GREEN PASS - ODOO PLUGIN
The introduction of the obligation to submit the Green Pass for all workers, inevitably brings with it the need to adapt their corporate infrastructure. For this reason we decided to work on the realization of a plugin to be used with the Odoo ERP platform.
How does it work
The plugin allows the access control and the validation of the Green Pass, necessary for the entry of the worker in the working place.
Through the use of a simple QR Code reader, the QR code is scanned, certifying the validity or not of the Green Pass. The result of the reading will be reported in the attendance register within Odoo (HR module / Attendance) by linking the scanned Green Pass to the corresponding registry, also reporting the time of entry.
All information about the plugin can be found directly on the Odoo store at this address: Odoo Green Pass plugin
CSA STAR Self Assessment v.4.0.2
E-time adheres to the international standard CSA STAR, which stands for Cloud Security Alliance – Security trust Assurance and Risk.
THE STAR CERTIFICATION
The Security, Trust & Assurance Registry Program (STAR) is a standard designed by the nonprofit organization Cloud Security Alliance which has as its main objective, in addition to setting security standards in cloud computing, to allow customers to evaluate their suppliers on the basis of a shared and internationally recognized model.
Companies that choose to become STAR certified choose to adhere to the principles of transparency, rigorous auditing and harmonization of standards by indicating best practices and security procedures for their cloud services.
The STAR registry, which brings together all the companies that join, is open for public inspection.
E-TIME AND CSA STAR
E-time’s commitment to the principles of the Standard is set out in the Consensus Assessments Initiative Questionnaire (CAIQ versione 4.0.2), of which below is the link to the E-time questionnaire: Consensus Assessments Initiative Questionnarie E-time
Self-assessment, in its updated version, is a CAIQ v.4.0.2, provides detailed information on the SSRM (Shared Security Responsability Model) in particular on how compliance, risk management, security and data protection requirements are met.
We also report that the questionnaire is also published in the register Cloud Security Alliance
Rexpondo is not only a ticketing system but it is an IT Service Management solution structured on standardized ITIL processes, ITIL v3 compliant, based on Open source software ((OTRS)) Community edition.
IT is now the key department of every company that must be supervised and regulated in order to create automated processes capable of improving response times. And it is precisely on the automation and quality of processes that the game is played.
In fact, it is no coincidence that ITIL is a discipline focused on the quality of service perceived by customers, and Rexpondo supports the entire infrastructure, from requirements to best practices.
Core books ITIL
I “core books” of ITIL v3, are as follows:
- SERVICE STRATEGY: includes organizational goals and customer needs and describes the following processes: Strategy Generation, Service Portfolio Management, Demand Management, Financial Management
- SERVICE DESIGN: transforms the strategy of a service into a plan for the realization of business objectives and describes the following processes: Service Catalogue Management, Service Level Management, Capacity Management, Availability Management, IT Service Continuity Management, Information Security Management, Supplier Management
- SERVICE TRANSITION: develops and improves the capabilities for the introduction of new services in the supported environments and describes the following processes: Transition Planning and Support, Change Management, Service Asset and Configuration Management, Release and Deployment Management, Service Validation and Testing, Evaluation, Knowledge Management
- SERVICE OPERATION: manages services in the supported environments and describes the following processes: Event Management, Incident Management, Request Fulfillment, Problem Management, Access Management. The following functions are also defined in this book: Service Desk, Technical Management, IT Operations Management, Applications Management.
- CONTINUAL SERVICE IMPROVEMENT: Achieves incremental service and large-scale improvements. The improvement process described is unique and organized into seven steps.
Processes supported by Rexpondo
Rexpondo is a Service Desk system and therefore by definition acts:
- as a point of contact between users and the ITSM
- manages user incidents and problems and provides an interface to other processes such as:
- Incident Management
- Problem management
- Request Fulfilment
- Service Asset e Configuration Management
- Change management
- Knowledge Management
- Service Catalogue e Service Level Management
OTRS: Let's take stock
Following OTRS AG’s announcement to no longer support OTRS 6 and ((OTRS)) Community edition 6 and with them the related security updates, we have chosen to transform our dedicated Rexpondo area into a real product, an open source ticketing and ITSM system based on ((OTRS)) Community edition.
We have formed a partnership with the German company OTOBO, with whom we have already collaborated on the security update of the latest version of OTRS CE and we will collaborate on further developments of the platform.
With the experience gained by the Rexpondo team in ticketing and ITSM, today we are able to coordinate a roadmap of implementations, with short and medium term goals.
We can guarantee continuity in the support and maintenance of the current platform (including security patches and bug fixing) for all those companies that have invested in OTRS up to now, evolving at the same time, the Rexpondo platform.
Below are the developments already implemented:
- Data protection
- Dynamic fields management
- GDPR consent on customer side
- Elastic search
- New Customer graphic interface
- Native SLA stop
- Maps integration with OpenStreetMap
and upcoming developments:
- Mobile app
- BI (Business Intelligence)
- API rest
- Chatbot integration
- Graphics overhaul
Efficiency and savings. This could be in extreme summary the answer to the question “What are the benefits of IT Asset Management?”, but let’s try to go by points.
Why we talk about IT Asset Management
IT asset management (ITAM) is the set of business practices that join financial, contractual and inventory functions to support life cycle management and strategic decision making for the IT environment. Assets include all elements of software and hardware that are found in the business environment. (def. https://en.wikipedia.org/wiki/IT_asset_management)
With IT Asset Management we indicate all the activities aimed at a correct mapping and management of IT assets (both software and hardware), integrating the different solutions between the various departments with a single macro objective, that of creating value for the company.
Most companies perceive the need to renew technologically and “invest in IT”, but perhaps it is not yet perfectly clear how and perhaps not even why.
The enterprise market is still divided into two broad categories:
- Traditionalist: it’s always been done this way; it’s always worked; now that so many are changing to follow the trend, it frees up space and I’ll be even better off.
- Innovative: the market will always evolve and the only way to compete is to (r)innovate.
Ignoring, or worse, hindering innovation, is like ignoring life.
The world is inexorably accelerating toward valuing ideas.
3D printers, which were in the science fiction dreams of the children of the last century, are now an evolving reality. Always new ideas that require a Time To Market as close to the immediate as possible. The only way to shorten the Time To Market is to use technology, IT.
After the birth of the first portable phones, a phone that could be a computer, a camera, a radio, a TV, etc…, arrived on the market even before the masses could even imagine it. This is an effective Time To Market! We believe that this acceleration will continue and therefore believe in the need to ensure that the IT of all companies is not only adequate and performing, but that it is considered an integral part of the company’s business lines on a par with people; that is, that it is considered on a par with human capabilities.
Man-machine interaction is no longer even to be considered an “innovation”, but a fact.
Why should a manager be entitled to demand the best from his human staff without paying attention to IT resources?
Why are people assigned goals, while IT is asked what it can do to help achieve a goal?
And so why should a company be concerned about getting the most out of each of its Human Resources by seeking them out carefully, putting them in the best possible working conditions, incentivizing them, creating teams that know how to integrate in the best way, etc… and should not give the same attention to IT resources?
The answer is that perhaps you are still trying to put the famous “man with a red flag” in front of man/machine iteration innovation.
IT Asset Management, or rather, IT Governance more generally, shifts the role of IT from “IT Resource” to “Business Resource.” And as a business resource, like a human, it must be managed, valued and evaluated. If, for example, I am willing to spend a total of € for a designer, it is because I have had the opportunity to evaluate his work, through interviews, verification of the projects done, and whatever else, that his work will help to bring “adequate revenues” to the company.
IT Asset Management is the tool that allows me to understand what resources (IT) I need, how my resources (IT) work, how much my resources (IT) really cost, what criticalities/problems my resources (IT) have and whether they give the business the expected contribution in order to bring “adequate revenues”.
It is not uncommon, for example, for companies to set “standards” for IT purchases and for these to be defined by the average technology level in the market.
With adequate information, one could instead, for example, find that such a critical business line is served by certain IT assets for which we could consciously aim for TOP level purchases, while for other less critical business functions, aim for adequate levels saving money and satisfying my critical business much more.
The absence of these procedures sometimes leads to misguided investments that trigger vicious cycles that end up relegating IT to the sad role of “necessary cost” instead of “business investment”. Like human resources, IT investments must be carefully evaluated, measured and examined for the value they provide in terms of ROI.
From these observations, it is easy to see why all companies should incorporate an IT management strategy with a long-term view into their structure in order to strengthen competitiveness in response to market needs.
Who is in charge of it?
Continuing the parallelism between the contribution of HR and IT to the business, as there is an HR Manager who reports directly to top management, the ideal, as many companies have already done, is the establishment of the figure of the Asset Manager. A figure capable of identifying and implementing the strategies necessary to reconcile the needs of the business with those of the IT resources available.
Where this figure is still absent, the IT manager is the most suitable figure to fill the role, provided that he knows how to “raise his head and see the business” with which to work closely.
However, Asset Management should be of equal interest to senior management as other resources (HR) that contribute to the business. On the good health of the assets (HR and IT) depends the profitable administration and overall competitiveness of the whole company.
Benefits of IT Asset Management
As we’ve learned for decades now, a company made up of people who are capable, competent, know how to work as a team, and above all are motivated, brings great benefits. Likewise, an IT:
- capable (match needs/machines);
- competent (analysis of market availability/custom development);
- who works in a “team” (…interconnected to the business);
- motivated (…business objective defined for each IT process) also brings great benefits.
A sound and effective IT Asset Management system consistent with business objectives promises:
- Risk reduction (criticality control and proper calibration of systems).
- Reduction of costs (more efficient management of IT resources through proper management of maintenance or replacement of assets).
- Improved IT performance (load control, mapping of critical paths, etc.).
- Intervention traceability (knowledge of the interrelationships between assets allows the identification of the “criticality” of each planned/proposed intervention and to plan it correctly and without unexpected risks).
- Performance traceability (the effectiveness of the systems is verified as the business grows and possible evolutions are planned)
The addon that solves problems with OAuth2 protocol
Although there are no definite terms yet, starting from 2021 Google and Microsoft will end the support for authentication through username and password for IMAP and POP3 services, making it mandatory to switch to the OAuth 2.0 protocol.
In order to adapt its installation ((OTRS)) Community edition to the new protocol, our Rexpondo team has implemented the plugin REXOAuth2.
More information about the plugin is available on our website rexpondo.it
What is OAuth2
OAuth 2 is the second version of the OAuth framework an authorization protocol that allows applications to gain limited access to user accounts on an HTTP service
It works by delegating user authentication to the service hosting the user account and authorizing third-party applications to access the user account. OAuth 2.0 provides authorization streams for web and desktop applications and mobile devices.
ITSM – IT Service Management
ITSM is the acronym for IT Service Management, the discipline that concerns the management of Information Technology (IT) systems and describes the strategic approach with which the IT infrastructure should be built to make it functional to business objectives and oriented to customer satisfaction. An orientation therefore focused on the quality and efficiency of the service. The benefits that derive from ITSM, therefore, do not concern only the technological component (IT area) but involve the entire business:
- ROI improvement
- Process control and performance measurement
- Rapid identification of “bottlenecks” and criticalities
- increased efficiency and cost reduction
- improvement of the service offered
The main question that arises when talking about ITSM concerns the choice of framework to be used. The choice depends on a number of variables, such as the complexity of operations and the size of the IT department.
The objective of an ITSM framework is to ensure the coordination of processes, people and technologies, to guarantee the achievement of business objectives. Below we summarize the most common frameworks.
ITIL (Information Technology Infrastructure Library)
is the most widely used framework in ITSM and process management, now in its third version. We are talking about ITIL® V3. ITIL® and is an Axelos registered trademark whose purpose is to provide guidelines and best practices to channel IT with business needs, such as:
- improving the quality of IT services delivered
- Reducing the fixed costs of service delivery
The philosophy that guides ITIL® starts from the assumption that ITSM is composed of a series of integrated and interrelated processes (“process driven” approach) and consists of 5 parts, or rather books:
1. Service Strategy
what are our stakeholders looking for? What is the current state of the IT system within the organization? Are current implementations sufficient to efficiently achieve business objectives, or do we need to intervene?
2. Service Design
What kind of organization are we talking about? How should the IT structure be designed to limit risk?
3. Service Transition
How should the transition process between the current and the new service be structured?
4. Service Operation
What are the operational steps to be followed? Are there adequate resources and structure to deal with the transition to the new system?
5. Continual Service Improvement
Once the new system has been implemented, the watchword is continuous improvement! We are talking about the Deming Cycle (PDCA Cycle).
The ITSM software that we propose is also based on this framework and, in addition, ITIL® V3 is prepared to implement the principles of the ISO/IEC 20000 standard and provides a guide for companies that intend to obtain certification.
COBIT (Control Objectives for Information and related Technology)
COBIT is an infrastructure for the development, implementation and monitoring of IT systems, which was created with the aim of assisting companies in achieving their IT Governance and management objectives. It is a framework created by the IT Governance Institute and the Information Systems Audit and Control Association (ISACA).
Starting from the assumption of the central role of ICT in the process of value creation involving all operational and functional areas within the organization with particular attention to the interests of internal and external stakeholders.
COBIT, now in its fifth version (COBIT 5) is based on the balance between efforts to achieve the objectives, optimization of risk levels and use of resources and is aimed and addressed to all organizations regardless of size and industry.
COBIT 5 is based on five principles:
1. Meet stakeholder needs
The purpose for which an organization operates is the creation of value for its stakeholders. To achieve this goal, however, requires process mapping and the formalization of specific practices.
2. Consider the organization as a whole
COBIT 5 not only focuses on IT in the narrow sense, but also takes into account all the various aspects of governance and management related to the organization as a whole. This includes people and assets.
3. Apply an integrated infrastructure
COBIT is aligned with several relevant high-level standards and infrastructures, so it can be useful as an “umbrella” infrastructure for IT governance and management.
4. Take a comprehensive approach
COBIT 5 defines a set of enablers to support the implementation of a comprehensive IT governance and management system.
The COBIT 5 infrastructure describes seven categories of enablers: principles, policies and structures, processes, organizational structures, culture, ethics and behavior, information, services, infrastructure and applications, and people, skills and competencies.
5. Separate Governance from Management
The two disciplines, although closely related, cover different activities and purposes that require different organizational structures.
The two disciplines, while closely related, are about different activities and purposes that require different organizational structures.
In some ways, COBIT and ITIL can be considered two complementary frameworks, as the former is based on the mapping of IT service management processes, while the latter dictates best practices regarding tools and procedures to achieve the objectives set by COBIT.
For further information on this framework, please visit the ISACA website, where you can download the guide in PDF format.
Microsoft Operations Framework (MOF)
Comprised of a series of documents containing best practices and principles that serve as guidelines for IT professionals. Just like the ITIL framework, MOF proposes guidelines for the entire lifecycle of an IT service from conception and development to decommissioning. To simplify further, we could say that MOF is the implementation of ITIL best practices in Microsoft environments.
The ISO/IEC 20000 Standard for the ITIL framework
ISO/IEC 20000 is the first IT Service Management standard that is officially recognized and can be certified. It is structured for the ITIL framework but is also compatible with the Microsoft Operations Framework (MOF) and consists of several parts:
ISO/IEC 20000-1:2011 (Part 1)
defines the requirements for a service management system:
- General requirements of a service management system
- Planning the introduction or modification of new services
- Service delivery process
- Relationship processes
- Resolution processes
- Control processes
ISO/IEC 20000-2:2012 (Part 2)
Provides guidelines for the application of a service management system, including best practices for service management processes.
ISO/IEC TR 20000-3 (Part 3)
Provides guidance on achieving the objectives and successful implementation of Part 1.
After only 2 years from its birth, 4HSE, the E-time subsidiary company that gives its name to the homonymous software for the management of health and safety at work, lands on the foreign market and releases an important update for the Italian market: the possibility to draw up, customize and print the Risk Assessment Document (DVR).
This new feature is in addition to the already existing functions concerning:
- Deadline management: calendar and notifications
- Management of locations, personnel and tasks
- List and organization of substances and equipment
- Training management: courses and editions
- PPE management: delivery, validity, characteristics
- Maintenance management
- Health Surveillance management
- Management of procedures and reports
- Generation and printing documents and certificates
- Risks evaluation
With the release of the DVR closes a very productive year for 4HSE that rewards the work done and the proven validity of the software also in Europe and internationally.
With 2018 also came the first international customers and requests to translate the software safety at work in multiple languages. Hence the decision to focus not only on the Italian market but also on the foreign market, with the creation of a special division that will complement the existing one.
For further information: www.4hse.com