Recently, the NSCA Codes & Compliance Committee got together to brainstorm ideas and suggestions to share with integrators and manufacturers about achieving risk mitigation.
The following list is a result of our brainstorming: simple, easy-to-follow best practices to minimize potential business threats and ensure business continuity.
- Implement cybersecurity best practices, such as those found in our 14 Ways to Achieve Basic ‘Cyber Hygiene’ In addition, create an approved “white list” of programs and apps that can be used in BYOD environments and on company-owned devices.
- Be certain you comply with all state and federal labor laws that govern the employment status of staff members. This includes exempt vs. non-exempt employees and regulations that determine when overtime is paid. Be mindful of the number of employees you have and thresholds for FMLA compliance.
- Conduct an “internal controls” review to protect against fraud and fund mishandling. Develop best practices for accounting, finance, AR, AP, etc. Set goals for your cash-conversion cycle and DSO (days sales outstanding). Always follow the process.
- Evaluate your accounting procedures and processes to ensure compliance with proper revenue recognition as per the new FASB rules that went into effect on Jan 1, 2020. Managed services agreements and lease accounting rules have changed!
- Conduct an audit of all technology and systems in place that operate on outdated software platforms – at your own site and at client sites. Windows 7 is a good example of software that is no longer supported. Anything outdated and still under a service contract should be addressed.
- If you use subcontractors, independent contractors, or outsourced labor providers, be certain to validate applicable credentials for those who work on your projects. We have seen increased regulations and rule changes within various jurisdictions that extend liability to the prime contractor – regardless of the agreement and waivers provided.
- Take time to review existing dealer/VAR/partner agreements with your manufacturer partners. By doing this, you can avoid problems with auto-renewals, defaults due to missed reporting deadlines, etc. This is also the time to review agreements regarding how software is sold or licensed to clients, along with IP ownership.
- Audit the NDAs in effect and respect the nature of each one as a legal binding agreement. Often, our members sign these and simply forget that they’re bound to confidentiality.
- Keep your clients’ software licenses, updates, patches, and systems updated. If you sell it – you secure it.
- Along with your HR and finance directors, conduct a review of the employee handbook. Even if your company uses a PEO, make sure the policies and procedures are understood and adhered to by everyone. If a condition of employment is written in the handbook, you should adhere to it – along with your team. NSCA provides members with sample employee handbooks that can be tailored to state laws and company sizes. Check our Essentials Online Library for one.
- Conduct an overall insurance review. Carefully consider whether you need errors and omission insurance, as well as cyber insurance, in addition to your general liability, property, and casualty policies.
- Make sure every employee is correctly classified on your workers’ compensation insurance policy. Claims will be denied if employees are injured at work and you have them listed under a category that isn’t applicable to the type of work they were doing when the accident occurred.
- Monitor company-sponsored outings and parties and avoid gatherings where excessive drinking or bad behavior is tolerated.
- Audit your processes for contract review and approval. Set thresholds on authority for binding the company based on specific criteria. Make sure you know exactly what you’re agreeing to on each project and identify the costs associated with those responsibilities. If you work on BAAs (business associate agreements), make sure you review the obligations in detail.
- Conduct an audit of standard master services agreements, terms and conditions, subcontractor agreements, and other agreements used in the ordinary course of business. Update them as needed to reflect legal or regulatory changes. Also consider whether changes are needed based on changes in company processes or new risks. If you need to put some of these documents in place for the first time, our Essentials Online Library is a great place to start. It offers many customizable templates to work with.
- Review company data protection and processing policies to ensure compliance with applicable regulations, such as GDPR, the California Consumer Privacy Act, CASL, and PIPEDA. Make sure required notices, such as breach notification procedures, data collection methods, and opt-in/opt-out mechanisms, are posted on websites. Review marketing strategies to ensure compliance with regulations as well.
- Verify that you’re legally operating in states with licensure. Who holds your licenses? Are they close to retirement? Is someone likely to leave?
- Understand local permitting processes and ordinances that govern the projects you’re considering. Be mindful that some require you to be pre-approved prior to submitting a proposal or bid.
- Never bid a major project without first reviewing the front end of the spec book (Divisions 0 and 1). If an owner, project manager, or general contractor asks you to give them a price based upon just Division 27 or 28 information, you’re being set up for failure.
- Chase work only in states where you know exactly how sales tax works, how the preapproval process works, and what licenses are required to perform the exact type of project you are considering. Use our Guide to State Licensing prior to submitting your proposal to be sure.
- Know the code! As an integrator, you are responsible for code compliance and adherence to applicable building, electrical, and safety codes. You need to make sure that all tests and inspections are done by qualified personnel, substantial completion includes a statement of compliance, and documentation is accurate.
- Button down the network. Make sure your final implementation team has been trained to ensure that the network and connected devices you’re working on are properly secured. Be certain that processes are approved in advance by the client’s IT department. In a multi-tenant building, if the individual tenant space is not yet occupied upon contract closeout, make sure your contract clearly stipulates your statement of work in regard to limitation of liability.
What would you add to this list? Let us know!