate project definition

Stakeholders uncertain of project scopeMediumMediumMediumWilliam Breadon

DevelopmentIn-house software not constructed to specifications or needsHighHighHighGary Lewis

Web EnhancementsIntegration of changes and navigation problemsLowLowLowSuzan Parks

Risk MGMT Chart

Low RiskLow/Medium RiskMedium RiskMedium/High RiskHigh Risk

Impact5Cost, Process modelEquipment damageTechnology, Design processes

4Change in focusResource

3Complexity

2Estimation

1

(low)12345

Probability

Risk Categories

Schedule, scope, budget, effort, people, unexpected issues

Risk Classification

ColorRating #Action

RED25Critical or Major, needs mitigation now

YELLOW15 to 20Moderate, should be monitored weekly

BLUE6 to 12Low to Medium, should be monitored monthly

GREEN1 to 5Low, should be monitored quarterly

Risk Management Plan ApprovalsPrepared by:William BreadonProject ManagerApproved by:Suzan ParksProject Sponsor

Jim PattersonExecutive Sponsor

Cassia UriMember Sponsor

Formal System Proposal

Based on analysis of the current functions, it appears that In-House development and design along with Outsourcing Web Design and Enhancements would be the most cost effective solution for Personal Trainer Inc.The software, developed in-house, will meet the exact demands and needs of Personal Trainer Inc. In-house development will negate useless software in system delaying data flows and errors. This approach will allow all users to transition to the updated system meeting your unique needs and demands. Logon security at the system level as well as the application level is supported by the software. Role based security is also available through packaged software if this option is required.The hardware has the capability to perform within the required response time based on the 24 users currently employed by Personal Trainer Inc. The network also has the capacity to grow with the company to support up to 40 users. The network has the ability to store incremental backup data as well as weekly full system backup. System implementation should be completed within 12 weeks with minimal disruption to the operations of the Physical Trainer Inc. Training will be hands-on conducted in a testing environment. The User Acceptance Testing will also provide additional training time for the users. Testing scenarios will be based on real life errors experiences by the company. Following implementation, User support is available for a period of 3 months. Patterson and Wilder have created a User Support Group to discuss issues that may arise during the day to day operations of the system. The implementation of the hardware and software will help Personal Trainer Inc. achieve its business goal of increasing employee efficient, reduce billing errors, and increasing profitability. Employees will be able to accept additional responsibilities due to reduced manual processes integrating all facilities and corporate headquarters. The critical aspects of the business such as billing, personal training programs, special services and structured training programs will meet the needs of Personal Training Inc. The improvements will allow all users and members simple access increasing overall customer satisfaction.

Addendum

Project Schedule:

9

Cassia UmiPresidentJanet McDonaldFinance ManagerTai TranhSales & Marketing ManagerReed CurryOperations Manger

FacilityManager Gary LewisFacilityManager Manager

Customer Information System

Accounting

Operations(Corporate and Each Facility)

Member Records

Accounting

Operations(Corporate and Each Facility)