Monday, February 22, 2010
Window Dressing
The biggest challenge for our R&D team is creating an integrated environment that enables clients to enjoy almost carte blanche at the 'front end'. We compete against many web design/development applications and a loyal band of 'open sourcerers' who believe that control over code is sacrosanct and the only means of creating a bespoke eCommerce website. Our tools in trade are CSS and ASP.NET Master Pages which enable a developer to create custom look websites. What is really neat is that the 3EX.NET application gives a non-technical user total control over the positioning and content of each page/web element. The ability to fundamentally change the look, feel and structure of a site at will, coupled with a powerful back office suite puts 3EX.NET users at a distinct advantage over a generation of online retailers struggling to stitch together disparate systems and databases. Add in the ability to create and run white label websites in minutes and the possibilities are endless.
Thursday, January 14, 2010
The blitz
We really did not want 2009 to end. The meetings, proposals and negotiations on new contracts continued to flow until xmas eve and in some cases during the break. We have also just commenced a radio advertising campaign on North West commercial station, RockFM, which has already generated a staggering number of hits on our website.
So all lining up to be a very busy first quarter. The project team is flat out completing installs and we should see some exciting new websites seeing the light of day by the end of January. Of particular interest currently is the white label capability of 3EX.NET which really opens up a world of opportunity by enabling users to create a new site in minutes. See more information at http://www.exactabacus.com/White+Label+Ecommerce+Software.htm
How about a site selling snow shovels - i reckon it would do a roaring trade at the moment!
So all lining up to be a very busy first quarter. The project team is flat out completing installs and we should see some exciting new websites seeing the light of day by the end of January. Of particular interest currently is the white label capability of 3EX.NET which really opens up a world of opportunity by enabling users to create a new site in minutes. See more information at http://www.exactabacus.com/White+Label+Ecommerce+Software.htm
How about a site selling snow shovels - i reckon it would do a roaring trade at the moment!
Thursday, November 26, 2009
The kid in the candy store...
2009 has been a very interesting year from a Research & Development perspective. As 3EX.NET software has reached maturity, we have seen the increasing influence of new clients/users over the direction and future roadmap of the product. In the early years we were fed a diet of basic staples such as user definability, processing rules and database normalisation. However over the last six months, we have seen some really sexy new fuctionality being introduced into the product. We have just had a sneak preview of Release v2.6 and one cannot help but get excited about the potential of extended White Label website functionality, an upgraded HTML editor, inbuilt sripting engine and automated demand forecasting. This, coupled with strong demand for 3EX eCommerce software generated from October's trade exhibitons sets us up nicely for a flying start to 2010.
Friday, October 16, 2009
PCI DSS Compliance...a Clients Tale
One of our clients, WCF, who run mail order brands including James Meade and Country Collection have recently achieved PCI compliance. WCF use Exact Abacus' Customer Relationship Management software and Company Secretary, Jo Ritzema, has kindly provided some hints and tips gained from their 18 month long process.
"Where needed, do engage a QSA that you can connect with, as you will be spending lots of time with them. It also helps if the QSA firm will commit to the same consultant throughout the scoping, gap analysis, consultancy and audit phase so that you avoid covering the same ground multiple times and the consultant grows to understand the culture and nature of your organisation.
Spend as much time as possible at the start of the project trying to segregate the Cardholder Data Environment from the rest of your corporate network and therefore reducing the scope of compliance. A few thousands of hardware spend can save you many thousands in consultants time.
Assign a Project Manager who is not involved directly in IT, your IT Manager will have too much on his plate with technical issues to guide the overall direction of the project.
You will gain more credibility if you adopt some of the main principles of PCI across your entire network, even if outside the scope of the CDE (eg, passwords, change requests, user authorisation requests). Indeed there are some PCI security principles that are useful elsewhere.
Fight against buying too many technical solutions if they are not right for your organisation. Research all makes and models, a cost effective solution is out there somewhere.
Do buy Tripwire and syslog, for reasonably low cost outlay you suddenly get lots of ticks in lots of boxes! Make sure all the IT equipment that you buy is capable of creating and outputting the logs required.
Remove system administrator access privileges from as many users as possible. Clean up menu structures such that users only have access to what they need. Menus are easy to re-add if you have been a little over zealous. And you get to find out what people really use!
Be wary of answering yes if doing a self-assessment without a thorough understanding of the requirements of the standard. A comparison of our gap analysis versus that of the QSA showed some major discrepancies.
A couple of days pre-audit consultancy is useful to take the mystery out of the audit process and enables you to be prepared with “audit evidence” before the audit commences. The audit is draining enough even when you are prepared.
Always refer back to the “intent of the standard” when answering the questions rather than blindly following the words of the questionnaire. Do not be afraid to question the standard with your QSA if you feel that its needs are too onerous for your size of business.
Be wary of using standard policy and document templates. We started with one and ended up changing completely as found it was too general to address what ended up being quite specific requirements.
Cross reference every section of the IT Policies and Procedures to the PCI guidance, it saves hours during the audit when trying to find the relevant section and is a nightmare to do retrospectively once the policy has been written.
Do involve your staff with the project and ensure that it is not seen as an IT project. Briefing sessions with staff helped address their concerns and ensured that they understood the reasons behind what seemed like fairly big changes. We did not even have changing user passwords or a visitors’ book when we first started the project.
Don’t assume that once compliance is obtained you can breathe easy. With log reviews, change requests, user authorisation changes, risk assessments, etc it will be easy to fall short on the second audits if initiatives are not maintained. Ensure that your IT department understand that maintaining compliance is just as important as obtaining it.
Do not assume that your bank can give you any guidance on the detailed requirements of the standard but they can tell you what items have the most priority to them so that you can focus on those items first. Getting clean ASV scans for any websites is a good way to immediately gain some time from the bank whilst you focus on the more onerous requirements of the standard.
Accept that you will need CCTV in some parts of your organisation!"
Thanks go to Jo for taking the time to share her experiences, which we hope will be of benefit to other clients.
"Where needed, do engage a QSA that you can connect with, as you will be spending lots of time with them. It also helps if the QSA firm will commit to the same consultant throughout the scoping, gap analysis, consultancy and audit phase so that you avoid covering the same ground multiple times and the consultant grows to understand the culture and nature of your organisation.
Spend as much time as possible at the start of the project trying to segregate the Cardholder Data Environment from the rest of your corporate network and therefore reducing the scope of compliance. A few thousands of hardware spend can save you many thousands in consultants time.
Assign a Project Manager who is not involved directly in IT, your IT Manager will have too much on his plate with technical issues to guide the overall direction of the project.
You will gain more credibility if you adopt some of the main principles of PCI across your entire network, even if outside the scope of the CDE (eg, passwords, change requests, user authorisation requests). Indeed there are some PCI security principles that are useful elsewhere.
Fight against buying too many technical solutions if they are not right for your organisation. Research all makes and models, a cost effective solution is out there somewhere.
Do buy Tripwire and syslog, for reasonably low cost outlay you suddenly get lots of ticks in lots of boxes! Make sure all the IT equipment that you buy is capable of creating and outputting the logs required.
Remove system administrator access privileges from as many users as possible. Clean up menu structures such that users only have access to what they need. Menus are easy to re-add if you have been a little over zealous. And you get to find out what people really use!
Be wary of answering yes if doing a self-assessment without a thorough understanding of the requirements of the standard. A comparison of our gap analysis versus that of the QSA showed some major discrepancies.
A couple of days pre-audit consultancy is useful to take the mystery out of the audit process and enables you to be prepared with “audit evidence” before the audit commences. The audit is draining enough even when you are prepared.
Always refer back to the “intent of the standard” when answering the questions rather than blindly following the words of the questionnaire. Do not be afraid to question the standard with your QSA if you feel that its needs are too onerous for your size of business.
Be wary of using standard policy and document templates. We started with one and ended up changing completely as found it was too general to address what ended up being quite specific requirements.
Cross reference every section of the IT Policies and Procedures to the PCI guidance, it saves hours during the audit when trying to find the relevant section and is a nightmare to do retrospectively once the policy has been written.
Do involve your staff with the project and ensure that it is not seen as an IT project. Briefing sessions with staff helped address their concerns and ensured that they understood the reasons behind what seemed like fairly big changes. We did not even have changing user passwords or a visitors’ book when we first started the project.
Don’t assume that once compliance is obtained you can breathe easy. With log reviews, change requests, user authorisation changes, risk assessments, etc it will be easy to fall short on the second audits if initiatives are not maintained. Ensure that your IT department understand that maintaining compliance is just as important as obtaining it.
Do not assume that your bank can give you any guidance on the detailed requirements of the standard but they can tell you what items have the most priority to them so that you can focus on those items first. Getting clean ASV scans for any websites is a good way to immediately gain some time from the bank whilst you focus on the more onerous requirements of the standard.
Accept that you will need CCTV in some parts of your organisation!"
Thanks go to Jo for taking the time to share her experiences, which we hope will be of benefit to other clients.
Monday, September 21, 2009
It's Show Time!
The next 6 weeks promises to be very busy for our sales and marketing team as we prepare to exhibit at three trade exhibitions and evaluate future attendence at two others. Our strategic focus on eCommerce software takes us to the Internet Retailing Show at the Hammersmith Novotel on 13th October. The following week we will have a stand and seminar at the eCommerce Expo at Earls Court on 20th and 21st October.
Our vast experience implementing back office systems coupled with the 3EX.NET CRM and Stock Control modules leads us to the Warehousing Futures event at Nottingham Belfry on 6th October.
At all shows we look forward to developing new ideas and relationships with forward thinking people.
Our vast experience implementing back office systems coupled with the 3EX.NET CRM and Stock Control modules leads us to the Warehousing Futures event at Nottingham Belfry on 6th October.
At all shows we look forward to developing new ideas and relationships with forward thinking people.
Wednesday, September 2, 2009
Lancashire eCommerce Breakfast Seminar
We are just finalising the agenda for the inaugural Lancashire eCommerce breakfast seminar. Judging by the strong response so far, it is obvious there is a hunger for quality impartial advice and networking opportunities amongst companies with many online experiences, good and bad.
For us, it is a chance to preview our ACE service for customer acquisition and conversion. As the 3EX.NET Ecommerce software platform continues to acquire new users, we have put much thought and effort into developin the ACE framework which sets benchmarks, monitors site performance and provides ongoing recommendations for the improvement of our clients' strategy.
The seminar will take place at the Leyland Hotel on 10th September, commencing at 0900. Event Partners include Apple Creative (www.apple-design.com) , Business Link and South Ribble Borough Council.
For us, it is a chance to preview our ACE service for customer acquisition and conversion. As the 3EX.NET Ecommerce software platform continues to acquire new users, we have put much thought and effort into developin the ACE framework which sets benchmarks, monitors site performance and provides ongoing recommendations for the improvement of our clients' strategy.
The seminar will take place at the Leyland Hotel on 10th September, commencing at 0900. Event Partners include Apple Creative (www.apple-design.com) , Business Link and South Ribble Borough Council.
Wednesday, August 12, 2009
'Tis the season...for delivery!
It may not seem obvious, but our business is highly seasonal. After ingesting a number of new contracts during the first half of the year, the autumn is always 'delivery time' for new back-office systems and websites in readiness for the crucial Christmas trading period. At present we are working flat out to implement new back office and website systems using the latest version of our 3EX.NET eCommerce software platform. This product is far quicker to implement than previous generations of software thanks to it's thoroughly-designed structure and standardised, re-usable functions. The real benefit is that it enables us to concentrate on the real fun part - web marketing. Analysing the statistics, trying new acquisition methods and refining conversion processes is an ongoing task and we learn something new every day. It really does make coming to work and engaging with our client partners a challenge and pleasure.
Subscribe to:
Posts (Atom)
