We put the IT in city®

CitySmart Blog

Thursday, June 16, 2016
Anthony Fantino, Network Infrastructure Consultant

Anthony FantinoSomeone attempted a $90,000 transaction from my machine. What do I do?

Let that sink in. As the finance officer, city clerk, treasurer, or city manager, how would you feel? What would you do? How did it happen? Where would you look?

When a person, externally or even internally, attempts to steal money or data from a city, investigators will start looking for information to help them find the culprit. So, what information will lead them to finding the person who committed the crime?

Unfortunately, your city may not have the right policies in place to not only prevent unauthorized access to information but also to track who accesses it, what’s accessed, and when it’s accessed. That leaves your city with security holes that open you up to hacking, theft, and even fraud.

What can you do as a city to make sure only authorized users have access to sensitive information? Look carefully at the following areas.

User Access and Authorization

First, begin with making sure your systems and software allow you to set different levels of permission for different users. For example, some users may not need access to payroll information. Modern technology systems allow for granular user permissions within servers, websites, and applications. If you don’t set these permissions appropriately, you risk users looking at information that they should not access—and they may possibly misuse, change, or delete that information. Users should only be able to access information relevant to their job function.

Physical Access

Often overlooked, it’s important for cities to physically secure important technology like servers. An unauthorized person should not have physical access to your servers or be able to walk into your server room as if it’s the breakroom. All it takes is one disgruntled employee to steal information or damage your computer equipment and hardware (which may lead to permanent data loss). Secure rooms with servers so that only authorized employees can access them. Require use of a key fob or similar security checkpoint.

Wireless Access

Second only to physical access, wireless access is another common security hole. Cities are at risk when they leave wireless access open and unencrypted, or if they use weak or well-known default administrative passwords for securing wireless devices. Hackers can easily hop onto your network through these access points and begin sniffing around your most sensitive information right from the parking lot. You need to keep your wireless access password protected with a strong password, encrypted, and limited to authorized users.

Remote Access

Obviously, employees sometimes need access to a city application through a secure remote connection to a server. But it needs to be logged and tracked. Too many cities don’t track and monitor who logs on and when they log on. This creates security problems. If you don’t know the identity of someone logging in, or even that they’re logging in at all, then how do you know that it’s an authorized user? By tracking remote access, you make sure that only authorized users are accessing your servers and applications.

Access and authorization vulnerabilities that cities face are not just addressed by technology. They begin to get addressed by setting policy. Cities need to set the right policies and work with their technology staff and vendors to implement training, processes, and technology to meet these policies. If your current technology systems cannot handle these demands, you may need to modernize your technology in order to accommodate current security requirements and best practices for government data.

Questions about how to begin addressing these gaps? Reach out to us to further discuss these areas.

Thursday, June 2, 2016
Ryan Warrick, Network Infrastructure Consultant

Ryan WarrickLet’s say you get in one morning to work and you’re checking your billing records in a city database. You discover that three important billing records are missing. Gone. No one is supposed to delete those records. You have a serious situation on your hands. Was it an accident? A data breach? You need to figure that out.

So, what do you do next?

One of your next steps is for your IT staff or vendor to check the logs. What are the logs? Let’s learn a bit of Logging 101 and then look at some critical problems a city can have by neglecting proper logging practices.

Logging 101

We’ll avoid a lot of the technical aspects of logging and just focus on the important business aspects for your city. First, logging has two primary purposes.

  • Documentation: Who is accessing your data? And when are they accessing it? Logging software tracks things like remote access, people accessing shared files, and web surfing activity.
  • Diagnostics: On a granular level, logging also provides visibility into what’s going on with your systems such as servers, workstations, and software. For example, logging software tracks things like issues with your accounting application, hardware issues on your computer, or routine server maintenance.

Your IT staff and vendor depend heavily on logging for information to diagnose technical issues. That’s why you might hear an IT engineer say, “Let me look at the logs” when a problem is reported. Those logs often provide clues to the root of a problem.

Configuring logging for most systems requires some technical background. The detail level can vary. For example, some systems log a literal play-by-play of every little thing that goes on. It can track that John Doe opened an application, entered his password successfully, successfully launched the application, accessed a specific module in the application, etc. Others provide more basic information such as that John Doe opened the application, closed the application, etc.

Now, let’s look at two problems related to logging that may lead to critical security problems.

Failure to Oversee Logging

Let’s go back to our example in the introduction. Let’s say you call in an IT vendor to investigate and they report to you that there have actually been 42 unauthorized billing record deletions over the past six months.

Obviously, you’ve got yourself a problem. The unauthorized deletions are a data breach—whether or not it’s an internal employee making mistakes or an outside hacker doing it on purpose. More importantly, it’s clear that your city hasn’t had someone overseeing the logs. You’re capturing important security information but you’re not reviewing it.

Failure to Log At All

Again returning to our example in the introduction, let’s imagine you don’t have logging enabled. That means you have little to no information about who may have deleted those billing records—and when. It’s like having a bank without security cameras or a court proceeding without recording or transcribing it. If something goes wrong, you can’t go back and figure out what happened.


While your IT staff or vendor will need to use logging for technical diagnostics, they should also reassure you that logging is enabled to:

  • Track which users are accessing, adding, changing, and deleting information.
  • Track which hardware, workstations, and applications are being used.
  • Track when any of these events happen.

Otherwise, you simply lack important information that helps you diagnose and get to the bottom of data breaches and other security issues.

Questions about your logging and information security? Reach out to us.

Thursday, May 26, 2016
Robert Parker, Network Infrastructure Consultant

Robert ParkerEven if it’s not yet law to audit data backups at your city, you will sooner or later be held more accountable. It’s inevitable. Cities increasingly store critical, essential, and sensitive electronic information, and so expectations about the quality of data backup will only grow. In fact, some states already require local governments to demonstrate proof of rigorous data backup for critical and/or specific kinds of information.

Law or not, it’s beneficial in every way for you to make sure your data backup is comprehensive and stands up to an audit. What do you need to keep in mind to shore up data backup gaps? Here are five critical areas.

1. Offsite data backup

Many cities still don’t properly store data backup offsite. They may think that an “offsite” location such as an employee’s house, another city building, or a data center several blocks up the street will suffice. But full disaster recovery means you need to account for disasters that can threaten your entire locale such as a hurricane, tornado, or flooding. As a result, you need to consider offsite locations far away from your city. For example, some cities store data offsite both in East Coast and West Coast data centers.

2. Plan out your worst-case scenarios and how you will handle them.

While your IT staff or vendor can help with planning, a majority of your plan will rely on city policies and needs rather than technology decisions. For example:

  • How long can your city wait without your data?
  • Are some kinds of city data more critical than others?
  • What happens if certain city data is forever lost? Is that even an option?
  • What’s the safety, security, financial, and operational risks of data loss?

Your answers to these questions will influence how you approach your data backup strategy.

3. Test your data backup.

Why do so many cities fail at their data backup? It’s not because they don’t have any data backup in place. It’s because they don’t test it. Testing is an absolutely crucial step to make sure that your data backup works. By testing at least once per quarter, you will identify major problems (such as failures to restore data) and minor problems (such as a backup missing certain kinds of data).

4. Think through disaster recovery.

Disaster recovery addresses information essential to running your city. You need to clearly identify the data and information that you can’t live without. That way, after a disaster hits you can focus on the most essential operations first to get them up and running. If you don’t identity this data, your recovery may be slowed as information gets restored that isn’t helpful or crucial to city operations.

5. Think through business continuity.

Ideally, you want your city to remain operational through any technology incidents or disasters. In case things go wrong, you want to think through situations ranging from a server failing to how teams may work remotely after a disaster hits city hall. It also helps to make sure you have IT staff or a vendor with multiple engineers at your disposal who can recover your city’s data in case your primary IT point of contact is incapacitated for some reason.

Ultimately, you want to make sure you recover your most critical data as quickly as possible after a disaster and remain operational. Remember, your citizens will rely on you even more heavily during a disaster. You need to make sure you’ve got the data to help them.

Questions about your data backup? Can you recover your critical data after a disaster? Reach out to us today to chat about your data backup and disaster recovery.

Thursday, May 19, 2016
Nathan Eisner, COO

Nathan EisnerIn last week’s blog post, we discussed five benefits related to VoIP. But let’s say you’re already sold on switching over from your existing landline system. You might wonder, “What do I need to do next?”

While VoIP technology ultimately lowers costs and increases the amount of your features and flexibility, you might face an uphill battle depending on the current state of your technology.

To see if you’re ready for VoIP, let’s take a look at three key areas that you may need to modernize.

1. Internet Service

The most important technology for ensuring that VoIP works similarly to your landline is your Internet service. You need good, reliable, high speed Internet in order to take advantage of data-intensive VoIP services. Remember, VoIP uses an Internet connection to transmit data—so it needs to be fast and reliable.

Here’s a quick reality check for your city depending on what type of Internet service you have now.

  • Dedicated fiber: As the most desirable Internet service for VoIP, dedicated fiber is the fastest and most reliable for a city.
  • Cable Internet: Similar to what you would get at home from a cable Internet company, this type of Internet service may be okay if you have a small city environment (such as a staff of less than 20 people). If you do use a cable Internet service provider, you must use business-class and not consumer-class service. And even with business-class service, you may still have reliability issues.
  • DSL: If you’re still limping along with a DSL Internet connection, not only will VoIP not work but your city might also be hurting as a whole while you struggle to use this inferior Internet service.

2. Data Network Infrastructure

You need to take a look at the age and quality of your data network infrastructure such as your switches, firewalls, routers, cables, and related hardware and software. Basically, these technologies are like the highway and gatekeeper for all of your Internet data—making sure it moves through quickly and yet keeps out any unauthorized intruders.

When we tell cities that they need to update data network infrastructure before switching over to VoIP, it can seem like a “gotcha” moment. However, you need the right data network infrastructure to handle the VoIP data that will be routed to your employees’ computers, headsets, and phones. Without new or modern data network infrastructure, you risk garbled phone conversations and dropped calls—just as if you had a bad Internet connection.

3. IT Staff and/or Vendor Support

Sure, VoIP will reduce hardware and maintenance time. But you still need seasoned IT professionals to help support your VoIP system. First, the switchover project will involve a lot of complexity. Especially if you need to modernize your Internet service and data network infrastructure, then you’ll need experienced engineers helping you through this transition. Second, after you’re transitioned over these IT professionals will need to handle VoIP issues and problems just like any technology you use. If there are issues with your Internet, data network infrastructure, or users making calls, then you need responsive IT support to ensure that problems are dealt with quickly.

So, while the move to a VoIP phone system is usually worthwhile (and in time will pretty much become the norm as traditional landlines fade away), it’s still a monster of a project. The technology upgrades, implementation of the VoIP system, and user adjustment involves a lot of moving parts and pieces. But remember, the benefits are powerful—and the investment definitely is worth it.

Considering switching over to VoIP? Reach out to us today with any questions.

Thursday, May 12, 2016
Nathan Eisner, COO

Nathan EisnerYou may have heard of VoIP and perhaps even already use it. It’s an abbreviation for Voice over Internet Protocol (VoIP). That’s a fancy way of saying that you make phone calls over a data network—usually the same connection that gives you Internet access. So why has VoIP become the predominant technology used for business phone systems?

This VoIP revolution started because data networks (such as fiber) have a much higher capacity to handle data and a greater flexibility to add phone lines and features when compared to traditional phone infrastructure (such as copper).

So why should a city choose to move to a VoIP system after using a reliable traditional landline system for so long? It’s because VoIP isn’t just a nice-to-have anymore. Instead, this service brings clear bottom line benefits to your city.

1. You will lower your costs.

Traditional landlines may be historically reliable, but they are becoming quite expensive. First, just the monthly cost of a traditional landline tends to be higher than a VoIP system. But traditional landlines also saddle you with extra costs when adding lines, adding features, and maintaining PBX hardware. And as time progresses, it is going to become increasingly difficult to find support and replacement equipment for traditional phone systems as they become more obsolete. Across the board, your VoIP costs are lower. That means lower monthly costs and no maintenance costs if your VoIP service is hosted in the cloud—and no long distance charges!

2. You will get better, useful features included for free.

Limited features are one of the biggest pains of traditional landlines. Depending on what you want, extra features often cost way too much money or they just aren’t available. With nearly every VoIP system, you get a plentiful variety of handy features such as call transferring, call forwarding, conference calling, voicemail-to-email, and softphone capability (meaning you can make phone calls over your computer like Skype)—all included for no extra cost.

3. You eliminate hardware and maintenance with a cloud-hosted VoIP system.

Unless you need absolute control over your phone system, there’s no reason to host your VoIP system onsite. That means it will be hosted in the cloud. Sure, you’ll still need to buy some handsets. Otherwise, you’re hardware free—no servers or PBX systems onsite. No more worry about maintaining phone-related hardware. Think of this technology like an app on your phone. It’s all just data.

4. You can add users and new lines with a click.

One of the biggest complaints about traditional landline phone systems is the difficulty of adding new users or a new line. It usually requires someone from the phone company to arrive onsite and configure your system, leading to more cost and time wasted while you wait. With VoIP systems, adding new users and lines is as simple as a click of a mouse. That means you can add users and new lines in minutes or even seconds.

5. Your VoIP phone line can follow you almost everywhere.

Traditional landlines are isolated in one spot—your handset at your desk. A VoIP phone system (remember, it’s just data) can follow you wherever you go. For example, you can install an app on your personal smartphone that acts as a secure extension of your work phone. Or you can use your computer to make a call. You can even use any handset in your office as if it’s your business phone. This aspect of VoIP is especially convenient when you need to make and take calls while you’re away from your desk or even away from the office.

If you’re sold on these benefits, then how do you switch over from a traditional landline to VoIP? Is it easy or difficult? We’ll talk about moving to VoIP in next week’s blog post and discuss what you need to have in place.

Questions about your phone system? Contemplating making the switch? Reach out to us today.

Thursday, May 5, 2016
Dave Mims, CEO

Dave MimsA few months ago, the media was abuzz with reports about Microsoft forcing people to upgrade to Windows 10. If you either read some of these articles or even experienced Windows 10 upgrade notifications popping up more and more on your computer, you may be confused and a little frustrated. That’s understandable, especially when something seems forced upon you.

Does this mean you must upgrade? What should you do? Here are a few tips for cities about how to handle what may seem like an intrusive Windows 10 upgrade.

1. Hire professional IT staff or a vendor to manage your information technology.

This may seem like an odd first tip. However, it shouldn’t be left up to non-technical employees what to download and install on their computers at a city. Employees are not IT experts, and it can be hard to figure out if software updates are going to cause harm to a computer. IT professionals need to control what software and updates get installed so that no harm comes to any computer.

2. Many software vendors still don’t support their products on Windows 10 yet.

One major reason you need IT professionals to decide whether you should upgrade or not is because of software compatibility. For example, you don’t want to upgrade to Windows 10 and then find out your accounting software doesn’t work properly. And when you call that software vendor, they might not be able to help you because they aren’t supporting their products on Windows 10 yet.

3. An installation mistake may lead to lost data.

If non-technical employees or inexperienced IT staff attempt an upgrade but mess it up somehow, then you are at risk for losing data during the upgrade process. An experienced IT professional will ensure that your data is properly backed up—onsite and offsite—to ensure that you can make a full data recovery if something goes wrong with a Windows 10 upgrade.

4. Older computers may not be able to handle an upgrade.

Let’s say some employees want to upgrade to Windows 10. However, anyone with very old computers (especially over five years old) may not be able to upgrade because they don’t have enough memory or processor speed. Dated systems (such as those found on older computers) no longer supported by a vendor are always a risk.

5. Employees may need a bit of training and extra support as they adjust to Windows 10.

Users may need a little time to adjust to the new Windows 10 interface and settings. While many things will look and work like past versions of Windows, some of the differences may lead to a rough adjustment period. You may want to build in time for a short training session to go over the key differences with employees. In addition, anticipate that users may have questions about the new features, settings, and look and feel.

It’s fine if a city is interested in upgrading to Windows 10, but prepare for it first because your software vendors may tell you it’s an upgrade at your own risk. Your line of business applications may not yet provide support for Windows 10. Like any major operating system upgrade, a variety of unexpected problems can occur that cause a lot of havoc. Windows 10 is getting a better reputation the longer it’s around, but it’s still a good idea for IT professionals to manage any installation and make sure you’re not breaking software or losing data.

Do you have additional questions about Windows 10? Reach out to us today.

Thursday, April 28, 2016
Brian Ocfemia, Technical Account Manager

Brian OcfemiaOn the surface, this might seem like an obvious headline. Of course unlimited offsite data backup storage is awesome. It’s unlimited! Isn’t that the only benefit worth talking about?

In reality, the “unlimited” aspect alone isn’t enough of a reason to compel every city to move in this direction with offsite data backup. So, if you haven’t considered unlimited offsite data backup storage, here are some benefits that go beyond the simple fact that it’s “unlimited.”


  1. It eliminates your need for tangible storage devices. Because most modern offsite data backup happens in the cloud over the Internet, you can eliminate valuable space taken up by servers, tapes, external hard drives, and other storage devices. Freeing up that space reduces storage costs and the manual time your staff spends dealing with servers and media.
  2. It reduces your dependence on paper. If you’re wanting to reduce your dependence on paper along with the risks it brings such as permanent data loss from fire or theft, then unlimited offsite data backup storage is your answer. You may need to spend some upfront time scanning a lot of paper documents, but once that’s done you can shift your operations to a more paperless environment. Then, your paper data will be electronically stored and securely backed up for redundancy. You also free up office space and don’t have to worry about purchasing additional filing cabinets!
  3. It reduces your risk of deleting information due to storage limits. When you have storage limits, that often means something has to go. That’s when employees might delete emails and documents, old tapes or storage devices get erased to back up newer information, and you hastily work with IT staff to manage storage limitations. With unlimited offsite data backup storage, you don’t have to worry about freeing up storage for data backups anymore.
  4. Unlimited offsite data backup storage helps with video and body camera footage. Video footage often takes up the most storage space. Backing up those video records greatly increases your required storage space. If you have limited storage, you will quickly hit limits with video. And think about how much video footage body cameras generate. Where will you store not just the video but all of the backups for those records? Having unlimited offsite data backup storage eases that worry and greatly reduces your storage costs.

As you can see, many bottom line benefits result from moving to an offsite data backup solution that includes unlimited storage. And remember, you’re not doing real offsite data backup if you’re storing your data nearby—even at different buildings within city limits. You need to store your offsite data backup in geographically dispersed locations around the country to ensure full recovery in case of a major disaster.

Questions about unlimited data backup storage? Reach out to us today.

Friday, April 22, 2016
Nathan Eisner, COO

Nathan EisnerPatch management—what you might know as the applying of updates to software—is often an overlooked and even neglected task. Sometimes, cities may be too busy to apply them, don’t want to interrupt employees, or simply don’t think the timely application of patches is a big deal. Hey, as long as nothing breaks, right?

However, a recent story in the Atlanta Business Chronicle demonstrates exactly why patch management is important. Take something as innocent as a wireless keyboard and wireless mouse that you might use with your laptop. As Urvaksh Karkaria reports:

“Atlanta-based Bastille has discovered a vulnerability in wireless mice and keyboards that leaves billions of PCs and millions of networks vulnerable to remote exploitation via radio frequencies. Using an attack which Bastille researchers have named “MouseJack,” malicious actors are able to take over a computer through a flaw in wireless dongles, the company said in a statement.”
Scary, huh? Without applying patches and staying aware of security vulnerabilities, you expose yourself to unnecessary cyberliability. Here are some key considerations to help you think about the rigor of your patch management process. 

Patch management is an essential element of cyber protection.

As vulnerabilities are found, vendors create a fix and make a patch available. But those patches still have to be deployed or rolled out by your IT staff or vendor. Many patches fix security holes and bugs in software. Not applying patches means that you are leaving security holes open for hackers to exploit.

Sometimes, cities turn patching off because they are afraid that an update will break their software. This is bad because you’re not fixing security vulnerabilities. As cities (and all government entities) are continually held to higher cyber security standards, a simple ongoing task like patch management becomes essential.

You need IT professionals overseeing patch management and following rigorous procedures.

Do not think you’re doing patch management when employees download and install Windows Updates to their computers. Patch management needs oversight by IT professionals. For example, what happens if you install a patch and it breaks something in your software? Would you know how to uninstall it and revert back to a previous state? IT professionals know how to test and apply patches, understand which patches are appropriate, and use strict procedures if something goes wrong with a patch.

Non-technical employees aren’t able to test patches before applying them.

An amateur sees patches released by a software vendor and applies all of them. An IT professional knows that all patches aren’t created equal. Before applying patches, they test them to make sure nothing breaks or a software flaw isn’t introduced. In our case, we run vendor patches through a variety of server and desktop configurations to test for errors. We “green light” those that pass successfully and then install them on your machines. If a patch creates a problem in our test environment, we don’t apply it. Instead, we communicate the issue to the software vendor. We only skip testing when the patch is deemed so critical to your security that it must be immediately applied.

Patches need to be applied to all of your machines regardless of their location.

Patch management loses effectiveness when your employees or IT staff only apply them to machines on your network at your building and skip machines in other locations. Nowadays, modern patch management allows IT staff or a vendor the capability to apply patches to servers and workstations regardless of location. Yes, that means your computer gets patches applied even if you’re on the road or working from home.

The main takeaway? You need to make patch management a regular, important part of your IT maintenance. Generally, that means experienced IT staff or a vendor overseeing patch management as part of their regular, proactive duties.

Are you patching your servers and computers regularly? Reach out to us with any questions or doubts about your patch management process.

Thursday, April 14, 2016
Victoria Boyko, Software Development Consultant

Victoria BoykoIt’s fun to get excited about ambitious website goals—a new website, a new online payment function, or a photo gallery highlighting your tourism or downtown development. Or maybe you’re so focused on day-to-day operational activities that you haven’t taken a look at your website in a while. Either way, it’s easy to neglect some obvious things that make your website—and your city—look bad.

Remember, your website is often the most common way that people get a first impression of your city. Whether or not you’ve recently redesigned your website, there are a few common mistakes that cities don’t realize leave a very bad impression on citizens, future residents, potential visitors, and businesses.

Here are six quick, low-budget ways that you can immediately improve your city’s website—no matter how old or new.

  1. Broken links. It’s annoying for people to come to your website, click on a link, and see an error page. Remember that your citizens and people researching your website are often looking for specific information. When they don’t find it, it’s like hitting a dead end. Broken links are usually caused if you’ve added or deleted pages over time but haven’t updated the links. Go through your website—especially your main pages if you’re time-strapped—to check for broken links.
  2. Outdated information. People get disappointed when they come to your website to see that the last news item was from 2011, a department’s contact information is for someone no longer at the city, or an advertisement is for an event that took place six months ago. You lessen trust by not actively keeping up a vital, worthwhile website and it may suggest that the city is asleep at the wheel. Keep important information up to date and take down information after it’s no longer needed.
  3. Misspellings and poor grammar. We hate to bring this up but a simple review of many city websites reveal a staggeringly high number of glaring misspellings and poor grammar. It’s worth the investment to pay for the services of a good writer and editor if someone on your city staff isn’t trained to do it. You may not think that typos are a big deal, but studies show that poor spelling and grammar ruin the credibility of a website.
  4. Too many “Coming soon!” items for too long. It’s okay to set up a website and have some “Coming soon!” notices for maybe up to three months after you launch. But we see many websites with “Coming soon!” notices for years. It’s embarrassing and frustrating if a page never gets uploaded with content or your city council never gets pictures next to their names. Either upload content within a reasonable period of time or just take a page down if you’re not going to show any content on it.
  5. Calendars with nothing on them. A citizen gets excited to see that you have a calendar. They’re ready to jot down the dates and times of meetings they are interested in, and…nothing. A blank calendar. If your website displays a calendar, use it. Populate it with city council meetings, public events, and other items of interest. A calendar is probably one of the most useful tools that your website provides but you need to maintain it.
  6. Too many items to choose from. A website may give you control over what links you want to provide, but be careful. Many websites offer too many link choices on the top or side of the page. Would you want to sift through a list of 52 random links to find what you want? Or would you rather quickly look through a list of 10 links that clearly organize information into understandable buckets? Think about how information is organized on your website in order to help people find what they want.

So, if you’re worried about budget for a new website, first take a look at your current website. Do you have any of the glaring issues listed above? These are extremely low-budget items to fix that have an immediate, big payoff. Remember, you’re always on audition. People are researching your website for a variety of reasons. The difference between getting more tourism dollars, an additional business relocating to your city, and more residents moving to your city versus losing them may be that first impression.

Once you fix the problems listed above, it’s just the beginning of really harnessing the power of your website. Read our New Year’s post for more tips and advice about how to make a city website work for you.

Thursday, April 7, 2016
John Miller, Senior Consultant

John MillerLike most things in life, documents have a lifecycle. They are born, they live, and they sometimes pass on to document heaven. If you have a document management system, you probably understand the document lifecycle more than most. And if you don’t have a document management system, your documents still go through this lifecycle—even if it’s chaotic and hard to track.

Why is the document lifecycle so important that we should analyze it? Why not just create the documents you need to create and get on with it? The short answer is that the more you understand your document lifecycle, the better you can manage the process in terms of document quality, consistency, and ease of use.

Let’s take a closer look at the steps and see why each step is important to examine.

1. Creation

Obviously, all documents need to be created. But have you ever thought about the complexity behind document creation? For example:

  • Do I create a document from scratch? If so, what software program do I use?
  • Do I use a template? Do I need to create template documents for others to use?
  • Are there specific requirements for a document such as a legal disclaimer or a specific structure?

Even more complex, you might need to title documents in a certain way, tag them with “metadata” (such as identifying the author, date created, city department, etc.) to make them easier to find, and make sure the document is accessible for people with disabilities. In other words, there can be a lot more to document creation than first meets the eye.

2. Storage

After you create the document, where does it go? Usually, this point of a document lifecycle is a mess at many cities. Documents may get stored on individual computers, flash drives, or unorganized shared folders on a server. Some questions to think through include:

  • How are the documents organized? Are they organized in a way that’s easy for all authorized people to find them?
  • Where are they stored? On a server? The cloud?
  • How much storage space do you have? Is it enough?
  • Who manages the documents? Who has administrative access and authority to make changes to the organizational structure?

3. Access

Accessing a document involves both ease of retrieval and authorization. In some cases, it may also mean how to access the files in order to transfer or share them somewhere else. This part of the document lifecycle is extremely important. Ask yourself:

  • Who is authorized to access specific documents?
  • How easy is it to find and retrieve documents?
  • Do people have the right software in order to view documents?
  • Are there appropriate restrictions on downloading, transferring, and/or sharing documents from the document management system to another location (like to another server, a flash drive, or someone’s individual computer)?

4. Editing, Review, and Approval

Before becoming finalized, documents need to be edited, reviewed, and approved by people who are often not the author. Instead of chaotically sending documents back and forth through email, many document management systems offer some ways to improve the quality of this step in the process.

  • When someone is editing, it may lock out the document so that no one else can edit it.
  • When people collaborate to edit, you might be able to see everyone’s individual edits taking place in real time.
  • When a document gets to the next step in a predefined process, it notifies the editor, reviewer, or approver and gets handed off automatically to that person (or persons).

These are steps you will need to set up in your document management system that align with your policies and procedures, and you can work with your IT staff or vendor to activate these kinds of features.

5. Retention and Disposal

This step of the process is an important legal step for cities. Depending on your city’s records retention policies that follow state law and local ordinances, you may have different policies for different documents. These can be set up by municipal-experienced IT professionals who are trained in following records retention law.

Basically, you’ll apply many of the same tips above to an archiving strategy that makes sure that:

  • Documents are archived in a place where they are easy to find, search, and retrieve.
  • Documents are automatically set up to be staged, reviewed, and purged at specific times.
  • Documents will be backed up onsite and offsite to ensure recovery in case of a disaster.

As you can see, the steps above are obvious but the thought behind each step isn’t. We accounted for a lot of complexity in certain steps that may not apply to your city. That’s okay. You may not require meticulous “metadata” or need multiple people collaborating on documents. However, you should give each step some serious thought depending on your particular needs. This will make sure you both comply with the law and also just make your overall document lifecycle process easier for everyone involved.

Questions about your document lifecycle? Reach out to us today.

| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 |