III. During the Assessment
This section provides an overview of the common steps, scope, and expectations or a technology assessment. Organizations may find that a security audit is included as part of the technology assessment; the specifics of a security audit and what to expect can be found here. The purpose of this section is to provide what is generally in scope for a technology assessment.
What to Expect from the Technology Assessment Process
The technology assessment process involves a series of systematic steps aimed at evaluating an organization's existing technology infrastructure, systems, processes, and needs. This process helps identify opportunities for improvement, strategic alignment, and the effective utilization of technology. Technology assessments generally include reviewing IT-related policies, procurement processes, technology plans, technical documentation, network infrastructure, hardware inventory, software inventory, and backup procedures. To the extent some needed information is non-existent or out-of-date, the technology assessment is the impetus for the development or updating of such documents. Although the process may vary depending on the vendor selected, organizations can generally expect the following:
-
Discovery and Data Collection: Information and data gathering will be an essential part of understanding the organization’s technology landscape to properly assess and provide well-informed recommendations. The vendor that is selected to conduct a technology assessment will likely have a few methods for its discovery process. Some examples may include any combination of the following:
-
Inventory spreadsheet of hardware, software, networks, etc.
-
Staff survey(s).
-
Focus groups or interviews.
-
Network scanning.
-
Virtual or onsite visit.
-
Policy/procedure review, if applicable.
-
-
Analysis/Synthesis of Information: After discovery is completed, the vendor will begin to analyze and synthesize the gathered information to gain insights into the organization’s strengths, areas of improvement, inefficiencies, pain points, security concerns, etc. Based on the analysis, the vendor will also begin to identify gaps where the organization’s technologies or technology use are not meeting organizational needs.
-
Report and Recommendations: Following completion of the vendor’s discovery process and analysis/synthesis of information and data collected, there may be ongoing follow-ups to confirm findings, but report development will have begun. The main deliverable at the end of the project will be a report with specific recommendations and a final meeting with provider leadership to review the report, findings, and recommendations. Providers should consider the final meeting as an opportunity to raise any questions and receive guidance from the vendor on how to best review the report and any other materials provided.