HOA	Computer	Operations                                       	
     Subject: HOA Computer Operations
     From: walt <walt@cassbeth.com>
     Date: 2/23/2018 1:54 PM
     To: John Gallagher <gallagher41@comcast.net>, Terry Giannetti <tbgiannetti@gmail.com>, Abe Greenbaum
     <abegreenbaum@gmail.com>, walt <walt@cassbeth.com>
     Hello,
     At each meeng I keep hearing the oﬃce computer come up but then the discussion stops. So I decide to sr up the pot.
     This is some background on work seng computers:
        We are a non proﬁt company (HOA) that decided to hire a subcontractor to perform certain funcons as deﬁned in
        the contract. The subcontractor staﬀ is physically located on HOA property. In this scenario they use HOA facilies
        and equipment. HOA equipment includes phone, copiers, printers, faxes, and the computer?
        For subcontractor staﬀ permanently assigned to a company locaon the computer is always provided by the
        company. This is a long established pracce that traces to risk management. The subcontractor may be permi-ed to
        bring their company computers on site depending on security policies.
        If the subcontractor is oﬀsite then the computer is their property and they would make oﬃcial deliveries to the HOA
        in the form of paper and data. All ﬁnal product oﬃcial business data must be delivered to the HOA in a manner that
        the HOA can access and read including computer data ﬁles.
        Any intermediate work products can be on the subcontractor computers regardless of where they physically work.
        No work product content can be on personal computers unless approved by the HOA and subcontractor. Each must
        ensure the personal computer is properly secured.
     This means that the HOA must be able to accept, control, maintain, and archive its data. If it fails to do this I suspect there
     are some serious legal ramiﬁcaons. The queson then is how to fulﬁll this responsibility.
     If you give that responsibility to one of the subcontractors that also produces work products, then there is a conﬂict of
     interest. This translates to a potenal compromise situaon where data may be lost in a dispute.
     So what can we do to maintain the HOA computer and data resources? At the highest level we can:
      1. Hire an IT sub contractor / consultant
      2. Use volunteers as IT staﬀ
     In all cases proper procedures are in place and the staﬀ sign appropriate documents to ensure security and privacy liability. 
     Ideally the technology should be such that the IT staﬀ are never able to see the data content. Data content is only accessible
     to those given that privilege. This brings up security. Most people are aware of the need to know and least privilege access
     rules. Most are not aware of the right to know. Most of the HOA data will fall into the right to know category. I would claim
     that even proposals with ﬁnal price quotes are in that category. But that is a diﬀerent topic.
     So what would our computer system look like. We have a few alternaves:
     1. Current approach. - do nothing
        Not sure how data is delivered to the HOA.
        Not sure if the HOA can easily access delivered data in all situaons.
        Not sure how data is archived.
        Access and archiving should be public info.
        Security is not about hiding things it is about a rock solid process that can not be compromised.
     2. Buy a Server and Hire IT company / consultant to Administer
        Server is remotely maintained by IT company / consultant
        As policy all delivered HOA products are placed on the network.
1	of	2                                                4/28/2018	9:41	AM
HOA	Computer	Operations                                       	
        Network content is inspected by a HOA oﬃcial representave (not subcontractor) prior to each HOA meeng.
        Network content is archived quarterly by IT company / consultant.
     3. Buy a Cloud Service
        Cloud is maintained by cloud company
        As policy all delivered HOA products are placed on the cloud.
        Cloud content is inspected by a HOA oﬃcial representave (not subcontractor) prior to each HOA meeng.
        Cloud content is connuously archived by cloud company.
     4. Hire IT Consultant / Company
        They decide to either install server, buy cloud service, or both
        They maintain server or cloud
        As policy all delivered HOA products are placed on the server or cloud.
        Server or Cloud content is inspected by a HOA oﬃcial representave (not subcontractor) prior to each HOA meeng.
        Server or Cloud content is automacally archived by cloud company or quarterly by IT company.
     5. Add a network drive - Mom and Pop Approach
        As policy all delivered HOA products are placed on the network drive (USB or wireless).
        Network drive content is inspected by a HOA oﬃcial representave (not subcontractor) prior to each HOA meeng.
        Network drive is to be archived quarterly to another drive that is locked in a ﬁre proof closet.
        The archive needs to be done in the presence of the HOA oﬃcial representave.
        Adding another computer in the clubhouse would allow the HOA to inspect the network drive content without
        disturbing oﬃce operaons. It would also allow other non management company HOA data to be developed,
        maintained, and stored (e.g. Website).
        Backup and archiving mechanisms guidance in this seng is crical. One of the funcons of the operang system is
        to ensure data integrity especially during backup and coping of data. Do not use any third party archive tools. They
        always fail at some point and they force users to call the tool provider and pay to recover. Data is usually lost along
        with cash. Use the operang system to back up all data. Just drag and drop the highest level folder. When prompted
        just pick the opons to copy all or if available the newest date ﬁles. The backup folder structure should always match
        the original source structure. Do not perform any manual acvies like rename etc.
        If a wireless drive is selected they sell cloud services but this raises security issues that must be examined
        Once a computer is added, this is similar to the buy a server approach, the diﬀerence is the loss of training and
        discipline by not having an IT company / consultant.
     The common element in all the approaches except for the current approach is:
        As policy all delivered HOA products are placed in an oﬃcial area accessible by the HOA at anyme.
        Content is inspected by a HOA oﬃcial representave (not subcontractor) prior to each HOA meeng.
        Content is archived for recovery.
     This needs to be properly addressed. DR Horton is gone and with it is some protecons and adult supervision.
     Walt
2	of	2                                                4/28/2018	9:41	AM