Friday, March 29, 2013

SOP Friday: Is This a Profitable Hour?

From time to time, it's good to sit your staff down and teach them this mantra: "Is this a profitable hour for our company?"

In the KPEnterprises Standards and Procedures manual, it looks like this:

    The KPEnterprises Mantra
    Is this a profitable hour for KPEnterprises?

and shortly after that we have:

Work Ethics and Core Beliefs

  • We strive for continuous improvement to all of our processes to ensure a high standard of work delivered.
  • The best way to work is to focus on one thing completely and, when it is done or at a stopping point, you move on to the next thing.
  • Only change focus or allow distraction to the one thing you are doing if that interruption is directly related to the success or completion of the task at hand.
  • All things can wait or be handled by someone else if their current status is correctly recorded for others to access.  That is to say, if Autotask is up to date with notes etc. anyone else with the correct technical ability can take over that Service Request or help it move forward toward resolution.
  • We get all the information the first time and document it.
  • We do complete work the first time around. No rework.
  • The client you are currently servicing is the most important client right now.
  • We complete all work possible before leaving a client’s office.

Not everything on that list is directly related to profitability, but everything in the entire company is at least indirectly related to it.

Look back on a few earlier SOPs. For example,

"Service Manager Roles and Responsibilities:
Focus on making every work hour a profitable hour for KPE."

. . . and . . .

"Technician Roles and Responsibilities
Focus on making every work hour a profitable hour for KPE."

Everyone's In On This!

No matter how large or small your company is, every employee needs to keep an eye on profitability. Of course many of them will not see a direct line between their daily activities and the profitability of the company. That means it's up to you to draw the lines for them.

For example, administrative assistants need to know that their work helps marketing efforts, which leads to sale, which leads to money that runs the whole company.

The front office staff do a lot of work with billing, mailings, and finances. So even though they don't perform billable labor, they do all the hard work that actually brings the money in so the company can operate. And sometimes they do a better job of this than the owner! For example, it is very common that the owner will give discounts and forgive bills from time to time. That happens a lot less when billing is turned over to the front office staff.

Sales people obviously understand the connection between their success and the company's success.

The tech department - the service delivery department - has the strongest connection between their daily activities and the profitability of the company. In fact, they're the only employees who are evaluated on the basis of how "billable" they are.

When you break down a technician's hour, it might contain several activities, such as

- Check the service board
- Work tickets (deliver service)
- Read email
- Perform administrative duties
- Training / studying for exams
- Taking exams
- Attend meetings
- Wasting time on Facebook,, and YouTube

Most of these are either known to be profitable (billable labor is still considered "billable" if it is productive labor in support of a prepaid managed service agreement) or administrative. One of the reasons 60-70% billability is acceptable is that you expect technicians to read email, learn new technologies, and attend meetings.

The hidden culprits to profitability are not in the hours spent in each of the categories. The hidden culprits have to do with actual job performance and skills. For example, rework is extremely expensive for I.T. companies. If work is not properly documented, the chances for rework go way up. If a technician is thrown into a job with insufficient training, the probability for rework goes way up.

Inefficient troubleshooting is also a huge time waster. That's why we have a rule that the maximum time anyone should work on any problem before stopping and calling for feedback or support is 30 minutes. It is extremely important that technicians do not waste time continually trying the same thing over and over and expecting new results. Sometimes they just need a "fresh pair of eyes" on the problem. Sometimes they need to escalate to vendor support or other third party support.

Very often, we geeks refuse to give up. We won't let a USB device defeat us! So we want to keep working until we fix the problem. That's great if you're a sole proprietor and your time is worth nothing. But when you have employees, this can get very expensive very fast.

One time I had a tech who spent four hours working on a cell phone issue, making no progress. Then, after one six minute call to the Sprint store, it was fixed. Lesson learned. I can't charge a client for four hours labor. But I have to pay the technician. This is a losing proposition in at least three ways.

1) We look incompetent. That doesn't cost money right away, but it certainly can in the long run.

2) At about $25/hour with taxes, that tech's labor cost me $100.

3) More importantly, that's four hours we did not bill out in productive labor. At the time, our rate was $120/hr, which adds up to $480.

(That was about ten years ago and may actually be the reason we implemented the 30 minute limit.)

Productive Labor

Even technicians don't have to think in terms of dollars when they evaluate whether the hour is profitable. Rather, they can consider whether their actions are productive. Are they moving a ticket toward completion, or spinning their wheels? Is time better spent finding the cause of a problem or simply fixing it? Does this action advance the goals of the company with regard to client relationships or service department goals?


It is also critical that employees see how their actions fit in the big picture. For example, technicians often say that entering time and notes into the PSA is wasteful. They see it as bureaucratic activity and not productive labor. Very often, that's because they do not enter time into the ticket as soon as it's completed. When the last thing you do on a ticket is enter the notes, that activity is part of the ticket. When you wait until the end of the day, or the next day, that activity is administrative catch-up.

More importantly, accurate notes at time of service help us avoid rework. They help the service manager answer questions from a client as soon as the job is complete - and not have to wait until the next day when notes are in the system. Accurate notes also help the front office product accurate billing. And they help whoever does customer service to justify the bill if a client has a question.

It is worthwhile to bring up the topic "Is this a profitable hour for the company?" at least once or twice a year in your company meetings. No one should obsess over it, but everyone should think about it.

Profitability doesn't just happen.

Productivity doesn't just happen.

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Using a White Board


Check Out the #1 ranked Managed Services book at Amazon:

Managed Services in A Month
by Karl W. Palachuk

2nd Edition - Newly Revised and Updated with NINE new chapters

Only $24.95. The best deal in managed services today!

Order Today!

Thursday, March 28, 2013

Early Bird Registration for SMB Online Conference Ends March 31st

Register right now and save.

If you haven't done so already, please take a look at this year's SMB Online Conference.

It features 15 hours of live presentations over three days. Last year's event was amazing and this years will be just as good!

This year's topic is . . .

IT Business Reboot 2013

Register here for the 2013 SMB Online Conference

After four years of recession, the world has changed a LOT. New products and services include Windows 8, Server 2012, Server Essentials, Cloud Services, and more. Gone in the last four years are Small Business Server, old versions of Windows, . . . and many IT companies!

This year's conference will focus on the key actions you need to take to build a successful IT service business in the years ahead. We start with a foundation of the structures and processes you need to have in place. This includes a special focus on finances, but also includes a lot of best practices and Standard Operating Procedures.

Topics include:

  • Modern Fundamentals for Success in the Future
  • Keynote / Rebooting and Restructuring for the Future
  • Financial Deep Dives . . . Times Three!
  • Managed Services and Cloud Services
  • Promotion and Marketing Excellence
  • Keynote / Building Your Identity (Internally and Externally)
  • Thinking Inside the Box
  • Killer Presentations and Self Promotion
  • Keeping Up as the Pace of Change Increases
  • Redefining Your Business . . . One More Time!
  • Keynote / Absolute Rules of Success
  • Making Vendors work for YOU and Your Business
  • Financial Realities that Will Kill Your Company
  • Serving Larger Clients - The Mid-Market Opportunity for Small Business Consultants
  • . . . And More!

Featured speakers this year include:

- John Armato - Senior Partner at Fleishman-Hillard

- Rayanne Buchianico - Owner of ABC Solutions, LLC

- Len DiCostanzo - Senior Vice President, Community and Business Development, Autotask

- Mark Moreno - Owner, C&M Support Services & Consulting, Inc.

- Karl W. Palachuk - Small Biz Thinker

- Manuel Palachuk - Author, Coach

- Stacey Powell - Chief Creative Officer, Creating Answers

- Chip Reaves - President, Bigger Brains

- Brian Sharp - Owner, Go Big Company

- Richard Tubb - Business Coach

This really is a major event. You won't want to miss it. And you can save money right now if you register today. The price goes up Monday!

Check out the conference site and register now!


New Blog: Consultant or Amateur

I started a new blog today!

It's here: and it's called "Consultant or Amateur."

The blog is intended as public service to your clients - and you. In that blog, I'll be giving advice to end-user clients about our profession. I'll be recommending professionalism in the IT business. It really will be advice on how to choose and use an IT service provider.

Assuming you take this business seriously, it will be a place you can point your clients to and say: "See this? That's why you have to replace your server. That's why cloud backup is safe. That's how managed service works."

Ideally, it will be a place where business owners can learn that there really is a difference between consultants and amateurs.

It has long been a pet peeve of mine that there are so many horrible amateurs in this business who get in (and out) of this business on a whim. Everyone who installs software somehow thinks he's a computer guru.

In addition to wasting client money and putting their data at risk, these amateurs tend to sell illegal software, over-bill for their work, and give all computer consultants a bad reputation. Clients need to know that there are good consultants in this world who will make their businesses better and not worse.

I sincerely hope you will give it a look and send me any comments or suggestions you have.


Friday, March 22, 2013

SOP Friday: How to Work 8AM to 5PM in I.T. Consulting

One of my never-ending themes is that you CAN work a normal business day. Whether that's 8AM to 5PM or 9-6, or even 8-6, "normal business day" is somewhere in that category. At least 99% of the time. So you might have three or four exceptions per year. But you can design your business to work normal hours.

This post will address some thoughts about why you should work no more than about 50 hours a week and how you can work normal hours.

Here are a few previous posts you might find useful.

Hours in a Week (2006)
(Why 50-55 hours per weeks is the best balance of hours for a decent work/life balance - and a very reasonable number.)

We Don't Work Weekends (2007)

SOP Friday: After Hours Work (2013)

Also see the entire site Relax Focus Succeed(R) -

- - - - -

It seems like - at the small end of SMB - there has always been an assumption that you have to work after hours. Sometimes it's easier to get a job done without pesky clients around. Sometimes clients ask for it. And very often, we're simply not willing to put in the effort to figure out how to get things done while the office is in full swing.

My brother Manuel and I spent years developing a system for migrating entire networks with zero downtime. It takes a lot of planning and discovery, but it's not particularly "difficult." One of the things we tell people is that they probably already have all the skills they need. It's just a matter of having a process. (See The Network Migration Workbook)

Believe You Can Work 9-5

When I mention in a presentation that we don't work evenings and weekends, I always get the exact same response - after TEN YEARS of talking about this: "Well what do you do when a server crashes in the middle of the night?"

Really? That's your defense for working twelve hours a day and abandoning your family?

I'm trying to remember. I think we've had maybe two servers actually crash in the middle of the night since 1995. We are not going to build a business practice around the remote exception to the rule. If you have servers crashing left and right, you're in the wrong business.

Anyway . . . You've simply gotten in the habit of working late, answering the phone after hours, and letting clients talk you into working after hours. If you want to work evenings and weekends, that's fine. Admit that you choose to do it, and do it proudly. But don't argue that you have to or that the business requires it. You don't have to and the business does not require it.

The first step is to believe that you work normal hours. Here are a few key beliefs and behaviors that affect your beliefs about this topic:

1) Everyone does it. No. Many people in the SMB space do not work evenings and weekends. And almost no one in the mid-market or enterprise space does - Unless they are extremely well paid for it.

2) Once your clients have your cell phone, they can get your attention any time. No. You don't have to answer your phone. More on this in a minute.

3) Ignoring clients or not being available in the evening is bad customer service. No. Every business gets to set their legitimate boundaries. Being available during your normal business hours is expected. Bad customer service would be ignoring clients at that time. Almost every business you deal with is unavailable evenings and weekends.

4) Clients expect it. Yes, kind of. If you've trained them to expect it, then they expect it. Now you need to re-train them. I'll bet most of your clients have never expected you to be available during "off" hours.

Sometimes clients just use whatever communication medium is in front them them. If they're on Facebook they Facebook. If they're on email, they email. If they have an icon on their desktop that opens a ticket in your client access portal, then they open a ticket. In most cases, the client is simply trying to make sure that their issue is in your system. They don't expect an answer/fix right now. They just need to get it out of their head and into yours. They will leave a voice mail and wait. You need to provide good customer service by addressing their issue the next business day.

5) I have to. The job requires it. No. This is the 21st century. We have robust hardware and software. We have remote monitoring and access tools. We have help desk support that's paid to be awake when we're asleep. We have techniques and processes that it possible to do virtually everything during business hours.

Here's an interesting question: How many of your client are available 24x7 to THEIR clients with no minimums and no after-hour rates. I'm just going to speculate here, but I'll bet that number is zero for almost everyone reading this.

Every consulting company that grows big has some rules about overtime. They're not the same for everyone, but here are some of the basics.

- Employees work 40-hour weeks
- Employees get paid for overtime
- Client work is done during normal business hours (8am-5pm)
- Clients pay extra for work outside those hours

As strange as it sounds, it can be very profitable to move into these policies. So, if you're not doing them, start soon. It is quite reasonable that, on a 30-day notice, you can raise your after-hours rates. That will make you more money and reduce the number of after-hours hours.

It is highly unlikely that you will ever grow your business beyond a one- or two-person shop until you adopt the policies you need to sustain a larger company.

Balancing Your Work and Life

Some people are born to be state workers. They naturally clock in at 8:00 AM and clock out at 5:00 PM and never think about work any other time. But most of the human race ENJOYS working. It gives us pleasure. It makes us feel useful and valuable.

It's very common to talk to IT Pros that really love their clients and see their job as a service they are performing. There are people who make life bad for others and there are people who make life better for others. Service providers (including IT service providers) provide a server that truly helps people. We make their businesses more efficient. We save them money. We help them to do things they couldn't do before.

The point is simple: It's okay to love your work. In fact, it's one of the greatest feelings in the world. When your business is "in the zone" you can get a lot of pleasure from it. So it's good to love work.

But you can't just work. You need to have a balanced life. You need to have hobbies. You need to blow off steam. You need to find great pleasure in other things.

As a writer, I always have several projects going at once. I try to lay them out on tables so they are visible to me and easily accessible. The reason is simple: Sometimes I have energy for one project and not another. I will work on the project that I get the most enjoyment out of. But sometimes I have deadline and have to work on a specific project whether I like it or not. Even then, I can switch to another project for a short while and balance out my day.

Sometimes your job gives you energy and sometimes it takes your energy. This changes all the time. That's one reason why you need find happiness and energy in the other parts of your life: Your personal life, you family life, your hobbies, your sports, etc. Giving each of these some of your attention will make you happier and more energetic overall.

"The balance" is different for everyone, so I can't say that you should do what I do. But I CAN say that working 16 hours a day is bad for your health, bad for your business, and bad for your personal life. If you're working those kind of hours, things are very un-balanced.

You have to work at balance. It won't happen by itself.

Making the Change to Working Normal Hours

So, how do you re-formulate your company so that you really work normal hours and your clients understand that? Here are some tips.

First, decide you will do this. There may be a transition period, but it will be harder on you than on your clients. You have a habit all the time. Each client only needs after-hours assistance once in awhile. You have to figure out what you're going to do when you're not working.

Second, adopt the simple policies mentioned above:

- Employees work 40-hour weeks - Including YOU
- Employees get paid for overtime
- Client work is done during normal business hours (8am-5pm) Monday-Friday
- Clients pay extra for work outside those hours

Third, if you need to amend contracts, do so. The most common rates for after-hours work are time-and-a-half (1.5x) and double-time (2x). Pick one and use it. You may want to give a 30 day notice to clients without a contract. Better yet, use this as an excuse to sign a contract with all your clients.

Fourth, set a transition period for yourself. Maybe three months. During that period, don't answer your phone after hours, but return calls if you think it's important. But wait longer and longer to return calls.

If a client asks you to do work, simply say, "I want to make sure you know the after-hours rate is $300/hr. So you can save a lot of money if this can wait."

Clients will almost always wait. They only asked you to work after hours because it cost them nothing extra. Now that there's a cost, you will see a quick change in behavior.

Fifth, be prepared for zero backlash. In reality, this will affect very few clients. And they will understand and come into line quickly. After all, these are very reasonable policies.

If you get in the habit of working too much, it feeds on itself and you feel that you can't get out: you can't change the way things are.

That's not true. Just decide to change. You can make it happen.

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: Is This a Profitable Hour?

Check Out the #1 Best-Selling book on Managed Services ever!

Managed Services in A Month
by Karl W. Palachuk

3nd Edition - Newly Revised and Updated with TEN new chapters

Paperback - Ebook - Audio Book

Unlike some books with old copyrights that sell for $60 or more, this book is 100% up to date and is only $29.95.

Now includes information on making cloud services part of your managed service offering!

Learn More!

Tuesday, March 19, 2013

Managed Services in a Month Audio Book - Free for One Week only!

Managed Services in a Month Free Audio Version

Limited Time Offer!

Managed Services in a Month audio book - 2nd ed.

255 MB - 5 hours of audio!

Get this for free! In exchange you just have to Post/Tweet about it.

Choose a social network, post your message, and get your free content.

You don't even have to give me your name, email, or any other info. You post, you get it. Just like that.

Managed Services in a Month Audio Book free for a limited time

Free - Free - Free

Here's the scoop for all you suspicious folks:

Pay With A Tweet - - allow you to trade social media juice for products and services. I'm hoping that 1,000,000 people download this book for free.

And I hope 1% of them buy something from me, get on my mailing list, etc.

As you Tweet, and your network Tweets, this could spread very quickly. If nothing else, it will be FUN!

This book will sell for $24.95 at the end of next week. So get it now and spread the word!

Thanks, as always, for your support.
- karlp


Friday, March 15, 2013

SOP Friday: Prudent Password Policies

About five years ago I responded to a question about writing down passwords. See the old blog post on Prudent Password Policies from 2008.

Sometimes it seems that passwords are the hardest thing in the world for clients to understand. Let's face it, the odds are that they'll never be hacked. So they can go decades without changing their passwords and nothing bad happens.

They don't see the work you do with routers, firewalls, and server settings to keep them safe. And they're just never going to understand brute force attacks let alone man in the middle or password reset cracks.

That makes it pretty hard for you to convince them to be scared about security.

Here are four things you can do to protect your clients while balancing true security with the "usability" they need to get their job done. As you can see, most of this has to do with education. But it's also a GREAT way to do some marketing to existing clients and prospects. Because passwords are seen as a pain in the neck, clients are often willing to tune in to these discussions.

Thing One

Engage Your Clients in the Password Policy Process

In the Network Documentation Workbook, I give an example of a two-part form you can use with new or existing clients. In the first part, you simply have the client fill out a form that asks about how they want their passwords set up.

Client form: Setting Password Policies
The questions are actually just the default settings from Windows. The form includes ...
- Days before passwords need to be changed
- Minimum password length
- Number of passwords to remember
- User lockout after x password attempts within y minutes
- How long should users be locked out?

Once you have this information from the client, you go create those settings in the server. This process gets client buy-in to the password policy. Beware: The most important people will want to be excluded. So the file clerk changes her password as requested but the managing partner insists that his password never change. See the section on education.

Password Policy for Client Employees
In the second part, you write up a quick memo like the example in the book and hand it out to all users. It basically reflects back what the client told you. Yes, you'll spend a little time listening to people whine. Smile and nod. Then move on to the next desk.

Thing Two

Use Educational Marketing 

One of the most powerful things you can do for marketing is to create handouts that are truly useful and people will keep forever. Maybe they'll photocopy them for all of their friends at the Rotary Club. Maybe they'll post them on the bulletin board. Just make sure your logo is very prominent on these handouts.

Passwords are a great example for this. Give good solid advice that everyone can use. For example, we created a handout called "What's Your Pass Phrase" several years ago. We've gotten a lot of mileage out of that one! You can download the pdf here: Pass Phrase Handout.

Basically, the handout introduces the concept of a pass phrase rather than a password. The client doesn't need to know all the reasons why pass phrases are particularly good. Things like spaces and characters used in programming can stop some cracking programs in their tracks. But, really, the most important elements are 1) password length and 2) anything not found in a dictionary.

If you want to see a cool tool for grading passwords, visit:
Grade your own pass phrases and then point your clients to this tool as well.

Thing Three

Use (and Advocate) Three Levels of Passwords

As of this writing, I maintain 688 accounts that require a password. These include everything from my email to bank accounts, florists, online services, online stores, airline frequent flyer programs, and more.

Don't tell anyone, but these are not all unique passwords.

Sometimes we nerds get on a soapbox with stuff like this. We make it sound like all security is the same - and it's all to be treated like the launch codes for nuclear missiles. But we all know that MOST passwords aren't very important.

We need to turn down the "security evangelist" rhetoric and give our clients reasonable guidelines that they can live with. I recommend (and use) three levels of passwords: Low, High, and Critical.

At the low level of security are things like Pandora, the florist, online stupid games, and sights that give me free things. And I reuse passwords a lot at this level. Think about it: If someone guessed my Pandora password, the worst thing that could happen is that I have to listen to music I don't like. That's it. Period. End of crisis.

Note: When you tell your clients this, they might say "I KNEW passwords didn't matter that much!" You just need to remind them that this is the lowest level. It is used for sites where your credit card is not stored and no one can take your money.

At the low level, it is perfectly acceptable to use the same 1-5 passwords over and over again. Each should still be a decent password, but it doesn't have to be a 28-character phrase with every possible variable. These sites either never ask for money, or they require that you put in your payment information each time. So if someone breaks in, they can spend their money but not yours.

At the high level of security are those things that do cost money and can cost you a lot more if someone breaks in. This includes your Amazon account with the stored credit card. And your Ingram Micro account where your account credit is on the line.

At the high level, you can still reuse a few passwords, but they should very good passwords, and you should change them regularly. Here's one approach: When a bank asks you to change your password, that's a good time to change your password on your other bank accounts, your QuickBooks account, etc. That way you can keep your passwords in synch and still change them regularly.

At the critical level are services that can really cost you a lot of money. For example, I put the payroll service in this category. I use a password there that is not used anywhere else. And it's a great password. And it changes every 30 days. The reason is simple: A hacked payroll could wipe out my operations bank account and get me in trouble with both the state and federal government all at once.

Once you introduce this three-tiered approach to clients, you will give a little confidence that you understand the real world they live in. They know the password to Netflix is not as important as the password to their Schwab investment account. After years of pretending that these are identical, they can now relax a bit.

I believe clients are more likely to comply with reasonable security policies once you define three levels of password security.

Thing Four

Use Password Vaults

I use a tool called TK8 Safe. I bought a multi-user license so everyone in the company can use it. You probably have this or some other tool your prefer.

A password vault stores your passwords (and other information) in a encrypted file. After all, it does NO good to have 688 password entries in an Excel file! Security is always about the weakest link.

We don't really resell TK8 or other password vaults. We just point clients to them and help them set it up. There's not enough money to worry about reselling, and we make plenty on the labor side. Plus, we have helped them take a real step up with security.

I am sorry to burst the bubble of all the security freaks out there who make a living scaring their clients into compliance. You're welcome to keep doing that. But just remember that your clients ultimately get to decide how much security makes sense to them. So the more rational you are, the safer they'll be.

Comments welcome.

- - - - -

About this Series

SOP Friday - or Standard Operating System Friday - is a series dedicated to helping small computer consulting firms develop the right processes and procedures to create a successful and profitable consulting business.

Find out more about the series, and view the complete "table of contents" for SOP Friday at

- - - - -

Next week's topic: How to Work 8AM to 5PM in I.T. Consulting

Check Out the All New Book:

Cloud Services in A Month
by Karl W. Palachuk

396 pages - plus lots of juicy downloads

Paperback - Ebook

A great resource for managed service providers or anyone who wants make money selling and bundling cloud services.

Featuring all the details you need to create and sell YOUR custom Cloud Five-Pack (TM)

Learn More!

Thursday, March 14, 2013

Publish Your First Book Blog Featured in Infographic

Jose Gonzalez created this cool infographic.

My Publish Your First Book Blog is #86. I better post more on that one!

Thanks for the honor, Jose!

  Top 100 Book related blogs to follow   An infographic by the team at CouponAudit

Friday, March 08, 2013

SOP Friday: Vendor Management and Coordination

One of the things you hear all the time with Managed Services is that you should manage the client's vendors. What exactly does that mean? What is "vendor management?" Well . . .

First, let's define what we mean by a vendor. By "vendor" we mean anyone that provides an important service or product to your clients, and that product or service is somehow related to the technology your support.

For example:
- QuickBooks, Business Works, MAS 90
- Line of Business applications (LOBs) such as IMIS, Dentrix, PC Law, Rent Manager, etc.
- Internet Service Providers
- Domain registrars
- Web developers
- Off site storage companies
- Product supplies such as Dell, HP, or CDW

The reality is: Most of the time, you will never deal with these folks. Except Dell. If you sell and support Dell hardware, being on the phone with Dell is a regular part of your job. If you sell HP or Lenovo, you need to make sure you really document the support process very well because you will use it so rarely that you won't remember the process.


Most of the time, you don't deal with these vendors. So taking over "management" of them is very easy, because there's no labor involved. But there are some key points at which it is critical that you manage these relationships.

Background posts.

Regarding LOBs, see the following blog posts:
- The Real Value of Managed Services (Line of Business applications)

- Managing LOBs Revisited

Regarding Third Party Tech Support, see the following blog posts:
- SOP Friday: Third Party Tech Support - Rules of Engagement

- SOP Friday: Third Party Tech Support - Documenting Calls

There are four important points at which you need to control or be involved in the vendor relationship. Most of this activity actually has to do with *documentation* and taking care of the little stuff that the client will never properly manage for themselves.

1. Buying and registering software
It is critically important that client software and products be properly registered to the client - and that you have access to this information and relationship. And, to be honest, it's important that you have standard processes so this information is available when there are personnel changes (including yourself). See the blog post "SOP Friday: Activating and Registering Client Software and Hardware".

But it is also important that you be involved in the purchasing decision whenever possible. There are products that work well together. There are products that have good cloud integrations and products with bad cloud integrations. Many LOBs appear to be reasonably priced but require hundreds - or thousands - of hours of customization. You need to be the client's advocate in making these decisions.

Unless you have a very tight niche, you can't be familiar with every line of business app out there. But your technical ability will allow you to ask some questions, and report the answers at a level that will help the client make better decisions than they could on their own.

2. Interpreting the language
We are a little flip when we tell clients that "we speak nerd-to-nerd" with vendors. But it's true. No matter how arcane the technology is, you are 100% more qualified to understand it and make good decisions than your client.

And vendors know this. Whether it's with sales or tech support, they can talk to you at a higher level regarding database structures, importing and exporting processes, file locations, permissions, etc. Vendors are used to walking end users through certain procedures, but it goes a LOT faster if you're involved.

3. When technical support is required
The earlier blog posts addressed many details of this. Obviously, the problem will be solved faster and more accurately with you on the phone rather than the end user. The key thing here is that YOU are in charge of their access to the client computers. You are in charge of when things are done. And you need to monitor it.

There's also the question of Rules of Engagement. Are you using a service contract paid for by the client (e.g., product warranty), or a contract paid for by you (e.g., an "incident" as a Microsoft Certified Partner [or whatever they call it now])? What is your procedure for each of these? Document it!

4. Managing important information
I can't count how many times we've had to straighten out documentation because no one knows the ISP, or the web hosting service, or the relevant passwords for these services. Or the code that gets you the platinum weekend service.

Or critical products and services are registered in the name of a former employee, or a former IT support company. It goes on and on. And the bad news is that this situation will get worse. Business owners (and their employees, and their tech support people), address a problem by finding some random product on the Internet, buy it, and never record any critical information. So when they need it again, they can't access it (even if they remember the product name). You people moving into the business world were raised with this approach to technology.

You need to have very standard procedures regarding documentation. It should be registered in the company's name with the administrator's email. That way, no matter what personnel changes occur, someone will still have access to the key information. Even if the owner dies. Even if a new tech support company comes in. Documentation, documentation, documentation.

Are You On The Clock?

One of the key questions in vendor management is the line you need to draw between "covered" and "billable" with regard to managed services. This is actually kind of a big picture question.

We include vendor management in our Platinum plan for one simple reason: When our goal is to cover everything AND reduce the cost of doing so, vendor management saves us more time (money) than it costs. That means that we almost never charge for anything related to vendors (tech support, service coordination, or monitoring work they have to do.).

As with all of our managed service plans, we do still charge for adds, move, and changes. That means that we can charge for labor related to major version upgrades and selecting new vendors. But we're very honest about giving away the hours related to supporting the existing setup.

Just as with any managed service, you need to draw the line as clearly as possible. You and your client both need to understand it. Luckily, unlike general tech support, most of your team will never have to make these decisions around vendor management. It is something for the owner and service manager to deal with.

For the most part, we give away the hours related to vendor management for two reasons. First, controlling all this stuff reduces our labor costs quite significantly. So we need to make it easy for the client to say yes to vendor management. It helps us support hardware, software, and services. In most cases we were going to have to engage 3rd party tech support for certain items anyway.

Second, we really want to "own" the relationship with the vendor. We want to know their processes, procedures, and tools. We want to know how they approach things. We want to gain knowledge that we can take to other clients, which makes us more valuable.

It's kind of interesting to contemplate: They client can never gain as much as we can from working with a vendor. We can solve things faster than the client because we understand geekspeak. And making the line of business apps work smoothly results in a happy client whose whole operation works better. If we're rigorous about documenting the process, the client has a better overall support system.

So everyone wins. There is no down side.

Do You Control Everything?

Some advisers say you should ultimate authority to choose vendors. They say you should literally be able to select which $150,000 line of business app the client will use.

I would never go that far.

Some decisions, like which anti-virus program we install, are pretty trivial. We've reached the point where 99% of the AV companies are 99% the same as all the others. So we install what we think makes sense for us. Our price list mentions spam filtering, anti-virus, and RMM (remote monitoring and management) without regard to specific brand names. And we have changed vendors as needed for OUR purposes without consulting the client.

But I would never presume to be the one to make a huge LOB decision on behalf of the client. I want to be involved. But I don't want to make that decision.

The biggest client we ever had paid us almost exactly $150,000 per year. (We fired them. Long story. Great decision.) But most of our clients pay somewhere around $1,000 to $8,000 per month. So I don't want to make decisions on their behalf that exceeds what they pay US in a year!

For us the line is pretty straight forward: In all areas where direct communication makes our job easier, we want to be involved. Where the client needs high level advice about a decision that will cost lots of money, we want to be the adviser and not the decision maker.

Obviously, in all of this you need to decide what's best for your company. And document it!

Comments welcome.

- - - - -


Don't miss the second all-new

SMB Online Conference 

100% Small Business I.T. Focused

100% Business and Making Money!

3 Days of Training 15 hours of Content 

Sign up right now for the early bird price of only $199

Find out more

Reboot Your Business or Let it Die

We released the following press release today:

Author Karl Palachuk Says Reboot Your Business or Let it Die

Sacramento, CA, March 8, 2013 – Best-selling technology author Karl Palachuk announced today that he will be holding a 3-day online conference for computer consultants in June. The conference will focus on “Rebooting” a technology business for the current economy and will feature some of the best business and technology speakers in the U.S. and U.K.

This is the second year for the SMB Online Conference. Last year, this conference was the first event of its kind targeting technology providers and computer consultants. Conference registration and information site is at The conference theme this year is “IT Business Reboot 2013.”

“We have a great line-up of super-star speakers,” said Palachuk, “Including several international consultants from the worlds of marketing and technical innovation.”

Two of the keynote speakers are John Armato and Brian Sharp. Armato is a Senior Partner at Fleishman-Hillard International Communications, one of the largest marketing firms in the world. Armato is known as a creative thinker, passionate presenter, and insightful facilitator. He helps organizations position their brands, develop their messages, and generate effective ideas for achieving their business objectives. He maintains a blog on the creative process entitled “Think Inside The Box” at

Brian Sharp is the owner of The Go Big Company. He is a motivational speaker and trainer. Sharp brings passion to his business and his clients, helping entrepreneurs and non-profit professionals to elevate their business skills to the same level as their passion for their industry. He is the owner of three companies. For more information, visit

Other speakers include some of the most influential pioneers and opinion leaders in the world of technical consulting. But this is not a technology conference, says Palachuk. “This is a business focused conference for I.T. Professionals. We want to help computer consultants to be better business people, with a vision for the future and strategies for success.”

“That’s why we named the conference IT Business Reboot 2013,” he says. “Conference sessions will cover managing a business, marketing a business, creating standard operating procedures, building a strong team, and even buying up your competition.”

The conference is online only and will run 9:00 AM to 3:00 PM on June 25-27, 2013. Attendees can choose to listen live or also have access to the recorded sessions. In all, the conference will broadcast fifteen hours of programming in three days.

The online format is pretty new for this kind of conference, says Palachuk. “In fact, our conference in 2012 was the first major IT conference for small business consultant that was 100% online. While the economy is improving in some areas, we’re in the fifth year of a recession and the large national I.T. conferences just haven’t had the turnout they used to. People have smaller budgets. Consulting companies are stretched thin. So an online conference saves time, travel, and money. It also means we don’t have to charge as much since we’re not paying for hotel meeting rooms and catering.”

Palachuk will start each conference day with a presentation of the “theme of the day” and then provide a discussion of some standard operating procedures related to the theme of the day. Palachuk is a prolific blogger and is well known for his SOP Friday series at The SOP Friday series picks one topic each week and explores the standard operating procedures that technology consultants might adopt.

To learn more about IT Business Reboot 2013, visit

About Karl Palachuk 

Karl W. Palachuk is an author, speaker, and trainer who focuses on helping computer consultants and I.T. Professionals improve their business practices. He is widely regarded as someone who provides click-by-click instructions on how to be a successful technology consultant.

Palachuk is the author of ten books (available at His blog - - has more than 40,000 visitors a month and is considered a training resource for many I.T. consultants.

Palachuk has been named SBSer of the Year by SMB Nation; he has been on the MSPmentor 250 list several times; and was named to the SMB 150 list by SMB Technology Network (SMBTN) and SMB PC magazine. Palachuk’s book Managed Services in a Month has been the #1 book for the search term “managed services” on Amazon for more than four years. The second edition was just released in January 2013 and has been very well received. The book will soon be released in Spanish and as an audio book.

About Small Biz Thoughts 

Small Biz Thoughts is the training and content division of Great Little Book Publishing Co., Inc. Their programs are geared specifically for the Managed Service Provider and SMB Consultant communities. Their focus on future trends has helped them to build a reputation as a trusted adviser to fans and friends around the world.

Media Contact: 

Karl W. Palachuk
[email protected]

Great Little Book Publishing Co., Inc.
7485 Rush River Dr. #710 / PMB 267
Sacramento, CA 95831

Friday, March 01, 2013

SOP Friday: Removing Old Information - From Everything

Data Data Everywhere

Everyone is aware that you need to protect data on hard drives, and that you need to totally delete that data when drives are taken out of service. There is a very high probability that you have a standard process within your company for disposing of drives, doing secure wipes, etc.

Make sure that you write down that policy and train your techs.

But wait . . .  there's more.

We put our hands on all kinds of client data all the time. Usually it's electronic and on the client's machines, so we don't really have to do anything with it. But sometimes we end up with information on paper, such as employee names, computers, IP address schemes, etc. Plus all kinds of documentation in paper format.

And, of course, we have lots and lots of client information in our PSA system (that is, in electronic format on our systems).

An earlier article covered the process of cleaning up after a client's employee leaves (see SOP Friday: Client Personnel Changes - Employee Departure Checklist).

Three Kinds of Client Data

In general, you will have client information in three primary places within your possession:

1) Client Files
- With a copy of their contract, important communications, and possibly financial information such as credit card info or cancelled checks.

2) Hardware you've removed from the client
- Such as routers, desktop PCs, laptops, servers. Here we're talking about more than just the hard drives.

3) Internal forms and files that you use to support the client
- This includes New PC checklists, Monthly maintenance checklists, printouts you used to complete a task, copies of old Network Migration Binders, etc.

For Client files, you just need a very short policy statement. It should cover who has access to these files, what goes in the files, and what gets "clean out" from files. Something along these lines:

"Client files will be stored only in the locked file cabinet in _____'s office. All files will be replaced where they belong in the file cabinet when not in use. So, for example, files will not be left out on a desk overnight.

Only _____, _____, and _____ will are authorized to access client files at any time.

Client files will include a copy of the most recent service agreement, any important correspondence, and current credit card information IF it is necessary to maintain CC info AND retaining this information in paper format is approved by the client.

One credit card information is entered into the auto-billing service, it is our policy to shred all copies of this information we possess.

At the end of each calendar year, all client folders are moved to storage in a paper file box labeled with the year. The only information brought forward to the new year is the most recent service agreement."

Hardware is an interesting information item. In a separate article we talked about labeling things. Well ... there's an end-game associated with the habit of labeling everything. If you are super good at creating random passwords and never re-using them, then it doesn't matter if the router has the password taped to the bottom.

But clients tend to be horrible at good passwords. Even if they have a good password, they re-use it all the time. To be honest, I do this a lot too. Those 900 web sites I'm registered on? Yeah. Maybe three passwords covers 895 of them. I'm much more secure with the password for payroll processing.

Anyway, clients follow your example. So you label a machine with it's name and they add a label for the administrator password. You might even label the local admin password on the back of the machine (after all, no one can see this on the Internet).

So when it's time for recycling that machine, you need to make sure you have a policy to scour all devices for labels and remove them. No matter how innocuous the information is, just get in the habit of removing all these labels.

Add that little step to your machine recycling checklist.

Finally, we get to internal forms and files that you use to support the client. On the administration and sales side, you will have client roadmap questionnaires and all kinds of information you might have collected or created regarding sales and configurations.

On the technical side you'll have various client-specific checklists, project papers, etc. We keep a copy of every network migration project forever. We actually have a file cabinet in the tech area with big fat pouch files for each migration project. Naturally, this includes all kinds of information about the client's configuration. That data is probably more important that a credit card number.

That's a unique example of sensitive data on the tech side. For the most part, sensitive client information on the tech side is stored in the PSA. But we do print things out, mark them up, and use them for various things. It is extremely important that everyone be in the habit of treating this information with respect.

In our case, some of this information is stored in the brown file cabinet with the migration projects. For example, we have checklists to make sure that backups are checked daily and that monthly maintenances are completed. These are not particularly sensitive data. Actually, they often simply amount to a list of client names. But that's important data.

So on the tech side, we have processes for filing items in the brown file cabinet. Everything else that has client information is covered by the company-wide policy about handling client data. Our company policy about handling client data is very simple:

"Some client information in paper format is needed by the front office for finances and client management. All such information will be stored in client folders in a locked file cabinet in the office.

Some client information in paper format is used by the sales department. Because virtually off of this information is saved electronically, it is our policy to shred any paper with any information as soon as that paper is no longer needed. If the sales department wishes to keep documents for long-term storage, they should be given to the office manager to store in the client folder.

Some client information is paper format is used by the tech department and stored long term. All such information must be stored in the brown file cabinet, which should be locked at the end of every day.

Other client information that the tech department has in paper format must be shredded as soon as that paper is no longer needed."

I know this sounds like it's a whole layer of hassle on top of what everyone is already doing, but it's not. First, get over the belief that something has to stay around just because someone printed it. Use it and shred it. Everyone. Every department. Every job. Every day.

If you need to keep something to prove that a job was completed, fine. Figure out where it goes and put it there. But be brutally honest (and remember that 99% of the paper you touch will never be looked at again). If you have something that's not in electronic format (such as a printout from the ISP that the client has written passwords on so you can do an email migration), scan it to PDF and put it in the PSA. Then shred the paper.

If you don't want to have a shredder at every desk, that's understandable. Have a centralized shredder or a box for shredding that lives in the office (which is locked at night).

Note on long-term storage: Pick a timeframe and shred those paper file boxes when they get old. For us, all information more than seven years old is shredded. Period. I used to have my daughter do this. Now I take to the UPS store. It costs me about $25/box. But I was paying my daughter $10/hr. I think UPS is cheaper - and I don't have to buy a new shredder every year.

Note on non-paper stuff: You might also have client information in the form of CD, DVDs, tapes, or even hard drives. You need a process for destroying all of these.

Make Data Destruction Fun

A few months ago we had a client who wanted proof that we had destroyed his old firewall, even though that firewall did not contain logs or other sensitive data. It did, after all, have his internal IP address range and the port mappings for his servers. So even though we can nuke it back to factory specs, some CIA-level tools could probably retrieve the old data.

So we made this video to prove to him that we had destroyed his firewall:

Hey, why not have fun since you have to work anyway?

Comments welcome.

- - - - -


Don't miss the second all-new

SMB Online Conference 

100% Small Business I.T. Focused

100% Business and Making Money!

3 Days of Training 15 hours of Content 

Sign up right now for the early bird price of only $199

Find out more