Quarterly News
CONTENT Letter from the Steering Committee The topics for this newsletter were selected by the Apex Steering Committee. This It all starts here committee is comprised of a group of employees within different departments who are tasked with ensuring that each department works cohesively with each other to help Apex Data Solutions reach its goals. The Apex Steering Committee meets once per month to discuss solutions, approve policy and implement changes. The Committee has a Top 10 list comprised of solutions, policies and changes they are currently working on and they will provide updates in upcoming newsletters. In this first edition, they have provided Apex Data Solutions’ Corporate Overview for all employees to review at their leisure. Corporate Overview Apex Data Solutions is a pioneer and leader in enterprise architecture platforms, point-of-service data capture, data management, and federation solutions. Apex’s unique approach to both enterprise architecture and solutions de- velopment demonstrates a proven track record of successfully delivering interoperable technologies that (i) integrate seamlessly across enterprise platforms and point-of-service data reconciliation systems (ii) offer dis- ruptive new capabilities empowering industry-leading End User (UX) and Patron (Patient) Experiences (PX) (iii) support the full spectrum of disparate enterprise shared services (iv) deliver scalable, exten- sible, and configurable technologies which are designed to evolve over time to support changes in customer workflows and busi- ness processes. Our ongoing innovative research & development (R&D) activities and the resulting technologies can be utilized QUARTERLY throughout numerous industry verticals and domains. Updates Cycle of Excellence 3 Contributors Project Time 4 Editors: Rebecca Addington & Jeff Morris, JD In the Media 5 Design & Layout: Rebecca Addington Human Resources 6 Article Writers: Kelly Koback, Guy Legal Corner 7 Esten, Linda Vestal, Michelle Pinto, Security: What you need to know. 8 Karl Sexton, David Balser, and Shelly Williams. Bean Counting & Other Thrills 9 Capture: Everyone is in Sales 10 Thank You Everyone!
CONTENT Letter from the Steering Committee The topics for this newsletter were selected by the Apex Steering Committee. This It all starts here committee is comprised of a group of employees within different departments who are tasked with ensuring that each department works cohesively with each other to help Apex Data Solutions reach its goals. The Apex Steering Committee meets once per month to discuss solutions, approve policy and implement changes. The Committee has a Top 10 list comprised of solutions, policies and changes they are currently working on and they will provide updates in upcoming newsletters. In this first edition, they have provided Apex Data Solutions’ Corporate Overview for all employees to review at their leisure. Corporate Overview Apex Data Solutions is a pioneer and leader in enterprise architecture platforms, point-of-service data capture, data management, and federation solutions. Apex’s unique approach to both enterprise architecture and solutions de- velopment demonstrates a proven track record of successfully delivering interoperable technologies that (i) integrate seamlessly across enterprise platforms and point-of-service data reconciliation systems (ii) offer dis- ruptive new capabilities empowering industry-leading End User (UX) and Patron (Patient) Experiences (PX) (iii) support the full spectrum of disparate enterprise shared services (iv) deliver scalable, exten- sible, and configurable technologies which are designed to evolve over time to support changes in customer workflows and busi- ness processes. Our ongoing innovative research & development (R&D) activities and the resulting technologies can be utilized QUARTERLY throughout numerous industry verticals and domains. Updates Cycle of Excellence 3 Contributors Project Time 4 Editors: Rebecca Addington & Jeff Morris, JD In the Media 5 Design & Layout: Rebecca Addington Human Resources 6 Article Writers: Kelly Koback, Guy Legal Corner 7 Esten, Linda Vestal, Michelle Pinto, Security: What you need to know. 8 Karl Sexton, David Balser, and Shelly Williams. Bean Counting & Other Thrills 9 Capture: Everyone is in Sales 10 Thank You Everyone!
Our Cycle Of Excellence AX Architecture PHILOSOPHY AND TECHNICAL VISION Platform Apex believes that its technologies, whether proprietary or Open Source, should not only meet current customer needs and workflows, but it is imperative that these technologies be configurable, extensi- ble and customizable to allow them to evolve over time in support of customers becoming more efficient and their workflows and business processes. Our technologies are designed with this objective in mind, rather than designed with the traditional shelf life that foreshadows future obsolescence. Apex believes that true success is achieved with active and full par- ticipation of the customer and other contractors. Apex prides itself on its ability to engage and listen to the customer’s stakeholders and constituents to help quantify true pain points and business objectives. PX EX Patron End-User Apex’s proven approach to large enterprise solution and application Experience Experience development powers a reinforcing “cycle of excellence” by creating an architectural platform experience (AX) that drives the patron ex- perience (PX) which in turn improves the end-user experience (EX) which collectively leads to better technologies and outcomes. AX + PX + EX =
Our Cycle Of Excellence AX Architecture PHILOSOPHY AND TECHNICAL VISION Platform Apex believes that its technologies, whether proprietary or Open Source, should not only meet current customer needs and workflows, but it is imperative that these technologies be configurable, extensi- ble and customizable to allow them to evolve over time in support of customers becoming more efficient and their workflows and business processes. Our technologies are designed with this objective in mind, rather than designed with the traditional shelf life that foreshadows future obsolescence. Apex believes that true success is achieved with active and full par- ticipation of the customer and other contractors. Apex prides itself on its ability to engage and listen to the customer’s stakeholders and constituents to help quantify true pain points and business objectives. PX EX Patron End-User Apex’s proven approach to large enterprise solution and application Experience Experience development powers a reinforcing “cycle of excellence” by creating an architectural platform experience (AX) that drives the patron ex- perience (PX) which in turn improves the end-user experience (EX) which collectively leads to better technologies and outcomes. AX + PX + EX =
Thank you for your patience and consideration in this process. The VA is currently implementing a new process that should add some transparency. For a process overview, tips, and phone numbers please reference the Onboarding page. PECT Communication ROJ The #1 Top 10 Solutions the Steering Committee I is working on is Communication. Kelly Koback is the lead on this effort. Her and her team members have made great headway in setting up a frame- work for improved program communication as M well as working with Apex’s Director of Communi- cations Jeff Morris J.D. to develop more communi- cation avenues including this newsletter. E Teamwork Now with the effort to move VistA.js into produc- tion, including MRAR and JLV connections with VistA.js — it is really important to ensure cross program teamwork. Teamwork has always been good overall but greater progress has been made Onboarding in project teams working together: better, smarter and more efficiently. Thank you for your efforts to Huge progress has been made using the new re- make our teams more cohesive. source at the VA to support getting access. Both Kim Nitzschke and Kelly Koback have been working Coaching with the VA to help our team, including subcontac- tors, get cleared to work for the VA. With this new As part of the research for solving the communica- support, several personnel have been able to gain access. tion problems, Kelly has been conducting coaching sessions to help her become more informed and created an avenue for her team to address future For those of you still waiting for access, please be vigilant and complete all tasks as soon possible. problems head-on, identify solutions, and create action plans. This is great news for the team in Turning in the correct paperwork or answering questions, is key to moving the process forward. learning more about each other and solving pro- gram issues. For those of you with access and who may be hav- ing problems, knowing who to call is key. FOR MORE INFORMATION All problems should be reported to the National Service Desk (NSD) at 855-NSD-HELP (855-673- Contact Kelly Koback for more information regard- 4357). Within the options list, it helps to know ing Project Time News. your domain. For example, VHAMASTER is part of Tuscaloosa so select the option with Tuscaloosa to [email protected] help solve your problem. If you have problems at AITC, you will want to select AITC for your option.
Thank you for your patience and consideration in this process. The VA is currently implementing a new process that should add some transparency. For a process overview, tips, and phone numbers please reference the Onboarding page. PECT Communication ROJ The #1 Top 10 Solutions the Steering Committee I is working on is Communication. Kelly Koback is the lead on this effort. Her and her team members have made great headway in setting up a frame- work for improved program communication as M well as working with Apex’s Director of Communi- cations Jeff Morris J.D. to develop more communi- cation avenues including this newsletter. E Teamwork Now with the effort to move VistA.js into produc- tion, including MRAR and JLV connections with VistA.js — it is really important to ensure cross program teamwork. Teamwork has always been good overall but greater progress has been made Onboarding in project teams working together: better, smarter and more efficiently. Thank you for your efforts to Huge progress has been made using the new re- make our teams more cohesive. source at the VA to support getting access. Both Kim Nitzschke and Kelly Koback have been working Coaching with the VA to help our team, including subcontac- tors, get cleared to work for the VA. With this new As part of the research for solving the communica- support, several personnel have been able to gain access. tion problems, Kelly has been conducting coaching sessions to help her become more informed and created an avenue for her team to address future For those of you still waiting for access, please be vigilant and complete all tasks as soon possible. problems head-on, identify solutions, and create action plans. This is great news for the team in Turning in the correct paperwork or answering questions, is key to moving the process forward. learning more about each other and solving pro- gram issues. For those of you with access and who may be hav- ing problems, knowing who to call is key. FOR MORE INFORMATION All problems should be reported to the National Service Desk (NSD) at 855-NSD-HELP (855-673- Contact Kelly Koback for more information regard- 4357). Within the options list, it helps to know ing Project Time News. your domain. For example, VHAMASTER is part of Tuscaloosa so select the option with Tuscaloosa to [email protected] help solve your problem. If you have problems at AITC, you will want to select AITC for your option.
in the media Interoperability “Healthcare Interoperability: Market Driven Standards” discusses the leadership role successes in the marketplace can take. “Healthcare Interoperability: Emerging Successes & Market Influence” describes the influence VistA.js is having as a leader in interoperability. VistA.js Makes the 2016 Conference Scene Apex’s Bob Calco presented an overview of VistA.js to the 33rd VistA Community conference by World VistA in Washington DC in late May to an inquisitive audience of long time VistA developers, leaders, and provider users. The Q&A period indicated significant interest from long term VistA experts, in the capabilities VistA.js brings to the VistA world. Bob will also be presenting at the upcoming OSEHRA Summit in late June, as well as participating as a panel member in the Interoperability Round Table with our own Dr. Howard Hayes and other industry leaders. OSEHRA Launches First Corporate Sponsored Work Group Under OSEHRA’s new policy of promoting corporate sponsorship of working groups, design to stimulate corporate involvement and leadership in the community, the first of these has been chartered. The VistA.js Work Group sponsored by Apex leads the way as the first of these corporate sponsored groups. Work Group contributors are industry leaders from the private sec- tor and the government includinge physicians, developers, business development professionals and senior government leaders. This diverse group reflects the potential impact VistA.js can have in the healthcare environment. Written by Guy Esten Director, Portfolio Management & Open Source Initiatives
in the media Interoperability “Healthcare Interoperability: Market Driven Standards” discusses the leadership role successes in the marketplace can take. “Healthcare Interoperability: Emerging Successes & Market Influence” describes the influence VistA.js is having as a leader in interoperability. VistA.js Makes the 2016 Conference Scene Apex’s Bob Calco presented an overview of VistA.js to the 33rd VistA Community conference by World VistA in Washington DC in late May to an inquisitive audience of long time VistA developers, leaders, and provider users. The Q&A period indicated significant interest from long term VistA experts, in the capabilities VistA.js brings to the VistA world. Bob will also be presenting at the upcoming OSEHRA Summit in late June, as well as participating as a panel member in the Interoperability Round Table with our own Dr. Howard Hayes and other industry leaders. OSEHRA Launches First Corporate Sponsored Work Group Under OSEHRA’s new policy of promoting corporate sponsorship of working groups, design to stimulate corporate involvement and leadership in the community, the first of these has been chartered. The VistA.js Work Group sponsored by Apex leads the way as the first of these corporate sponsored groups. Work Group contributors are industry leaders from the private sec- tor and the government includinge physicians, developers, business development professionals and senior government leaders. This diverse group reflects the potential impact VistA.js can have in the healthcare environment. Written by Guy Esten Director, Portfolio Management & Open Source Initiatives
Things you can do to be ready for Hurricane Season. Disruptive weather patterns can occur anywhere within the United States. Tropical Storm Colin just reminded us how the severity of a storm can impact communications and travel. Our ability to confirm the safety and well-being of all of our team members is paramount and having open communication during inclement weather is key. Hurricane Season To ensure that there is open communication between Headquarters HR department during inclement weather, please make certain that your personal and emergency contact informa- Written by tion is current. Linda Vestal Director of Human Resources Phone Numbers Please make sure that HR has your current cell phone and/or landline phone number. If your number changes while employed at Apex, please notify HR as soon as possible. This will en- sure that HR can call or text you about possible office closings, changes in work hours, etc. Address Please keep your address up-to-date with HR. During severe weather, it can be a helpful tool in determining if you will be available to work (power outtages, flooding, etc.). Email Address Providing your personal email address to HR will ensure that we have multiple ways to reach you in an emergency situation. Team members may also monitor the National Hurricane Center http://www.nhc.noaa.gov/.
Things you can do to be ready for Hurricane Season. Disruptive weather patterns can occur anywhere within the United States. Tropical Storm Colin just reminded us how the severity of a storm can impact communications and travel. Our ability to confirm the safety and well-being of all of our team members is paramount and having open communication during inclement weather is key. Hurricane Season To ensure that there is open communication between Headquarters HR department during inclement weather, please make certain that your personal and emergency contact informa- Written by tion is current. Linda Vestal Director of Human Resources Phone Numbers Please make sure that HR has your current cell phone and/or landline phone number. If your number changes while employed at Apex, please notify HR as soon as possible. This will en- sure that HR can call or text you about possible office closings, changes in work hours, etc. Address Please keep your address up-to-date with HR. During severe weather, it can be a helpful tool in determining if you will be available to work (power outtages, flooding, etc.). Email Address Providing your personal email address to HR will ensure that we have multiple ways to reach you in an emergency situation. Team members may also monitor the National Hurricane Center http://www.nhc.noaa.gov/.
The Intellectual Property For emails that contain proprietary information, include the and have racked up more than 10,000 such incidents since 2011, a ProPublica analysis of VA data shows. following paragraph before the content: Trade Secrets and confidential or proprietary information are two of the most important assets of an IT business. As stewards of Apex Data Solu- This e-mail message and any attachments are only for the Privacy violations committed by Business Associates are also tions assets, it is important that we be able to identify and appropriately Legal mark, safeguard and protect them. The purpose of this article is to: use of the intended recipient and contains information that on the rise. During the first quarter of 2013, 40% of all HIPAA is privileged, confidential or exempt from disclosure under breaches involving the exposure of PHI that affected more than 500 individuals were the result of the actions of business applicable law. If you are not the intended recipient, any dis- • Detail a summary of the laws that apply to these assets, • Expound upon the definitions of confidential information and trade se closure, distribution or other use of this e-mail message or associates of HIPAA covered entities. The problem appears to attachments is prohibited. If you have received this e-mail be growing, as over the previous four years BA’s caused 30% Corner crets, and message in error, please delete and notify the sender imme- of all reported HIPPA security breaches. Safeguards demand- • Provide methods to protect it diately. Thank you. ed under HIPPA include securing the data center, servers and Most states have adopted the Uniform Trade Secret Act addressing the Avoid marking all documents and emails as confidential or computers on which the data is stored. It is essential that no unauthorized individuals can gain access to the physical de- By Michelle Pinto, elements and remedies for trade secret misappropriation. Use of a trade proprietary as this could jeopardize legitimate proprietary in- vices where the data is stored. Administrative measures must Managing Counsel secret belonging to another does not always constitute misappropriation; formation ownership. For example, if the above statement is also be employed, which include conducting staff training on & Gil Cristobal however, where a trade secret is acquired through improper means or incorporated in your email signature line, be sure to delete it data security and HIPPA regulations, implementing data pro- where it involves a breach of confidence, there is a violation of trade secret if the content you are sending is not proprietary information. tection policies, conducting risk assessments and auditing law. Misappropriation of a trade secret is considered a form of Be sure to address any questions you have regarding this sub- procedures. unfair competition. Most recently, the Federal Government es- ject matter to Apex Data Solutions’ legal counsel. tablished the Defend Trade Secrets Act of 2016 (DTSA) creating Below are the Top 10 HIPAA Violations – click on the link for a Federal civil cause of action for trade secret misappropria- 6 Traits Of Leaders Who Successfully Manage Remote Em- the complete article that includes examples and how to pre- tion. Remedies under the DTSA include monetary damages, in- ployees vent the violations: http://www.nuemd.com/blog/top-10- junctive relief and in certain circumstances, attorney fees and hipaa-violations- prevent-them up to two times monetary damages. HIPAA – PHI/PII 1. Lost or Stolen Devices A trade secret is defined as any information, regardless of its The following people are the HIPAA representatives for Apex 2. Hacking form that: (i) has independent economic value, (ii) is not gen- Data Solutions: 3. Employee dishonesty erally known to others, (iii) who would benefit from its knowl- 4. Improper disposal edge or use, (iv) and reasonable efforts are used to maintain its • HIPAA Official - Michelle Pinto 5. Third-Party Disclosure secrecy. A trade secret can also be called proprietary informa- • IT Security Official -Shelley Williams 6. Unauthorized Release tion or confidential information; however, not all confidential • VP, Business Intelligence & Analytics – Gil Christobal 7. Unencrypted Data or proprietary information is necessarily a trade secret. In de- 8. Lack of training termining whether information is proprietary or confidential, HIPAA violations are expensive. The penalties for noncom- 9. Unsecured Records it is important to keep these questions in mind: pliance are based on the level of negligence and can range 10. Loud Mouths from $100 to $50,000 per violation (or per record), with a • Is this information known outside of Apex? maximum penalty of $1.5 million per year for violations of an FOR MORE INFORMATION • What measures are taken to protect its secrecy? identical provision. Violations can also carry criminal charges Contact Michelle, Gil, or Shelley for more information regard- • Is this information valuable to Apex or its competitors? that can result in jail time. Some of the largest violations and ing Intellectual Property and PHI/PII Michelle.Pinto@apex- penalties include: datasolutions.net Confidential Information can be in any form, i.e., written, elec- [email protected] tronic, oral or visual, and can include information in many • CIGNET ($4,300,000) – Online database application error [email protected] categories including financial, technical, marketing, employee • Alaska DHHS ($1,700,000) – Unencrypted USB hard drive or personnel and AOP or Strategic plans. There is no exhaus- stolen, poor policies and risk analysis tive list as to what could be deemed confidential information • Blue Cross Blue Shield of Tennessee ($1,500,000) – 57 un Legally or a trade secret so it is important to walk through the three encrypted hard drives stolen above-referenced questions each time. • New York Presbyterian Hospital and Columbia University LOL ($4,800,000) – personal server deactivation resulted in ePHI It is also important to indicate on the front page of Apex doc- being accessible on Google uments whether there is information contained therein is pro- prietary. An appropriate marking would read: Privacy violations continue to rise at Veteran Affairs Medical Facilities. In 2015, an average of 833 veterans had their pri- vacy violated each month. The privacy and security incidents Portions of this document contain Apex Data Solutions Proprietary Information and have been marked accordingly. were often serious enough to warrant the provision of credit All information marked Apex Data Solutions Proprietary Information must be handled, transmitted and dispositioned monitoring services to address risk. Employees and contrac- in accordance with Apex policies and any applicable non-disclosure agreements. tors at VA medical centers, clinics, pharmacies and benefit centers commit thousands of privacy violations each year
The Intellectual Property For emails that contain proprietary information, include the and have racked up more than 10,000 such incidents since 2011, a ProPublica analysis of VA data shows. following paragraph before the content: Trade Secrets and confidential or proprietary information are two of the most important assets of an IT business. As stewards of Apex Data Solu- This e-mail message and any attachments are only for the Privacy violations committed by Business Associates are also tions assets, it is important that we be able to identify and appropriately Legal mark, safeguard and protect them. The purpose of this article is to: use of the intended recipient and contains information that on the rise. During the first quarter of 2013, 40% of all HIPAA is privileged, confidential or exempt from disclosure under breaches involving the exposure of PHI that affected more than 500 individuals were the result of the actions of business applicable law. If you are not the intended recipient, any dis- • Detail a summary of the laws that apply to these assets, • Expound upon the definitions of confidential information and trade se closure, distribution or other use of this e-mail message or associates of HIPAA covered entities. The problem appears to attachments is prohibited. If you have received this e-mail be growing, as over the previous four years BA’s caused 30% Corner crets, and message in error, please delete and notify the sender imme- of all reported HIPPA security breaches. Safeguards demand- • Provide methods to protect it diately. Thank you. ed under HIPPA include securing the data center, servers and Most states have adopted the Uniform Trade Secret Act addressing the Avoid marking all documents and emails as confidential or computers on which the data is stored. It is essential that no unauthorized individuals can gain access to the physical de- By Michelle Pinto, elements and remedies for trade secret misappropriation. Use of a trade proprietary as this could jeopardize legitimate proprietary in- vices where the data is stored. Administrative measures must Managing Counsel secret belonging to another does not always constitute misappropriation; formation ownership. For example, if the above statement is also be employed, which include conducting staff training on & Gil Cristobal however, where a trade secret is acquired through improper means or incorporated in your email signature line, be sure to delete it data security and HIPPA regulations, implementing data pro- where it involves a breach of confidence, there is a violation of trade secret if the content you are sending is not proprietary information. tection policies, conducting risk assessments and auditing law. Misappropriation of a trade secret is considered a form of Be sure to address any questions you have regarding this sub- procedures. unfair competition. Most recently, the Federal Government es- ject matter to Apex Data Solutions’ legal counsel. tablished the Defend Trade Secrets Act of 2016 (DTSA) creating Below are the Top 10 HIPAA Violations – click on the link for a Federal civil cause of action for trade secret misappropria- 6 Traits Of Leaders Who Successfully Manage Remote Em- the complete article that includes examples and how to pre- tion. Remedies under the DTSA include monetary damages, in- ployees vent the violations: http://www.nuemd.com/blog/top-10- junctive relief and in certain circumstances, attorney fees and hipaa-violations- prevent-them up to two times monetary damages. HIPAA – PHI/PII 1. Lost or Stolen Devices A trade secret is defined as any information, regardless of its The following people are the HIPAA representatives for Apex 2. Hacking form that: (i) has independent economic value, (ii) is not gen- Data Solutions: 3. Employee dishonesty erally known to others, (iii) who would benefit from its knowl- 4. Improper disposal edge or use, (iv) and reasonable efforts are used to maintain its • HIPAA Official - Michelle Pinto 5. Third-Party Disclosure secrecy. A trade secret can also be called proprietary informa- • IT Security Official -Shelley Williams 6. Unauthorized Release tion or confidential information; however, not all confidential • VP, Business Intelligence & Analytics – Gil Christobal 7. Unencrypted Data or proprietary information is necessarily a trade secret. In de- 8. Lack of training termining whether information is proprietary or confidential, HIPAA violations are expensive. The penalties for noncom- 9. Unsecured Records it is important to keep these questions in mind: pliance are based on the level of negligence and can range 10. Loud Mouths from $100 to $50,000 per violation (or per record), with a • Is this information known outside of Apex? maximum penalty of $1.5 million per year for violations of an FOR MORE INFORMATION • What measures are taken to protect its secrecy? identical provision. Violations can also carry criminal charges Contact Michelle, Gil, or Shelley for more information regard- • Is this information valuable to Apex or its competitors? that can result in jail time. Some of the largest violations and ing Intellectual Property and PHI/PII Michelle.Pinto@apex- penalties include: datasolutions.net Confidential Information can be in any form, i.e., written, elec- [email protected] tronic, oral or visual, and can include information in many • CIGNET ($4,300,000) – Online database application error [email protected] categories including financial, technical, marketing, employee • Alaska DHHS ($1,700,000) – Unencrypted USB hard drive or personnel and AOP or Strategic plans. There is no exhaus- stolen, poor policies and risk analysis tive list as to what could be deemed confidential information • Blue Cross Blue Shield of Tennessee ($1,500,000) – 57 un Legally or a trade secret so it is important to walk through the three encrypted hard drives stolen above-referenced questions each time. • New York Presbyterian Hospital and Columbia University LOL ($4,800,000) – personal server deactivation resulted in ePHI It is also important to indicate on the front page of Apex doc- being accessible on Google uments whether there is information contained therein is pro- prietary. An appropriate marking would read: Privacy violations continue to rise at Veteran Affairs Medical Facilities. In 2015, an average of 833 veterans had their pri- vacy violated each month. The privacy and security incidents Portions of this document contain Apex Data Solutions Proprietary Information and have been marked accordingly. were often serious enough to warrant the provision of credit All information marked Apex Data Solutions Proprietary Information must be handled, transmitted and dispositioned monitoring services to address risk. Employees and contrac- in accordance with Apex policies and any applicable non-disclosure agreements. tors at VA medical centers, clinics, pharmacies and benefit centers commit thousands of privacy violations each year
Security: What you need to know Written by Internal Apex Links Shelley Williams Senior Security Manager Apex Security in Confluence VistA.js IAM Architecture Discussion VA Onboarding Process & Timeline Expectations Security Quick Links Security and Node.js Fortify Scan Guidance VA Security Guidance (6500, 0710, etc) Security Implementation Plan I am in the process of implementing Secu- External Resource Links rity processes and procedures within Apex. This will include: SANS Top 20 Critical Security Controls 1. Gap Assessment NIST 800-53 Security & Privacy Controls 2. Risk assessment OWASP Top 10 Software 3. Data Categorization 4. Development of Policies and Procedures 5. Auditing of the processes I will be posting more in the future regard- ing security policies and procedures. Government Furnished Equip- ment (GFE) Checklist In an effort to keep track of our GFE, I will be reaching out to every- one who has GFE to ensure owners Apex Rules of Behavior understand their responsibilities re- Next month I will be sending out the Apex Rules of Behavior. garding the safety of the device, the This document will be for you to read and sign. This docu- data allowed to reside on the device, ment allows us to ensure contract compliance and sets the authorized activates, and encrypted tone for how to behave with your personal devices. e-mail. BYOD: “And I didn’t Say BYOB” Another item the Steering Committee is working on is Bringing your own device. Right now many of you, including myself are using your personal devices to attend meetings, conduct business, read e-mails, Phishing and potentially looking at drawings, etc. that could contain Intellectual There have been some reports of possible phishing occurring within Apex. property and/or sensitive data. More to come next month here are some basics: What is Phishing you say? 1. Encrypt your personal device “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card 2. Use a Pin code or your fingerprint to lock the phone details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy 3. Do not share data with others or show others your Apex information entity in an electronic communication”If you receive e-mails stating that you need to change your pass- 4. Be mindful of your surroundings word, provide money or more information and you did not initiate such a task, do the following: 5. Do not conduct meetings where sensitive data may be discussed. 6. Maybe get a screen cover 1. Notify your Security Manager, Shelley Williams 2. Do not click on the link, answer the questions, provide your private information, money, passwords, etc. 3. Delete e-mails, hang up the phone.
Security: What you need to know Written by Internal Apex Links Shelley Williams Senior Security Manager Apex Security in Confluence VistA.js IAM Architecture Discussion VA Onboarding Process & Timeline Expectations Security Quick Links Security and Node.js Fortify Scan Guidance VA Security Guidance (6500, 0710, etc) Security Implementation Plan I am in the process of implementing Secu- External Resource Links rity processes and procedures within Apex. This will include: SANS Top 20 Critical Security Controls 1. Gap Assessment NIST 800-53 Security & Privacy Controls 2. Risk assessment OWASP Top 10 Software 3. Data Categorization 4. Development of Policies and Procedures 5. Auditing of the processes I will be posting more in the future regard- ing security policies and procedures. Government Furnished Equip- ment (GFE) Checklist In an effort to keep track of our GFE, I will be reaching out to every- one who has GFE to ensure owners Apex Rules of Behavior understand their responsibilities re- Next month I will be sending out the Apex Rules of Behavior. garding the safety of the device, the This document will be for you to read and sign. This docu- data allowed to reside on the device, ment allows us to ensure contract compliance and sets the authorized activates, and encrypted tone for how to behave with your personal devices. e-mail. BYOD: “And I didn’t Say BYOB” Another item the Steering Committee is working on is Bringing your own device. Right now many of you, including myself are using your personal devices to attend meetings, conduct business, read e-mails, Phishing and potentially looking at drawings, etc. that could contain Intellectual There have been some reports of possible phishing occurring within Apex. property and/or sensitive data. More to come next month here are some basics: What is Phishing you say? 1. Encrypt your personal device “Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card 2. Use a Pin code or your fingerprint to lock the phone details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy 3. Do not share data with others or show others your Apex information entity in an electronic communication”If you receive e-mails stating that you need to change your pass- 4. Be mindful of your surroundings word, provide money or more information and you did not initiate such a task, do the following: 5. Do not conduct meetings where sensitive data may be discussed. 6. Maybe get a screen cover 1. Notify your Security Manager, Shelley Williams 2. Do not click on the link, answer the questions, provide your private information, money, passwords, etc. 3. Delete e-mails, hang up the phone.
Bean Counting and Other Thrills Written By: Karl Sexton In this section, we’ll relate some of the common questions the accounting department Fourthly, even non-project positions need to track their time, as appropriate allocation encounters and provide some insight and answers to those questions. This first edition of their time and costs indirectly affect the project margins of our contracts as well. is about timekeeping… Do I use PTO if I am not going to work 8 hours one day? Why is accurate timekeeping important? Here at Apex, we want to know when and how you actually work. Always record your Firstly, it is a standing requirement of Federal and State labor agencies that we keep actual hours on the actual day you worked. good records of your time. Your supervisor determines your work schedule week-to- week based on the company Secondly, in the flexible work environment especially here at Apex, it is important for and project needs. So, if your supervisor requires 5 extra hours at the beginning of the supervisors to have a reliable record of what project/task/contract you are working on. week to meet a deadline, but is able to let you leave Friday 2 hours early, then nothing Apex is active in monitoring the effort of our team members and caring for our team more is required on your time-sheet than the actual hours worked and a Note that the members in the challenging IT work pace. These time records help supervisors review early day was per your supervisor’s approval. the effort level of our team and ensure no one is carrying more than what is necessary. Same for the rare need to step out for a couple hours with your supervisor’s full approv- Thirdly, we are a professional services company. Having accurate record of the effort al. There is no need to use PTO for just 1-2 hours. you spend on each project is critical in order to bill our clients correctly. Our projects are priced with specific margins. If we have accurate records of the true costs, we can make sure we stay within that pricing model.
Bean Counting and Other Thrills Written By: Karl Sexton In this section, we’ll relate some of the common questions the accounting department Fourthly, even non-project positions need to track their time, as appropriate allocation encounters and provide some insight and answers to those questions. This first edition of their time and costs indirectly affect the project margins of our contracts as well. is about timekeeping… Do I use PTO if I am not going to work 8 hours one day? Why is accurate timekeeping important? Here at Apex, we want to know when and how you actually work. Always record your Firstly, it is a standing requirement of Federal and State labor agencies that we keep actual hours on the actual day you worked. good records of your time. Your supervisor determines your work schedule week-to- week based on the company Secondly, in the flexible work environment especially here at Apex, it is important for and project needs. So, if your supervisor requires 5 extra hours at the beginning of the supervisors to have a reliable record of what project/task/contract you are working on. week to meet a deadline, but is able to let you leave Friday 2 hours early, then nothing Apex is active in monitoring the effort of our team members and caring for our team more is required on your time-sheet than the actual hours worked and a Note that the members in the challenging IT work pace. These time records help supervisors review early day was per your supervisor’s approval. the effort level of our team and ensure no one is carrying more than what is necessary. Same for the rare need to step out for a couple hours with your supervisor’s full approv- Thirdly, we are a professional services company. Having accurate record of the effort al. There is no need to use PTO for just 1-2 hours. you spend on each project is critical in order to bill our clients correctly. Our projects are priced with specific margins. If we have accurate records of the true costs, we can make sure we stay within that pricing model.
I’m sure all of you have heard the comment that, “Everyone is in sales!” As cliché These are just a few, but they really are actionable to We are developing an entire stack of capabilities and as it sounds, it’s really true. The reality is, the most important “sales people” we everyone regardless of role in the company. We are a products that will service all of our intended target mar- have are those that execute on our captured work (projects /programs) every day. very open company with no borders or closed doors, kets with fresh and unique technologies that will invig- It’s not just up to those of us that are breaking down barriers to other markets and so please feel free to send any kind of information you orate customers. having capability discussions with that next customer hopeful. Our ability to per- happen upon to myself, Guy Esten, Marc Waterloo, Jeff form on our contracts leads to other business. In this day of information overload, Morris, or Rebecca Addington. Now, something fun! most customers go back to the adage ‘that historical performance and value is a great indicator of future performance and value’. This makes everything we do in A quick status on our growth vision and path we are To help you understand what drives people in their deci- all customer interactions critical to our future successes. Everyone that talks with heading. sion making, interpersonal relationships, problem solv- our customer day-to-day is in a unique position to “capture” all kinds of relevant ing and other critical actions. I have historically not been everyoNe information that can make or break future business with that customer, agency, or We are clearly performing Yeoman’s work on our cur- a fan of personality tests and activities that categorized me in a particular way, or put me in a box for others to rent work, be it the VA contract or in the informatics/ whoever. analytics IR&D efforts. The intent is to continue to make “try and figure out.” is iN Everyone on this team not only has to win the business, but also keep the business; these areas a good producer of revenue for the com- That’s because we all change every day. to continue to earn that next Optional Task, change order, or even new work that is pany. Within the federal (public) sector, we are also positioned to grow in the Defense Health domain with attributable to what we are doing now. This is only accomplished when all roles in sales! the company are focused on the customer. Clearly, there are things that everyone several current and planned opportunities that we are That said, a former colleague of mine offered a person- targeting. Due to some of the relationships we have, ality test that would help to explain ourselves so that can do to help the BD and Capture people with collecting business intelligence that will be used in framing continued discussions around our existing and potential domain knowledge, we are also positioning for some customers. branching from internal people to external contacts and we could approach others in a similar light and still have fun with various role play results. It was a good experi- potential opportunities within the HHS superstructure ment, and although I still don’t put significant credence There are articles that go into this at great detail, but the following are the ones to include CMS, IHS, CDC and other Operational Divi- in these types of tests, this one proved to be quite en- that tend to yield the highest results via feedback when you hear about things your sions. There are plenty of other federal agencies that we tertaining and actually did explain some “things” pro- customer values, discover priorities, anticipate events and happenings, etc. Here’s are targeting, but for now we are focused on some near viding a thoughtful and fun result. Feel free to take the just a set of questions that we try to answer in every customer engagement: term successes that will drive growth and be an enabler test at the link below and share your results with your of the other domains that we’d like to penetrate as a coworkers if you choose. • What are their priorities? change agent. Written by • What trade-offs do they anticipate? And lastly, the domain that we are building the momen- I have no problem sharing mine as it is a fun exercise and we all know that Tarot Cards the internet are the • What is most meaningful in terms of value? David Balser • What problems and changes do they anticipate? tum to penetrate and create the largest change and im- real deliverers of truth and discovery ;-) Capture & Advanced • If they could do anything differently, what would it be? pactful results is the commercial (private) sector. This Programs (Dcap) • Who are the influencers in decision making? sector has all the opportunities for explosive growth Enter the world of kingdomality • Do they already have a budget for something in particular? with the health domain, financial services, banking, and • Are there any important dates coming up that would be good to know about? the niche market of Mergers and Acquisitions (M&A).
I’m sure all of you have heard the comment that, “Everyone is in sales!” As cliché These are just a few, but they really are actionable to We are developing an entire stack of capabilities and as it sounds, it’s really true. The reality is, the most important “sales people” we everyone regardless of role in the company. We are a products that will service all of our intended target mar- have are those that execute on our captured work (projects /programs) every day. very open company with no borders or closed doors, kets with fresh and unique technologies that will invig- It’s not just up to those of us that are breaking down barriers to other markets and so please feel free to send any kind of information you orate customers. having capability discussions with that next customer hopeful. Our ability to per- happen upon to myself, Guy Esten, Marc Waterloo, Jeff form on our contracts leads to other business. In this day of information overload, Morris, or Rebecca Addington. Now, something fun! most customers go back to the adage ‘that historical performance and value is a great indicator of future performance and value’. This makes everything we do in A quick status on our growth vision and path we are To help you understand what drives people in their deci- all customer interactions critical to our future successes. Everyone that talks with heading. sion making, interpersonal relationships, problem solv- our customer day-to-day is in a unique position to “capture” all kinds of relevant ing and other critical actions. I have historically not been everyoNe information that can make or break future business with that customer, agency, or We are clearly performing Yeoman’s work on our cur- a fan of personality tests and activities that categorized me in a particular way, or put me in a box for others to rent work, be it the VA contract or in the informatics/ whoever. analytics IR&D efforts. The intent is to continue to make “try and figure out.” is iN Everyone on this team not only has to win the business, but also keep the business; these areas a good producer of revenue for the com- That’s because we all change every day. to continue to earn that next Optional Task, change order, or even new work that is pany. Within the federal (public) sector, we are also positioned to grow in the Defense Health domain with attributable to what we are doing now. This is only accomplished when all roles in sales! the company are focused on the customer. Clearly, there are things that everyone several current and planned opportunities that we are That said, a former colleague of mine offered a person- targeting. Due to some of the relationships we have, ality test that would help to explain ourselves so that can do to help the BD and Capture people with collecting business intelligence that will be used in framing continued discussions around our existing and potential domain knowledge, we are also positioning for some customers. branching from internal people to external contacts and we could approach others in a similar light and still have fun with various role play results. It was a good experi- potential opportunities within the HHS superstructure ment, and although I still don’t put significant credence There are articles that go into this at great detail, but the following are the ones to include CMS, IHS, CDC and other Operational Divi- in these types of tests, this one proved to be quite en- that tend to yield the highest results via feedback when you hear about things your sions. There are plenty of other federal agencies that we tertaining and actually did explain some “things” pro- customer values, discover priorities, anticipate events and happenings, etc. Here’s are targeting, but for now we are focused on some near viding a thoughtful and fun result. Feel free to take the just a set of questions that we try to answer in every customer engagement: term successes that will drive growth and be an enabler test at the link below and share your results with your of the other domains that we’d like to penetrate as a coworkers if you choose. • What are their priorities? change agent. Written by • What trade-offs do they anticipate? And lastly, the domain that we are building the momen- I have no problem sharing mine as it is a fun exercise and we all know that Tarot Cards the internet are the • What is most meaningful in terms of value? David Balser • What problems and changes do they anticipate? tum to penetrate and create the largest change and im- real deliverers of truth and discovery ;-) Capture & Advanced • If they could do anything differently, what would it be? pactful results is the commercial (private) sector. This Programs (Dcap) • Who are the influencers in decision making? sector has all the opportunities for explosive growth Enter the world of kingdomality • Do they already have a budget for something in particular? with the health domain, financial services, banking, and • Are there any important dates coming up that would be good to know about? the niche market of Mergers and Acquisitions (M&A).
Search
Read the Text Version
- 1 - 19
Pages:
