Planning Your Business Web Site


Published on

An overview of the Web site development process for organizations seeking to establish a business-presence on the Web.

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Planning Your Business Web Site

  1. 1. INTRAPRISETECHKNOWLOGIES LLC Planning Your Business Web Site September 21, 2009 Presented by Donny C. Shimamoto, CPA.CITP
  2. 2. Planning Your Business Web Site Today’s Goal – Provide a framework for starting and managing your Business Web Site Session Objectives – Define the different types of Web sites – Identify key success factors for Web sites – Understand the risks of e-commerce – Overview of compliance requirements – Outline a basic project plan for a Web site
  3. 3. Donny C. Shimamoto, CPA.CITPBackground & Experience BBA from University of Hawaii at Manoa – Accounting & Management Information Systems Alumni of PricewaterhouseCoopers LLP – Strategic Technology Group – Financial Audit and IT Audit – Washington Consulting Practice Founder of IntrapriseTechKnowlogies LLC – Technology Planning, Management, and Support for small businesses and middle market organizations Focus on risk management, compliance, and business intelligence – Functional Web sites supporting customer transaction and information management
  4. 4. Donny C. Shimamoto, CPA.CITPBackground & Experience Assn of IT Professionals (AITP) – Honolulu Chapter – Board Member (2008-present), Treasurer (2009) American Institute of CPAs (AICPA) – TECH+ Conference Steering Committee (2007-present) – Chairman, Business Intelligence Working Group (2009) – IT Executive Committee (2006-2009) Hawaii Society of CPAs – Technology Advocate (2005–2008) – Chairman, Technology Advocacy Committee (2009) Awards & Recognition – “40 Under 40” Accounting Technology Professionals in the US 2007 & 2009, CPA Technology Advisor Magazine – Top High Tech Leaders in Hawaii 2004, Pacific Technology Foundation & Technology News Network
  5. 5. Business Web Site Basics Why do I need a Web site? – Not having a Web site will cause people to questions whether you exist – Even just a “placeholder” Web site is better than no Web site or an “under construction” site – Get your business “out there” What does my Web site need to do? – Create enough interest so that potential customers, employees, business partners, and vendors will take the next step and contact or interact with you
  6. 6. Business Web Site Basics Objectives of a Business Web Site – Information Distribution “Basic” Web site = get information into the marketplace Can get complex depending on the type/volume of information and security requirements – Business Process Support Information Exchange with Customers/Partners Transaction Processing without e-Commerce support Transaction Processing with e-Commerce support – Relationship Building/Maintenance Customer Relationship Management Community Building
  7. 7. Business Web Site Basics – the “Social Web” Objectives of a Business Web Site – Information Distribution The “Social Web” can help to get information out there and bring people to your site – Business Process Support The “Social Web” can help initiate or feed processes – Relationship Building/Maintenance The “Social Web” has totally transformed this area – Customer Relationship Management – Community Building In the “Social Web” this often has a life of its own and can’t be controlled – This can be good and bad…
  8. 8. Key Success Factors for Web Sites Information Distribution Sites – Accuracy of information Information presented must be reasonably accurate Especially important when you are not the only provider of that information – Completeness of information Lack of complete information causes frustration At least provide a way to obtain complete information – Timeliness of information Stale information = non-returning Web site visitor Perception of timeliness varies with type of information If you’re not going to have time to update it regularly, don’t put time-contextual information on your site
  9. 9. Key Success Factors for Web Sites Information Exchange Sites – Transmission Security (i.e. SSL Certificate) Authentication = Web site is who they say they are Data Transmission Encryption = Protect data transmitted between browser and Web server – Server Security Intrusion Protection = protection from hackers/attacks Standing Data Encryption = Protect data while it is sitting on the server
  10. 10. Key Success Factors for Web Sites Customer Facing Sites – Branding and Identity Web site is often the “first impression” An unprofessional Web site = unfavorable impression – Usability and Consistency To allow for wide range of customer technology usage Good intuitive design reduces customer frustration and results in lower level of support calls – Customer Privacy Web site Privacy Policy – manage expectations You MUST live up to the policy you publish – Expect 24/7 Activity and Plan Accordingly
  11. 11. Key Success Factors for Web Sites Business Partner Facing Sites – Communication & Collaboration Make sure you understand what your business partner’s needs are, success depends on BOTH parties getting value from the site – Business Process Support Make sure that the functionality you provide matches the business process you’re trying to support – Integration into back-end systems Must be done carefully to ensure integrity of data Business process controls must be put in place to prevent system abuse or unintentional errors – Provide clear lines for Support and Escalation
  12. 12. Key Success Factors for Web Sites Community Sites – Focus on the Community and its Members What need in the community is being served? Why would someone come to the site? Why would someone continue to participate in the site? – Moderation of Site Content Clear Terms of Use and Appropriate Conduct Policies Monitor site for abuse/violations However, “Big Brother” syndrome can kill the site – Member Privacy Web site Privacy Policy – manage expectations You MUST live up to the policy you publish
  13. 13. Risks of e-Commerce e- Financial Loss – Cost of contacting affected customers – Fines / Damages – Credit reports for affected customers – Repayment of customer losses Loss of ability to handle credit card transactions Loss of Credibility and Future Business Imprisonment – possible when there is gross negligence
  14. 14. Information Risks and Losses are Increasing 2008 CSI/FBI Computer Crime and Security Survey – Greatest source of financial loss Financial Fraud moved to the top in 2007 – Displaced Viruses, which has been top for last 7 yrs Financial Fraud stayed at the top in 2008 – Average loss per respondent: $463,100 2007 Losses relevant to e-Commerce $21,174,750 – Financial Fraud $6,875,000 - System penetration by outsider $6,365,900 - Other Web site related
  15. 15. Information Risks and Losses are Increasing
  16. 16. Information Risks and Losses are Increasing ID Theft is fastest growing crime in the nation – Expected to overtake drug trafficking – 19 people become new victims every minute – Bureau of Justice Statistics 2004 = 7.2 million victims 2006 = 10 million victims Source: Identity Theft Resource Center Extrapolated 2008 = 13.9 million victims
  17. 17. Information Risks and Losses are Increasing Hawaii was 25th in ID Theft instances per Capita in 2005
  18. 18. Overview of Compliance Requirements If you are selling to a customer in another nation or state you generally must comply with the laws of their place of residence – International Laws – Federal Laws – State Laws If you accept credit/debit cards you must comply with PCI DSS – Payment Card Industry Data Security Standards – Processing online transactions increases your compliance requirements
  19. 19. Overview of Compliance Requirements Federal Requirements – Freedom of Information Act 1966 – Privacy Act 1974 – Electronic Freedom of Information Act 1996 – Gramm-Leach-Bliley Act – Health Insurance Portability and Accountability Act (HIPAA) – Children’s Online Privacy Protection Act (COPPA) California: SB 1386 European Union – EU Directive 95/46/EC – EU Directive 2002/58/EC
  20. 20. Overview of Compliance Requirements Hawaii’s ID Theft Laws – Act 135: Notification of Security Breaches Went into effect January 1, 2007 – Act 136: Secured Disposal of PII Went into effect January 1, 2007 – Act 137: SSN Use Prohibitions Went into effect July 1, 2007
  21. 21. Overview of Compliance Requirements
  22. 22. Overview of Compliance Requirements Hawaii’s ID Theft Laws – Internal Costs $197 per compromised record 2007 estimate by Ponemon Institute (per Journal of Accountancy, January 2009) – State Penalties Up to $2,500 for EACH violation/record – Additional Costs Liability to injured parties for actual damages sustained
  23. 23. Overview of Compliance Requirements 12 PCI DSS Requirements – Build and Maintain a Secure Network 1. Install and maintain a firewall configuration to protect data 2. Do not use vendor-supplied defaults for system passwords and other security parameters – Protect Cardholder Data 3. Protect stored data 4. Encrypt transmission of cardholder data and sensitive information across public networks – Maintain a Vulnerability Management Program 5. Use and regularly update anti-virus software 6. Develop and maintain secure systems and applications
  24. 24. Overview of Compliance Requirements 12 PCI DSS Requirements – Implement Strong Access Control Measures 7. Restrict access to data by business need-to-know 8. Assign a unique ID to each person with computer access 9. Restrict physical access to cardholder data – Regularly Monitor and Test Networks 10. Track and monitor all access to network resources and cardholder data 11. Regularly test security systems and processes – Maintain an Information Security Policy 12. Maintain a policy that addresses information security
  25. 25. You Must Protect Your Data Businesses have a duty to protect their customer’s data – Fiduciary Duty – Legal Duty Businesses can fulfill these duties by – Understanding the risks – Assessing your exposure – Take action to reduce exposure/manage risks Internal: Implementing controls to safeguard data External: Select vendors that maintain compliance – Monitoring compliance
  26. 26. Basic Outline of a Web Site Initiative Phases in a Web Site Project Plan1. Vision2. Design3. Build4. Test5. Deploy6. Maintenance7. Refine Design8. Repeat from phase 3
  27. 27. Basic Outline of a Web Site Initiative Vision Design Build Test Deploy Refinement Maintenance
  28. 28. Basic Outline of a Web Site Initiative Vision Phase – What will the site look like when you’re done with it (focus on long term, end-point goal) Section/Content Map – what will be on the site? Functionality – what does the site have to do? Phases – building iteratively allows you to get something out there sooner and get feedback – What is the purpose of the site at each phase? May drive what sections/content/functionality the site has at each phase Identify critical path, dependent site elements
  29. 29. Basic Outline of a Web Site Initiative Design Phase – Create one primary design that can fit each phase but also accommodate your entire vision Web site design is different from print, make sure your Graphic Designer knows how to design for Web Make sure your Graphic Designer knows the phases so that they can ensure that the design can stand alone at each phase Before finalizing the design, make sure that the Web Developer (the person building the site) has reviewed the design and is able to implement it in HTML – Survey other Web sites (especially those of competitors) to see what you like/don’t like
  30. 30. Basic Outline of a Web Site Initiative Design Phase (continued) – Determine your technology and hosting options Technology: HTML, PHP, Java, .Net, Flash, etc. Hosting: in-house, outsourced – Remember to look at the long term functionality and integration to back-end systems needed Select the technology that will best support integration in the long term Select the hosting platform that will support the technologies you plan to use and that will be able to support the integration that may be needed later – Work with a marketing/branding specialist to create or carry your brand to the Web
  31. 31. Basic Outline of a Web Site Initiative Build Phase – Convert the design into an actual Web Template Identify the skills needed for the project – Web Design = visual elements, graphics, fonts, etc. – Web Development = HTML, application programming – Database Development = database programming and data exchange/integration Identify the browsers and versions that the Web site will need to support (and you will need to test) – Internet Explorer, Netscape, Firefox, Chrome, Safari, – Browser types: desktop, mobile – Work with a Search Engine Optimization (SEO) specialist Each search engine has different criteria – SEO is a specialization and requires constant monitoring to maintain ranking
  32. 32. Basic Outline of a Web Site Initiative Build Phase (continued) – Develop the content for the site This is not the job of the Web Designer or Developer! Writing for Web is different from writing a report or on paper – Take into account shorter reader attention span – Allow for screen size and scrolling Identify graphics and other visual elements to include Identify things that should be linked – Either internally to another page on your site – Or externally to another Web site Remember to obtain copyrights or permission for any material that you do not own
  33. 33. Basic Outline of a Web Site Initiative Build Phase (continued) – Place content into Web Template Can be done graphically by Web Designer then transferred to HTML by Web Developer Or can be done by Web Developer if simple – Develop functionality for the site Primarily done by a Web Developer – Flash and other non-programming tasks may be done by a Web Designer Use “use cases” to describe the functionality that you want the site to have and what you want the user experience to be like
  34. 34. Basic Outline of a Web Site Initiative Test Phase – Review the completed Web site for content completeness, accuracy, correctness, and performance Check EVERY page to ensure that the display of content doesn’t distort the design Overall proofread for spelling, grammar, etc. Check that images are displaying correctly and at the correct size Make sure all links open to the correct sites and in the correct window (e.g. same or new) Check that pages load within a reasonable amount of time
  35. 35. Basic Outline of a Web Site Initiative Test Phase (continued) – Test that the site functions as expected Develop scenarios for different things that Web site visitors may try to do and walk through each scenario or combination of scenarios Verify that any data that is presented is being drawn from the right source(s) and displayed correctly Verify that totals and other computed elements of pages are being computed correctly Verify that data being submitted through the site is captured correctly – And fed into the appropriate back end systems Test that security is being properly enforced – Test user/URL spoofing and other common exploits
  36. 36. Basic Outline of a Web Site Initiative Deploy Phase – Prepare for go-live Setup the necessary DNS entries with your domain manager/hosting provider Determine a cut over/go-live date – Remember that it can take up to 48 hours for DNS changes to propagate through the Internet On the go-live date, make sure the following people are available for unforeseen circumstances – Web Developer to address any unforeseen errors in functionality – Hosting provider staff to address any potential system issues – Launch the site
  37. 37. Basic Outline of a Web Site Initiative Maintenance Phase – Monitor site usage Page hits, visitors, length of stay User logins and use of functionality – Monitor search engine placement Does content need to be adjusted? Work with your SEO specialist to refine as necessary – Keep content fresh and accurate to keep people coming back – A Web site is like a living thing…it needs constant feeding and attention to keep it current and relevant
  38. 38. Basic Outline of a Web Site Initiative Refinement Phase – Revisit vision and design based on site usage and feedback – Make adjustments to design and/or functional specifications as necessary – Revisit phases and determine if anything needs to be changed, added, removed – Determine what should be built next – Develop the detailed design – Pass it to the Web Development Team to build
  39. 39. Basic Outline of a Web Site Initiative - Phases Vision Design Build Test Deploy Refinement Maintenance
  40. 40. Basic Outline of a Web Site Initiative - Roles Marketing Strategist Technology Strategist – Branding – Platform/IntegrationProject Social Web Functionality Roles – – Graphic Designer Project Manager Copy Writer Web Developer SEO Specialist Database Developer --- Quality Control Analyst Content Manager ---Operations Roles Promotions Manager System Manager Information Analyst Data Analyst
  41. 41. Web Site Initiative Summary Figure out the objective(s) of your Web site Develop a strategy for achieving the business objectives of the Web site – Leverage Marketing & Technical Experts – Balance short-term and long-term value Establish or carry your brand to the site Build the site in stages—iterate to success Keep the site current and relevant to keep your audience engaged – Leverage the “Social Web” to extend your reach
  42. 42. INTRAPRISETECHKNOWLOGIES LLC Thank you for your attention and participation! Feedback and questions are welcome Donny C. Shimamoto, CPA.CITP (808) 735-8324