|
|
Post by Trowel 🏴 on May 2, 2023 19:19:21 GMT
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on May 10, 2023 9:30:20 GMT
Quick question.
We're a small software company with several hundred big clients.
Every now and again, a data protection bod employed by one of our clients will out of the blue email us a huge form to fill in, so they can file it and never look at it and pat themselves on the back. These forms can be many many pages of technical questions, demanding references and supporting documents etc.
It doesn't sound like a big deal but these forms wipe out one of my technical employees for the better part of a day. Of course, to each customer, it's "just one form" but multiply this several hundred times over and you see the problem.
Is anyone at a bigger company dealing with this? I presume you just suck it up? Part of me wants to just quote our hourly rate and make them reconsider how important these forms are.
|
|
|
|
Post by dfunked on May 10, 2023 9:34:20 GMT
No idea, but one of our suppliers kicked up a proper fuss about having to fill one in recently. A couple of minutes per question and they lose a member of staff for a day or so like you say. We're heavily regulated though and need this sort of shit to be filled in, even if it'll probably never actually be read.
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on May 10, 2023 9:44:10 GMT
Bah.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 10, 2023 9:46:13 GMT
Yeah, it's mostly regulatory. If you're dealing with FCA compliant companies, or those that have ISO27001 etc, it's a necessity.
If it's taking up a lot of time, why don't you just pre-formulate a set of stock responses?
|
|
|
|
Post by uiruki on May 10, 2023 9:50:17 GMT
I used to be in pitching at a law firm where we'd often get similar docs to fill in when pitching for work with clients alongside our actual bid documents, especially for banks.
The problem we found was less that the forms were big (though they were often ten pages plus) but more that the questions were often subtly different from form to form; we found that we couldn't reuse a lot of the responses the IT department put together for us. Things got even more complex when someone higher up decided that they couldn't be bothered to be audited for Cyber Essentials Plus as well as ISO27001, all of the individual client audits where they come in to see what's going on etc.
I'd be interested to hear other solutions but the best we could do was just keep a log of what we've been asked and how we responded, get an admin person to fill in what they can then send out the remainder to people who understand the systems best while maintaining that questions log by sending it through to IT every 3-6 months for a once-over. It's still a lot of effort but at least you're shifting some of it away from your technical people.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on May 10, 2023 9:55:09 GMT
Yes. Its third party supplier management and usually an audit requirement. If you process data on their behalf and it goes walking, thats a problem. We take it *very* seriously. If we sent you to a form and you tried to bill us to fill it in, we would most likely tell you to eat shit and terminate the contract.
No offence, but it sounds like your company does a lot of things arse about face. If its as bad as you say, surely you should have an FTE dealing with admin for client relations? Why does it need a technical person every time if the answers are, presumably, broadly similar on every form? Just get an account manager to do it and escalate as necessary.
|
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on May 10, 2023 9:58:11 GMT
Yep we've also found that the forms are all JUST different enough that a stock response wouldn't fly. I understand that it's all so they can be compliant with XYZ but since that's the case why aren't the forms all the same? Or similar enough that a stock response could be transposed into their proprietary form by themselves (ha). I think a big part of my annoyance is how unapologetically they're sent out  "change all your plans for the day, it's time for a form" |
|
|
|
Post by uiruki on May 10, 2023 10:06:01 GMT
As long as it hasn't been held onto by some guy internally for a week plus before it's come to you! In the end we had a process where we had to tell IT immediately when one came in, with the deadline, and they'd assign someone to it to send it back complete by a certain date. You can't really get around it but it sounds like a better process and management of expectations would cause less stress.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 10, 2023 10:06:57 GMT
It is (as Bongo says) an major part of CRM and it isn't going anywhere any time soon (in fact, as more companies go for regulatory compliance certification, there'll be more of it). Since the introduction of the GDPR, companies have to be more open and direct about how they process data and that means being able to actually prove that you will do the things you say you're going to do. Having policies and procedures and being able to explain them correctly during supplier interaction is essential nowadays.
I find that the questions are usually broadly the same and mostly stock responses work most of the time. There might be a little editing required, but it's the same information being requested once you're used to the questions.
TLDR; our InfoSec team handles them and has a spreadsheet of stock responses (many of which include the words "more information will be available post legal contractual agreement") and it seems to work most of the time. Occasionally, they'll come to Cyber for technical clarification, but mostly not.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on May 10, 2023 10:12:58 GMT
Its also a power thing. We are big enough to say 'JFDI' to most suppliers when we are filling out security assessments, application testing, data governance forms and whatnot.
But then when the balance shifts and we start dealing with a microsoft or an amazon, they usually either say 'lol, get fucked' or send a monolithic information packet and say 'here you go, fill it out yourself'.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 10, 2023 10:15:11 GMT
Yeah, similar here. *looks sadly at Secureworks IMR questionnaire* But it'll only take 10 minutes, they said! |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on May 10, 2023 10:25:00 GMT
'We will also need the ability to deploy redcloak rapidly, throughout your environment' 'bongo, can you take an action to see how to make that impossible thing possible?'  |
|
Psiloc
Junior Member
Posts: 1,567
|
Post by Psiloc on May 10, 2023 10:31:53 GMT
If we sent you to a form and you tried to bill us to fill it in, we would most likely tell you to eat shit and terminate the contract. Quoting for the forms is little more than an evil fantasy that flashes through my mind to be honest. Although you may be surprised - at least one client has asked unprompted how much we charge so it's clearly not an alien concept. I was just checking that it wasn't a widespread, expected thing that we were missing a trick on! |
|
|
|
Post by Trowel 🏴 on May 10, 2023 10:31:55 GMT
Accept it's part of your service provision and incorporate it into your service costs, and equally make sure it's called out as in scope in your contracts. Do you work from MSAs?
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 22, 2023 9:32:08 GMT
Predictably, our MS Azure tenant migration has gone about as well as you'd expect considering it was planned by fuckwits.
Most people have at least one thing not working, many people many more.
The folks who did the migration (Infra/Architecture) are saying that it's done and it's up to support to sort out (despite refusing any help/access at the time). We've been asked to help, too. But they've cut everyone's access, so none of my admin is working, so I can't fix anything.
Lol.
MFI, mate.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 24, 2023 8:44:43 GMT
The fuckery continues.
So this is what it's like to work on a helpdesk, huh?
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on May 24, 2023 8:49:12 GMT
This is what warranty periods are for on projects, boi. You cant let them get away with just chucking it over the fence and fucking off.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on May 24, 2023 9:44:18 GMT
This is what warranty periods are for on projects, boi. You cant let them get away with just chucking it over the fence and fucking off. I'm sure they won't, in the long run. There'll be a lessons learned, but at the moment, we're just trying to swim in the shitpond they've filled. As you can probably imagine, there are... issues. No one user is quite the same and so everything is taking extra time to sort out. It is, to be quite honest, a complete clusterfuck. Example: They set a password for all the syncd users (which they sent by plaintext email, lol), but it's not complex enough to meet the stringent requirements of the new tenant, so most people can't change it (it just throws a complexity error). Some users can change it, some can't. Some have synched to Okta (our SSO provider of choice), many haven't. To get it to work, we're having to call each user, reset their password to what it's already set to in AD using admin override, delete them from Okta and resync. 200 odd times. Lovely. If it was down to me, I'd be hacking off project manager arms with a machete, but it's not. |
|
mrpon
Junior Member
Posts: 3,776
|
Post by mrpon on Jun 2, 2023 10:57:42 GMT
After a recommended app/website to show all connected users to an SSID and their usage/bandwidth. I'm speedtesting on my phone at around 2Mbps, it should be around 70Mbps so something is hogging.
|
|
nazo
Junior Member
Posts: 1,312
|
Post by nazo on Jun 2, 2023 11:17:11 GMT
Can’t your router dashboard show that?
|
|
mrpon
Junior Member
Posts: 3,776
|
Post by mrpon on Jun 2, 2023 11:52:31 GMT
I'll check with IT, I think it only shows connected users and not usage.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on Jun 2, 2023 12:03:49 GMT
If you’ve only got a 70mb connection and more then a handful of users, it’s not going to take much to choke it.
I had a teams call drop to a supplier last year because they had some updates pushed out and caned their bandwidth.
|
|
mrpon
Junior Member
Posts: 3,776
|
Post by mrpon on Jun 2, 2023 14:08:11 GMT
That's great thanks!
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Aug 24, 2023 9:46:33 GMT
Just had a bit of a ding dong with our Head of IT Service Delivery. During our changeover of companies a few months ago, my team did some extended support, because his team was basically non-existent and there was no one to do anything. That ended 3 months ago, at the end of May. But they're still sending us tons of tickets (mostly for Exchange) every single day, so we've started pushing back. Today, I sent him an email back saying "please send Exchange requests to Infrastructure, my team no longer support this" and he's lost his shit, got his hair right off. It started with "It's one simple task, I don't know why you can't just do it quickly" and ended up with him calling me a "lazy, feckless wanker". In a backed up, text conversation. It's not my fault you hired fuckwits to support Exchange who don't understand how email works, my dearest. You sort it out. So, not getting what he wants via the power of unreasonable workplace behaviour, he's gone over my head to my boss to complain, and my boss has said "dogbot is 100% right and is doing what's come down from SLT. You agreed to this". Ha. This being a leader is fun |
|
|
|
Post by Trowel 🏴 on Aug 24, 2023 10:01:01 GMT
That text needs to find its way to HR. Can't be doing with a) people who treat their work colleagues like that, and be) people who sign up to a process then immediately just do what they want.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on Aug 24, 2023 10:09:07 GMT
We have battles like that with email/anything. 'You use it, you run it' conversations with other teams who dont want to do their jobs.
Im currently on a 'let it fail' course of action with BT for similar reasons. We, sadly, do blocked website exceptions. If someone needs access to something and its blocked by the net nanny, we whitelist it with a legitimate business case. If we whitelist it or its already whitelisted, its a network fault and it goes over to BT to diagnose, who immediately refuse to work on it and send it back to us to fault find.
Im now refusing to have my team do that and a few people have hit the fucking roof. Talk to the BT 'relationship owner', guy.
|
|
|
|
Post by Trowel 🏴 on Aug 24, 2023 10:20:30 GMT
"allow list"
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Aug 24, 2023 10:30:53 GMT
That text needs to find its way to HR. Can't be doing with a) people who treat their work colleagues like that, and be) people who sign up to a process then immediately just do what they want. Agreed. I'm staying out of it, though. My boss will deal. |
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,663
|
Post by Bongo Heracles on Aug 24, 2023 10:40:35 GMT
I got a full list of 'suggested terminology' sent to me the other day after I used the phrase 'sanity check' and it made even a bedwetting liberal like me roll his eyes. |
|
"change all your plans for the day, it's time for a form"
